| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2018-10000 | The Video Downloader professional extension before 2018-04-05 for Chrome has Universal XSS (UXSS) vi... | | |
| CVE-2018-10001 | The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers ... | | |
| CVE-2018-10016 | Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/e... | E | |
| CVE-2018-10017 | soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 allows remote attackers... | S | |
| CVE-2018-10018 | The GDASPAMLib.AntiSpam ActiveX control ASK\GDASpam.dll in G DATA Total Security 25.4.0.3 has a buff... | E | |
| CVE-2018-10021 | drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a de... | | |
| CVE-2018-10023 | Catfish CMS V4.7.21 allows XSS via the pinglun parameter to cat/index/index/pinglun (aka an authenti... | E | |
| CVE-2018-10024 | ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with the user credentials in cleart... | | |
| CVE-2018-10026 | The WeChat module in YzmCMS 3.7.1 has reflected XSS via the admin/module/init.html echostr parameter... | E | |
| CVE-2018-10027 | ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DL... | | |
| CVE-2018-10028 | joyplus-cms 1.6.0 allows remote attackers to obtain sensitive information via a direct request to th... | | |
| CVE-2018-10029 | CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name par... | E | |
| CVE-2018-10030 | CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php.... | E | |
| CVE-2018-10031 | CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.php.... | E | |
| CVE-2018-10032 | CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version ... | E | |
| CVE-2018-10033 | CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter.... | E | |
| CVE-2018-10048 | iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Admin Panel.... | E | |
| CVE-2018-10049 | iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDate parameter in the Admin Panel... | E | |
| CVE-2018-10050 | iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the A... | E | |
| CVE-2018-10051 | iScripts SupportDesk v4.3 has XSS via the staff/inteligentsearchresult.php txtinteligentsearch param... | E | |
| CVE-2018-10052 | iScripts SupportDesk v4.3 has XSS via the admin/inteligentsearchresult.php txtinteligentsearch param... | E | |
| CVE-2018-10054 | H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution beca... | E | |
| CVE-2018-10055 | Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorF... | S | |
| CVE-2018-10057 | The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote ... | E | |
| CVE-2018-10058 | The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote ... | E | |
| CVE-2018-10059 | Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_S... | E S | |
| CVE-2018-10060 | Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to us... | E S | |
| CVE-2018-10061 | Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES f... | E S | |
| CVE-2018-10063 | The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to Remote Command Execution using... | E | |
| CVE-2018-10066 | An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification... | E | |
| CVE-2018-10068 | The jDownloads extension before 3.2.59 for Joomla! has XSS.... | E S | |
| CVE-2018-10070 | A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust... | E | |
| CVE-2018-10071 | windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service... | E | |
| CVE-2018-10072 | windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service... | E | |
| CVE-2018-10073 | joyplus-cms 1.6.0 has XSS in manager/admin_vod.php via the keyword parameter.... | E | |
| CVE-2018-10074 | The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel be... | S | |
| CVE-2018-10075 | Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote ... | | |
| CVE-2018-10076 | An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnera... | | |
| CVE-2018-10077 | XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated ... | E | |
| CVE-2018-10078 | Cross-site scripting (XSS) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated... | E | |
| CVE-2018-10079 | Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\ProgramData\WatchDog Console directory, whic... | E | |
| CVE-2018-10080 | Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52_es_FRI01 allow DNS settings chang... | E | |
| CVE-2018-10081 | CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data va... | E | |
| CVE-2018-10082 | CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via an invalid /index.php?page= v... | E | |
| CVE-2018-10083 | CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file deletion vulnerability in the admin... | E | |
| CVE-2018-10084 | CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation vulnerability from ordinary us... | E | |
| CVE-2018-10085 | CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call in ... | E | |
| CVE-2018-10086 | CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execution vulnerability in the admi... | E | |
| CVE-2018-10087 | The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified arch... | S | |
| CVE-2018-10088 | Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vu... | E | |
| CVE-2018-10091 | AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow XSS.... | E | |
| CVE-2018-10092 | The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands ... | E S | |
| CVE-2018-10093 | AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.... | E | |
| CVE-2018-10094 | SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQ... | E S | |
| CVE-2018-10095 | Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject ... | S | |
| CVE-2018-10096 | joyplus-cms 1.6.0 has XSS via the device_name parameter in a manager/admin_ajax.php?action=save flag... | E | |
| CVE-2018-10097 | XSS exists in Domain Trader 2.5.3 via the recoverlogin.php email_address parameter.... | E | |
| CVE-2018-10098 | In MicroWorld eScan Internet Security Suite (ISS) for Business 14.0.1400.2029, the driver econceal.s... | | |
| CVE-2018-10099 | Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV down... | E S | |
| CVE-2018-10100 | Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if for... | S | |
| CVE-2018-10101 | Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same ... | S | |
| CVE-2018-10102 | Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and co... | S | |
| CVE-2018-10103 | tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).... | | |
| CVE-2018-10105 | tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).... | | |
| CVE-2018-10106 | D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have perm... | E | |
| CVE-2018-10107 | D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS ... | E | |
| CVE-2018-10108 | D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS ... | E | |
| CVE-2018-10109 | Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and... | E | |
| CVE-2018-10110 | D-Link DIR-615 T1 devices allow XSS via the Add User feature.... | E | |
| CVE-2018-10111 | An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-proces... | E | |
| CVE-2018-10112 | An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in b... | E | |
| CVE-2018-10113 | An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load... | E | |
| CVE-2018-10114 | An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buff... | E | |
| CVE-2018-10115 | Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of... | E | |
| CVE-2018-10117 | An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an adm... | E | |
| CVE-2018-10118 | Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/in... | E | |
| CVE-2018-10119 | sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrec... | S | |
| CVE-2018-10120 | The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1... | S | |
| CVE-2018-10121 | plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a stored XSS vulnerability when an attack... | E | |
| CVE-2018-10122 | QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka chanzhieps) pro1.6 allows remote atta... | E | |
| CVE-2018-10123 | p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitr... | E | |
| CVE-2018-10124 | The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspeci... | E S | |
| CVE-2018-10125 | Contao before 4.5.7 has XSS in the system log.... | | |
| CVE-2018-10126 | ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a N... | E | |
| CVE-2018-10127 | An issue was discovered in XYHCMS 3.5. It has CSRF via an index.php?g=Manage&m=Rbac&a=addUser reques... | | |
| CVE-2018-10128 | An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php.... | | |
| CVE-2018-10132 | PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulti... | E | |
| CVE-2018-10133 | PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Sit... | E | |
| CVE-2018-10135 | iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Pane... | E | |
| CVE-2018-10136 | iScripts UberforX 2.2 has Stored XSS in the "manage_settings" section of the Admin Panel via a value... | E | |
| CVE-2018-10137 | iScripts UberforX 2.2 has CSRF in the "manage_settings" section of the Admin Panel via the /cms?sect... | E | |
| CVE-2018-10138 | The CATALooK.netStore module through 7.2.8 for DNN (formerly DotNetNuke) allows XSS via the /ViewEdi... | E | |
| CVE-2018-10139 | The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-O... | | |
| CVE-2018-10140 | The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an auth... | | |
| CVE-2018-10141 | GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated ... | | |
| CVE-2018-10142 | The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate... | | |
| CVE-2018-10143 | The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated at... | E | |
| CVE-2018-10144 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-10145 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-10146 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-10147 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-10148 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-10149 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-10150 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-10151 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-10152 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-10153 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-10154 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-10155 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-10156 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-10157 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-10158 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-10159 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-10160 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-10161 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-10162 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-10163 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-10164 | Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller v... | E | |
| CVE-2018-10165 | Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller v... | E | |
| CVE-2018-10166 | The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windo... | E | |
| CVE-2018-10167 | The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Wi... | E | |
| CVE-2018-10168 | TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control priv... | E | |
| CVE-2018-10169 | ProtonVPN 1.3.3 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "Pr... | | |
| CVE-2018-10170 | NordVPN 6.12.7.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "n... | | |
| CVE-2018-10171 | Kromtech MacKeeper 3.20.4 suffers from a root privilege escalation vulnerability through its `com.ma... | | |
| CVE-2018-10172 | 7-Zip through 18.01 on Windows implements the "Large memory pages" option by calling the LsaAddAccou... | | |
| CVE-2018-10173 | Digital Guardian Management Console 7.1.2.0015 allows authenticated remote code execution because of... | E | |
| CVE-2018-10174 | Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to rea... | | |
| CVE-2018-10175 | Digital Guardian Management Console 7.1.2.0015 has an XXE issue.... | | |
| CVE-2018-10176 | Digital Guardian Management Console 7.1.2.0015 has a Directory Traversal issue.... | E | |
| CVE-2018-10177 | In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png... | E | |
| CVE-2018-10178 | The FromDocToPDF extension before 13.611.13.2303 for Chrome allows remote attackers to discover visi... | E | |
| CVE-2018-10183 | An issue was discovered in BigTree 4.2.22. There is cross-site scripting (XSS) in /core/inc/lib/less... | E | |
| CVE-2018-10184 | An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against th... | | |
| CVE-2018-10185 | An issue was discovered in TuziCMS v2.0.6. There is a CSRF vulnerability that can add an admin accou... | E | |
| CVE-2018-10186 | In radare2 2.5.0, there is a heap-based buffer over-read in the r_hex_bin2str function (libr/util/he... | E | |
| CVE-2018-10187 | In radare2 2.5.0, there is a heap-based buffer over-read in the dalvik_op function (libr/anal/p/anal... | E | |
| CVE-2018-10188 | phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, ... | E | |
| CVE-2018-10189 | An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulat... | | |
| CVE-2018-10190 | A vulnerability in London Trust Media Private Internet Access (PIA) VPN Client v77 for Windows could... | | |
| CVE-2018-10191 | In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec(... | E S | |
| CVE-2018-10192 | IPVanish 3.0.11 for macOS suffers from a root privilege escalation vulnerability. The `com.ipvanish.... | | |
| CVE-2018-10193 | LogMeIn LastPass through 4.15.0 allows remote attackers to cause a denial of service (browser hang) ... | E | |
| CVE-2018-10194 | The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Gho... | | |
| CVE-2018-10195 | lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect lengt... | | |
| CVE-2018-10196 | NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the do... | S | |
| CVE-2018-10197 | There is a time-based blind SQL injection vulnerability in the Access Manager component before 9.18.... | E | |
| CVE-2018-10198 | An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a custome... | S | |
| CVE-2018-10199 | In versions of mruby up to and including 1.4.0, a use-after-free vulnerability exists in src/io.c::F... | S | |
| CVE-2018-10201 | An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and ... | E | |
| CVE-2018-10204 | PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "sevpnclie... | | |
| CVE-2018-10205 | hyperstart 1.0.0 in HyperHQ Hyper has memory leaks in the container_setup_modules and hyper_rescan_s... | | |
| CVE-2018-10206 | An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS via the op... | | |
| CVE-2018-10207 | An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. An attacker can exploit Missin... | | |
| CVE-2018-10208 | An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is anonymous reflected X... | | |
| CVE-2018-10209 | An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS on the fil... | | |
| CVE-2018-10210 | An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is possib... | | |
| CVE-2018-10211 | An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorizatio... | | |
| CVE-2018-10212 | An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorizatio... | | |
| CVE-2018-10213 | An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is XSS in invitation mai... | | |
| CVE-2018-10219 | baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request.... | | |
| CVE-2018-10220 | Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. NOTE: the vendor indicates ... | E | |
| CVE-2018-10221 | An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal ... | E | |
| CVE-2018-10222 | An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column... | E | |
| CVE-2018-10223 | An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add an admin account v... | E | |
| CVE-2018-10224 | An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add a tag via /index.p... | E | |
| CVE-2018-10225 | thinkphp 3.1.3 has SQL Injection via the index.php s parameter.... | | |
| CVE-2018-10227 | MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link parameter.... | E | |
| CVE-2018-10228 | Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.... | | |
| CVE-2018-10229 | A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural at... | | |
| CVE-2018-10230 | Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455.... | | |
| CVE-2018-10231 | Cross-site scripting (XSS) vulnerability in TOPdesk before 8.05.017 (June 2018 version) and before 5... | | |
| CVE-2018-10232 | Cross-site request forgery (CSRF) vulnerability in TOPdesk before 8.05.017 (June 2018 version) and b... | | |
| CVE-2018-10233 | The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented again... | | |
| CVE-2018-10234 | Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for ... | E | |
| CVE-2018-10235 | POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\contro... | E | |
| CVE-2018-10236 | POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP code via the diy\dayrui\controllers\a... | E | |
| CVE-2018-10237 | Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers ... | S | |
| CVE-2018-10238 | bvlc.c in skarg BACnet Protocol Stack bacserv 0.9.1 and 0.8.5 is affected by a Buffer Overflow becau... | S | |
| CVE-2018-10239 | A privilege escalation vulnerability in the "support access" feature on Infoblox NIOS 6.8 through 8.... | | |
| CVE-2018-10240 | SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token tha... | | |
| CVE-2018-10241 | A denial of service vulnerability in SolarWinds Serv-U before 15.1.6 HFv1 allows an authenticated us... | E | |
| CVE-2018-10242 | Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can... | | |
| CVE-2018-10243 | htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allows remote attackers to cause a ... | | |
| CVE-2018-10244 | Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can ca... | | |
| CVE-2018-10245 | A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where th... | E | |
| CVE-2018-10248 | An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can delete any articl... | E | |
| CVE-2018-10249 | baijiacms V3 has CSRF via index.php?mod=site&op=edituser&name=manager&do=user to add an administrato... | E | |
| CVE-2018-10250 | iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat... | E | |
| CVE-2018-10251 | A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware befo... | M | |
| CVE-2018-10252 | An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices. The admin login session coo... | | |
| CVE-2018-10253 | Paessler PRTG Network Monitor before 18.1.39.1648 mishandles stack memory during unspecified API cal... | E | |
| CVE-2018-10254 | Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disas... | E | |
| CVE-2018-10255 | A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a use... | E | |
| CVE-2018-10256 | A SQL Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user wi... | E | |
| CVE-2018-10257 | A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user wi... | E | |
| CVE-2018-10258 | A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low... | E | |
| CVE-2018-10259 | An Authenticated Stored XSS vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable b... | E | |
| CVE-2018-10260 | A Local File Inclusion vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a l... | E | |
| CVE-2018-10265 | An issue was discovered in HongCMS v3.0.0. There is a CSRF vulnerability that can add an administrat... | | |
| CVE-2018-10266 | BEESCMS 4.0 has a CSRF vulnerability to add an administrator account via the admin/admin_admin.php?n... | | |
| CVE-2018-10267 | WTCMS 1.0 has a CSRF vulnerability to add an administrator account via the index.php?admin&m=user&a=... | E | |
| CVE-2018-10268 | An issue was discovered in FastAdmin V1.0.0.20180417_beta. There is XSS via the application\api\cont... | E | |
| CVE-2018-10283 | CliqueMania loja virtual 14 has SQL Injection via the patch/remote.php id parameter in a recomendar ... | E | |
| CVE-2018-10284 | Adaltech G-Ticket v70 EME104 has SQL Injection via the mobile-loja/mensagem.asp eve_cod parameter.... | E | |
| CVE-2018-10285 | The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the ... | E | |
| CVE-2018-10286 | The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admi... | E | |
| CVE-2018-10289 | In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file.... | E | |
| CVE-2018-10294 | Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS.... | | |
| CVE-2018-10295 | ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add an administrator account.... | E | |
| CVE-2018-10296 | MiniCMS V1.10 has XSS via the mc-admin/post-edit.php title parameter.... | | |
| CVE-2018-10297 | Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related ... | E | |
| CVE-2018-10298 | Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/... | E | |
| CVE-2018-10299 | An integer overflow in the batchTransfer function of a smart contract implementation for Beauty Ecos... | E | |
| CVE-2018-10300 | Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 for... | | |
| CVE-2018-10301 | Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 Pre... | | |
| CVE-2018-10302 | A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to exe... | | |
| CVE-2018-10303 | A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to exe... | | |
| CVE-2018-10305 | The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does... | | |
| CVE-2018-10306 | Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInp... | S | |
| CVE-2018-10307 | error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception.... | S | |
| CVE-2018-10309 | The Responsive Cookie Consent plugin before 1.8 for WordPress mishandles number fields, leading to X... | E | |
| CVE-2018-10310 | A persistent cross-site scripting vulnerability has been identified in the web interface of the Cata... | E | |
| CVE-2018-10311 | A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attack... | E | |
| CVE-2018-10312 | index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common memb... | E | |
| CVE-2018-10313 | WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f... | E | |
| CVE-2018-10314 | Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to in... | E | |
| CVE-2018-10316 | Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm... | E | |
| CVE-2018-10318 | Frog CMS 0.9.5 has XSS via the admin/?/page/edit page[keywords] parameter, aka Edit Page Metadata.... | E | |
| CVE-2018-10319 | Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit snippet[name] parameter, aka Edit Snippet.... | E | |
| CVE-2018-10320 | Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layout[name] parameter, aka Edit Layout.... | E | |
| CVE-2018-10321 | Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings.... | E | |
| CVE-2018-10322 | The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 a... | E S | |
| CVE-2018-10323 | The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.... | E S | |
| CVE-2018-10326 | PrinterOn Enterprise 4.1.3 suffers from multiple authenticated stored XSS vulnerabilities via the (1... | E | |
| CVE-2018-10327 | PrinterOn Enterprise 4.1.3 stores the Active Directory bind credentials using base64 encoding, which... | E | |
| CVE-2018-10328 | Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, wh... | | |
| CVE-2018-10329 | app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac ... | | |
| CVE-2018-10330 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-10331 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-10332 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-10333 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-10334 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-10335 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-10336 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-10337 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-10338 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-10339 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-10340 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-10341 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-10342 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-10343 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-10344 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-10345 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-10346 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-10347 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-10348 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-10349 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-10350 | A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalo... | | |
| CVE-2018-10351 | A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute... | | |
| CVE-2018-10352 | A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute... | | |
| CVE-2018-10353 | A SQL injection information disclosure vulnerability in Trend Micro Email Encryption Gateway 5.5 cou... | | |
| CVE-2018-10354 | A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5... | | |
| CVE-2018-10355 | An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an ... | | |
| CVE-2018-10356 | A SQL injection remote code execution vulnerability in Trend Micro Email Encryption Gateway 5.5 coul... | | |
| CVE-2018-10357 | A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a re... | | |
| CVE-2018-10358 | A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could... | S | |
| CVE-2018-10359 | A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could... | S | |
| CVE-2018-10360 | The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a... | S | |
| CVE-2018-10361 | An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files i... | | |
| CVE-2018-10362 | An issue was discovered in phpLiteAdmin 1.9.5 through 1.9.7.1. Due to loose comparison with '==' ins... | | |
| CVE-2018-10363 | An issue was discovered in the WpDevArt "Booking calendar, Appointment Booking System" plugin 2.2.2 ... | | |
| CVE-2018-10364 | BigTree before 4.2.22 has XSS in the Users management page via the name or company field.... | S | |
| CVE-2018-10365 | An XSS issue was discovered in the Threads to Link plugin 1.3 for MyBB. When editing a thread, the u... | E | |
| CVE-2018-10366 | An issue was discovered in the Users (aka Front-end user management) plugin 1.4.5 for October CMS. X... | E S | |
| CVE-2018-10367 | An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the ti... | E | |
| CVE-2018-10368 | An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> System Announcement" feature ha... | E | |
| CVE-2018-10369 | A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An at... | | |
| CVE-2018-10371 | An issue was discovered in the wunderfarm WF Cookie Consent plugin 1.1.3 for WordPress. A persistent... | E | |
| CVE-2018-10372 | process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of ser... | E | |
| CVE-2018-10373 | concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed... | | |
| CVE-2018-10374 | EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/searc... | E | |
| CVE-2018-10375 | A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2, whi... | | |
| CVE-2018-10376 | An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (... | E | |
| CVE-2018-10377 | PortSwigger Burp Suite before 1.7.34 has Improper Certificate Validation of the Collaborator server ... | | |
| CVE-2018-10379 | An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, ... | | |
| CVE-2018-10380 | kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files v... | S | |
| CVE-2018-10381 | TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the ... | | |
| CVE-2018-10382 | MODX Revolution 2.6.3 has XSS.... | S | |
| CVE-2018-10383 | Lantronix SecureLinx Spider (SLS) 2.2+ devices have XSS in the auth.asp login page.... | | |
| CVE-2018-10387 | Heap-based overflow vulnerability in TFTP Server SP 1.66 and earlier allows remote attackers to perf... | S | |
| CVE-2018-10388 | Format string vulnerability in the logMess function in TFTP Server SP 1.66 and earlier allows remote... | S | |
| CVE-2018-10389 | Format string vulnerability in the logMess function in TFTP Server MT 1.65 and earlier allows remote... | S | |
| CVE-2018-10391 | An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=... | E | |
| CVE-2018-10392 | mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels,... | E | |
| CVE-2018-10393 | bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.... | | |
| CVE-2018-10403 | An issue was discovered in F-Secure XFENCE and Little Flocker. A maliciously crafted Universal/fat b... | E | |
| CVE-2018-10404 | An issue was discovered in Objective-See KnockKnock, LuLu, TaskExplorer, WhatsYourSign, and procInfo... | E | |
| CVE-2018-10405 | An issue was discovered in Google Santa and molcodesignchecker. A maliciously crafted Universal/fat ... | E | |
| CVE-2018-10406 | An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade t... | E | |
| CVE-2018-10407 | An issue was discovered in Carbon Black Cb Response. A maliciously crafted Universal/fat binary can ... | | |
| CVE-2018-10408 | An issue was discovered in VirusTotal. A maliciously crafted Universal/fat binary can evade third-pa... | E | |
| CVE-2018-10422 | An issue was discovered in HongCMS 3.0.0. The post news feature has Stored XSS via the content field... | E | |
| CVE-2018-10423 | mc-admin/post.php in MiniCMS 1.10 allows remote attackers to obtain a directory listing of the top-l... | E | |
| CVE-2018-10424 | mc-admin/post-edit.php in MiniCMS 1.10 allows full path disclosure via a modified id field.... | E | |
| CVE-2018-10425 | An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, an... | E | |
| CVE-2018-10428 | ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in paramete... | E | |
| CVE-2018-10429 | Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the... | E | |
| CVE-2018-10430 | An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a Stored XSS Vulnerability in t... | E | |
| CVE-2018-10431 | D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field... | E | |
| CVE-2018-10432 | Pexip Infinity before 18 allows Remote Denial of Service (TLS handshakes in RTMP).... | | |
| CVE-2018-10465 | Jamf Pro 10.x before 10.3.0 has Incorrect Access Control. Jamf Pro user accounts and groups with acc... | | |
| CVE-2018-10466 | Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection.... | | |
| CVE-2018-10468 | The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Et... | E | |
| CVE-2018-10469 | b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via... | E | |
| CVE-2018-10470 | Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without ... | | |
| CVE-2018-10471 | An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of se... | M | |
| CVE-2018-10472 | An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurat... | M | |
| CVE-2018-10473 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-10474 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-10475 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2018-10476 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2018-10477 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-10478 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2018-10479 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2018-10480 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2018-10481 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2018-10482 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2018-10483 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-10484 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-10485 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2018-10486 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2018-10487 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2018-10488 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-10489 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-10490 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-10491 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-10492 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2018-10493 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2018-10494 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-10495 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-10496 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | | |
| CVE-2018-10497 | This vulnerability allows local attackers to escalate privileges on vulnerable installations of Sams... | | |
| CVE-2018-10498 | This vulnerability allows local attackers to disclose sensitive information on vulnerable installati... | | |
| CVE-2018-10499 | This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of S... | | |
| CVE-2018-10500 | This vulnerability allows local attackers to escalate privileges on vulnerable installations of Sams... | | |
| CVE-2018-10501 | This vulnerability allows local attackers to escalate privileges on vulnerable installations of Sams... | | |
| CVE-2018-10502 | This vulnerability allows local attackers to escalate privileges on vulnerable installations of Sams... | | |
| CVE-2018-10503 | An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an administ... | E | |
| CVE-2018-10504 | The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection.... | E | |
| CVE-2018-10505 | A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could... | S | |
| CVE-2018-10506 | A out-of-bounds read information disclosure vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG ... | S | |
| CVE-2018-10507 | A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of... | E S | |
| CVE-2018-10508 | A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially ... | S | |
| CVE-2018-10509 | A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a... | | |
| CVE-2018-10510 | A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6... | S | |
| CVE-2018-10511 | A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to con... | S | |
| CVE-2018-10512 | A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to man... | S | |
| CVE-2018-10513 | A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 ... | | |
| CVE-2018-10514 | A Missing Impersonation Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) p... | | |
| CVE-2018-10515 | In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contain... | E | |
| CVE-2018-10516 | In CMS Made Simple (CMSMS) through 2.2.7, the "file rename" operation in the admin dashboard contain... | E | |
| CVE-2018-10517 | In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard conta... | E | |
| CVE-2018-10518 | In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation in the admin dashboard contain... | E | |
| CVE-2018-10519 | CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to ad... | E | |
| CVE-2018-10520 | In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation in the admin dashboard conta... | E | |
| CVE-2018-10521 | In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains ... | E | |
| CVE-2018-10522 | In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in the admin dashboard contains ... | E | |
| CVE-2018-10523 | CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage Vulnerability via /modules/De... | E | |
| CVE-2018-10527 | EasyCMS 1.3 is prone to Stored XSS when posting an article; four fields are affected: title, keyword... | E | |
| CVE-2018-10528 | An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char fun... | S | |
| CVE-2018-10529 | An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property ... | S | |
| CVE-2018-10531 | An issue was discovered in the America's Army Proving Grounds platform for the Unreal Engine. With a... | E | |
| CVE-2018-10532 | An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 devices. Hardcoded root SSH crede... | E M | |
| CVE-2018-10534 | The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (B... | | |
| CVE-2018-10535 | The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), a... | | |
| CVE-2018-10536 | An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerabil... | S | |
| CVE-2018-10537 | An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerabil... | S | |
| CVE-2018-10538 | An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur b... | E S | |
| CVE-2018-10539 | An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occu... | E S | |
| CVE-2018-10540 | An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur b... | E S | |
| CVE-2018-10544 | Meross MSS110 devices through 1.1.24 contain an unauthenticated admin.htm administrative interface.... | E | |
| CVE-2018-10545 | An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x be... | S | |
| CVE-2018-10546 | An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x be... | S | |
| CVE-2018-10547 | An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x b... | S | |
| CVE-2018-10548 | An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x be... | S | |
| CVE-2018-10549 | An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x be... | S | |
| CVE-2018-10550 | In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against th... | | |
| CVE-2018-10553 | An issue was discovered in Nagios XI 5.4.13. A registered user is able to use directory traversal to... | | |
| CVE-2018-10554 | An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule N... | E | |
| CVE-2018-10561 | An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply b... | KEV E | |
| CVE-2018-10562 | An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host pa... | KEV E | |
| CVE-2018-10563 | An XSS in Flexense SyncBreeze affects all versions (tested from SyncBreeze Enterprise from v10.1 to ... | | |
| CVE-2018-10564 | XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7.... | | |
| CVE-2018-10565 | XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7.... | | |
| CVE-2018-10566 | XSS exists in Flexense DupScout Enterprise from v10.0.18 to v10.7.... | | |
| CVE-2018-10567 | XSS exists in Flexense VX Search Enterprise from v10.1.12 to v10.7.... | | |
| CVE-2018-10568 | XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7.... | | |
| CVE-2018-10569 | An issue was discovered in Edimax EW-7438RPn Mini v2 before version 1.26. There is XSS in an SSID fi... | | |
| CVE-2018-10570 | Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field.... | E | |
| CVE-2018-10571 | Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenEMR before 5.0.1 allow remote a... | S | |
| CVE-2018-10572 | interface/patient_file/letter.php in OpenEMR before 5.0.1 allows remote authenticated users to bypas... | E S | |
| CVE-2018-10573 | interface/fax/fax_dispatch.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass i... | E S | |
| CVE-2018-10574 | site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and ... | E S | |
| CVE-2018-10575 | An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15.... | E | |
| CVE-2018-10576 | An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15.... | E | |
| CVE-2018-10577 | An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15,... | E | |
| CVE-2018-10578 | An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15,... | | |
| CVE-2018-10580 | The "Latest Posts on Profile" plugin 1.1 for MyBB has XSS because there is an added section in a use... | E | |
| CVE-2018-10581 | In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable ... | E | |
| CVE-2018-10583 | An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4... | E M | |
| CVE-2018-10585 | Pexip Infinity before 18 allows remote Denial of Service (XML parsing).... | | |
| CVE-2018-10586 | NetGain Enterprise Manager (EM) is affected by multiple Stored Cross-Site Scripting (XSS) vulnerabil... | | |
| CVE-2018-10587 | NetGain Enterprise Manager (EM) is affected by OS Command Injection vulnerabilities in versions befo... | | |
| CVE-2018-10589 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc... | | |
| CVE-2018-10590 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc... | | |
| CVE-2018-10591 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc... | | |
| CVE-2018-10592 | Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU contr... | | |
| CVE-2018-10593 | A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous... | | |
| CVE-2018-10594 | Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying ... | E | |
| CVE-2018-10595 | A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a pri... | | |
| CVE-2018-10596 | Medtronic 2090 Carelink Programmer Improper Restriction of Communication Channel to Intended Endpoints | M | |
| CVE-2018-10597 | IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, Inte... | | |
| CVE-2018-10598 | CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has two out-of-bounds read vulne... | M | |
| CVE-2018-10599 | IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, Inte... | | |
| CVE-2018-10600 | SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XM... | | |
| CVE-2018-10601 | IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, Inte... | | |
| CVE-2018-10602 | WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vulnerabilitie... | | |
| CVE-2018-10603 | Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perfor... | | |
| CVE-2018-10604 | SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, whi... | | |
| CVE-2018-10605 | Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/uplo... | M | |
| CVE-2018-10606 | WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple heap-based buffer overflow vulnerabilities... | | |
| CVE-2018-10607 | Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow the cre... | | |
| CVE-2018-10608 | SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited when the AcSELerator Architect... | | |
| CVE-2018-10609 | Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow imprope... | | |
| CVE-2018-10610 | An out-of-bounds vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the ... | | |
| CVE-2018-10611 | Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise versio... | | |
| CVE-2018-10612 | In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user acce... | | |
| CVE-2018-10613 | Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host ... | | |
| CVE-2018-10614 | An XXE vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the applicatio... | | |
| CVE-2018-10615 | Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS Pu... | | |
| CVE-2018-10616 | ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an... | | |
| CVE-2018-10617 | Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-len... | | |
| CVE-2018-10618 | Davolink DVW-3200N all version prior to Version 1.00.06. The device generates a weak password hash t... | E M | |
| CVE-2018-10619 | An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx... | E | |
| CVE-2018-10620 | AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 ... | E | |
| CVE-2018-10621 | Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-len... | | |
| CVE-2018-10622 | Medtronic MyCareLink 24950 Patient Monitor Storing Passwords in a Recoverable Format | M | |
| CVE-2018-10623 | Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operat... | | |
| CVE-2018-10624 | Johnson Controls Metasys and BCPro Generation of Error Message Containing Sensitive Information | S | |
| CVE-2018-10626 | Medtronic MyCareLink 24950 Patient Monitor Insufficient Verification of Data Authenticity | M | |
| CVE-2018-10627 | Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 ... | | |
| CVE-2018-10628 | AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 ... | S | |
| CVE-2018-10630 | For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The de... | S | |
| CVE-2018-10631 | Medtronic N'Vision Clinician Programmer Missing Encryption of Sensitive Data | M | |
| CVE-2018-10632 | In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and prior, the amount of resources re... | | |
| CVE-2018-10633 | Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 utilizes hard-coded credenti... | M | |
| CVE-2018-10634 | Medtronic MiniMed MMT-500/MMT-503 Remote Controllers Cleartext Transmission of Sensitive Information | M | |
| CVE-2018-10635 | In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003... | M | |
| CVE-2018-10636 | CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer ... | M | |
| CVE-2018-10637 | A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to exec... | | |
| CVE-2018-10641 | D-Link DIR-601 A1 1.02NA devices do not require the old password for a password change, which occurs... | E | |
| CVE-2018-10642 | Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to ... | E | |
| CVE-2018-10645 | Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM privilege escalation vulnerability... | | |
| CVE-2018-10646 | CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege escalation vulnerability through t... | | |
| CVE-2018-10647 | SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "SaferVPN... | | |
| CVE-2018-10648 | There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and... | | |
| CVE-2018-10649 | There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3.... | | |
| CVE-2018-10650 | There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 an... | | |
| CVE-2018-10651 | There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before R... | | |
| CVE-2018-10652 | There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3.... | | |
| CVE-2018-10653 | There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 befor... | | |
| CVE-2018-10654 | There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 befo... | | |
| CVE-2018-10655 | DLPnpAuditor.exe in DeviceLock Plug and Play Auditor (freeware) 5.72 has a Unicode Buffer Overflow (... | E | |
| CVE-2018-10657 | Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected wi... | S | |
| CVE-2018-10658 | There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a ... | E | |
| CVE-2018-10659 | There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows re... | E | |
| CVE-2018-10660 | An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.... | E | |
| CVE-2018-10661 | An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.... | E | |
| CVE-2018-10662 | An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interfac... | E | |
| CVE-2018-10663 | An issue was discovered in multiple models of Axis IP Cameras. There is an Incorrect Size Calculatio... | E | |
| CVE-2018-10664 | An issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory ... | E | |
| CVE-2018-10665 | ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-par... | S | |
| CVE-2018-10666 | The Owned smart contract implementation for Aurora IDEX Membership (IDXM), an Ethereum ERC20 token, ... | | |
| CVE-2018-10675 | The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users... | S | |
| CVE-2018-10676 | CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR devices allow remote attackers to... | E | |
| CVE-2018-10677 | The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 lacks certain checks against width an... | E S | |
| CVE-2018-10678 | MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target="_blank" rel="noopener"' in A ele... | | |
| CVE-2018-10680 | Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who ... | E | |
| CVE-2018-10682 | An issue was discovered in WildFly 10.1.2.Final. It is possible for an attacker to access the admini... | E | |
| CVE-2018-10683 | An issue was discovered in WildFly 10.1.2.Final. In the case of a default installation without a sec... | E | |
| CVE-2018-10685 | In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the lzma_decompress_buf function o... | E | |
| CVE-2018-10686 | An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST['path'... | E | |
| CVE-2018-10689 | blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overf... | S | |
| CVE-2018-10690 | An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thu... | E | |
| CVE-2018-10691 | An issue was discovered on Moxa AWK-3121 1.14 devices. It is intended that an administrator can down... | E | |
| CVE-2018-10692 | An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie "Password508" does not hav... | E | |
| CVE-2018-10693 | An issue was discovered on Moxa AWK-3121 1.14 devices. It provides ping functionality so that an adm... | E | |
| CVE-2018-10694 | An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a Wi-Fi connection that i... | E | |
| CVE-2018-10695 | An issue was discovered on Moxa AWK-3121 1.14 devices. It provides alert functionality so that an ad... | E | |
| CVE-2018-10696 | An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow ... | E | |
| CVE-2018-10697 | An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping functionality... | E | |
| CVE-2018-10698 | An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET serv... | E | |
| CVE-2018-10699 | An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides certfile upload fu... | E | |
| CVE-2018-10700 | An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administ... | E | |
| CVE-2018-10701 | An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administ... | E | |
| CVE-2018-10702 | An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administ... | E | |
| CVE-2018-10703 | An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administ... | E | |
| CVE-2018-10704 | yidashi yii2cmf 2.0 has XSS via the /search q parameter.... | E | |
| CVE-2018-10705 | The Owned smart contract implementation for Aurora DAO (AURA), an Ethereum ERC20 token, allows attac... | E | |
| CVE-2018-10706 | An integer overflow in the transferMulti function of a smart contract implementation for Social Chai... | E | |
| CVE-2018-10709 | The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning be... | E | |
| CVE-2018-10710 | The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning be... | E | |
| CVE-2018-10711 | The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning be... | E | |
| CVE-2018-10712 | The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning be... | E | |
| CVE-2018-10713 | An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long bu... | E | |
| CVE-2018-10716 | An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, an... | E | |
| CVE-2018-10717 | The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not consider the bounds of the p... | E S | |
| CVE-2018-10718 | Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04... | E | |
| CVE-2018-10722 | In Cylance CylancePROTECT before 1470, an unprivileged local user can obtain SYSTEM privileges becau... | E | |
| CVE-2018-10723 | Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement i... | E | |
| CVE-2018-10726 | A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an "Edit page" action. NOTE: the... | E | |
| CVE-2018-10727 | Reflected Cross-Site Scripting (XSS) vulnerability in the fabrik_referrer hidden field in the Fabrik... | E | |
| CVE-2018-10728 | All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33... | S | |
| CVE-2018-10729 | All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33... | S | |
| CVE-2018-10730 | All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33... | S | |
| CVE-2018-10731 | All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33... | S | |
| CVE-2018-10732 | The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.... | | |
| CVE-2018-10733 | There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps ... | E S | |
| CVE-2018-10734 | KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a backdoor that prints the login passwo... | E | |
| CVE-2018-10735 | A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname ... | E | |
| CVE-2018-10736 | A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 paramete... | E | |
| CVE-2018-10737 | A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch ... | E | |
| CVE-2018-10738 | A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1... | E | |
| CVE-2018-10739 | An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe allows local users to... | E | |
| CVE-2018-10740 | Axublog 1.1.0 allows remote Code Execution as demonstrated by injection of PHP code (contained in th... | E | |
| CVE-2018-10746 | An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long bu... | E | |
| CVE-2018-10747 | An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long bu... | E | |
| CVE-2018-10748 | An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long bu... | E | |
| CVE-2018-10749 | An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long bu... | E | |
| CVE-2018-10750 | An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long bu... | E | |
| CVE-2018-10751 | A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when proc... | E | |
| CVE-2018-10752 | The Tagregator plugin 0.6 for WordPress has stored XSS via the title field in an Add New action.... | E | |
| CVE-2018-10753 | Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 all... | | |
| CVE-2018-10754 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-10755 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is not a... | R | |
| CVE-2018-10756 | Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to c... | E S | |
| CVE-2018-10757 | CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafte... | E S | |
| CVE-2018-10758 | The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action that can delete articles.... | E | |
| CVE-2018-10759 | PHP remote file inclusion vulnerability in public/patch/patch.php in Project Pier 0.8.8 and earlier ... | | |
| CVE-2018-10760 | Unrestricted file upload vulnerability in the Files plugin in ProjectPier 0.88 and earlier allows re... | | |
| CVE-2018-10761 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2018-10762 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2018-10763 | Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1... | E | |
| CVE-2018-10767 | There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_ty... | E | |
| CVE-2018-10768 | There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubun... | E S | |
| CVE-2018-10769 | The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT),... | E | |
| CVE-2018-10770 | download.rsp on ShenZhen Anni "5 in 1 XVR" devices allows remote attackers to download the configura... | E | |
| CVE-2018-10771 | Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows rem... | E | |
| CVE-2018-10772 | The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a ... | E | |
| CVE-2018-10773 | NULL pointer deference in the addsn function in serialno.c in libbibcore.a in bibutils through 6.2 a... | | |
| CVE-2018-10774 | Read access violation in the isiin_keyword function in isiin.c in libbibutils.a in bibutils through ... | | |
| CVE-2018-10775 | NULL pointer dereference in the _fields_add function in fields.c in libbibcore.a in bibutils through... | E | |
| CVE-2018-10776 | The getbits function in mpglibDBL/common.c in mp3gain through 1.5.2-r2 allows remote attackers to ca... | | |
| CVE-2018-10777 | Buffer overflow in the WriteMP3GainAPETag function in apetag.c in mp3gain through 1.5.2-r2 allows re... | | |
| CVE-2018-10778 | Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through... | | |
| CVE-2018-10779 | TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated... | E | |
| CVE-2018-10780 | Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based buffer over-read.... | E | |
| CVE-2018-10790 | The AP4_CttsAtom class in Core/Ap4CttsAtom.cpp in Bento4 1.5.1.0 allows remote attackers to cause a ... | E | |
| CVE-2018-10795 | Liferay 6.2.x and before has an FCKeditor configuration that allows an attacker to upload or transfe... | E | |
| CVE-2018-10796 | In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allows local users to cause a deni... | E | |
| CVE-2018-10798 | A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). The vulnerability is ca... | E | |
| CVE-2018-10799 | A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). This vulnerability is c... | E | |
| CVE-2018-10801 | TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff.... | E | |
| CVE-2018-10803 | Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine N... | | |
| CVE-2018-10804 | ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c.... | | |
| CVE-2018-10805 | ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.... | S | |
| CVE-2018-10806 | An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross Site Scripting Vulnerability v... | E | |
| CVE-2018-10809 | In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allows local users to cause a deni... | E | |
| CVE-2018-10810 | chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior is affected by Cross-Site Scripting v... | | |
| CVE-2018-10811 | strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Va... | S | |
| CVE-2018-10812 | The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital currency... | | |
| CVE-2018-10813 | In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded v... | E | |
| CVE-2018-10814 | Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials.... | E | |
| CVE-2018-10815 | An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5... | | |
| CVE-2018-10817 | Severalnines ClusterControl before 1.6.0-4699 allows XSS.... | | |
| CVE-2018-10821 | Cross-site scripting (XSS) vulnerability in backend/pages/modify.php in BlackCatCMS 1.3 allows remot... | E S | |
| CVE-2018-10822 | Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L thro... | E | |
| CVE-2018-10823 | An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, ... | E | |
| CVE-2018-10824 | An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02... | E | |
| CVE-2018-10825 | Mimo Baby 2 devices do not use authentication or encryption for the Bluetooth Low Energy (BLE) commu... | | |
| CVE-2018-10827 | LiteCart before 2.1.2 allows remote attackers to cause a denial of service (memory consumption) via ... | S | |
| CVE-2018-10828 | An issue was discovered in Alps Pointing-device Driver 10.1.101.207. ApMsgFwd.exe allows the current... | E | |
| CVE-2018-10830 | In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to ca... | E | |
| CVE-2018-10831 | Z-NOMP before 2018-04-05 has an incorrect Equihash solution verifier that allows attackers to spoof ... | E | |
| CVE-2018-10832 | ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Projects are saved as .xmpp fil... | E | |
| CVE-2018-10839 | Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overf... | E S | |
| CVE-2018-10840 | Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_ent... | E S | |
| CVE-2018-10841 | glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster cl... | S | |
| CVE-2018-10842 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-10912. Reason: This candidat... | R | |
| CVE-2018-10843 | source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, a... | | |
| CVE-2018-10844 | It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style... | S | |
| CVE-2018-10845 | It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style... | S | |
| CVE-2018-10846 | A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM at... | S | |
| CVE-2018-10847 | prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not ve... | | |
| CVE-2018-10848 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-12532. Reason: This candida... | R | |
| CVE-2018-10849 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-12533. Reason: This candida... | R | |
| CVE-2018-10850 | 389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-ba... | S | |
| CVE-2018-10851 | PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2... | | |
| CVE-2018-10852 | The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wi... | | |
| CVE-2018-10853 | A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sg... | S | |
| CVE-2018-10854 | cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A fl... | | |
| CVE-2018-10855 | Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tas... | | |
| CVE-2018-10856 | It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a ... | S | |
| CVE-2018-10857 | git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the cont... | | |
| CVE-2018-10858 | A heap-buffer overflow was found in the way samba clients processed extra long filename in a directo... | | |
| CVE-2018-10859 | git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a s... | | |
| CVE-2018-10860 | perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archi... | S | |
| CVE-2018-10861 | A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read ... | S | |
| CVE-2018-10862 | WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, all... | | |
| CVE-2018-10863 | It was discovered that redhat-certification 7 is not properly configured and it lists all files and ... | | |
| CVE-2018-10864 | An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way doc... | | |
| CVE-2018-10865 | It was discovered that the /configuration view of redhat-certification 7 does not perform an authori... | | |
| CVE-2018-10866 | It was discovered that the /configuration view of redhat-certification 7 does not perform an authori... | | |
| CVE-2018-10867 | Files are accessible without restrictions from the /update/results page of redhat-certification 7 pa... | | |
| CVE-2018-10868 | redhat-certification 7 does not properly restrict the number of recursive definitions of entities in... | | |
| CVE-2018-10869 | redhat-certification does not properly restrict files that can be download through the /download pag... | M | |
| CVE-2018-10870 | redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote ... | M | |
| CVE-2018-10871 | 389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Info... | M | |
| CVE-2018-10872 | A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch opera... | S | |
| CVE-2018-10873 | A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for dema... | S | |
| CVE-2018-10874 | In ansible it was found that inventory variables are loaded from current working directory when runn... | | |
| CVE-2018-10875 | A flaw was found in ansible. ansible.cfg is read from the current working directory which can be alt... | | |
| CVE-2018-10876 | A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_e... | E S | |
| CVE-2018-10877 | Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() fun... | S | |
| CVE-2018-10878 | A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds writ... | E S | |
| CVE-2018-10879 | A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in e... | E S | |
| CVE-2018-10880 | Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting ... | E S | |
| CVE-2018-10881 | A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound acces... | E S | |
| CVE-2018-10882 | A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write... | E S | |
| CVE-2018-10883 | A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds writ... | S | |
| CVE-2018-10884 | Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in ... | | |
| CVE-2018-10885 | In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshi... | M | |
| CVE-2018-10886 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: this candidate is not... | R | |
| CVE-2018-10887 | A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign ex... | S | |
| CVE-2018-10888 | A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in de... | S | |
| CVE-2018-10889 | A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7. No option existed to omit logs from ... | S | |
| CVE-2018-10890 | A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. It was possible for the core... | S | |
| CVE-2018-10891 | A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is... | S | |
| CVE-2018-10892 | The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not b... | | |
| CVE-2018-10893 | Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of L... | S | |
| CVE-2018-10894 | It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired cert... | S | |
| CVE-2018-10895 | qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows webs... | S | |
| CVE-2018-10896 | The default cloud-init configuration, in cloud-init 0.6.2 and newer, included "ssh_deletekeys: 0", d... | S | |
| CVE-2018-10897 | A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sani... | S | |
| CVE-2018-10898 | A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed... | | |
| CVE-2018-10899 | A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a... | | |
| CVE-2018-10900 | Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privil... | E S | |
| CVE-2018-10901 | A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the G... | S | |
| CVE-2018-10902 | It was found that the raw midi kernel driver does not protect against concurrent access which leads ... | S | |
| CVE-2018-10903 | A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API... | S | |
| CVE-2018-10904 | It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-du... | S | |
| CVE-2018-10905 | CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby compo... | M | |
| CVE-2018-10906 | In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass... | E S | |
| CVE-2018-10907 | It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to fun... | S | |
| CVE-2018-10908 | It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting ... | S | |
| CVE-2018-10909 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-10910 | A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agen... | E S | |
| CVE-2018-10911 | A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key lengt... | S | |
| CVE-2018-10912 | keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycl... | | |
| CVE-2018-10913 | An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue ... | S | |
| CVE-2018-10914 | It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick ... | M | |
| CVE-2018-10915 | A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to prop... | S | |
| CVE-2018-10916 | It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote... | E S | |
| CVE-2018-10917 | pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a mali... | | |
| CVE-2018-10918 | A null pointer dereference flaw was found in the way samba checked database outputs from the LDB dat... | S | |
| CVE-2018-10919 | The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of m... | S | |
| CVE-2018-10920 | Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote ... | | |
| CVE-2018-10921 | Certain input files may trigger an integer overflow in ttembed input file processing. This overflow ... | E | |
| CVE-2018-10922 | An input validation flaw exists in ttembed. With a crafted input file, an attacker may be able to tr... | E | |
| CVE-2018-10923 | It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a g... | M | |
| CVE-2018-10924 | It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated ... | S | |
| CVE-2018-10925 | It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to... | S | |
| CVE-2018-10926 | A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated... | | |
| CVE-2018-10927 | A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker... | S | |
| CVE-2018-10928 | A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink dest... | S | |
| CVE-2018-10929 | A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker... | S | |
| CVE-2018-10930 | A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker... | S | |
| CVE-2018-10931 | It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XML... | M | |
| CVE-2018-10932 | lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAdd... | | |
| CVE-2018-10933 | A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A m... | E S | |
| CVE-2018-10934 | A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before... | | |
| CVE-2018-10935 | A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server u... | | |
| CVE-2018-10936 | A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Fac... | M | |
| CVE-2018-10937 | A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform ... | E | |
| CVE-2018-10938 | A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network... | | |
| CVE-2018-10939 | Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.... | S | |
| CVE-2018-10940 | The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 al... | S | |
| CVE-2018-10942 | modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.... | E | |
| CVE-2018-10943 | An issue was discovered on Barco ClickShare CSE-200 and CS-100 Base Units with firmware before 1.6.0... | S | |
| CVE-2018-10944 | The request_dividend function of a smart contract implementation for ROC (aka Rasputin Online Coin),... | | |
| CVE-2018-10945 | The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial ... | E | |
| CVE-2018-10946 | An issue was discovered in versions earlier than 1.3.0-66872 for Polycom RealPresence Debut that all... | | |
| CVE-2018-10947 | An issue was discovered in versions earlier than 1.3.2 for Polycom RealPresence Debut where the admi... | | |
| CVE-2018-10948 | Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 beta 2 has Persistent XSS via mai... | | |
| CVE-2018-10949 | mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Ac... | | |
| CVE-2018-10950 | mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.... | | |
| CVE-2018-10951 | mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.... | | |
| CVE-2018-10952 | In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to ca... | E | |
| CVE-2018-10953 | In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to ca... | E | |
| CVE-2018-10954 | In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to ca... | E | |
| CVE-2018-10955 | In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to ca... | E | |
| CVE-2018-10956 | IPConfigure Orchid Core VMS 2.0.5 allows Directory Traversal.... | E | |
| CVE-2018-10957 | CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hed... | E | |
| CVE-2018-10958 | In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory all... | E | |
| CVE-2018-10959 | Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerabil... | | |
| CVE-2018-10962 | An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, an... | E | |
| CVE-2018-10963 | The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attack... | E | |
| CVE-2018-10966 | An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initia... | E S | |
| CVE-2018-10967 | On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request ... | | |
| CVE-2018-10968 | On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET a... | | |
| CVE-2018-10969 | SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote att... | E | |
| CVE-2018-10971 | An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The Plane function in image/image.... | | |
| CVE-2018-10972 | An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The TransformPaletteC::process fun... | | |
| CVE-2018-10973 | An integer overflow in the transferMulti function of a smart contract implementation for KoreaShow, ... | E | |
| CVE-2018-10974 | In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to ca... | E | |
| CVE-2018-10975 | In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to ca... | E | |
| CVE-2018-10976 | In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to ca... | E | |
| CVE-2018-10977 | In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to ca... | E | |
| CVE-2018-10981 | An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of s... | S | |
| CVE-2018-10982 | An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of s... | S | |
| CVE-2018-10986 | OX Guard 2.8.0 has CSRF.... | | |
| CVE-2018-10987 | An issue was discovered on Dongguan Diqee Diqee360 devices. The affected vacuum cleaner suffers from... | | |
| CVE-2018-10988 | An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the fi... | | |
| CVE-2018-10989 | Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a def... | | |
| CVE-2018-10990 | On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediatel... | | |
| CVE-2018-10991 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-10990. Reason: This candid... | R | |
| CVE-2018-10992 | lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program sp... | | |
| CVE-2018-10994 | js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a ... | E S | |
| CVE-2018-10995 | SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields... | | |
| CVE-2018-10996 | The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute... | E | |
| CVE-2018-10997 | Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL injection in the POST parameters tx... | E | |
| CVE-2018-10998 | An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause... | E | |
| CVE-2018-10999 | An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a h... | E |