| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2018-1000001 | In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be use... | E | |
| CVE-2018-1000002 | Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2... | | |
| CVE-2018-1000003 | Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attac... | | |
| CVE-2018-1000004 | In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exi... | E S | |
| CVE-2018-1000005 | libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers.... | S | |
| CVE-2018-1000006 | GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vuln... | E S | |
| CVE-2018-1000007 | libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked ... | S | |
| CVE-2018-1000008 | Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of th... | | |
| CVE-2018-1000009 | Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as par... | | |
| CVE-2018-1000010 | Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of th... | | |
| CVE-2018-1000011 | Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part ... | | |
| CVE-2018-1000012 | Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part ... | | |
| CVE-2018-1000013 | Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, re... | | |
| CVE-2018-1000014 | Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submit... | | |
| CVE-2018-1000015 | On Jenkins instances with Authorize Project plugin, the authentication associated with a build may l... | | |
| CVE-2018-1000016 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-17383. Reason: This candid... | R | |
| CVE-2018-1000017 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-1142857. Reason: This candi... | R | |
| CVE-2018-1000018 | An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's passwo... | E | |
| CVE-2018-1000019 | OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in fax_dispatch.php that can res... | E S | |
| CVE-2018-1000020 | OpenEMR version 5.0.0 contains a Cross Site Scripting (XSS) vulnerability in open-flash-chart.swf an... | E S | |
| CVE-2018-1000021 | GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can re... | | |
| CVE-2018-1000022 | Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing... | | |
| CVE-2018-1000023 | Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnera... | E | |
| CVE-2018-1000024 | The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains... | S | |
| CVE-2018-1000025 | Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Cont... | | |
| CVE-2018-1000026 | Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input... | | |
| CVE-2018-1000027 | The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NU... | S | |
| CVE-2018-1000028 | Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a In... | S | |
| CVE-2018-1000029 | mcholste Enterprise Log Search and Archive (ELSA) version revision 1205, commit 2cc17f1 and earlier ... | | |
| CVE-2018-1000030 | Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versi... | S | |
| CVE-2018-1000031 | A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to per... | | |
| CVE-2018-1000032 | A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to per... | | |
| CVE-2018-1000033 | An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a ... | | |
| CVE-2018-1000034 | An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a ... | | |
| CVE-2018-1000035 | A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-... | | |
| CVE-2018-1000036 | In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to ca... | E | |
| CVE-2018-1000037 | In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attack... | E S | |
| CVE-2018-1000038 | In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf... | E S | |
| CVE-2018-1000039 | In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow... | E S | |
| CVE-2018-1000040 | In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser coul... | E S | |
| CVE-2018-1000041 | GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper inp... | | |
| CVE-2018-1000042 | Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralizati... | S | |
| CVE-2018-1000043 | Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralizati... | S | |
| CVE-2018-1000044 | Security Onion Solutions Squert version 1.1.1 through 1.6.7 contains a SQL Injection vulnerability i... | S | |
| CVE-2018-1000045 | NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA Singledop library (Weather data... | S | |
| CVE-2018-1000046 | NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in Radar data parsing library that... | S | |
| CVE-2018-1000047 | NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library's data processing functi... | | |
| CVE-2018-1000048 | NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerability in Data retrieval functional... | | |
| CVE-2018-1000049 | Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability ... | E | |
| CVE-2018-1000050 | Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vor... | S | |
| CVE-2018-1000051 | Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that ca... | E S | |
| CVE-2018-1000052 | fmtlib version prior to version 4.1.0 (before commit 0555cea5fc0bf890afe0071a558e44625a34ba85) conta... | E S | |
| CVE-2018-1000053 | LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in T... | S | |
| CVE-2018-1000054 | Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the... | | |
| CVE-2018-1000055 | Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as pa... | | |
| CVE-2018-1000056 | Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of ... | | |
| CVE-2018-1000057 | Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes i... | | |
| CVE-2018-1000058 | Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to in... | | |
| CVE-2018-1000059 | ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unseriali... | | |
| CVE-2018-1000060 | Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b... | S | |
| CVE-2018-1000061 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-1000062 | WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File Upload through SVG vulnerabil... | S | |
| CVE-2018-1000063 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-5379. Reason: This candidate... | R | |
| CVE-2018-1000064 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-5378. Reason: This candidate... | R | |
| CVE-2018-1000065 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-5381. Reason: This candidate... | R | |
| CVE-2018-1000066 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-5380. Reason: This candidate... | R | |
| CVE-2018-1000067 | An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3... | S | |
| CVE-2018-1000068 | An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.8... | S | |
| CVE-2018-1000069 | FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML Parser... | E | |
| CVE-2018-1000070 | Bitmessage PyBitmessage version v0.6.2 (and introduced in or after commit 8ce72d8d2d25973b7064b1cf76... | S | |
| CVE-2018-1000071 | roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin ... | E | |
| CVE-2018-1000072 | iRedMail version prior to commit f04b8ef contains a Insecure Permissions vulnerability in Roundcube ... | E M | |
| CVE-2018-1000073 | RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 se... | S | |
| CVE-2018-1000074 | RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 se... | S | |
| CVE-2018-1000075 | RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 se... | S | |
| CVE-2018-1000076 | RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 se... | S | |
| CVE-2018-1000077 | RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 se... | S | |
| CVE-2018-1000078 | RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 se... | S | |
| CVE-2018-1000079 | RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 se... | S | |
| CVE-2018-1000080 | Ajenti version version 2 contains a Insecure Permissions vulnerability in Plugins download that can ... | E | |
| CVE-2018-1000081 | Ajenti version version 2 contains a Input Validation vulnerability in ID string on Get-values POST r... | E | |
| CVE-2018-1000082 | Ajenti version version 2 contains a Cross ite Request Forgery (CSRF) vulnerability in the command ex... | E | |
| CVE-2018-1000083 | Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that... | E | |
| CVE-2018-1000084 | WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site Scripting vulnerability in Layo... | E | |
| CVE-2018-1000085 | ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser,... | S | |
| CVE-2018-1000086 | NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery (CSR... | | |
| CVE-2018-1000087 | WolfCMS version version 0.8.3.1 contains a Reflected Cross Site Scripting vulnerability in "Create N... | E | |
| CVE-2018-1000088 | Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting (XSS) vulnerability in web vi... | | |
| CVE-2018-1000089 | Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in ... | S | |
| CVE-2018-1000090 | textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that ... | E | |
| CVE-2018-1000091 | KadNode version version 2.2.0 contains a Buffer Overflow vulnerability in Arguments when starting up... | E | |
| CVE-2018-1000092 | CMS Made Simple version versions 2.2.5 contains a Cross ite Request Forgery (CSRF) vulnerability in ... | E | |
| CVE-2018-1000093 | CryptoNote version version 0.8.9 and possibly later contain a local RPC server which does not requir... | E | |
| CVE-2018-1000094 | CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that ca... | E | |
| CVE-2018-1000095 | oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/descrip... | S | |
| CVE-2018-1000096 | brianleroux tiny-json-http version all versions since commit 9b8e74a232bba4701844e07bcba794173b0238a... | | |
| CVE-2018-1000097 | Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affe... | | |
| CVE-2018-1000098 | Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsi... | | |
| CVE-2018-1000099 | Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability ... | S | |
| CVE-2018-1000100 | GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulnerability in src/isomedia/avc_e... | | |
| CVE-2018-1000101 | Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination (C... | S | |
| CVE-2018-1000102 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-1000067. Reason: This candid... | R | |
| CVE-2018-1000103 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-1000068. Reason: This candid... | R | |
| CVE-2018-1000104 | A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier... | | |
| CVE-2018-1000105 | An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier i... | | |
| CVE-2018-1000106 | An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier i... | | |
| CVE-2018-1000107 | An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and e... | | |
| CVE-2018-1000108 | A cross-site scripting vulnerability exists in Jenkins CppNCSS Plugin 1.1 and earlier in AbstractPro... | | |
| CVE-2018-1000109 | An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin versi... | | |
| CVE-2018-1000110 | An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in Gi... | | |
| CVE-2018-1000111 | An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earli... | | |
| CVE-2018-1000112 | An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier i... | | |
| CVE-2018-1000113 | A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkB... | | |
| CVE-2018-1000114 | An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier ... | | |
| CVE-2018-1000115 | Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplific... | E S | |
| CVE-2018-1000116 | NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can... | E | |
| CVE-2018-1000117 | Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflo... | S | |
| CVE-2018-1000118 | Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability... | S | |
| CVE-2018-1000119 | Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerabil... | S | |
| CVE-2018-1000120 | A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that al... | S | |
| CVE-2018-1000121 | A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that ... | S | |
| CVE-2018-1000122 | A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code ... | S | |
| CVE-2018-1000123 | Ionic Team Cordova plugin iOS Keychain version before commit 18233ca25dfa92cca018b9c0935f43f78fd77fb... | S | |
| CVE-2018-1000124 | I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability i... | E | |
| CVE-2018-1000125 | inversoft prime-jwt version prior to version 1.3.0 or prior to commit 0d94dcef0133d699f21d217e922564... | | |
| CVE-2018-1000126 | Ajenti version 2 contains an Information Disclosure vulnerability in Line 176 of the code source tha... | E | |
| CVE-2018-1000127 | memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() ... | S | |
| CVE-2018-1000128 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7752. Reason: This candida... | R | |
| CVE-2018-1000129 | An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an at... | S | |
| CVE-2018-1000130 | A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a... | | |
| CVE-2018-1000131 | Pradeep Makone wordpress Support Plus Responsive Ticket System version 9.0.2 and earlier contains a ... | E | |
| CVE-2018-1000132 | Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Pro... | | |
| CVE-2018-1000133 | Pitchfork version 1.4.6 RC1 contains an Improper Privilege Management vulnerability in Trident Pitch... | S | |
| CVE-2018-1000134 | UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904... | | |
| CVE-2018-1000135 | GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerabil... | | |
| CVE-2018-1000136 | Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper... | E S | |
| CVE-2018-1000137 | I, Librarian version 4.8 and earlier contains a Cross site Request Forgery (CSRF) vulnerability in u... | E | |
| CVE-2018-1000138 | I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb ... | E | |
| CVE-2018-1000139 | I, Librarian version 4.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in "id" par... | E | |
| CVE-2018-1000140 | rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking ... | E S | |
| CVE-2018-1000141 | I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscu... | | |
| CVE-2018-1000142 | An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plu... | | |
| CVE-2018-1000143 | An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plu... | | |
| CVE-2018-1000144 | A cross site scripting vulnerability exists in Jenkins Cucumber Living Documentation Plugin 1.0.12 a... | | |
| CVE-2018-1000145 | An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 ... | | |
| CVE-2018-1000146 | An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older ... | | |
| CVE-2018-1000147 | An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 ... | | |
| CVE-2018-1000148 | An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.... | | |
| CVE-2018-1000149 | A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleI... | | |
| CVE-2018-1000150 | An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 a... | | |
| CVE-2018-1000151 | A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java th... | | |
| CVE-2018-1000152 | An improper authorization vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.jav... | | |
| CVE-2018-1000153 | A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.... | | |
| CVE-2018-1000154 | Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper Neutralization of Script-Related HT... | | |
| CVE-2018-1000155 | OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability i... | | |
| CVE-2018-1000156 | GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, spec... | | |
| CVE-2018-1000157 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-9092. Reason: This candida... | R | |
| CVE-2018-1000158 | cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulnerability in the function of sen... | E | |
| CVE-2018-1000159 | tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd082e6ccff5491e241305233 contains... | | |
| CVE-2018-1000160 | RisingStack protect version 1.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in... | E S | |
| CVE-2018-1000161 | nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Tra... | | |
| CVE-2018-1000162 | Parsedown version prior to 1.7.0 contains a Cross Site Scripting (XSS) vulnerability in `setMarkupEs... | | |
| CVE-2018-1000163 | Floodlight version 1.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in the web co... | E | |
| CVE-2018-1000164 | gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Header... | E | |
| CVE-2018-1000165 | LightSAML version prior to 1.3.5 contains a Incorrect Access Control vulnerability in signature vali... | S | |
| CVE-2018-1000166 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-3848 and CVE-2018-3849. Rea... | R | |
| CVE-2018-1000167 | OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insec... | E | |
| CVE-2018-1000168 | nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulner... | | |
| CVE-2018-1000169 | An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 an... | | |
| CVE-2018-1000170 | A cross-site scripting vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in co... | | |
| CVE-2018-1000171 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-9092. Reason: This candida... | R | |
| CVE-2018-1000172 | Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting (XSS) vulnerabili... | | |
| CVE-2018-1000173 | A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth... | | |
| CVE-2018-1000174 | An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2Se... | | |
| CVE-2018-1000175 | A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublish... | | |
| CVE-2018-1000176 | An exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2.61 and... | | |
| CVE-2018-1000177 | A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resou... | | |
| CVE-2018-1000178 | A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStream... | E S | |
| CVE-2018-1000179 | A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreA... | E | |
| CVE-2018-1000180 | Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level in... | S | |
| CVE-2018-1000181 | Kitura 2.3.0 and earlier have an unintended read access to unauthorised files and folders that can b... | | |
| CVE-2018-1000182 | A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in Assembla... | | |
| CVE-2018-1000183 | A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older i... | | |
| CVE-2018-1000184 | A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitH... | | |
| CVE-2018-1000185 | A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and ... | | |
| CVE-2018-1000186 | A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plug... | | |
| CVE-2018-1000187 | A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and olde... | | |
| CVE-2018-1000188 | A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecur... | | |
| CVE-2018-1000189 | A command execution vulnerability exists in Jenkins Absint Astree Plugin 1.0.5 and older in AstreeBu... | | |
| CVE-2018-1000190 | A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and ... | | |
| CVE-2018-1000191 | A exposure of sensitive information vulnerability exists in Jenkins Black Duck Detect Plugin 1.4.0 a... | | |
| CVE-2018-1000192 | A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in Abo... | S | |
| CVE-2018-1000193 | A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS ... | S | |
| CVE-2018-1000194 | A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.... | S | |
| CVE-2018-1000195 | A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older... | S | |
| CVE-2018-1000196 | A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and old... | | |
| CVE-2018-1000197 | An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in P... | | |
| CVE-2018-1000198 | A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and old... | | |
| CVE-2018-1000199 | The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoin... | S | |
| CVE-2018-1000200 | The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an... | S | |
| CVE-2018-1000201 | ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, whe... | S | |
| CVE-2018-1000202 | A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and o... | | |
| CVE-2018-1000203 | Soar Labs Soar Coin version up to and including git commit 4a2aa71ee21014e2880a3f7aad11091ed6ad434f ... | | |
| CVE-2018-1000204 | Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_directio... | S | |
| CVE-2018-1000205 | U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validat... | S | |
| CVE-2018-1000206 | JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI... | E S | |
| CVE-2018-1000207 | MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user ... | E S | |
| CVE-2018-1000208 | MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/mod... | E | |
| CVE-2018-1000209 | Sensu, Inc. Sensu Core version Before version 1.4.2-3 contains a Insecure Permissions vulnerability ... | | |
| CVE-2018-1000210 | YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in Th... | | |
| CVE-2018-1000211 | Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revoca... | | |
| CVE-2018-1000212 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-1999022. Reason: This cand... | R | |
| CVE-2018-1000213 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-1999023. Reason: This cand... | R | |
| CVE-2018-1000214 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-1999024. Reason: This cand... | R | |
| CVE-2018-1000215 | Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that c... | | |
| CVE-2018-1000216 | Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON l... | E | |
| CVE-2018-1000217 | Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSO... | E | |
| CVE-2018-1000218 | OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'file' parameter... | E | |
| CVE-2018-1000219 | OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'scan' parameter... | E | |
| CVE-2018-1000220 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5462. Reason: This candida... | R | |
| CVE-2018-1000221 | pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow vulnerability in dequote() that can result... | | |
| CVE-2018-1000222 | Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function tha... | M | |
| CVE-2018-1000223 | soundtouch version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretc... | E | |
| CVE-2018-1000224 | Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed... | E S | |
| CVE-2018-1000225 | Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at lea... | | |
| CVE-2018-1000226 | Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at lea... | | |
| CVE-2018-1000300 | curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow... | S | |
| CVE-2018-1000301 | curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerabi... | S | |
| CVE-2018-1000400 | Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnera... | S | |
| CVE-2018-1000401 | Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earlier contains a Insufficiently P... | | |
| CVE-2018-1000402 | Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a File and Directory... | | |
| CVE-2018-1000403 | Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a Insufficiently Pro... | | |
| CVE-2018-1000404 | Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier contains a Insufficiently Prot... | | |
| CVE-2018-1000406 | A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/... | | |
| CVE-2018-1000407 | A cross-site scripting vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in... | | |
| CVE-2018-1000408 | A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in co... | | |
| CVE-2018-1000409 | A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in cor... | | |
| CVE-2018-1000410 | An information exposure vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier, ... | | |
| CVE-2018-1000411 | A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestOb... | | |
| CVE-2018-1000412 | An improper authorization vulnerability exists in Jenkins Jira Plugin 3.0.1 and earlier in JiraSite.... | | |
| CVE-2018-1000413 | A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier i... | | |
| CVE-2018-1000414 | A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and ear... | | |
| CVE-2018-1000415 | A cross-site scripting vulnerability exists in Jenkins Rebuilder Plugin 1.28 and earlier in RebuildA... | | |
| CVE-2018-1000416 | A reflected cross-site scripting vulnerability exists in Jenkins Job Config History Plugin 2.18 and ... | | |
| CVE-2018-1000417 | A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and... | | |
| CVE-2018-1000418 | An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipCha... | | |
| CVE-2018-1000419 | An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipCha... | | |
| CVE-2018-1000420 | An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCl... | | |
| CVE-2018-1000421 | An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCl... | | |
| CVE-2018-1000422 | An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earli... | | |
| CVE-2018-1000423 | An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2... | | |
| CVE-2018-1000424 | An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 an... | | |
| CVE-2018-1000425 | An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8... | | |
| CVE-2018-1000426 | A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitCh... | | |
| CVE-2018-1000500 | Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet tha... | S | |
| CVE-2018-1000501 | Instant Update CMS contains a Password Reset Vulnerability vulnerability in /iu-application/controll... | S | |
| CVE-2018-1000502 | MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Tas... | | |
| CVE-2018-1000503 | MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result ... | | |
| CVE-2018-1000504 | Redirection version 2.7.3 contains a ACE via file inclusion vulnerability in Pass-through mode that ... | E | |
| CVE-2018-1000505 | Tooltipy (tooltips for WP) version 5 contains a Cross ite Request Forgery (CSRF) vulnerability in Se... | E | |
| CVE-2018-1000506 | Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery (CSRF) vulnerability in Sett... | E | |
| CVE-2018-1000507 | WP User Groups version 2.0.0 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings p... | E | |
| CVE-2018-1000508 | WP ULike version 2.8.1, 3.1 contains a Cross Site Scripting (XSS) vulnerability in Settings screen t... | E | |
| CVE-2018-1000509 | Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE vulnerability... | E | |
| CVE-2018-1000510 | WP Image Zoom version 1.23 contains a Incorrect Access Control vulnerability in AJAX settings that c... | E | |
| CVE-2018-1000511 | WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulnerability in AJAX that can resul... | E | |
| CVE-2018-1000512 | Tooltipy Tooltipy (tooltips for WP) version 5 contains a Cross Site Scripting (XSS) vulnerability in... | E | |
| CVE-2018-1000513 | LimeSurvey version 3.0.0-beta.3+17110 contains a Cross Site Scripting (XSS) vulnerability in Boxes t... | E S | |
| CVE-2018-1000514 | LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in B... | E S | |
| CVE-2018-1000515 | ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity (XXE) vulnerabil... | E | |
| CVE-2018-1000516 | The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During ... | | |
| CVE-2018-1000517 | BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contai... | S | |
| CVE-2018-1000518 | aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data... | E S | |
| CVE-2018-1000519 | aio-libs aiohttp-session contains a Session Fixation vulnerability in load_session function for Redi... | E | |
| CVE-2018-1000520 | ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates ... | | |
| CVE-2018-1000521 | BigTree-CMS contains a Cross Site Scripting (XSS) vulnerability in /users/create that can result in ... | E | |
| CVE-2018-1000522 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-10364. Reason: This candid... | R | |
| CVE-2018-1000523 | topydo contains a CWE-20: Improper Input Validation vulnerability in ListFormatParser::parse, file t... | | |
| CVE-2018-1000524 | miniSphere version 5.2.9 and earlier contains a Integer Overflow vulnerability in layer_resize() fun... | E S | |
| CVE-2018-1000525 | openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables t... | E | |
| CVE-2018-1000526 | Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote ... | E | |
| CVE-2018-1000527 | Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that c... | | |
| CVE-2018-1000528 | GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Sc... | S | |
| CVE-2018-1000529 | Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in Using the ... | E | |
| CVE-2018-1000530 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-11522. Reason: This candid... | R | |
| CVE-2018-1000531 | inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-... | | |
| CVE-2018-1000532 | beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device o... | | |
| CVE-2018-1000533 | klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system functi... | E S | |
| CVE-2018-1000534 | Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegr... | E S | |
| CVE-2018-1000535 | lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionali... | E | |
| CVE-2018-1000536 | Medis version 0.6.1 and earlier contains a XSS vulnerability evolving into code execution due to ena... | E | |
| CVE-2018-1000537 | Marlin Firmware Marlin version 1.1.x and earlier contains a Buffer Overflow vulnerability in cardrea... | | |
| CVE-2018-1000538 | Minio Inc. Minio S3 server version prior to RELEASE.2018-05-16T23-35-33Z contains a Allocation of Me... | S | |
| CVE-2018-1000539 | Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic ... | | |
| CVE-2018-1000540 | LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE... | E | |
| CVE-2018-1000541 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-10362. Reason: This candid... | R | |
| CVE-2018-1000542 | netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file ... | E | |
| CVE-2018-1000543 | Akiee version 0.0.3 contains a XSS leading to code execution due to the use of node integration vuln... | E | |
| CVE-2018-1000544 | rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::F... | E | |
| CVE-2018-1000545 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-11416. Reason: This candid... | R | |
| CVE-2018-1000546 | Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing gam... | E | |
| CVE-2018-1000547 | coreBOS version 7.0 and earlier contains a Incorrect Access Control vulnerability in Module: Contact... | | |
| CVE-2018-1000548 | Umlet version < 14.3 contains a XML External Entity (XXE) vulnerability in File parsing that can res... | E | |
| CVE-2018-1000549 | Wekan version 1.04.0 contains a Email / Username Enumeration vulnerability in Register' and 'Forgot ... | | |
| CVE-2018-1000550 | The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerabili... | S | |
| CVE-2018-1000551 | Trovebox version <= 4.0.0-rc6 contains a PHP Type juggling vulnerability in album view component tha... | E | |
| CVE-2018-1000552 | Trovebox version <= 4.0.0-rc6 contains a SQL Injection vulnerability in album component that can res... | E | |
| CVE-2018-1000553 | Trovebox version <= 4.0.0-rc6 contains a Server-Side request forgery vulnerability in webhook compon... | E | |
| CVE-2018-1000554 | Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in use... | E | |
| CVE-2018-1000555 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-10188. Reason: This candid... | R | |
| CVE-2018-1000556 | WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core w... | E | |
| CVE-2018-1000557 | OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerab... | E | |
| CVE-2018-1000558 | OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection ... | E | |
| CVE-2018-1000559 | qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cros... | E S | |
| CVE-2018-1000600 | A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier... | | |
| CVE-2018-1000601 | A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in Bas... | | |
| CVE-2018-1000602 | A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityReal... | | |
| CVE-2018-1000603 | A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and ... | | |
| CVE-2018-1000604 | A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in Bad... | | |
| CVE-2018-1000605 | A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetA... | | |
| CVE-2018-1000606 | A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in ... | | |
| CVE-2018-1000607 | A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in... | | |
| CVE-2018-1000608 | A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 an... | | |
| CVE-2018-1000609 | A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7... | | |
| CVE-2018-1000610 | A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7... | | |
| CVE-2018-1000611 | SURFnet OpenConext EngineBlock version 5.7.0 to 5.7.3 contains a Cross Site Scripting (XSS) vulnerab... | S | |
| CVE-2018-1000612 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-12230. Reason: This candid... | R | |
| CVE-2018-1000613 | Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not in... | S | |
| CVE-2018-1000614 | ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability i... | E S | |
| CVE-2018-1000615 | ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnera... | E S | |
| CVE-2018-1000616 | ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability i... | E | |
| CVE-2018-1000617 | Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Den... | E | |
| CVE-2018-1000618 | EOSIO/eos eos version after commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168 contains a stack overflo... | | |
| CVE-2018-1000619 | Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, b... | | |
| CVE-2018-1000620 | Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability i... | S | |
| CVE-2018-1000621 | Mycroft AI mycroft-core version 18.2.8b and earlier contains a Incorrect Access Control vulnerabilit... | E | |
| CVE-2018-1000622 | The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolle... | | |
| CVE-2018-1000623 | JFrog JFrog Artifactory version Prior to version 6.0.3, since version 4.0.0 contains a Directory Tra... | | |
| CVE-2018-1000624 | Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by the failure to restrict acces... | | |
| CVE-2018-1000625 | Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An attacker c... | | |
| CVE-2018-1000626 | Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the ... | | |
| CVE-2018-1000627 | Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the ... | | |
| CVE-2018-1000628 | Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the ... | | |
| CVE-2018-1000629 | Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-... | | |
| CVE-2018-1000630 | Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. A remote authenticated attacker could send sp... | | |
| CVE-2018-1000631 | Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted ... | | |
| CVE-2018-1000632 | dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Elemen... | E S | |
| CVE-2018-1000633 | The Open Microscopy Environment OMERO.web version prior to 5.4.7 contains an Information Exposure Th... | S | |
| CVE-2018-1000634 | The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains an Improper Access Cont... | S | |
| CVE-2018-1000635 | The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains a Information Exposure ... | S | |
| CVE-2018-1000636 | JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726c8b3793. Analysing history it ... | S | |
| CVE-2018-1000637 | zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can r... | | |
| CVE-2018-1000638 | MiniCMS version 1.1 contains a Cross Site Scripting (XSS) vulnerability in http://example.org/mc-adm... | | |
| CVE-2018-1000639 | LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functional... | E S | |
| CVE-2018-1000640 | OpenCart-Overclocked version <=1.11.1 contains a Cross Site Scripting (XSS) vulnerability in User in... | | |
| CVE-2018-1000641 | YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialisi... | S | |
| CVE-2018-1000642 | FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting (XSS) vulnerability in GET varia... | | |
| CVE-2018-1000643 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-1000644 | Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4... | S | |
| CVE-2018-1000645 | LibreHealthIO lh-ehr version | E | |
| CVE-2018-1000646 | LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerabili... | E | |
| CVE-2018-1000647 | LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerabi... | E | |
| CVE-2018-1000648 | LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerabilit... | E | |
| CVE-2018-1000649 | LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.ph... | E | |
| CVE-2018-1000650 | LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup S... | E | |
| CVE-2018-1000651 | Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can resu... | S | |
| CVE-2018-1000652 | JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parse... | | |
| CVE-2018-1000653 | zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can r... | E | |
| CVE-2018-1000654 | GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CP... | E | |
| CVE-2018-1000655 | Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsi_Valu... | E | |
| CVE-2018-1000656 | The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnera... | S | |
| CVE-2018-1000657 | Rust Programming Language Rust standard library version Commit bfa0e1f58acf1c28d500c34ed258f09ae0218... | S | |
| CVE-2018-1000658 | LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that... | S | |
| CVE-2018-1000659 | LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows uplo... | S | |
| CVE-2018-1000660 | TOCK version prior to commit 42f7f36e74088036068d62253e1d8fb26605feed. For example dfde28196cd12071f... | S | |
| CVE-2018-1000661 | jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in Jsi_LogMsg (jsiUt... | | |
| CVE-2018-1000662 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-1000663 | jsish version 2.4.70 2.047 contains a Buffer Overflow vulnerability in function _jsi_evalcode from j... | S | |
| CVE-2018-1000664 | daneren2005 DSub for Subsonic (Android client) version 5.4.1 contains a CWE-295: Improper Certificat... | | |
| CVE-2018-1000665 | Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS... | S | |
| CVE-2018-1000666 | GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb ... | E | |
| CVE-2018-1000667 | NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed)... | E | |
| CVE-2018-1000668 | jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds Read vulnerability in function jsi_ObjA... | S | |
| CVE-2018-1000669 | KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a C... | E S | |
| CVE-2018-1000670 | KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a C... | E | |
| CVE-2018-1000671 | sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect... | | |
| CVE-2018-1000672 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-16391, CVE-2018-16392, CVE-... | R | |
| CVE-2018-1000673 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-1000773. Reason: This cand... | R | |
| CVE-2018-1000773 | WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail pr... | | |
| CVE-2018-1000800 | zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(... | E | |
| CVE-2018-1000801 | okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDoc... | E S | |
| CVE-2018-1000802 | Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization o... | S | |
| CVE-2018-1000803 | Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of... | S | |
| CVE-2018-1000804 | contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) datab... | E S | |
| CVE-2018-1000805 | Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Contr... | S | |
| CVE-2018-1000806 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-17074. Reason: This candid... | R | |
| CVE-2018-1000807 | Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use Aft... | S | |
| CVE-2018-1000808 | Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Rel... | S | |
| CVE-2018-1000809 | privacyIDEA version 2.23.1 and earlier contains a Improper Input Validation vulnerability in token v... | E S | |
| CVE-2018-1000810 | The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2,... | | |
| CVE-2018-1000811 | bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Con... | E | |
| CVE-2018-1000812 | Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Pa... | E S | |
| CVE-2018-1000813 | Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Sanit... | | |
| CVE-2018-1000814 | aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in Encrypt... | E S | |
| CVE-2018-1000815 | Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains a Other/Unknown vulnerability ... | S | |
| CVE-2018-1000816 | Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in... | E | |
| CVE-2018-1000817 | Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 conta... | E | |
| CVE-2018-1000818 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-19132. Reason: This candid... | R | |
| CVE-2018-1000819 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-19131. Reason: This candid... | R | |
| CVE-2018-1000820 | neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XX... | S | |
| CVE-2018-1000821 | MicroMathematics version before commit 5c05ac8 contains a XML External Entity (XXE) vulnerability in... | | |
| CVE-2018-1000822 | codelibs fess version before commit faa265b contains a XML External Entity (XXE) vulnerability in GS... | S | |
| CVE-2018-1000823 | exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) vulnerability in XML Parser for REST... | | |
| CVE-2018-1000824 | MegaMek version < v0.45.1 contains a Other/Unknown vulnerability in Object Stream Connection that ca... | | |
| CVE-2018-1000825 | FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColX... | | |
| CVE-2018-1000826 | Microweber version <= 1.0.7 contains a Cross Site Scripting (XSS) vulnerability in Admin login form ... | E | |
| CVE-2018-1000827 | Ubilling version <= 0.9.2 contains a Other/Unknown vulnerability in user-controlled parameter that c... | E | |
| CVE-2018-1000828 | FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerab... | | |
| CVE-2018-1000829 | Anyplace version before commit 80359b4 contains a XML External Entity (XXE) vulnerability in Man in ... | | |
| CVE-2018-1000830 | XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser th... | | |
| CVE-2018-1000831 | K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parse... | | |
| CVE-2018-1000832 | ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter tha... | E | |
| CVE-2018-1000833 | ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter tha... | S | |
| CVE-2018-1000834 | runelite version <= runelite-parent-1.4.23 contains a XML External Entity (XXE) vulnerability in Man... | | |
| CVE-2018-1000835 | KeePassDX version <= 2.5.0.0beta17 contains a XML External Entity (XXE) vulnerability in kdbx file p... | | |
| CVE-2018-1000836 | bw-calendar-engine version <= bw-calendar-engine-3.12.0 contains a XML External Entity (XXE) vulnera... | | |
| CVE-2018-1000837 | UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser for p... | | |
| CVE-2018-1000838 | autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML Pars... | | |
| CVE-2018-1000839 | LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload th... | E | |
| CVE-2018-1000840 | Processing Foundation Processing version 3.4 and earlier contains a XML External Entity (XXE) vulner... | E S | |
| CVE-2018-1000841 | Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.ph... | | |
| CVE-2018-1000842 | FatFreeCRM version <=0.14.1, >=0.15.0 <=0.15.1, >=0.16.0 <=0.16.3, >=0.17.0 <=0.17.2, ==0.18.0 conta... | S | |
| CVE-2018-1000843 | Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after G... | E | |
| CVE-2018-1000844 | Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contain... | | |
| CVE-2018-1000845 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultID: CVE-2017-6519. Reason: This candidat... | R | |
| CVE-2018-1000846 | FreshDNS version 1.0.3 and earlier contains a Cross ite Request Forgery (CSRF) vulnerability in All ... | S | |
| CVE-2018-1000847 | FreshDNS version 1.0.3 and prior contains a Cross Site Scripting (XSS) vulnerability in Account data... | S | |
| CVE-2018-1000848 | Wampserver version prior to version 3.1.5 contains a Cross Site Scripting (XSS) vulnerability in ind... | | |
| CVE-2018-1000849 | Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerabil... | E S | |
| CVE-2018-1000850 | Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Tra... | E S | |
| CVE-2018-1000851 | Copay Bitcoin Wallet version 5.01 to 5.1.0 included. contains a Other/Unknown vulnerability in walle... | E S | |
| CVE-2018-1000852 | FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 co... | E S | |
| CVE-2018-1000853 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-18925. Reason: This candid... | R | |
| CVE-2018-1000854 | esigate.org esigate version 5.2 and earlier contains a CWE-74: Improper Neutralization of Special El... | | |
| CVE-2018-1000855 | easymon version 1.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Endpoint wher... | S | |
| CVE-2018-1000856 | DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Si... | E | |
| CVE-2018-1000857 | log-user-session version 0.7 and earlier contains a Directory Traversal vulnerability in Main SUID-b... | E | |
| CVE-2018-1000858 | GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr t... | E | |
| CVE-2018-1000859 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-19518. Reason: This candid... | R | |
| CVE-2018-1000860 | phpipam version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in The value o... | E S | |
| CVE-2018-1000861 | A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier... | KEV | |
| CVE-2018-1000862 | An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier i... | | |
| CVE-2018-1000863 | A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in Us... | E | |
| CVE-2018-1000864 | A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in Cr... | | |
| CVE-2018-1000865 | A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/s... | | |
| CVE-2018-1000866 | A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/... | | |
| CVE-2018-1000867 | WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauc... | E S | |
| CVE-2018-1000868 | WeBid version up to current version 1.2.2 contains a Cross Site Scripting (XSS) vulnerability in use... | E S | |
| CVE-2018-1000869 | phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can... | E S | |
| CVE-2018-1000870 | PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php... | E S | |
| CVE-2018-1000871 | HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "id_... | E | |
| CVE-2018-1000872 | OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399: Resource Management Errors (si... | E S | |
| CVE-2018-1000873 | Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in... | E S | |
| CVE-2018-1000874 | PHP cebe markdown parser version 1.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerabili... | E | |
| CVE-2018-1000875 | Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 c... | M | |
| CVE-2018-1000876 | binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dyna... | E | |
| CVE-2018-1000877 | libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) ... | S | |
| CVE-2018-1000878 | libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) ... | S | |
| CVE-2018-1000879 | libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) ... | S | |
| CVE-2018-1000880 | libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) ... | S | |
| CVE-2018-1000881 | Traccar Traccar Server version 4.0 and earlier contains a CWE-94: Improper Control of Generation of ... | E | |
| CVE-2018-1000882 | WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.p... | E S | |
| CVE-2018-1000883 | Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result... | S | |
| CVE-2018-1000884 | Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.... | S | |
| CVE-2018-1000885 | PHKP version including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b contains a Improper Neutraliz... | E | |
| CVE-2018-1000886 | nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can... | E | |
| CVE-2018-1000887 | Peel shopping peel-shopping_9_1_0 version contains a Cross Site Scripting (XSS) vulnerability that c... | E | |
| CVE-2018-1000888 | PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_... | E | |
| CVE-2018-1000889 | Logisim Evolution version 2.14.3 and earlier contains an XML External Entity (XXE) vulnerability in ... | S | |
| CVE-2018-1000890 | FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filt... | E | |
| CVE-2018-1000891 | Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when receiving messages with invali... | | |
| CVE-2018-1000892 | Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when receiving sendheaders messages... | | |
| CVE-2018-1000893 | Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when deserializing transactions.... | | |
| CVE-2018-1000997 | A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier... | | |
| CVE-2018-1000998 | FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can... | E | |
| CVE-2018-1000999 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: [CVE-2018-20323]. Reason: This candid... | R |