CVE-2018-20150
- EPSS 5.05%
- Veröffentlicht 14.12.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:00:57
In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.
CVE-2018-20151
- EPSS 6.68%
- Veröffentlicht 14.12.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:00:57
In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the p...
CVE-2018-20152
- EPSS 4.27%
- Veröffentlicht 14.12.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:00:57
In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input.
CVE-2018-20153
- EPSS 2.47%
- Veröffentlicht 14.12.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:00:57
In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS.
CVE-2018-16873
- EPSS 66.25%
- Veröffentlicht 14.12.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:53:29
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically,...
CVE-2018-16874
- EPSS 5.04%
- Veröffentlicht 14.12.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:53:30
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only v...
CVE-2018-16872
- EPSS 1.08%
- Veröffentlicht 13.12.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 03:53:29
A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the t...
CVE-2018-19364
- EPSS 0.53%
- Veröffentlicht 13.12.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:48
hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.
CVE-2018-19489
- EPSS 0.4%
- Veröffentlicht 13.12.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:58:00
v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.
CVE-2018-20097
- EPSS 2.29%
- Veröffentlicht 12.12.2018 10:29:00
- Zuletzt bearbeitet 21.11.2024 04:00:52
There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.