| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2018-1000 | An information disclosure vulnerability exists in the way that the scripting engine handles objects ... | S | |
| CVE-2018-1001 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | S | |
| CVE-2018-1003 | A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote ... | S | |
| CVE-2018-1004 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in ... | S | |
| CVE-2018-1005 | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sa... | S | |
| CVE-2018-1007 | An information disclosure vulnerability exists when Microsoft Office improperly discloses the conten... | S | |
| CVE-2018-1008 | An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll)... | S | |
| CVE-2018-1009 | An elevation of privilege vulnerability exists when Windows improperly handles objects in memory and... | S | |
| CVE-2018-1010 | A remote code execution vulnerability exists when the Windows font library improperly handles specia... | S | |
| CVE-2018-1011 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to ... | S | |
| CVE-2018-1012 | A remote code execution vulnerability exists when the Windows font library improperly handles specia... | S | |
| CVE-2018-1013 | A remote code execution vulnerability exists when the Windows font library improperly handles specia... | S | |
| CVE-2018-1014 | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sa... | S | |
| CVE-2018-1015 | A remote code execution vulnerability exists when the Windows font library improperly handles specia... | S | |
| CVE-2018-1016 | A remote code execution vulnerability exists when the Windows font library improperly handles specia... | S | |
| CVE-2018-1018 | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in m... | S | |
| CVE-2018-1019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj... | S | |
| CVE-2018-1020 | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in m... | S | |
| CVE-2018-1021 | An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in mem... | S | |
| CVE-2018-1022 | A remote code execution vulnerability exists in the way the scripting engine handles objects in memo... | S | |
| CVE-2018-1023 | A remote code execution vulnerability exists in the way that Microsoft browsers access objects in me... | S | |
| CVE-2018-1025 | An information disclosure vulnerability exists when affected Microsoft browsers improperly handle ob... | S | |
| CVE-2018-1026 | A remote code execution vulnerability exists in Microsoft Office software when the software fails to... | S | |
| CVE-2018-1027 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to ... | S | |
| CVE-2018-1028 | A remote code execution vulnerability exists when the Office graphics component improperly handles s... | S | |
| CVE-2018-1029 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to ... | S | |
| CVE-2018-1030 | A remote code execution vulnerability exists in Microsoft Office software when the software fails to... | S | |
| CVE-2018-1032 | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sa... | S | |
| CVE-2018-1034 | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sa... | S | |
| CVE-2018-1035 | A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass De... | S | |
| CVE-2018-1036 | An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevati... | | |
| CVE-2018-1037 | An information disclosure vulnerability exists when Visual Studio improperly discloses limited conte... | S | |
| CVE-2018-1038 | The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 allows an elevation of privilege ... | E S | |
| CVE-2018-1039 | A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to by... | S | |
| CVE-2018-1040 | A denial of service vulnerability exists in the way that the Windows Code Integrity Module performs ... | | |
| CVE-2018-1041 | A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3... | E | |
| CVE-2018-1042 | Moodle 3.x has Server Side Request Forgery in the filepicker.... | | |
| CVE-2018-1043 | In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames.... | | |
| CVE-2018-1044 | In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the set... | | |
| CVE-2018-1045 | In Moodle 3.x, there is XSS via a calendar event name.... | | |
| CVE-2018-1046 | pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool pro... | S | |
| CVE-2018-1047 | A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.un... | | |
| CVE-2018-1048 | It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ... | | |
| CVE-2018-1049 | In systemd prior to 234 a race condition exists between .mount and .automount units such that automo... | S | |
| CVE-2018-1050 | All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC s... | M | |
| CVE-2018-1051 | It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unm... | | |
| CVE-2018-1052 | Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allo... | S | |
| CVE-2018-1053 | In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and ... | S | |
| CVE-2018-1054 | An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filte... | S | |
| CVE-2018-1055 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-6871. Reason: This candida... | R | |
| CVE-2018-1056 | An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled p... | E | |
| CVE-2018-1057 | On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates... | M | |
| CVE-2018-1058 | A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other us... | | |
| CVE-2018-1059 | The DPDK vhost-user interface does not check to verify that all the requested guest physical range i... | | |
| CVE-2018-1060 | python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic bac... | E | |
| CVE-2018-1061 | python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic bac... | | |
| CVE-2018-1062 | A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard ... | | |
| CVE-2018-1063 | Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivile... | M | |
| CVE-2018-1064 | libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete... | S | |
| CVE-2018-1065 | The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that c... | S | |
| CVE-2018-1066 | The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencr... | S | |
| CVE-2018-1067 | In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was inco... | | |
| CVE-2018-1068 | A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. ... | S | |
| CVE-2018-1069 | Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container netw... | M | |
| CVE-2018-1070 | routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing c... | | |
| CVE-2018-1071 | zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() fun... | | |
| CVE-2018-1072 | ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. ... | | |
| CVE-2018-1073 | The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-ex... | | |
| CVE-2018-1074 | ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an... | | |
| CVE-2018-1075 | ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db pro... | | |
| CVE-2018-1076 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-1077 | Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensi... | | |
| CVE-2018-1078 | OpenDayLight version Carbon SR3 and earlier contain a vulnerability during node reconciliation that ... | | |
| CVE-2018-1079 | pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user mali... | | |
| CVE-2018-1080 | Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain config... | S | |
| CVE-2018-1081 | A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsup... | S | |
| CVE-2018-1082 | A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentica... | S | |
| CVE-2018-1083 | Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functio... | S | |
| CVE-2018-1084 | corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.... | S | |
| CVE-2018-1085 | openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the S... | | |
| CVE-2018-1086 | pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interfa... | | |
| CVE-2018-1087 | kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel... | | |
| CVE-2018-1088 | A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed ... | S | |
| CVE-2018-1089 | 389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters w... | S | |
| CVE-2018-1090 | In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and th... | | |
| CVE-2018-1091 | In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.... | S | |
| CVE-2018-1092 | The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of... | S | |
| CVE-2018-1093 | The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows ... | S | |
| CVE-2018-1094 | The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always ... | E S | |
| CVE-2018-1095 | The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does no... | E S | |
| CVE-2018-1096 | An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1... | | |
| CVE-2018-1097 | A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for power... | | |
| CVE-2018-1098 | A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a webs... | E | |
| CVE-2018-1099 | DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records... | E S | |
| CVE-2018-1100 | zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpat... | S | |
| CVE-2018-1101 | Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administr... | | |
| CVE-2018-1102 | A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper p... | S | |
| CVE-2018-1103 | Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation o... | | |
| CVE-2018-1104 | Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define... | | |
| CVE-2018-1105 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-1106 | An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without a... | | |
| CVE-2018-1107 | It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expressio... | E S | |
| CVE-2018-1108 | kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementa... | | |
| CVE-2018-1109 | A vulnerability was found in Braces versions prior to 2.3.1. Affected versions of this package are v... | E S | |
| CVE-2018-1110 | A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of s... | | |
| CVE-2018-1111 | DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a comman... | E | |
| CVE-2018-1112 | glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which a... | | |
| CVE-2018-1113 | setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /u... | | |
| CVE-2018-1114 | It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when th... | | |
| CVE-2018-1115 | postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_l... | S | |
| CVE-2018-1116 | A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactiv... | S | |
| CVE-2018-1117 | ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resu... | | |
| CVE-2018-1118 | Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between ... | | |
| CVE-2018-1119 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-10184. Reason: This candid... | R | |
| CVE-2018-1120 | A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file ont... | E S | |
| CVE-2018-1121 | procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_... | E | |
| CVE-2018-1122 | procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs... | E | |
| CVE-2018-1123 | procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow.... | E S | |
| CVE-2018-1124 | procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corrup... | E | |
| CVE-2018-1125 | procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerabilit... | E | |
| CVE-2018-1126 | procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading t... | E | |
| CVE-2018-1127 | Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after ... | S | |
| CVE-2018-1128 | It was found that cephx authentication protocol did not verify ceph clients correctly and was vulner... | S | |
| CVE-2018-1129 | A flaw was found in the way signature calculation was handled by cephx authentication protocol. An a... | S | |
| CVE-2018-1130 | Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit(... | S | |
| CVE-2018-1131 | Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certa... | | |
| CVE-2018-1132 | A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers can SQL inject the component's ... | E | |
| CVE-2018-1133 | An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally ca... | E S | |
| CVE-2018-1134 | An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portf... | S | |
| CVE-2018-1135 | An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portf... | | |
| CVE-2018-1136 | An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containin... | | |
| CVE-2018-1137 | An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any... | | |
| CVE-2018-1138 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-1139 | A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authenticati... | | |
| CVE-2018-1140 | A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP ... | S | |
| CVE-2018-1141 | When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.... | | |
| CVE-2018-1142 | Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. ... | S | |
| CVE-2018-1143 | A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version... | E | |
| CVE-2018-1144 | A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version... | E | |
| CVE-2018-1145 | A remote unauthenticated user can overflow a stack buffer in the Belkin N750 using firmware version ... | E | |
| CVE-2018-1146 | A remote unauthenticated user can enable telnet on the Belkin N750 using firmware version 1.10.22 by... | E | |
| CVE-2018-1147 | In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authen... | | |
| CVE-2018-1148 | In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the ap... | | |
| CVE-2018-1149 | cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via ... | E | |
| CVE-2018-1150 | NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attac... | E | |
| CVE-2018-1151 | The web server on Western Digital TV Media Player 1.03.07 and TV Live Hub 3.12.13 allow unauthentica... | E | |
| CVE-2018-1152 | libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero w... | S | |
| CVE-2018-1153 | Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple o... | | |
| CVE-2018-1154 | In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticat... | S | |
| CVE-2018-1155 | In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authent... | S | |
| CVE-2018-1156 | Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the licens... | E | |
| CVE-2018-1157 | Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An au... | E | |
| CVE-2018-1158 | Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An aut... | E | |
| CVE-2018-1159 | Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An au... | E | |
| CVE-2018-1160 | Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lac... | E | |
| CVE-2018-1161 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | | |
| CVE-2018-1162 | This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable ins... | | |
| CVE-2018-1163 | This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Q... | | |
| CVE-2018-1164 | This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable inst... | | |
| CVE-2018-1165 | This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joye... | | |
| CVE-2018-1166 | This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joye... | | |
| CVE-2018-1167 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | | |
| CVE-2018-1168 | This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB ... | M | |
| CVE-2018-1169 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | | |
| CVE-2018-1170 | This vulnerability allows adjacent attackers to inject arbitrary Controller Area Network messages on... | | |
| CVE-2018-1171 | This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joye... | S | |
| CVE-2018-1172 | This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid ... | | |
| CVE-2018-1173 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-1174 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2018-1175 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2018-1176 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-1177 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-1178 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-1179 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2018-1180 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-1181 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-1182 | An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patc... | | |
| CVE-2018-1183 | In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabl... | | |
| CVE-2018-1184 | An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC Recove... | S | |
| CVE-2018-1185 | An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC Recove... | E S | |
| CVE-2018-1186 | Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versio... | E | |
| CVE-2018-1187 | Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 is affe... | E | |
| CVE-2018-1188 | Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and ve... | E | |
| CVE-2018-1189 | Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versio... | E | |
| CVE-2018-1190 | An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v2... | | |
| CVE-2018-1191 | Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability.... | | |
| CVE-2018-1192 | In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7;... | | |
| CVE-2018-1193 | Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-For... | | |
| CVE-2018-1194 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2018-1195 | In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release ... | | |
| CVE-2018-1196 | Spring Boot supports an embedded launch script that can be used to easily run the application as a s... | | |
| CVE-2018-1197 | In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google ... | | |
| CVE-2018-1198 | Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser password in plain text during BOSH ... | M | |
| CVE-2018-1199 | Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and... | | |
| CVE-2018-1200 | Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and ... | | |
| CVE-2018-1201 | Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versio... | E | |
| CVE-2018-1202 | Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and ve... | E | |
| CVE-2018-1203 | In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versi... | E | |
| CVE-2018-1204 | Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, ... | E | |
| CVE-2018-1205 | Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service.... | | |
| CVE-2018-1206 | Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Adviso... | | |
| CVE-2018-1207 | Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which coul... | | |
| CVE-2018-1208 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2018-1209 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2018-1210 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2018-1211 | Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its ... | | |
| CVE-2018-1212 | Authenticated remote code execution in iDRAC 6 | | |
| CVE-2018-1213 | Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, ... | E | |
| CVE-2018-1214 | Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows user account named "OMEAdapter... | | |
| CVE-2018-1215 | An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC ... | | |
| CVE-2018-1216 | A hard-coded password vulnerability was discovered in vApp Manager which is embedded in Dell EMC Uni... | | |
| CVE-2018-1217 | Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrat... | E | |
| CVE-2018-1218 | In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to 9.1.1.6, 9.0.x, and versions prio... | E | |
| CVE-2018-1219 | EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access control vulnerability on an A... | | |
| CVE-2018-1220 | EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect vulnerability in the QuickLinks featu... | | |
| CVE-2018-1221 | In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishan... | | |
| CVE-2018-1222 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2018-1223 | Cloud Foundry Container Runtime (kubo-release), versions prior to 0.14.0, may leak UAA and vCenter c... | M | |
| CVE-2018-1224 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-1225 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-1226 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-1227 | Pivotal Concourse after 2018-03-05 might allow remote attackers to have an unspecified impact, if a ... | | |
| CVE-2018-1228 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2018-1229 | Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload fea... | | |
| CVE-2018-1230 | Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A ... | M | |
| CVE-2018-1231 | Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability.... | | |
| CVE-2018-1232 | RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are im... | | |
| CVE-2018-1233 | RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are af... | | |
| CVE-2018-1234 | RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where ac... | | |
| CVE-2018-1235 | Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, co... | E | |
| CVE-2018-1236 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-1237 | Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication att... | | |
| CVE-2018-1238 | Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Insta... | | |
| CVE-2018-1239 | Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multipl... | | |
| CVE-2018-1240 | Dell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in ... | | |
| CVE-2018-1241 | Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, un... | | |
| CVE-2018-1242 | Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, co... | | |
| CVE-2018-1243 | iDRAC6/iDRAC7/iDRAC8 - Weak CGI session ID vulnerability | | |
| CVE-2018-1244 | iDRAC7/iDRAC8/iDrac9 contains a command injection vulnerability in the SNMP agent. | | |
| CVE-2018-1245 | Authorization ByPass Vulnerability | | |
| CVE-2018-1246 | Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. A remote unauthen... | | |
| CVE-2018-1247 | RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity... | E | |
| CVE-2018-1248 | RSA Authentication Manager Security Console, Operation Console and Self-Service Console, version 8.3... | | |
| CVE-2018-1249 | iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to iDRAC web server for certain URLs | | |
| CVE-2018-1250 | Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains an Authorization Bypass vuln... | | |
| CVE-2018-1251 | Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerabil... | | |
| CVE-2018-1252 | RSA Web Threat Detection SQL Injection Vulnerability | | |
| CVE-2018-1253 | Stored cross-site scripting vulnerability | | |
| CVE-2018-1254 | RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross... | | |
| CVE-2018-1255 | Reflected Cross-Site Scripting Vulnerability | | |
| CVE-2018-1256 | Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in... | M | |
| CVE-2018-1257 | Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupport... | S | |
| CVE-2018-1258 | Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contain... | S | |
| CVE-2018-1259 | Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with... | | |
| CVE-2018-1260 | Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prio... | | |
| CVE-2018-1261 | Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which ... | | |
| CVE-2018-1262 | Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow pri... | | |
| CVE-2018-1263 | Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exp... | | |
| CVE-2018-1264 | Log Cache logs UAA client secret on startup | | |
| CVE-2018-1265 | Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar a... | | |
| CVE-2018-1266 | Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information disclosure and path t... | | |
| CVE-2018-1267 | Cloud Foundry Silk CNI plugin, versions prior to 0.2.0, contains an improper access control vulnerab... | | |
| CVE-2018-1268 | Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 o... | | |
| CVE-2018-1269 | Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 o... | | |
| CVE-2018-1270 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported... | E S | |
| CVE-2018-1271 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported... | S | |
| CVE-2018-1272 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported... | S | |
| CVE-2018-1273 | Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions... | KEV S | |
| CVE-2018-1274 | Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain... | | |
| CVE-2018-1275 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported... | S | |
| CVE-2018-1276 | Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability o... | | |
| CVE-2018-1277 | Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Dock... | | |
| CVE-2018-1278 | Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior ... | | |
| CVE-2018-1279 | RabbitMQ cluster compromise due to deterministically generated cookie | M | |
| CVE-2018-1280 | Pivotal Greenplum Command Center versions 2.x prior to 2.5.1 contains a blind SQL injection vulnerab... | | |
| CVE-2018-1281 | The clustered setup of Apache MXNet allows users to specify which IP address and port the scheduler ... | S | |
| CVE-2018-1282 | This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to b... | | |
| CVE-2018-1283 | In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI a... | | |
| CVE-2018-1284 | In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs (xpath/xpath_string/xpath_boo... | | |
| CVE-2018-1285 | Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net conf... | S | |
| CVE-2018-1286 | In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected... | | |
| CVE-2018-1287 | In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI ... | M | |
| CVE-2018-1288 | In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authentic... | S | |
| CVE-2018-1289 | In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system ... | | |
| CVE-2018-1290 | In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a sin... | | |
| CVE-2018-1291 | Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating exposes different REST e... | | |
| CVE-2018-1292 | Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.... | | |
| CVE-2018-1293 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2018-1294 | If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as ... | M | |
| CVE-2018-1295 | In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed... | | |
| CVE-2018-1296 | In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes exte... | | |
| CVE-2018-1297 | When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connec... | | |
| CVE-2018-1298 | A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authe... | | |
| CVE-2018-1299 | In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Al... | | |
| CVE-2018-1300 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-1301 | A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due t... | | |
| CVE-2018-1302 | When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4... | | |
| CVE-2018-1303 | A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2... | | |
| CVE-2018-1304 | The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly ha... | S | |
| CVE-2018-1305 | Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to... | S | |
| CVE-2018-1306 | The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 co... | E M | |
| CVE-2018-1307 | In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local ... | S | |
| CVE-2018-1308 | This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity ... | M | |
| CVE-2018-1309 | Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause infor... | S | |
| CVE-2018-1310 | Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS conten... | | |
| CVE-2018-1311 | The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the s... | S | |
| CVE-2018-1312 | In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce ... | | |
| CVE-2018-1313 | In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the... | S | |
| CVE-2018-1314 | In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary autho... | | |
| CVE-2018-1315 | In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive... | | |
| CVE-2018-1316 | The ODE process deployment web service was sensible to deployment messages with forged names. Using ... | | |
| CVE-2018-1317 | In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by default and could allow users to... | | |
| CVE-2018-1318 | Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted requ... | | |
| CVE-2018-1319 | In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. If a v... | | |
| CVE-2018-1320 | Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComple... | S | |
| CVE-2018-1321 | An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x ... | E M | |
| CVE-2018-1322 | An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2... | E M | |
| CVE-2018-1323 | The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised ... | | |
| CVE-2018-1324 | A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compr... | S | |
| CVE-2018-1325 | In Apache wicket-jquery-ui <= 6.29.0, <= 7.10.1, <= 8.0.0-M9.1, JS code created in WYSIWYG editor wi... | | |
| CVE-2018-1326 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-1327 | The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS a... | S | |
| CVE-2018-1328 | Apache Zeppelin prior to 0.8.0 had a stored XSS issue via Note permissions. Issue reported by "Josna... | | |
| CVE-2018-1329 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2018-1330 | When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might cras... | | |
| CVE-2018-1331 | In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1... | | |
| CVE-2018-1332 | Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vu... | | |
| CVE-2018-1333 | DoS for HTTP/2 connections by crafted requests | | |
| CVE-2018-1334 | In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possib... | M | |
| CVE-2018-1335 | From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server t... | E | |
| CVE-2018-1336 | An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an in... | | |
| CVE-2018-1337 | In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possibl... | | |
| CVE-2018-1338 | A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in vers... | | |
| CVE-2018-1339 | A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in vers... | | |
| CVE-2018-1340 | Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. ... | | |
| CVE-2018-1342 | A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console serv... | | |
| CVE-2018-1343 | PAM exposure enabling unauthenticated access to remote host... | | |
| CVE-2018-1344 | NetIQ iManager Communication Downgrade Attack | S | |
| CVE-2018-1345 | iManager elevation of privilege | S | |
| CVE-2018-1346 | NetIQ eDirectory Denial of Service | S | |
| CVE-2018-1347 | NetIQ iManager, versions prior to 3.1, reflected XSS issue | S | |
| CVE-2018-1348 | NetIQ Identity Manager SSL Renegotiation | S | |
| CVE-2018-1349 | NetIQ Identity Manager Driver Component Log File Information Leakage | S | |
| CVE-2018-1350 | NetIQ Identity Manager Driver Component Information Leakage | S | |
| CVE-2018-1351 | A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions ... | | |
| CVE-2018-1352 | A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code... | | |
| CVE-2018-1353 | An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a s... | | |
| CVE-2018-1354 | An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, F... | | |
| CVE-2018-1355 | An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyz... | | |
| CVE-2018-1356 | A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox before 3.0 may allow a... | | |
| CVE-2018-1358 | Rejected reason: Not used... | R | |
| CVE-2018-1359 | Rejected reason: Not used... | R | |
| CVE-2018-1360 | A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 throu... | | |
| CVE-2018-1361 | IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows us... | S | |
| CVE-2018-1362 | IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow... | | |
| CVE-2018-1363 | IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site... | S | |
| CVE-2018-1364 | IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when... | | |
| CVE-2018-1366 | IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. An attacke... | S | |
| CVE-2018-1368 | IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 9.5 could allow a local user with low ... | S | |
| CVE-2018-1369 | IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores sensitive information in URL paramet... | S | |
| CVE-2018-1370 | IBM Security Guardium Big Data Intelligence (SonarG) 3.1 specifies permissions for a security-critic... | S | |
| CVE-2018-1371 | An IBM WebSphere MQ 8.0.0.8, 9.0.0.2, and 9.0.4 Client connecting to a MQ Queue Manager can cause a ... | | |
| CVE-2018-1372 | IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not require that users should have str... | | |
| CVE-2018-1373 | IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an inadequate account lockout setting ... | S | |
| CVE-2018-1374 | An IBM WebSphere MQ (Maintenance levels 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.8, 8.0.0.0 - 8.0.0.8, 9.0... | | |
| CVE-2018-1375 | IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not renew a session variable after a s... | S | |
| CVE-2018-1376 | IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is vulnerable to cross-site scripting. This... | S | |
| CVE-2018-1377 | IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plain in clear t... | | |
| CVE-2018-1380 | IBM InfoSphere Master Data Management Collaboration Server 11.4, 11.5, and 11.6 could allow an authe... | M | |
| CVE-2018-1382 | IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to em... | S | |
| CVE-2018-1383 | A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a ... | | |
| CVE-2018-1384 | IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows us... | | |
| CVE-2018-1386 | IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4) contains... | | |
| CVE-2018-1387 | IBM Application Performance Management for Monitoring & Diagnostics (IBM Monitoring 8.1.3 and 8.1.4)... | S | |
| CVE-2018-1388 | GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 pa... | M | |
| CVE-2018-1389 | IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the... | | |
| CVE-2018-1390 | IBM Financial Transaction Manager for Check Services for Multi-Platform 3.0, 3.0.2, and 3.0.2.1 is v... | S | |
| CVE-2018-1391 | IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an... | S | |
| CVE-2018-1392 | IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an... | S | |
| CVE-2018-1393 | IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 could allow an authentic... | S | |
| CVE-2018-1394 | Multiple IBM Rational products are vulnerable to cross-site scripting. This vulnerability allows use... | M | |
| CVE-2018-1395 | IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-si... | S | |
| CVE-2018-1396 | IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site sc... | S | |
| CVE-2018-1398 | IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote attacker to download certain file... | S | |
| CVE-2018-1399 | IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5 and 5.0 is vulnerable to cross-site scripti... | S | |
| CVE-2018-1401 | IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability all... | S | |
| CVE-2018-1403 | IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-si... | S | |
| CVE-2018-1404 | IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-si... | S | |
| CVE-2018-1405 | IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-si... | S | |
| CVE-2018-1407 | IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scrip... | S | |
| CVE-2018-1408 | IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scrip... | S | |
| CVE-2018-1409 | IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to exec... | | |
| CVE-2018-1410 | IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to exec... | | |
| CVE-2018-1411 | IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to exec... | | |
| CVE-2018-1413 | IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to ... | | |
| CVE-2018-1414 | IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send... | S | |
| CVE-2018-1415 | IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows use... | S | |
| CVE-2018-1416 | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerabilit... | S | |
| CVE-2018-1417 | Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) all... | | |
| CVE-2018-1418 | IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass authentication which could lead to... | E S | |
| CVE-2018-1419 | IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a ... | | |
| CVE-2018-1420 | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box con... | S | |
| CVE-2018-1421 | IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML Exter... | S | |
| CVE-2018-1422 | IBM Jazz Foundation products (IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6... | S | |
| CVE-2018-1423 | IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that ... | | |
| CVE-2018-1424 | IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE)... | | |
| CVE-2018-1425 | IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses weaker than expected cryptographic alg... | | |
| CVE-2018-1426 | IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state ... | | |
| CVE-2018-1427 | IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) contains several environme... | | |
| CVE-2018-1428 | IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected ... | | |
| CVE-2018-1429 | IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. This vulnerab... | S | |
| CVE-2018-1430 | IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to cross-site scripting. This vulnerability al... | | |
| CVE-2018-1431 | A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could... | | |
| CVE-2018-1432 | IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting w... | | |
| CVE-2018-1433 | IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1,... | | |
| CVE-2018-1434 | IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1,... | | |
| CVE-2018-1435 | IBM Notes 8.5 and 9.0 is vulnerable to a DLL hijacking attack. A remote attacker could trick a user ... | S | |
| CVE-2018-1437 | IBM Notes 8.5 and 9.0 could allow an attacker to execute arbitrary code on the system, caused by an ... | S | |
| CVE-2018-1438 | IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1,... | | |
| CVE-2018-1439 | IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-si... | S | |
| CVE-2018-1440 | IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-si... | S | |
| CVE-2018-1441 | IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.3 and 8.... | S | |
| CVE-2018-1442 | IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.4) is vu... | | |
| CVE-2018-1443 | An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Acces... | | |
| CVE-2018-1444 | IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows us... | S | |
| CVE-2018-1445 | IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable to cross-site scripting. This... | | |
| CVE-2018-1447 | The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.... | S | |
| CVE-2018-1448 | IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) contains... | | |
| CVE-2018-1449 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains... | | |
| CVE-2018-1450 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains... | | |
| CVE-2018-1451 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains... | | |
| CVE-2018-1452 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains... | | |
| CVE-2018-1453 | IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or tr... | S | |
| CVE-2018-1454 | IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensi... | | |
| CVE-2018-1455 | IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site reques... | | |
| CVE-2018-1456 | IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to a XML External Entity Injec... | S | |
| CVE-2018-1457 | An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an atta... | | |
| CVE-2018-1458 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10,1, 10.5 and 11.1 could all... | | |
| CVE-2018-1459 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulne... | | |
| CVE-2018-1460 | IBM Netezza Platform Software (IBM PureData System for Analytics 1.0.0) could allow a local user to ... | E | |
| CVE-2018-1461 | IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1,... | | |
| CVE-2018-1462 | IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1,... | | |
| CVE-2018-1463 | IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1,... | | |
| CVE-2018-1464 | IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1,... | | |
| CVE-2018-1465 | IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1,... | | |
| CVE-2018-1466 | IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, ... | | |
| CVE-2018-1467 | The IBM Storwize V7000 Unified management Web interface 1.6 exposes internal cluster details to unau... | | |
| CVE-2018-1468 | IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sen... | S | |
| CVE-2018-1469 | IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to ... | S | |
| CVE-2018-1470 | IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote authenticated attacker to obtain ... | S | |
| CVE-2018-1471 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2018-1472 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2018-1473 | IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows use... | S | |
| CVE-2018-1474 | IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response splitt... | | |
| CVE-2018-1475 | IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a remote... | S | |
| CVE-2018-1476 | IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 discloses sensitive information to un... | | |
| CVE-2018-1478 | IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 could allow a remote attacker to hija... | | |
| CVE-2018-1479 | IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an att... | S | |
| CVE-2018-1480 | IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the 'HttpOnly' attribute... | | |
| CVE-2018-1481 | IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 stores sensitive information in URL p... | | |
| CVE-2018-1483 | IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows us... | S | |
| CVE-2018-1484 | IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the secure attribute on ... | | |
| CVE-2018-1485 | IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not renew a session variable aft... | | |
| CVE-2018-1487 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries ... | | |
| CVE-2018-1488 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1 is vulnerable to a b... | | |
| CVE-2018-1492 | IBM Jazz Foundation products could allow a user with physical access to the system to log in as anot... | | |
| CVE-2018-1494 | IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-s... | | |
| CVE-2018-1495 | IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access... | | |
| CVE-2018-1496 | IBM Content Navigator 2.0.3, 3.0.0, 3.0.1, 3.0.2, and 3.0.3 is vulnerable to cross-site scripting. T... | S | |
| CVE-2018-1498 | IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be rea... | | |
| CVE-2018-1501 | IBM Security Guardium 10.5, 10.6, and 11.0 could allow an unauthorized user to obtain sensitive info... | S | |
| CVE-2018-1502 | IBM Content Manager Enterprise Edition Resource Manager 8.4.3 and 9.5 is vulnerable to cross-site sc... | S | |
| CVE-2018-1503 | IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a remotely authenticated attacker to to send invalid ... | | |
| CVE-2018-1504 | IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to hijack the clicking action... | | |
| CVE-2018-1505 | IBM i2 Enterprise Insight Analysis 2.1.7 allows web pages to be stored locally which can be read by ... | | |
| CVE-2018-1507 | IBM DOORS Next Generation (DNG/RRC) 6.0.5 is vulnerable to cross-site scripting. This vulnerability ... | | |
| CVE-2018-1509 | IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This... | | |
| CVE-2018-1513 | IBM Sterling B2B Integrator Standard Edition 5.2.0 through 5.2.6 is vulnerable to cross-site scripti... | E | |
| CVE-2018-1514 | IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request for... | S | |
| CVE-2018-1515 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or u... | | |
| CVE-2018-1517 | A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an... | | |
| CVE-2018-1518 | IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that ... | S | |
| CVE-2018-1521 | IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scrip... | S | |
| CVE-2018-1522 | IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-si... | S | |
| CVE-2018-1523 | IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site sc... | S | |
| CVE-2018-1524 | IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a r... | S | |
| CVE-2018-1525 | IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to obtain sensitive informati... | | |
| CVE-2018-1528 | IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive ... | S | |
| CVE-2018-1529 | IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through 6.0.5 and IBM Rational Requirement... | S | |
| CVE-2018-1532 | IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, wh... | S | |
| CVE-2018-1533 | IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. This vulnerabi... | S | |
| CVE-2018-1534 | IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. This vulnerabi... | S | |
| CVE-2018-1535 | IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Softwa... | S | |
| CVE-2018-1536 | IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Softwa... | S | |
| CVE-2018-1539 | IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote... | | |
| CVE-2018-1541 | IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cross-site scripting. This vulnera... | S | |
| CVE-2018-1542 | IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console ... | S | |
| CVE-2018-1543 | IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused b... | | |
| CVE-2018-1544 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could al... | | |
| CVE-2018-1545 | IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographi... | | |
| CVE-2018-1546 | IBM API Connect information disclosure | | |
| CVE-2018-1547 | IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execut... | S | |
| CVE-2018-1548 | IBM API Connect 2018.1.0.0, 2018.2.1, 2018.2.2, 2018.2.3, and 2018.2.4 contains a vulnerability that... | | |
| CVE-2018-1549 | IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP response... | S | |
| CVE-2018-1550 | IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive info... | S | |
| CVE-2018-1551 | IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more ... | | |
| CVE-2018-1552 | IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to ex... | S | |
| CVE-2018-1553 | IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow a remote attacker to obtain s... | | |
| CVE-2018-1554 | IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows use... | S | |
| CVE-2018-1555 | IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. This vulnerabilit... | | |
| CVE-2018-1556 | IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. This vulnerabilit... | | |
| CVE-2018-1557 | IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-si... | S | |
| CVE-2018-1558 | IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerabl... | S | |
| CVE-2018-1560 | IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to c... | | |
| CVE-2018-1563 | IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) is vuln... | E S | |
| CVE-2018-1564 | IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow a local user with adminis... | S | |
| CVE-2018-1565 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could al... | | |
| CVE-2018-1566 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could al... | | |
| CVE-2018-1567 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbi... | S | |
| CVE-2018-1568 | IBM QRadar SIEM 7.2 and 7.3 allows web pages to be stored locally which can be read by another user ... | S | |
| CVE-2018-1571 | IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on ... | S | |
| CVE-2018-1583 | IBM StoredIQ 7.6 could allow an authenticated attacker to bypass certain security restrictions. By s... | | |
| CVE-2018-1584 | IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows use... | S | |
| CVE-2018-1585 | IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Softwa... | S | |
| CVE-2018-1587 | IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Softwa... | S | |
| CVE-2018-1588 | IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0... | | |
| CVE-2018-1593 | IBM Multi-Cloud Data Encryption (MDE) 2.1 could allow an unauthorized user to manipulate data due to... | | |
| CVE-2018-1595 | IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to e... | | |
| CVE-2018-1599 | IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to hijack the clicking action ... | S | |
| CVE-2018-1600 | IBM BigFix Platform 9.2 and 9.5 transmits sensitive or security-critical data in clear text in a com... | | |
| CVE-2018-1601 | IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-si... | S | |
| CVE-2018-1602 | IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-si... | S | |
| CVE-2018-1603 | IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-si... | S | |
| CVE-2018-1604 | IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-si... | S | |
| CVE-2018-1605 | IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-si... | S | |
| CVE-2018-1606 | IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.... | S | |
| CVE-2018-1607 | IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a... | | |
| CVE-2018-1608 | IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected cryptographic... | | |
| CVE-2018-1610 | IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-s... | | |
| CVE-2018-1612 | IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) could allow a remote attacker to bypass... | E S | |
| CVE-2018-1614 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML... | | |
| CVE-2018-1618 | IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote attacker to tr... | | |
| CVE-2018-1621 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear... | S | |
| CVE-2018-1622 | IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request... | | |
| CVE-2018-1623 | IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allows web pages to be stored local... | | |
| CVE-2018-1625 | IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 generates an error message that inc... | | |
| CVE-2018-1626 | IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable a... | | |
| CVE-2018-1630 | IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database... | | |
| CVE-2018-1631 | IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database... | | |
| CVE-2018-1632 | IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database... | | |
| CVE-2018-1633 | IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database... | | |
| CVE-2018-1634 | IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database... | | |
| CVE-2018-1635 | Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows ... | | |
| CVE-2018-1636 | Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows ... | | |
| CVE-2018-1638 | IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two Factor Authentication (TFA) wh... | | |
| CVE-2018-1639 | The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 through 6.0.6 could allow an ... | | |
| CVE-2018-1640 | IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote authenticated ... | | |
| CVE-2018-1643 | The Installation Verification Tool of IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vul... | S | |
| CVE-2018-1644 | IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 -... | | |
| CVE-2018-1647 | IBM QRadar Incident Forensics 7.2 and 7.3 does not properly restrict the size or amount of resources... | S | |
| CVE-2018-1648 | IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an a... | S | |
| CVE-2018-1649 | IBM QRadar Incident Forensics 7.2 and 7.3 could allow a remote attacker to traverse directories on t... | S | |
| CVE-2018-1650 | IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could allow an attacker to bypass the ... | S | |
| CVE-2018-1652 | IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, ... | S | |
| CVE-2018-1653 | IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable ... | S | |
| CVE-2018-1654 | IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attac... | S | |
| CVE-2018-1655 | IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to ex... | | |
| CVE-2018-1656 | The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Techn... | S | |
| CVE-2018-1657 | IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerabil... | S | |
| CVE-2018-1658 | IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerabl... | S | |
| CVE-2018-1659 | IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to c... | | |
| CVE-2018-1660 | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerabilit... | S | |
| CVE-2018-1661 | IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which ... | S | |
| CVE-2018-1663 | IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow a remote attacker to obtain se... | S | |
| CVE-2018-1664 | IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15... | | |
| CVE-2018-1665 | IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, ... | S | |
| CVE-2018-1666 | IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 throug... | | |
| CVE-2018-1667 | IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, ... | S | |
| CVE-2018-1668 | IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, ... | | |
| CVE-2018-1669 | IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15... | S | |
| CVE-2018-1670 | IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authentic... | S | |
| CVE-2018-1671 | IBM Curam Social Program Management 7.0.3 is vulnerable to HTML injection. A remote attacker could i... | S | |
| CVE-2018-1672 | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impe... | S | |
| CVE-2018-1673 | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerabilit... | S | |
| CVE-2018-1674 | IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL inj... | | |
| CVE-2018-1675 | IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could expose password hashes in st... | S | |
| CVE-2018-1676 | IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting. This vulnerability... | S | |
| CVE-2018-1677 | IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable... | S | |
| CVE-2018-1679 | IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow an unauthenticated user t... | S | |
| CVE-2018-1680 | IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should ... | | |
| CVE-2018-1682 | IBM Watson Studio Local 1.2.3 could disclose sensitive information over the network that an attacked... | S | |
| CVE-2018-1683 | IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive informati... | | |
| CVE-2018-1684 | IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can... | S | |
| CVE-2018-1685 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains... | | |
| CVE-2018-1686 | IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerabil... | S | |
| CVE-2018-1688 | IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerabl... | S | |
| CVE-2018-1690 | IBM Rhapsody Model Manager 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows us... | S | |
| CVE-2018-1691 | IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-si... | S | |
| CVE-2018-1692 | IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-si... | S | |
| CVE-2018-1694 | IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 thro... | S | |
| CVE-2018-1695 | IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a re... | S | |
| CVE-2018-1697 | IBM Maximo Asset Management 7.6 could allow an authenticated user to enumerate usernames using a spe... | | |
| CVE-2018-1698 | IBM Maximo Asset Management 7.6 through 7.6.3 could allow an unauthenticated attacker to obtain sens... | S | |
| CVE-2018-1699 | IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker coul... | S | |
| CVE-2018-1701 | IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions... | S | |
| CVE-2018-1702 | IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulne... | | |
| CVE-2018-1704 | IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could all... | | |
| CVE-2018-1705 | IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 contain a... | | |
| CVE-2018-1706 | IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows users... | S | |
| CVE-2018-1708 | IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to obtain sensitive user i... | S | |
| CVE-2018-1710 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm ... | | |
| CVE-2018-1711 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could al... | | |
| CVE-2018-1712 | IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forg... | | |
| CVE-2018-1715 | IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerabil... | S | |
| CVE-2018-1716 | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerabilit... | S | |
| CVE-2018-1718 | IBM Sterling B2B Integrator Standard Edition 5.2.0.1 - 5.2.6.3 is vulnerable to cross-site scripting... | | |
| CVE-2018-1719 | IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security under certa... | | |
| CVE-2018-1720 | IBM Sterling B2B Integrator Standard Edition 5.2.0.1, 5.2.6.3_6, 6.0.0.0, and 6.0.0.1 uses weaker th... | | |
| CVE-2018-1721 | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack whe... | S | |
| CVE-2018-1722 | IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Adv... | | |
| CVE-2018-1723 | IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileg... | S | |
| CVE-2018-1724 | IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user to change their job user at j... | S | |
| CVE-2018-1725 | IBM QRadar SIEM 7.3 and 7.4 n a multi tenant configuration could be vulnerable to information disclo... | | |
| CVE-2018-1727 | IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity I... | | |
| CVE-2018-1728 | IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users t... | S | |
| CVE-2018-1729 | IBM QRadar SIEM 7.3 discloses sensitive information to unauthorized users. The information can be us... | | |
| CVE-2018-1730 | IBM QRadar SIEM 7.2 and 7.3 is vulnerable to a XML External Entity Injection (XXE) attack when proce... | | |
| CVE-2018-1731 | IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.3 and 6.0 through 6.0.6 is vulnerable to cross-s... | S | |
| CVE-2018-1732 | IBM QRadar Advisor with Watson 1.14.0 discloses sensitive information to unauthorized users. The inf... | S | |
| CVE-2018-1733 | IBM QRadar SIEM 7.2 and 7.3 fails to adequately filter user-controlled input data for syntax that ha... | S | |
| CVE-2018-1734 | IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 discloses sensitive information ... | S | |
| CVE-2018-1736 | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attack... | S | |
| CVE-2018-1738 | IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly ... | S | |
| CVE-2018-1740 | IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable ... | S | |
| CVE-2018-1741 | IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 does not properly limit the number or frequency o... | S | |
| CVE-2018-1742 | IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a passwo... | S | |
| CVE-2018-1743 | IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses sensitive information to unauthorized u... | S | |
| CVE-2018-1744 | IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse ... | S | |
| CVE-2018-1745 | IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the SK... | S | |
| CVE-2018-1747 | IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Inj... | S | |
| CVE-2018-1749 | IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete blacklisting for input validation... | S | |
| CVE-2018-1750 | IBM Security Key Lifecycle Manager 3.0 specifies permissions for a security-critical resource in a w... | S | |
| CVE-2018-1751 | IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker than expected cryptographic algor... | | |
| CVE-2018-1753 | IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 generates an error message that includes sensitiv... | S | |
| CVE-2018-1755 | IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive informati... | S | |
| CVE-2018-1756 | IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. ... | E S | |
| CVE-2018-1757 | IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to obtai... | S | |
| CVE-2018-1758 | IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scri... | S | |
| CVE-2018-1759 | IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerabi... | S | |
| CVE-2018-1760 | IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scri... | S | |
| CVE-2018-1761 | IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerabilit... | | |
| CVE-2018-1762 | IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerab... | | |
| CVE-2018-1763 | IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerabi... | S | |
| CVE-2018-1764 | IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerabi... | S | |
| CVE-2018-1766 | IBM Team Concert (RTC) 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scriptin... | S | |
| CVE-2018-1767 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Cachemonitor is vulnerable to cross-site scr... | S | |
| CVE-2018-1768 | IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized ... | S | |
| CVE-2018-1770 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse di... | E S | |
| CVE-2018-1771 | IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a b... | S | |
| CVE-2018-1772 | IBM SPSS Analytic Server 3.1.1.1 is vulnerable to cross-site scripting. This vulnerability allows us... | | |
| CVE-2018-1773 | IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass futu... | S | |
| CVE-2018-1774 | IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the develop... | | |
| CVE-2018-1775 | IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versio... | | |
| CVE-2018-1777 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This ... | S | |
| CVE-2018-1778 | IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to byp... | S | |
| CVE-2018-1779 | IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of... | S | |
| CVE-2018-1780 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could al... | | |
| CVE-2018-1781 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could al... | | |
| CVE-2018-1782 | IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kerne... | | |
| CVE-2018-1783 | IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2) command line u... | S | |
| CVE-2018-1784 | IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the Lo... | S | |
| CVE-2018-1785 | IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographi... | | |
| CVE-2018-1786 | IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in ... | S | |
| CVE-2018-1787 | IBM Spectrum Protect 7.1 and 8.1 is affected by a password exposure vulnerability caused by insecure... | S | |
| CVE-2018-1788 | IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs t... | S | |
| CVE-2018-1789 | IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted requ... | S | |
| CVE-2018-1790 | IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2 is vulnerable to cro... | | |
| CVE-2018-1791 | IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by... | | |
| CVE-2018-1792 | IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0... | | |
| CVE-2018-1793 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using SAML ear is vulnerable to cross-site s... | S | |
| CVE-2018-1794 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using OAuth ear is vulnerable to cross-site ... | S | |
| CVE-2018-1795 | IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to cross-site sc... | S | |
| CVE-2018-1796 | IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libra... | | |
| CVE-2018-1797 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives (EBA) could... | S | |
| CVE-2018-1798 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This ... | S | |
| CVE-2018-1799 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could al... | | |
| CVE-2018-1800 | IBM Sterling B2B Integrator Standard Edition 5.2.6.0 and 6.2.6.1 could allow a local user to obtain ... | | |
| CVE-2018-1801 | IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM I... | S | |
| CVE-2018-1802 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries... | | |
| CVE-2018-1803 | IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a ... | S | |
| CVE-2018-1804 | IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set t... | S | |
| CVE-2018-1805 | IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 generates an e... | S | |
| CVE-2018-1808 | IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to in... | | |
| CVE-2018-1812 | IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to persistent cr... | S | |
| CVE-2018-1813 | IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses incomplet... | S | |
| CVE-2018-1814 | IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker th... | S | |
| CVE-2018-1815 | IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 for Enterprise... | S | |
| CVE-2018-1817 | IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows u... | | |
| CVE-2018-1818 | IBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptograph... | | |
| CVE-2018-1819 | IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3... | S | |
| CVE-2018-1820 | IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability all... | S | |
| CVE-2018-1821 | IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Enti... | E | |
| CVE-2018-1822 | IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requi... | S | |
| CVE-2018-1823 | IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerabi... | S | |
| CVE-2018-1824 | IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerabi... | S | |
| CVE-2018-1825 | IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerabi... | S | |
| CVE-2018-1826 | IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scri... | S | |
| CVE-2018-1827 | IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scri... | S | |
| CVE-2018-1828 | IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scri... | S | |
| CVE-2018-1829 | IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerabi... | S | |
| CVE-2018-1833 | IBM Event Streams 2018.3.0 could allow a remote attacker to submit an API request with a fake Host r... | | |
| CVE-2018-1834 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains... | | |
| CVE-2018-1835 | IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injectio... | M | |
| CVE-2018-1836 | IBM WebSphere MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.1.0.0, and 9.1.0.1 console is vulnerable to cross-sit... | S | |
| CVE-2018-1838 | IBM WebSphere Application Server 8.5 and 9.0 in IBM Cloud could allow a remote attacker to obtain se... | | |
| CVE-2018-1840 | IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileg... | S | |
| CVE-2018-1841 | IBM Cloud Private 2.1.0 could allow a local user to obtain the CA Private Key due to it being world ... | | |
| CVE-2018-1842 | IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace ... | S | |
| CVE-2018-1843 | The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure chan... | S | |
| CVE-2018-1844 | IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) a... | S | |
| CVE-2018-1845 | IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Inject... | S | |
| CVE-2018-1846 | IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to... | | |
| CVE-2018-1847 | IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) v2.0.0.0 through 2.0.0.5, v2.1.0.0 t... | | |
| CVE-2018-1848 | IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. This v... | S | |
| CVE-2018-1850 | IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administ... | | |
| CVE-2018-1851 | IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arb... | S | |
| CVE-2018-1853 | IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) could allow a remote attacker to hijac... | S | |
| CVE-2018-1857 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow a user to bypass ... | | |
| CVE-2018-1858 | IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allo... | S | |
| CVE-2018-1859 | IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with li... | S | |
| CVE-2018-1871 | IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is... | S | |
| CVE-2018-1872 | IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows use... | S | |
| CVE-2018-1874 | IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker wi... | S | |
| CVE-2018-1875 | IBM InfoSphere Information Governance Catalog 11.3, 11.5, and 11.7 could allow a remote attacker to ... | | |
| CVE-2018-1876 | IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the pa... | S | |
| CVE-2018-1877 | IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information ... | S | |
| CVE-2018-1878 | IBM Robotic Process Automation with Automation Anywhere 11 could disclose sensitive information in a... | S | |
| CVE-2018-1882 | In a certain atypical IBM Spectrum Protect 7.1 and 8.1 configurations, the node password could be di... | S | |
| CVE-2018-1883 | A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Console REST API Could allow att... | S | |
| CVE-2018-1884 | IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a "zip sl... | M | |
| CVE-2018-1885 | IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated att... | S | |
| CVE-2018-1886 | IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 discloses sens... | S | |
| CVE-2018-1887 | IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-... | S | |
| CVE-2018-1888 | An untrusted search path vulnerability in IBM i Access for Windows versions 7.1 and earlier on Windo... | S | |
| CVE-2018-1889 | IBM Security Guardium 10.0 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows... | | |
| CVE-2018-1890 | IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facili... | S | |
| CVE-2018-1891 | IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows u... | | |
| CVE-2018-1892 | IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scri... | S | |
| CVE-2018-1893 | IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scri... | S | |
| CVE-2018-1895 | IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This v... | | |
| CVE-2018-1896 | IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could ... | S | |
| CVE-2018-1897 | IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack bas... | S | |
| CVE-2018-1899 | IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an attacker to change one of the ... | | |
| CVE-2018-1900 | IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 is vulnerable to cross-sit... | S | |
| CVE-2018-1901 | IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to temporarily gain eleva... | S | |
| CVE-2018-1902 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to spoof conne... | S | |
| CVE-2018-1903 | IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo... | S | |
| CVE-2018-1904 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbi... | S | |
| CVE-2018-1905 | IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Inje... | M | |
| CVE-2018-1906 | IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download ... | | |
| CVE-2018-1908 | IBM Robotic Process Automation with Automation Anywhere 11 is vulnerable to cross-site scripting. Th... | S | |
| CVE-2018-1910 | IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. ... | S | |
| CVE-2018-1911 | IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.2 and 6.0 through 6.0.6 is vulnerable to cross-s... | S | |
| CVE-2018-1912 | IBM DOORS Next Generation (DNG/RRC) 6.0.2 through 6.0.6 is vulnerable to cross-site scripting. This ... | S | |
| CVE-2018-1913 | IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.3 and 6.0 through 6.0.6 is vulnerable to cross-s... | S | |
| CVE-2018-1914 | IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. ... | S | |
| CVE-2018-1916 | IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to ... | S | |
| CVE-2018-1917 | IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access J... | | |
| CVE-2018-1918 | IBM Jazz Reporting Service (JRS) 6.0.3, 6.0.4, 6.0.5, and 6.0.6 is vulnerable to cross-site scriptin... | S | |
| CVE-2018-1920 | IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) ... | | |
| CVE-2018-1921 | IBM Campaign 9.1.0, 9.1.2, 10.1, and 11.0 is vulnerable to cross-site scripting. This vulnerability ... | | |
| CVE-2018-1922 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affec... | S | |
| CVE-2018-1923 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affec... | S | |
| CVE-2018-1925 | IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that coul... | | |
| CVE-2018-1926 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site re... | S | |
| CVE-2018-1927 | IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execut... | | |
| CVE-2018-1928 | IBM StoredIQ 7.6.0 does not implement proper authorization of user roles due to which it was possibl... | | |
| CVE-2018-1929 | IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 could allow a malicious user to be allo... | S | |
| CVE-2018-1932 | IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability in the role-based access cont... | S | |
| CVE-2018-1933 | IBM Planning Analytics 2.0 through 2.0.6 is vulnerable to cross-site scripting. This vulnerability a... | | |
| CVE-2018-1934 | IBM Cognos Business Intelligence 10.2.2 is vulnerable to cross-site request forgery which could allo... | | |
| CVE-2018-1935 | IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information ... | S | |
| CVE-2018-1936 | IBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to a stack based buffer overflow, cause... | S | |
| CVE-2018-1937 | IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly ... | | |
| CVE-2018-1938 | IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly ... | | |
| CVE-2018-1939 | IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phishing attacks, using an open red... | | |
| CVE-2018-1941 | IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the applica... | S | |
| CVE-2018-1943 | IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper va... | S | |
| CVE-2018-1944 | IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance contains har... | S | |
| CVE-2018-1945 | IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance could allow ... | S | |
| CVE-2018-1946 | IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports int... | S | |
| CVE-2018-1947 | IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is vulnerabl... | S | |
| CVE-2018-1948 | IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set... | S | |
| CVE-2018-1949 | IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance discloses se... | S | |
| CVE-2018-1950 | IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance generates an... | S | |
| CVE-2018-1951 | IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerabil... | S | |
| CVE-2018-1952 | IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to ... | S | |
| CVE-2018-1956 | IBM Security Identity Manager 6.0.0 does not require that users should have strong passwords by defa... | S | |
| CVE-2018-1957 | IBM WebSphere Application Server 9 could allow sensitive information to be available caused by misha... | S | |
| CVE-2018-1959 | IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a pas... | S | |
| CVE-2018-1961 | IBM Emptoris Contract Management 10.0.0 and 10.1.3.0 could disclose sensitive information from detai... | | |
| CVE-2018-1962 | IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the lo... | S | |
| CVE-2018-1967 | IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows... | S | |
| CVE-2018-1968 | IBM Security Identity Manager 7.0.1 discloses sensitive information to unauthorized users. The infor... | S | |
| CVE-2018-1969 | IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous typ... | S | |
| CVE-2018-1970 | IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack wh... | S | |
| CVE-2018-1973 | IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access t... | S | |
| CVE-2018-1974 | IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileg... | S | |
| CVE-2018-1975 | IBM Rational DOORS Web Access 9.5.1 through 9.5.2.9, and 9.6 through 9.6.1.9 is vulnerable to cross-... | S | |
| CVE-2018-1976 | IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST A... | S | |
| CVE-2018-1977 | IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) contains a denial of service ... | S | |
| CVE-2018-1978 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulne... | S | |
| CVE-2018-1980 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulne... | S | |
| CVE-2018-1982 | IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerabilit... | | |
| CVE-2018-1983 | IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerabilit... | | |
| CVE-2018-1984 | IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerabilit... | | |
| CVE-2018-1985 | IBM Trusteer Rapport/Apex 3.6.1908.22 contains an unused legacy driver which could allow a user with... | | |
| CVE-2018-1987 | IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if tracing is activated, the IBM ... | | |
| CVE-2018-1990 | IBM Cloud App Management V2018.2.0, V2018.4.0, and V2018.4.1 could allow an attacker to obtain sensi... | S | |
| CVE-2018-1991 | IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide cri... | | |
| CVE-2018-1992 | The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and va... | | |
| CVE-2018-1993 | IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 where the use of Local Read O... | S | |
| CVE-2018-1994 | IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. A remote attacker co... | S | |
| CVE-2018-1996 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security,... | S | |
| CVE-2018-1997 | IBM Business Automation Workflow and Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 are v... | S | |
| CVE-2018-1998 | IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be execute... | S | |
| CVE-2018-1999 | IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could reveal sensitive version inf... | S |