In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool.
Max CVSS
5.5
EPSS Score
0.06%
Published
2018-11-30
Updated
2019-11-12
There is a heap-based buffer over-read at writer.c (function: write_png_to_file) in libsixel 1.8.2 that will cause a denial of service.
Max CVSS
5.5
EPSS Score
0.05%
Published
2018-11-30
Updated
2018-12-26
There is a heap-based buffer overflow at fromsixel.c (function: image_buffer_resize) in libsixel 1.8.2 that will cause a denial of service or possibly unspecified other impact.
Max CVSS
7.8
EPSS Score
0.07%
Published
2018-11-30
Updated
2020-08-24
There is an illegal address access at fromsixel.c (function: sixel_decode_raw_impl) in libsixel 1.8.2 that will cause a denial of service.
Max CVSS
5.5
EPSS Score
0.05%
Published
2018-11-30
Updated
2018-12-26
cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak.
Max CVSS
8.8
EPSS Score
0.17%
Published
2018-11-30
Updated
2019-10-03
There is a heap-based buffer over-read at stb_image_write.h (function: stbi_write_png_to_mem) in libsixel 1.8.2 that will cause a denial of service.
Max CVSS
5.5
EPSS Score
0.05%
Published
2018-11-30
Updated
2018-12-26
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.
Max CVSS
6.5
EPSS Score
0.18%
Published
2018-11-30
Updated
2020-10-29
There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service.
Max CVSS
6.5
EPSS Score
0.07%
Published
2018-11-30
Updated
2018-12-26
There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service.
Max CVSS
5.5
EPSS Score
0.05%
Published
2018-11-30
Updated
2018-12-26
There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer.
Max CVSS
5.5
EPSS Score
0.06%
Published
2018-11-30
Updated
2018-12-21
DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar.
Max CVSS
4.8
EPSS Score
0.10%
Published
2018-11-29
Updated
2018-12-21
DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields.
Max CVSS
4.8
EPSS Score
0.10%
Published
2018-11-29
Updated
2018-12-21
DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields.
Max CVSS
5.4
EPSS Score
0.14%
Published
2018-11-29
Updated
2018-12-27
DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field.
Max CVSS
4.8
EPSS Score
0.10%
Published
2018-11-29
Updated
2018-12-21
app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded (note that base64 encoding, instead of URL encoding, is very rare in a directory traversal attack vector).
Max CVSS
7.5
EPSS Score
0.20%
Published
2018-11-29
Updated
2018-12-21
An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the title parameter.
Max CVSS
6.1
EPSS Score
0.09%
Published
2018-11-29
Updated
2018-12-27
An issue was discovered in tp5cms through 2017-05-25. admin.php/upload/picture.html allows remote attackers to execute arbitrary PHP code by uploading a .php file with the image/jpeg content type.
Max CVSS
9.8
EPSS Score
1.06%
Published
2018-11-29
Updated
2018-12-27
The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server.
Max CVSS
7.8
EPSS Score
0.04%
Published
2018-11-29
Updated
2019-01-04
libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg.
Max CVSS
6.5
EPSS Score
0.11%
Published
2018-11-29
Updated
2019-11-13
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service.
Max CVSS
8.1
EPSS Score
0.35%
Published
2018-11-29
Updated
2020-10-29
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service.
Max CVSS
6.5
EPSS Score
0.18%
Published
2018-11-29
Updated
2020-10-29
A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.
Max CVSS
8.8
EPSS Score
0.78%
Published
2018-11-29
Updated
2020-08-24
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new account with a duplicate username, as demonstrated by use of the test%c2 string when a test account already exists.
Max CVSS
7.5
EPSS Score
0.10%
Published
2018-11-29
Updated
2020-06-02
admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL.
Max CVSS
6.5
EPSS Score
0.06%
Published
2018-11-28
Updated
2018-12-20
The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled.
Max CVSS
10.0
EPSS Score
0.28%
Published
2018-11-28
Updated
2019-02-04
982 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!