Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 167607 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2018-21015 AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is \"cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;\" but cfg could be NULL. MEDIUM Sep 18, 2019 n/a
CVE-2018-21014 The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS. LOW Sep 10, 2019 n/a
CVE-2018-21013 The Swape theme before 1.2.1 for WordPress has incorrect access control, as demonstrated by allowing new administrator accounts via vectors involving xmlPath to wp-admin/admin-ajax.php. HIGH Sep 9, 2019 n/a
CVE-2018-21012 The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS. MEDIUM Sep 9, 2019 n/a
CVE-2018-21011 The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details. MEDIUM Sep 11, 2019 n/a
CVE-2018-21010 OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c. Medium Sep 5, 2019 n/a
CVE-2018-21009 Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. Medium Sep 5, 2019 n/a
CVE-2018-21008 An issue was discovered in the Linux kernel before 4.16.7. A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c. Medium Sep 5, 2019 n/a
CVE-2018-21007 The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads. -- Aug 29, 2019 n/a
CVE-2018-21006 The bbp-move-topics plugin before 1.1.6 for WordPress has CSRF. MEDIUM Aug 28, 2019 n/a
CVE-2018-21005 The bbp-move-topics plugin before 1.1.6 for WordPress has code injection. HIGH Aug 28, 2019 n/a
CVE-2018-21004 The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection. HIGH Aug 28, 2019 n/a
CVE-2018-21003 The buddyforms plugin before 2.2.8 for WordPress has SQL injection. HIGH Aug 28, 2019 n/a
CVE-2018-21002 The js-support-ticket plugin before 2.0.6 for WordPress has CSRF. MEDIUM Aug 28, 2019 n/a
CVE-2018-21001 The anycomment plugin before 0.0.33 for WordPress has XSS. MEDIUM Aug 28, 2019 n/a
CVE-2018-21000 An issue was discovered in the safe-transmute crate before 0.10.1 for Rust. A constructor\'s arguments are in the wrong order, causing heap memory corruption. -- Aug 26, 2019 n/a
CVE-2018-20999 An issue was discovered in the orion crate before 0.11.2 for Rust. reset() calls cause incorrect results. -- Aug 26, 2019 n/a
CVE-2018-20998 An issue was discovered in the arrayfire crate before 3.6.0 for Rust. Addition of the repr() attribute to an enum is mishandled, leading to memory corruption. HIGH Aug 30, 2019 n/a
CVE-2018-20997 An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing. HIGH Aug 30, 2019 n/a
CVE-2018-20996 An issue was discovered in the crossbeam crate before 0.4.1 for Rust. There is a double free because of destructor mishandling. HIGH Aug 30, 2019 n/a
CVE-2018-20995 An issue was discovered in the slice-deque crate before 0.1.16 for Rust. move_head_unchecked allows memory corruption because deque updates are mishandled. HIGH Aug 30, 2019 n/a
CVE-2018-20994 An issue was discovered in the trust-dns-proto crate before 0.5.0-alpha.3 for Rust. There is infinite recursion because DNS message compression is mishandled. MEDIUM Aug 29, 2019 n/a
CVE-2018-20993 An issue was discovered in the yaml-rust crate before 0.4.1 for Rust. There is uncontrolled recursion during deserialization. MEDIUM Aug 28, 2019 n/a
CVE-2018-20992 An issue was discovered in the claxon crate before 0.4.1 for Rust. Uninitialized memory can be exposed because certain decode buffer sizes are mishandled. MEDIUM Aug 28, 2019 n/a
CVE-2018-20991 An issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mishandles destructors, leading to a double free. HIGH Aug 30, 2019 n/a
CVE-2018-20990 An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive. MEDIUM Aug 28, 2019 n/a
CVE-2018-20989 An issue was discovered in the untrusted crate before 0.6.2 for Rust. Error handling can trigger an integer underflow and panic. MEDIUM Aug 30, 2019 n/a
CVE-2018-20988 The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA calculation. MEDIUM Aug 29, 2019 n/a
CVE-2018-20987 The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection. HIGH Aug 23, 2019 n/a
CVE-2018-20986 The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors. LOW Aug 27, 2019 n/a
CVE-2018-20985 The wp-payeezy-pay plugin before 2.98 for WordPress has local file inclusion in pay.php, donate.php, donate-rec, and pay-rec. HIGH Aug 26, 2019 n/a
CVE-2018-20984 The patreon-connect plugin before 1.2.2 for WordPress has Object Injection. HIGH Aug 26, 2019 n/a
CVE-2018-20983 The wp-retina-2x plugin before 5.2.3 for WordPress has XSS. MEDIUM Aug 26, 2019 n/a
CVE-2018-20982 The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens. MEDIUM Aug 26, 2019 n/a
CVE-2018-20981 The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests. MEDIUM Aug 26, 2019 n/a
CVE-2018-20980 The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering. MEDIUM Aug 26, 2019 n/a
CVE-2018-20979 The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type. HIGH Aug 26, 2019 n/a
CVE-2018-20978 The wp-all-import plugin before 3.4.7 for WordPress has XSS. MEDIUM Aug 21, 2019 n/a
CVE-2018-20977 The all-in-one-schemaorg-rich-snippets plugin before 1.5.0 for WordPress has XSS on the settings page. MEDIUM Aug 22, 2019 n/a
CVE-2018-20976 An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure. Medium Aug 23, 2019 n/a
CVE-2018-20975 Fat Free CRM before 0.18.1 has XSS in the tags_helper in app/helpers/tags_helper.rb. MEDIUM Aug 26, 2019 n/a
CVE-2018-20974 The js-jobs plugin before 1.0.7 for WordPress has CSRF. MEDIUM Aug 21, 2019 n/a
CVE-2018-20973 The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion. HIGH Aug 21, 2019 n/a
CVE-2018-20972 The companion-auto-update plugin before 3.2.1 for WordPress has CSRF. MEDIUM Aug 21, 2019 n/a
CVE-2018-20971 The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan. MEDIUM Aug 21, 2019 n/a
CVE-2018-20970 The pdf-print plugin before 2.0.3 for WordPress has multiple XSS issues. MEDIUM Aug 22, 2019 n/a
CVE-2018-20969 do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter. High Aug 27, 2019 n/a
CVE-2018-20968 The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF. MEDIUM Aug 19, 2019 n/a
CVE-2018-20967 The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF. MEDIUM Aug 19, 2019 n/a
CVE-2018-20966 The woocommerce-jetpack plugin before 3.8.0 for WordPress has XSS in the Products Per Page feature. MEDIUM Aug 15, 2019 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online