CVE-2018-11xxx

There are 865 CVE in this subgroup.

Last updated:

← Back to 2018

ID	Summary	Flags
CVE-2018-11002	Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissi...	E
CVE-2018-11003	An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CSRF) vulnerability in protected...	E
CVE-2018-11004	An issue was discovered in SDcms v1.5. Cross-site request forgery (CSRF) vulnerability in /WWW//app/...	E
CVE-2018-11005	A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53....
CVE-2018-11006	An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53....
CVE-2018-11007	A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53....
CVE-2018-11008	An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53....
CVE-2018-11009	A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53....
CVE-2018-11010	A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53....
CVE-2018-11011	ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java....	E
CVE-2018-11012	ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attemp...	E
CVE-2018-11013	Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) router...	E
CVE-2018-11017	The newVar_N function in decompile.c in libming through 0.4.8 mishandles cases where the header indi...	E
CVE-2018-11018	An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/...	E
CVE-2018-11019	kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fi...	E
CVE-2018-11020	kernel/omap/drivers/rpmsg/rpmsg_omx.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS ...	E
CVE-2018-11021	kernel/omap/drivers/video/omap2/dsscomp/device.c in the kernel component in Amazon Kindle Fire HD(3r...	E
CVE-2018-11022	kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fi...	E
CVE-2018-11023	kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) F...	E
CVE-2018-11024	kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) F...	E
CVE-2018-11025	kernel/omap/drivers/mfd/twl6030-gpadc.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire O...	E
CVE-2018-11027	A reflected XSS vulnerability on Ruckus ICX7450-48 devices allows remote attackers to inject arbitra...	E
CVE-2018-11031	application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as ...	E
CVE-2018-11032	PHPRAP 1.0.4 through 1.0.8 has SQL Injection via the application/home/controller/project.php search(...	E
CVE-2018-11033	The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remot...
CVE-2018-11034	In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to c...	E
CVE-2018-11035	In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to c...	E
CVE-2018-11036	Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3.5.1, 3.6.0, and 3.6.1 (Essent...
CVE-2018-11037	In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers ...	E
CVE-2018-11039	Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupport...	S
CVE-2018-11040	Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported vers...	S
CVE-2018-11041	Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-rel...
CVE-2018-11042	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi...	R
CVE-2018-11043	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi...	R
CVE-2018-11044	Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1....	M
CVE-2018-11045	Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1....	M
CVE-2018-11046	Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX package...	M
CVE-2018-11047	Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 a...	M
CVE-2018-11048	Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protectio...
CVE-2018-11049	RSA Identity Governance and Lifecycle Uncontrolled Search Path Vulnerability
CVE-2018-11050	Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contai...
CVE-2018-11051	RSA Certificate Manager Path Traversal Vulnerability
CVE-2018-11052	Dell EMC ECS S3 Authentication Bypass Vulnerability
CVE-2018-11053	iSM: Dell EMC iDRAC Service Module Improper File Permission Vulnerability	S
CVE-2018-11054	RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote a...	S
CVE-2018-11055	RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), ...	S
CVE-2018-11056	RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition ver...	S
CVE-2018-11057	RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) c...	S
CVE-2018-11058	RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), an...	S
CVE-2018-11059	RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote...
CVE-2018-11060	RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API...
CVE-2018-11061	RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6...
CVE-2018-11062	Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability
CVE-2018-11063	Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Affe...
CVE-2018-11064	Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains...
CVE-2018-11065	The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to ...
CVE-2018-11066	Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability	S
CVE-2018-11067	Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability	S
CVE-2018-11068	RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an ...
CVE-2018-11069	RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA dec...
CVE-2018-11070	RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a Cov...
CVE-2018-11071	DSA-2018-147: Dell EMC Isilon OneFS and IsilonSD Edge Remote Process Crash Vulnerability
CVE-2018-11072	Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection Vulnerability. A local authent...	M
CVE-2018-11073	DSA-2018-152: RSA® Authentication Manager Multiple Vulnerabilities
CVE-2018-11074	DSA-2018-152: RSA® Authentication Manager Multiple Vulnerabilities
CVE-2018-11075	DSA-2018-152: RSA® Authentication Manager Multiple Vulnerabilities
CVE-2018-11076	Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability	S
CVE-2018-11077	Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability	S
CVE-2018-11078	Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerabil...
CVE-2018-11079	Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage...
CVE-2018-11080	Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vul...
CVE-2018-11081	Pivotal Operations Manager UAA config - temp Ram Disk
CVE-2018-11082	Cloud Foundry UAA MFA does not prevent brute force of MFA code
CVE-2018-11083	Bosh accepts refresh tokens in place of an access token
CVE-2018-11084	Garden-runC prevents deletion of some app environments	M
CVE-2018-11085	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2018-11086	Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to ...	M
CVE-2018-11087	TLS validation error	M
CVE-2018-11088	Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 pr...	M
CVE-2018-11090	An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This vulnerability within "ProxyPage.aspx" ...
CVE-2018-11091	An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file can be uploaded to the webserv...
CVE-2018-11092	An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely ...	E S
CVE-2018-11093	Cross-site scripting (XSS) vulnerability in the Link package for CKEditor 5 before 10.0.1 allows rem...
CVE-2018-11094	An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/upd...	E
CVE-2018-11095	The decompileJUMP function in decompile.c in libming through 0.4.8 mishandles cases where the header...
CVE-2018-11096	Horse Market Sell & Rent Portal Script 1.5.7 has a CSRF vulnerability through which an attacker can ...	E
CVE-2018-11097	An issue was discovered in cloudwu/cstring through 2016-11-09. There is a memory leak vulnerability ...
CVE-2018-11098	An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plug...	E
CVE-2018-11099	The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to...
CVE-2018-11100	The decompileSETTARGET function in decompile.c in libming through 0.4.8 mishandles cases where the h...
CVE-2018-11101	Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified...	S
CVE-2018-11102	An issue was discovered in Libav 12.3. A read access violation in the mov_probe function in libavfor...
CVE-2018-11103	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2018-11105	There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress ...	E S
CVE-2018-11106	NETGEAR has released fixes for a pre-authentication command injection in request_handler.php securit...
CVE-2018-11116	OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which all...
CVE-2018-11117	Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 ha...	S
CVE-2018-11118	The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a URI to Services/Feeds/...	S
CVE-2018-11119	ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 redirects a logged-in user to a third-party site via the ...	S
CVE-2018-11120	Services/COPage/classes/class.ilPCSourceCode.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has X...	S
CVE-2018-11124	Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition...	E
CVE-2018-11125	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi...	R
CVE-2018-11126	dg-user/?controller=users&action=add in doorGets 7.0 has CSRF that results in adding an administrato...	E
CVE-2018-11127	e107 2.1.7 has CSRF resulting in arbitrary user deletion....
CVE-2018-11128	The ObjReader::ReadObj() function in ObjReader.cpp in vincent0629 PDFParser allows remote attackers ...
CVE-2018-11129	The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to...
CVE-2018-11130	The header::add_FORMAT_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers ...
CVE-2018-11132	In order to perform actions that require higher privileges, the Quest KACE System Management Applian...	E
CVE-2018-11133	The 'fmt' parameter of the '/common/run_cross_report.php' script in the the Quest KACE System Manage...	E
CVE-2018-11134	In order to perform actions that requires higher privileges, the Quest KACE System Management Applia...	E
CVE-2018-11135	The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318 allows...	E
CVE-2018-11136	The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KAC...	E
CVE-2018-11137	The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Ma...	E
CVE-2018-11138	The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0....	KEV E
CVE-2018-11139	The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8....	E
CVE-2018-11140	The 'reportID' parameter received by the '/common/run_report.php' script in the Quest KACE System Ma...	E
CVE-2018-11141	The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in ...	E
CVE-2018-11142	The 'systemui/settings_network.php' and 'systemui/settings_patching.php' scripts in the Quest KACE S...	E
CVE-2018-11143	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 1 of 46)...
CVE-2018-11144	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 2 of 46)...
CVE-2018-11145	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 3 of 46)...
CVE-2018-11146	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 4 of 46)...
CVE-2018-11147	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 5 of 46)...
CVE-2018-11148	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 6 of 46)...
CVE-2018-11149	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 7 of 46)...
CVE-2018-11150	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 8 of 46)...
CVE-2018-11151	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 9 of 46)...
CVE-2018-11152	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 10 of 46...
CVE-2018-11153	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 11 of 46...
CVE-2018-11154	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 12 of 46...
CVE-2018-11155	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 13 of 46...
CVE-2018-11156	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 14 of 46...
CVE-2018-11157	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 15 of 46...
CVE-2018-11158	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 16 of 46...
CVE-2018-11159	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 17 of 46...
CVE-2018-11160	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 18 of 46...
CVE-2018-11161	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 19 of 46...
CVE-2018-11162	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 20 of 46...
CVE-2018-11163	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 21 of 46...
CVE-2018-11164	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 22 of 46...
CVE-2018-11165	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 23 of 46...
CVE-2018-11166	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 24 of 46...
CVE-2018-11167	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 25 of 46...
CVE-2018-11168	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 26 of 46...
CVE-2018-11169	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 27 of 46...
CVE-2018-11170	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 28 of 46...
CVE-2018-11171	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 29 of 46...
CVE-2018-11172	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 30 of 46...
CVE-2018-11173	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 31 of 46...
CVE-2018-11174	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 32 of 46...
CVE-2018-11175	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 33 of 46...
CVE-2018-11176	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 34 of 46...
CVE-2018-11177	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 35 of 46...
CVE-2018-11178	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 36 of 46...
CVE-2018-11179	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 37 of 46...
CVE-2018-11180	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 38 of 46...
CVE-2018-11181	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 39 of 46...
CVE-2018-11182	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 40 of 46...
CVE-2018-11183	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 41 of 46...
CVE-2018-11184	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 42 of 46...
CVE-2018-11185	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 43 of 46...
CVE-2018-11186	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 44 of 46...
CVE-2018-11187	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 45 of 46...
CVE-2018-11188	Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 46 of 46...
CVE-2018-11189	Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of ...
CVE-2018-11190	Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of ...
CVE-2018-11191	Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of ...
CVE-2018-11192	Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of ...
CVE-2018-11193	Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of ...
CVE-2018-11194	Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of ...
CVE-2018-11195	Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the ...	E
CVE-2018-11196	Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 can be used as medium ...	S
CVE-2018-11198	An issue was discovered in Mautic 2.13.1. There is Stored XSS via the authorUrl field in config.json...
CVE-2018-11200	An issue was discovered in Mautic 2.13.1. It has Stored XSS via the company name field....
CVE-2018-11202	A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10...	E
CVE-2018-11203	A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 libr...	E
CVE-2018-11204	A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1....	E
CVE-2018-11205	A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It co...	E
CVE-2018-11206	An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in ...	E
CVE-2018-11207	A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. I...	E
CVE-2018-11208	An issue was discovered in Z-BlogPHP 2.0.0. There is a persistent XSS that allows remote attackers t...	E
CVE-2018-11209	An issue was discovered in Z-BlogPHP 2.0.0. zb_system/cmd.php?act=verify relies on MD5 for the passw...	E
CVE-2018-11210	TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.s...
CVE-2018-11212	An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote a...	E S
CVE-2018-11213	An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attac...	E
CVE-2018-11214	An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attack...	E
CVE-2018-11215	Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior release...	S
CVE-2018-11218	Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12...	E S
CVE-2018-11219	An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before ...	E S
CVE-2018-11220	Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Execution via the system restore funct...	E
CVE-2018-11221	Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker ...
CVE-2018-11222	Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any...	E
CVE-2018-11223	XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a craft...	E
CVE-2018-11224	An issue was discovered in Libav 12.3. A read access violation in the in_table_init16 function in li...	E
CVE-2018-11225	The dcputs function in decompile.c in libming through 0.4.8 mishandles cases where the header indica...	E
CVE-2018-11226	The getString function in decompile.c in libming through 0.4.8 mishandles cases where the header ind...	E
CVE-2018-11227	Monstra CMS 3.0.4 and earlier has XSS via index.php....	E
CVE-2018-11228	Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.00...
CVE-2018-11229	Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.00...
CVE-2018-11230	jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29 allows remote attackers to cause a d...
CVE-2018-11231	In the Divido plugin for OpenCart, there is SQL injection. Attackers can use SQL injection to get so...	E
CVE-2018-11232	The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel b...	S
CVE-2018-11233	In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x b...
CVE-2018-11235	In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x b...	E S
CVE-2018-11236	stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing ve...	S
CVE-2018-11237	An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6...	E S
CVE-2018-11239	An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), ...	E
CVE-2018-11240	An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on th...
CVE-2018-11241	An issue was discovered on SoftCase T-Router build 20112017 devices. A remote attacker can read and ...
CVE-2018-11242	An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stor...	E
CVE-2018-11243	PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attackers to cause a denial of serv...	E
CVE-2018-11244	The BBE theme before 1.53 for WordPress allows a direct launch of an HTML editor....
CVE-2018-11245	app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex type attributes....	S
CVE-2018-11246	K7TSMngr.exe in K7Computing K7AntiVirus Premium 15.1.0.53 has a Memory Leak....
CVE-2018-11247	The JMX/RMI interface in Nasdaq BWise 5.0 does not require authentication for an SAP BO Component, w...
CVE-2018-11248	util/FileDownloadUtils.java in FileDownloader 1.7.3 does not check an attachment's name. If an attac...
CVE-2018-11251	In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImag...	E
CVE-2018-11254	An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPag...
CVE-2018-11255	An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPageNumber() in PdfPage.cpp in PoD...	E
CVE-2018-11256	An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::Append() in PdfDocument.cpp in Po...	E
CVE-2018-11257	Permissions, Privileges, and Access Controls in TA in Snapdragon Mobile has an options that allows R...
CVE-2018-11258	In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, a Use After Free condit...
CVE-2018-11259	Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Sna...
CVE-2018-11260	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11261	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11262	In Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the...	S
CVE-2018-11263	In all Android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux ...	S
CVE-2018-11264	Possible buffer overflow in Ontario fingerprint code due to lack of input validation for the paramet...
CVE-2018-11265	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11266	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11267	In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MDM...
CVE-2018-11268	In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MD...
CVE-2018-11269	In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MD...
CVE-2018-11270	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11271	Improper authentication can happen on Remote command handling due to inappropriate handling of event...
CVE-2018-11273	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11274	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11275	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11276	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11277	In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 43...
CVE-2018-11278	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11279	Lack of check of input size can make device memory get corrupted because of buffer overflow in snapd...
CVE-2018-11280	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11281	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11284	Spoofed SMS can be used to send a large number of messages to the device which will in turn initiate...
CVE-2018-11285	In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, ...
CVE-2018-11286	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11287	In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, ...
CVE-2018-11288	Possible undefined behavior due to lack of size check in function for parameter segment_idx can lead...
CVE-2018-11289	Data truncation during higher to lower type conversion which causes less memory allocation than desi...
CVE-2018-11290	In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, Q...
CVE-2018-11291	In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM...
CVE-2018-11292	In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MS...
CVE-2018-11293	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11294	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11295	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11296	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11297	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11298	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11299	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11300	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11301	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11302	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11303	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11304	Possible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-pro...
CVE-2018-11305	When a series of FDAL messages are sent to the modem, a Use After Free condition can occur in Snapdr...
CVE-2018-11306	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11307	An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default ty...	S
CVE-2018-11309	Blind SQL injection in coupon_code in the MemberMouse plugin 2.2.8 and prior for WordPress allows an...	E
CVE-2018-11311	A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 ...	E M
CVE-2018-11314	The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind att...
CVE-2018-11315	The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized ...	E
CVE-2018-11316	The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebindin...
CVE-2018-11317	Subrion CMS before 4.1.4 has XSS....
CVE-2018-11319	Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration file...	E S
CVE-2018-11320	In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do n...
CVE-2018-11321	An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows user...
CVE-2018-11322	An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR fi...
CVE-2018-11323	An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the ...
CVE-2018-11324	An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as rem...
CVE-2018-11325	An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill pas...
CVE-2018-11326	An issue was discovered in Joomla! Core before 3.8.8. Inadequate input filtering leads to a multiple...
CVE-2018-11327	An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the nam...
CVE-2018-11328	An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issue...
CVE-2018-11329	The DrugDealer function of a smart contract implementation for Ether Cartel, an Ethereum game, allow...
CVE-2018-11330	An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the charact...	S
CVE-2018-11331	An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set...	S
CVE-2018-11332	Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab und...	E
CVE-2018-11334	Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges ...
CVE-2018-11335	GVToken Genesis Vision (GVT) is a smart contract running on Ethereum. The mint function has an integ...
CVE-2018-11338	Intuit Lacerte 2017 for Windows in a client/server environment transfers the entire customer list in...
CVE-2018-11339	An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment....	E
CVE-2018-11340	An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows...	E
CVE-2018-11341	Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate...	E
CVE-2018-11342	A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attacker...	E
CVE-2018-11343	A persistent cross site scripting vulnerability in playlistmanger.cgi in the ASUSTOR SoundsGood appl...	E
CVE-2018-11344	A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to...	E
CVE-2018-11345	An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows att...	E
CVE-2018-11346	An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 ...	E
CVE-2018-11347	The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection....	E
CVE-2018-11348	Two XSS vulnerabilities are located in the profile edition page of the user panel of the YunoHost 2....	E
CVE-2018-11349	The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search func...	E
CVE-2018-11350	An issue was discovered in Jirafeau before 3.4.1. The file "search by name" form is affected by one ...	E
CVE-2018-11351	script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting (XSS) vulnerabili...	E
CVE-2018-11352	The Wallabag application 2.2.3 to 2.3.2 is affected by one cross-site scripting (XSS) vulnerability ...	E
CVE-2018-11354	In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/pa...
CVE-2018-11355	In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtc...
CVE-2018-11356	In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was add...
CVE-2018-11357	In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors coul...
CVE-2018-11358	In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was a...
CVE-2018-11359	In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors coul...
CVE-2018-11360	In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This ...
CVE-2018-11361	In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt...
CVE-2018-11362	In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was ad...
CVE-2018-11363	jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a heap-based buffer over-read....	E S
CVE-2018-11364	sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in libreadstat.a in ReadStat 0.1.1...	E
CVE-2018-11365	sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 0.1.1 has an infinite loop....	E
CVE-2018-11366	init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-...	E S
CVE-2018-11367	An issue was discovered in CppCMS before 1.2.1. There is a denial of service in the JSON parser modu...
CVE-2018-11369	An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection that can get important informat...	E
CVE-2018-11371	SkyCaiji 1.2 allows CSRF to add an Administrator user....	E
CVE-2018-11372	iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter....	E
CVE-2018-11373	iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter....	E
CVE-2018-11375	The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (hea...	S
CVE-2018-11376	The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (he...	S
CVE-2018-11377	The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service ...	S
CVE-2018-11378	The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact vi...	S
CVE-2018-11379	The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service ...	S
CVE-2018-11380	The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of servic...	S
CVE-2018-11381	The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of servi...	S
CVE-2018-11382	The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (hea...	S
CVE-2018-11383	The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (...	S
CVE-2018-11384	The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-bas...	S
CVE-2018-11385	An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.4...
CVE-2018-11386	An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before...
CVE-2018-11392	An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt "PHP Login & User M...
CVE-2018-11396	ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attacker...	E
CVE-2018-11399	SimpliSafe Original has Unencrypted Sensor Transmissions, which allows physically proximate attacker...
CVE-2018-11400	In SimpliSafe Original, the Base Station fails to detect tamper attempts: it does not send a notific...
CVE-2018-11401	In SimpliSafe Original, RF Interference (e.g., an extremely strong 433.92 MHz signal) by a physicall...
CVE-2018-11402	SimpliSafe Original has Unencrypted Keypad Transmissions, which allows physically proximate attacker...
CVE-2018-11403	DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter....	E
CVE-2018-11404	DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter....	E
CVE-2018-11405	Kliqqi 2.0.2 has CSRF in admin/admin_users.php....	E
CVE-2018-11406	An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.4...
CVE-2018-11407	An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3...
CVE-2018-11408	The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8....
CVE-2018-11409	Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-in...	E
CVE-2018-11410	An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTran...	E S
CVE-2018-11411	The transferFrom function of a smart contract implementation for DimonCoin (FUD), an Ethereum ERC20 ...
CVE-2018-11412	In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a mem...	E
CVE-2018-11413	An issue was discovered in BearAdmin 0.5. Remote attackers can download arbitrary files via /admin/d...	E
CVE-2018-11414	An issue was discovered in BearAdmin 0.5. There is admin/admin_log/index.html?user_id= SQL injection...	E
CVE-2018-11415	SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain ...	E
CVE-2018-11416	jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of realloc() and free(), which al...
CVE-2018-11418	An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_c...	E
CVE-2018-11419	An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_c...	E
CVE-2018-11420	There is Memory corruption in the web interface of Moxa OnCell G3100-HSPA Series version 1.5 Build 1...
CVE-2018-11421	Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring prot...
CVE-2018-11422	Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary configuration p...
CVE-2018-11423	There is Memory corruption in the web interface Moxa OnCell G3100-HSPA Series version 1.6 Build 1710...
CVE-2018-11424	There is Memory corruption in the web interface of Moxa OnCell G3470A-LTE Series version 1.6 Build 1...
CVE-2018-11425	Memory corruption issue was discovered in Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 a...
CVE-2018-11426	A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 ...
CVE-2018-11427	CSRF tokens are not used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 1...
CVE-2018-11429	ATLANT (ATL) is a smart contract running on Ethereum. The mint function has an integer overflow that...
CVE-2018-11430	An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save...	E
CVE-2018-11432	The mobi_parse_mobiheader function in read.c in Libmobi 0.3 allows remote attackers to cause informa...	E
CVE-2018-11433	The mobi_get_kf8boundary_seqnumber function in util.c in Libmobi 0.3 allows remote attackers to caus...	E
CVE-2018-11434	The buffer_fill64 function in compression.c in Libmobi 0.3 allows remote attackers to cause informat...	E
CVE-2018-11435	The mobi_decompress_huffman_internal function in compression.c in Libmobi 0.3 allows remote attacker...	E
CVE-2018-11436	The buffer_addraw function in buffer.c in Libmobi 0.3 allows remote attackers to cause information d...	E
CVE-2018-11437	The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 allows remote attackers to cause...	E
CVE-2018-11438	The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allows remote attackers to cause r...	E
CVE-2018-11439	The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attacke...	E
CVE-2018-11440	Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTab...
CVE-2018-11442	A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new...	E
CVE-2018-11443	The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1....	E
CVE-2018-11444	A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billin...	E
CVE-2018-11445	A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in ...	E
CVE-2018-11446	The buy function of a smart contract implementation for Gold Reward (GRX), an Ethereum ERC20 token, ...
CVE-2018-11447	A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/t...
CVE-2018-11448	A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/t...
CVE-2018-11449	A vulnerability has been identified in SCALANCE M875 (All versions). An attacker with access to the ...
CVE-2018-11450	A reflected Cross-Site-Scripting (XSS) vulnerability has been identified in Siemens PLM Software TEA...	E
CVE-2018-11451	A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All ver...	S
CVE-2018-11452	A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All ver...	S
CVE-2018-11453	A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, ...
CVE-2018-11454	A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, ...
CVE-2018-11455	A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4), Automa...
CVE-2018-11456	A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4). An att...
CVE-2018-11457	A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK ...
CVE-2018-11458	A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK ...
CVE-2018-11459	A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All ...
CVE-2018-11460	A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All ...
CVE-2018-11461	A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All ...
CVE-2018-11462	A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All ...
CVE-2018-11463	A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All ...
CVE-2018-11464	A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK ...
CVE-2018-11465	A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All ...
CVE-2018-11466	A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All ...
CVE-2018-11468	The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers ...	E
CVE-2018-11469	Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 throug...
CVE-2018-11470	iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel....	E
CVE-2018-11471	Cockpit 0.5.5 has XSS via a collection, form, or region....	E
CVE-2018-11472	Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php)....
CVE-2018-11473	Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration)...
CVE-2018-11474	Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at ad...
CVE-2018-11475	Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit...
CVE-2018-11476	An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The dongle opens an unprotected w...
CVE-2018-11477	An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The data packets that are sent be...
CVE-2018-11478	An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The OBD port is used to receive m...
CVE-2018-11479	The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a Win...
CVE-2018-11481	TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticat...
CVE-2018-11482	/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IP...
CVE-2018-11485	The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stor...	E
CVE-2018-11486	An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for...	E
CVE-2018-11487	PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or abou...
CVE-2018-11488	A stack exhaustion vulnerability in the search function of dtSearch 7.90.8538.1 and prior allows rem...	E
CVE-2018-11489	The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped i...	E
CVE-2018-11490	The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped i...
CVE-2018-11491	ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access, leading to remote comm...	E
CVE-2018-11492	ASUS HG100 devices allow denial of service via an IPv4 packet flood....	E
CVE-2018-11493	An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship ...	E
CVE-2018-11494	The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, i...	E
CVE-2018-11495	OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\cata...	E
CVE-2018-11496	In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because d...	E
CVE-2018-11498	In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an uncheck...
CVE-2018-11499	A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5...
CVE-2018-11500	An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/...	E
CVE-2018-11501	PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2, with resultant XSS....	E
CVE-2018-11502	An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save...	E
CVE-2018-11503	The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to...
CVE-2018-11504	The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cau...
CVE-2018-11505	The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by...	E
CVE-2018-11506	The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local...	S
CVE-2018-11507	An issue was discovered in Free Lossless Image Format (FLIF) 0.3. An attacker can trigger a long loo...	E
CVE-2018-11508	The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local user...	E S
CVE-2018-11509	ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS...	E
CVE-2018-11510	The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerab...	E
CVE-2018-11511	The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL inj...	E
CVE-2018-11512	Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings...	E S
CVE-2018-11514	PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dange...	E
CVE-2018-11515	The wpForo plugin through 2018-02-05 for WordPress has SQL Injection via a search with the /forum/ w...	E
CVE-2018-11516	The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 al...	E
CVE-2018-11517	mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of th...	E
CVE-2018-11518	A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR ...
CVE-2018-11522	Yosoro 1.0.4 has stored XSS....	E S
CVE-2018-11523	upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files....	E
CVE-2018-11525	The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable t...	E
CVE-2018-11526	The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to C...	E
CVE-2018-11527	An issue was discovered in CScms v4.1. A Cross-site request forgery (CSRF) vulnerability in plugins/...	E
CVE-2018-11528	WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI....	E
CVE-2018-11529	VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can lev...	E
CVE-2018-11531	Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp....	E
CVE-2018-11532	An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php...	E S
CVE-2018-11535	An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. The parameter "my_it...	E
CVE-2018-11536	md4c before 0.2.5 has a heap-based buffer overflow because md_split_simple_pairing_mark mishandles s...	E S
CVE-2018-11537	Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allo...	S
CVE-2018-11538	servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-X...	E
CVE-2018-11541	A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interf...
CVE-2018-11542	A Remote Command Execution (RCE) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web i...
CVE-2018-11543	A Local File Inclusion (LFI) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web inter...
CVE-2018-11544	The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username ...	E
CVE-2018-11545	md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because md_is_link_label mishandles th...
CVE-2018-11546	md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one e...
CVE-2018-11547	md_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based buffer over-read because md_is...
CVE-2018-11548	An issue was discovered in EOS.IO DAWN 4.2. plugins/net_plugin/net_plugin.cpp does not limit the num...
CVE-2018-11549	An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings ...	E
CVE-2018-11550	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-9850. Reason: This candida...	R
CVE-2018-11551	AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote att...
CVE-2018-11552	There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" fi...	E
CVE-2018-11553	SGIN.CN xiangyun platform V9.4.10 has XSS via the login_url parameter to /login.php....	E
CVE-2018-11554	The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3....
CVE-2018-11555	tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c...
CVE-2018-11556	tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages functio...
CVE-2018-11557	YIBAN Easy class education platform 2.0 has XSS via the articlelist.php k parameter....
CVE-2018-11558	DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_first_name parameter....	E
CVE-2018-11559	DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter....	E
CVE-2018-11560	The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overfl...	E
CVE-2018-11561	An integer overflow in the unprotected distributeToken function of a smart contract implementation f...	E
CVE-2018-11562	An issue was discovered in MISP 2.4.91. A vulnerability in app/View/Elements/eventattribute.ctp allo...	S
CVE-2018-11563	An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constr...	S
CVE-2018-11564	Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the pic...	E
CVE-2018-11565	Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to ment...	S
CVE-2018-11567	Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa ...	E
CVE-2018-11568	Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for WordPress because of insufficie...	E
CVE-2018-11569	Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deserialization of Untrusted Data. F...
CVE-2018-11571	ClipperCMS 1.3.3 allows Session Fixation....
CVE-2018-11572	ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -> Manage modules -> edit" action ...	E
CVE-2018-11574	Improper input validation together with an integer overflow in the EAP-TLS protocol implementation i...	S
CVE-2018-11575	ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in DecodeGifImg....
CVE-2018-11576	ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor....
CVE-2018-11577	Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c....	E
CVE-2018-11578	GifIndexToTrueColor in ngiflib.c in MiniUPnP ngiflib 0.4 has a Segmentation fault....	E
CVE-2018-11579	class-woo-banner-management.php in the MULTIDOTS WooCommerce Category Banner Management plugin 1.1.0...	E
CVE-2018-11580	An issue was discovered in mass-pages-posts-creator.php in the MULTIDOTS Mass Pages/Posts Creator pl...	E
CVE-2018-11581	Cross-site scripting (XSS) vulnerability on Brother HL series printers allows remote attackers to in...	E
CVE-2018-11583	SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter....	E
CVE-2018-11586	XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthe...	E
CVE-2018-11587	There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in ...
CVE-2018-11588	Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payl...	S
CVE-2018-11589	Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks...	S
CVE-2018-11590	Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user c...	E S
CVE-2018-11591	Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user c...	E S
CVE-2018-11592	Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user c...	E S
CVE-2018-11593	Espruino before 1.99 allows attackers to cause a denial of service (application crash) and potential...	E S
CVE-2018-11594	Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user c...	E S
CVE-2018-11595	Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potenti...	E S
CVE-2018-11596	Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user c...	S
CVE-2018-11597	Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user c...	S
CVE-2018-11598	Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potenti...	E S
CVE-2018-11614	This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Sam...
CVE-2018-11615	This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca ...
CVE-2018-11616	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ...
CVE-2018-11617	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ...	S
CVE-2018-11618	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ...	S
CVE-2018-11619	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ...	S
CVE-2018-11620	This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat...	S
CVE-2018-11621	This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat...	S
CVE-2018-11622	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ...	S
CVE-2018-11623	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ...	S
CVE-2018-11624	In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a u...
CVE-2018-11625	In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a he...	E S
CVE-2018-11626	SELA (aka SimplE Lossless Audio) v0.1.2-alpha has a stack-based buffer overflow in the core/apev2.c ...	S
CVE-2018-11627	Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception...	E S
CVE-2018-11628	Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly saniti...	E
CVE-2018-11629	Default and unremovable support credentials (user:lutron password:integration) allow attackers to ga...	M
CVE-2018-11631	Rondaful M1 Wristband Smart Band 1 devices allow remote attackers to send an arbitrary number of cal...	E
CVE-2018-11632	An issue was discovered in the MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugi...	E
CVE-2018-11633	An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If...	E
CVE-2018-11634	Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 S...	E
CVE-2018-11635	Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/applicatio...	E
CVE-2018-11636	Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia...	E
CVE-2018-11637	Information leakage vulnerability in the administrative console in Dialogic PowerMedia XMS through 3...	E
CVE-2018-11638	Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerM...	E
CVE-2018-11639	Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.ph...	E
CVE-2018-11640	XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2...	E
CVE-2018-11641	Use of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the administ...	E
CVE-2018-11642	Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dia...	E
CVE-2018-11643	SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 all...	E
CVE-2018-11645	psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used...	S
CVE-2018-11646	webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/AP...	E S
CVE-2018-11647	index.js in oauth2orize-fprm before 0.2.1 has XSS via a crafted URL....	S
CVE-2018-11649	Hue 3.12 has XSS via the /pig/save/ name and script parameters....	E
CVE-2018-11650	Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toa...	S
CVE-2018-11651	Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to c...	S
CVE-2018-11652	CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary O...	E S
CVE-2018-11653	Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows an...	E
CVE-2018-11654	Information disclosure in Netwave IP camera at get_status.cgi (via HTTP on port 8000) allows an unau...	E
CVE-2018-11655	In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePi...	E
CVE-2018-11656	In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMIma...	E
CVE-2018-11657	ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg and LoadGif....
CVE-2018-11659	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2018-11661	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2018-11662	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2018-11663	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2018-11664	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2018-11665	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2018-11666	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2018-11668	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2018-11669	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2018-11670	An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers t...	E
CVE-2018-11671	An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin a...	E
CVE-2018-11675	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2018-11678	plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login Rate Limiting Bypass via manipu...	E
CVE-2018-11679	An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an artic...	E
CVE-2018-11680	An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text edit...
CVE-2018-11681	Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total s...	M
CVE-2018-11682	Default and unremovable support credentials allow attackers to gain total super user control of an I...	M
CVE-2018-11683	Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTab...
CVE-2018-11684	Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTa...
CVE-2018-11685	Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTransl...
CVE-2018-11686	The Publish Service in FlexPaper (later renamed FlowPaper) 2.3.6 allows remote code execution via se...	E S
CVE-2018-11687	An integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red...
CVE-2018-11688	Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper vali...	E
CVE-2018-11689	Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable...	E
CVE-2018-11690	The Balbooa Gridbox extension version 2.4.0 and previous versions for Joomla! is vulnerable to cross...	E
CVE-2018-11691	Emerson DeltaV Smart Switch Command Center application, available in versions 11.3.x and 12.3.1, was...
CVE-2018-11692	An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices. It is possible to ...	E
CVE-2018-11693	An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found...	E S
CVE-2018-11694	An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the functi...	E S
CVE-2018-11695	An issue was discovered in LibSass <3.5.3. A NULL pointer dereference was found in the function Sass...	E S
CVE-2018-11696	An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the functi...	E S
CVE-2018-11697	An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found...	E S
CVE-2018-11698	An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found...	E S
CVE-2018-11701	FastStone Image Viewer 6.2 has a User Mode Write AV at 0x005cb509, triggered when the user opens a m...
CVE-2018-11702	FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cb3, triggered when the user opens a m...
CVE-2018-11703	FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d6a, triggered when the user opens a m...
CVE-2018-11704	FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d7d, triggered when the user opens a m...
CVE-2018-11705	FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cc4, triggered when the user opens a m...
CVE-2018-11706	FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578dd8, triggered when the user opens a m...
CVE-2018-11707	FastStone Image Viewer 6.2 has a User Mode Read and Execute AV at 0x0057898e, triggered when the use...
CVE-2018-11709	wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for Wo...
CVE-2018-11710	soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (...	S
CVE-2018-11711	A remote attacker can bypass the System Manager Mode on the Canon MF210 and MF220 web interface with...	E
CVE-2018-11712	WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKi...	S
CVE-2018-11713	WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKi...	S
CVE-2018-11714	An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n ...	E
CVE-2018-11715	The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread subject....	E
CVE-2018-11716	An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenticated...	E
CVE-2018-11717	An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to ...	E
CVE-2018-11718	Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF....
CVE-2018-11719	Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE....
CVE-2018-11720	Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow Directory Traversal....
CVE-2018-11722	WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard...	E
CVE-2018-11723	The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 20...
CVE-2018-11724	The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a deni...
CVE-2018-11725	The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows remote attackers to cause an in...
CVE-2018-11726	The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows remote attackers to cause a d...
CVE-2018-11727	The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04...
CVE-2018-11728	The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsnt...
CVE-2018-11729	The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-2...
CVE-2018-11730	The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in ...
CVE-2018-11731	The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-...
CVE-2018-11734	In e107 v2.1.7, output without filtering results in XSS....
CVE-2018-11735	index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter....
CVE-2018-11736	An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to ...	E
CVE-2018-11737	An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. A...	E S
CVE-2018-11738	An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. A...	E S
CVE-2018-11739	An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. ...	E S
CVE-2018-11740	An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1....	E S
CVE-2018-11741	NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Infor...	E
CVE-2018-11742	NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI....	E
CVE-2018-11743	The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects,...	E S
CVE-2018-11744	Cloudera Manager through 5.15 has Incorrect Access Control....
CVE-2018-11746	Puppet Discovery can leak authentication information
CVE-2018-11747	Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx conta...
CVE-2018-11748	Previous releases of the Puppet device_manager module creates configuration files containing credent...
CVE-2018-11749	When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are ...
CVE-2018-11750	Previous releases of the Puppet cisco_ios module did not validate a host's identity before starting ...
CVE-2018-11751	Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading ...
CVE-2018-11752	Previous releases of the Puppet cisco_ios module output SSH session debug information including logi...
CVE-2018-11756	In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/act...	S
CVE-2018-11757	In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk...	S
CVE-2018-11758	This affects Apache Cayenne 4.1.M1, 3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1, 4.0.B2, 4.0.RC1, 3.1, 3.1.1, 3...
CVE-2018-11759	The Apache Web Server (httpd) specific code that normalised the requested path before matching it to...
CVE-2018-11760	When using PySpark , it's possible for a different local user to connect to the Spark application an...
CVE-2018-11761	In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were...	S
CVE-2018-11762	In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory o...
CVE-2018-11763	In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can oc...	S
CVE-2018-11764	Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. A...
CVE-2018-11765	In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can acces...
CVE-2018-11766	In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is incomplete. A user who can es...
CVE-2018-11767	In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS blocking users or granting acce...
CVE-2018-11768	In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, th...
CVE-2018-11769	CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insu...
CVE-2018-11770	From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, i...	E M
CVE-2018-11771	When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17...	S
CVE-2018-11772	Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node...
CVE-2018-11773	Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted ...
CVE-2018-11774	Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs...
CVE-2018-11775	TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which coul...	S
CVE-2018-11776	Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution wh...	KEV E S
CVE-2018-11777	In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly pr...
CVE-2018-11778	UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid...
CVE-2018-11779	In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafk...
CVE-2018-11780	A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3...
CVE-2018-11781	Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax....
CVE-2018-11782	In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve serv...	S
CVE-2018-11783	sslheaders plugin extracts information from the client certificate and sets headers in the request b...
CVE-2018-11784	When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to...	S
CVE-2018-11785	Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauth...
CVE-2018-11786	In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator ...	S
CVE-2018-11787	In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Ka...	S
CVE-2018-11788	Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by drop...
CVE-2018-11789	When accessing the heron-ui webpage, people can modify the file paths outside of the current contain...
CVE-2018-11790	When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination ...	S
CVE-2018-11791	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11792	In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. This may pos...
CVE-2018-11793	When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions ...
CVE-2018-11794	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi...	R
CVE-2018-11795	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi...	R
CVE-2018-11796	In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, T...
CVE-2018-11797	In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an...	S
CVE-2018-11798	The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to...
CVE-2018-11799	Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 5.0.0 to impersonate other users. Th...
CVE-2018-11800	SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQ...
CVE-2018-11801	SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQ...
CVE-2018-11802	In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes ...
CVE-2018-11803	Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after d...
CVE-2018-11804	Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs...	M
CVE-2018-11805	In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands wit...
CVE-2018-11806	m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams....	S
CVE-2018-11808	Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Versio...
CVE-2018-11813	libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF....
CVE-2018-11816	Use After Free in Video
CVE-2018-11818	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11819	Use after issue in WLAN function due to multiple ACS scan requests at a time in Snapdragon Auto, Sna...	S
CVE-2018-11820	Use of non-time constant memcmp function creates side channel that leaks information and leads to cr...
CVE-2018-11821	Possible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile, Snapdrag...
CVE-2018-11822	A possible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile in vers...
CVE-2018-11823	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11824	A stack-based buffer overflow can occur in a firmware routine in Snapdragon Mobile, Snapdragon Wear ...
CVE-2018-11825	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11826	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11827	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11828	When FW tries to get random mac address generated from new SW RNG and ADC values read are constant t...
CVE-2018-11829	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11830	Improper input validation in QCPE create function may lead to integer overflow in Snapdragon Auto, S...
CVE-2018-11831	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11832	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11833	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11834	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11835	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11836	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11837	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11838	Possible double free issue in WLAN due to lack of checking memory free condition. in Snapdragon Auto...	S
CVE-2018-11839	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11840	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11841	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11842	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11843	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11844	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11845	Usage of non-time-constant comparison functions can lead to information leakage through side channel...
CVE-2018-11846	The use of a non-time-constant memory comparison operation can lead to timing/side channel attacks i...
CVE-2018-11847	Malicious TA can tag QSEE kernel memory and map to EL0, there by corrupting the physical memory as w...
CVE-2018-11848	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11849	Lack of check on out of range of bssid parameter When processing scan start command will lead to buf...
CVE-2018-11850	Lack of check on remaining length parameter When processing scan start command will lead to buffer f...
CVE-2018-11851	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11852	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11853	Lack of check on out of range for channels When processing channel list set command will lead to buf...
CVE-2018-11854	Lack of check of valid length of input parameter may cause buffer overwrite in WLAN in Snapdragon Mo...
CVE-2018-11855	If an end user makes use of SCP11 sample OCE code without modification it could lead to a buffer ove...
CVE-2018-11856	Improper input validation leads to buffer overwrite in the WLAN function that handles WMI commands i...
CVE-2018-11857	Improper input validation in WLAN encrypt/decrypt module can lead to a buffer copy in Snapdragon Mob...
CVE-2018-11858	When processing IE set command, buffer overwrite may occur due to lack of input validation of the IE...
CVE-2018-11859	Buffer overwrite can happen in WLAN due to lack of validation of the input length in Snapdragon Mobi...
CVE-2018-11860	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11861	Buffer overflow can happen in WLAN function due to lack of validation of the input length in Snapdra...
CVE-2018-11862	Buffer overflow can happen in WLAN module due to lack of validation of the input length in Snapdrago...
CVE-2018-11863	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11864	Bytes can be written to fuses from Secure region which can be read later by HLOS in Snapdragon Auto,...
CVE-2018-11865	Integer overflow may happen when calculating an internal structure size due to lack of validation of...
CVE-2018-11866	Integer overflow may happen in WLAN when calculating an internal structure size due to lack of valid...
CVE-2018-11867	Lack of buffer length check before copying in WLAN function while processing FIPS event, can lead to...
CVE-2018-11868	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11869	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11870	Buffer overwrite can occur when the legacy rates count received from the host is not checked against...
CVE-2018-11871	Buffer overwrite can happen in WLAN function while processing set pdev parameter command due to lack...
CVE-2018-11872	Improper input validation leads to buffer overwrite in the WLAN function that handles WMI commands i...
CVE-2018-11873	Improper input validation leads to buffer overwrite in the WLAN function that handles WLAN roam buff...
CVE-2018-11874	Buffer overflow if the length of passphrase is more than 32 when setting up secure NDP connection in...
CVE-2018-11875	Lack of check of buffer size before copying in a WLAN function can lead to a buffer overflow in Snap...
CVE-2018-11876	Lack of input validation while copying to buffer in WLAN will lead to a buffer overflow in Snapdrago...
CVE-2018-11877	When the buffer length passed is very large in WLAN, bounds check could be bypassed leading to poten...
CVE-2018-11878	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11879	When the buffer length passed is very large, bounds check could be bypassed leading to potential buf...
CVE-2018-11880	Incorrect bound check can lead to potential buffer overwrite in WLAN function in Snapdragon Mobile i...
CVE-2018-11881	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. ...	R
CVE-2018-11882	Incorrect bound check can lead to potential buffer overwrite in WLAN controller in Snapdragon Mobile...
CVE-2018-11883	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11884	Improper input validation leads to buffer overflow while processing network list offload command in ...
CVE-2018-11885	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11886	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11887	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11888	Unauthorized access may be allowed by the SCP11 Crypto Services TA will processing commands from oth...
CVE-2018-11889	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11890	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11891	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11892	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11893	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11894	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11895	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11896	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11897	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11898	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11899	While processing radio connection status change events, Radio index is not properly validated in Sna...
CVE-2018-11900	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11901	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11902	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11903	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11904	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ...	S
CVE-2018-11905	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11906	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11907	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11908	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11909	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11910	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11911	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11912	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11913	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11914	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11915	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11918	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11919	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11921	Failure condition is not handled properly and the correct error code is not returned. It could cause...
CVE-2018-11922	Configurations in Android Build
CVE-2018-11923	Improper buffer length check before copying can lead to integer overflow and then a buffer overflow ...
CVE-2018-11924	Improper buffer length validation in WLAN function can lead to a potential integer oveflow issue in ...	S
CVE-2018-11925	Data length received from firmware is not validated against the max allowed size which can result in...	S
CVE-2018-11926	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11927	Improper input validation on input which is used as an array index will lead to an out of bounds iss...	S
CVE-2018-11928	Lack of check on length parameter may cause buffer overflow while processing WMI commands in Snapdra...
CVE-2018-11929	Lack of input validation in WLAN function can lead to potential heap overflow in Snapdragon Auto, Sn...	S
CVE-2018-11930	Improper input validation on input data which is used to locate and copy the additional IEs in WLAN ...	S
CVE-2018-11931	Improper access to HLOS is possible while transferring memory to CPZ in Snapdragon Auto, Snapdragon ...
CVE-2018-11932	Improper input validation can lead RW access to secure subsystem from HLOS in Snapdragon Auto, Snapd...
CVE-2018-11933	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11934	Possible out of bounds write due to improper input validation while processing DO_ACS vendor command...	S
CVE-2018-11935	Improper input validation might result in incorrect app id returned to the caller Instead of returni...
CVE-2018-11936	Index of array is processed in a wrong way inside a while loop and result in invalid index (-1 or so...
CVE-2018-11937	Lack of input validation before copying can lead to a buffer over read in WLAN function in Snapdrago...	S
CVE-2018-11938	Improper input validation for argument received from HLOS can lead to buffer overflows and unexpecte...
CVE-2018-11939	Use after issue in WLAN function due to multiple ACS scan requests at a time in Snapdragon Auto, Sna...	S
CVE-2018-11940	Lack of check in length before using memcpy in WLAN function can lead to OOB access in Snapdragon Au...	S
CVE-2018-11941	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11942	Failure to initialize the reserved memory which is sent to the firmware might lead to exposure of 1 ...	S
CVE-2018-11943	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11944	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11945	Improper input validation in wireless service messaging module for data received from broadcast mess...
CVE-2018-11946	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11947	The txrx stats req might be double freed in the pdev detach when the host driver is unloading in Sna...	S
CVE-2018-11948	Exceeding the limit of usage entries are not tracked and the information will be lost causing the co...
CVE-2018-11949	Failure to initialize the extra buffer can lead to an out of buffer access in WLAN function in Snapd...	S
CVE-2018-11950	Unapproved TrustZone applications can be loaded and executed in Snapdragon Mobile in version SD 845,...
CVE-2018-11951	Improper access control in core module lead XBL_LOADER performs the ZI region clear for QTEE instead...
CVE-2018-11952	Improper Authentication in TrustZone
CVE-2018-11953	While processing ssid IE length from remote AP, possible out-of-bounds access may occur due to craft...	S
CVE-2018-11954	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11955	Lack of check on length of reason-code fetched from payload may lead driver access the memory not al...	S
CVE-2018-11956	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11957	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11958	Insufficient protection of keys in keypad can lead HLOS to gain access to confidential keypad input ...
CVE-2018-11959	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11960	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11961	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11962	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11963	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11964	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11965	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11966	Undefined behavior in UE while processing unknown IEI in OTA message in Snapdragon Auto, Snapdragon ...
CVE-2018-11967	Signature verification of the skel library could potentially be disabled as the memory region on the...	S
CVE-2018-11968	Improper check before assigning value can lead to integer overflow in Snapdragon Auto, Snapdragon Co...
CVE-2018-11969	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11970	TZ App dynamic allocations not protected from XBL loader in Snapdragon Auto, Snapdragon Compute, Sna...
CVE-2018-11971	Interrupt exit code flow may undermine access control policy set forth by secure world can lead to p...
CVE-2018-11972	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11973	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11974	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11975	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11976	ECDSA signature code leaks private keys from secure world to non-secure world in Snapdragon Auto, Sn...
CVE-2018-11977	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11978	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11979	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11980	When a fake broadcast/multicast 11w rmf without mmie received, since no proper length check in wma_p...	S
CVE-2018-11982	In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM89...
CVE-2018-11983	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11984	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11985	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11986	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11987	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11988	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11989	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11990	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11991	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11992	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11993	Improper check while accessing the local memory stack on MQTT connection request can lead to buffer ...
CVE-2018-11994	SMMU secure camera logic allows secure camera controllers to access HLOS memory during session in Sn...
CVE-2018-11995	In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k...	S
CVE-2018-11996	When a malformed command is sent to the device programmer, an out-of-bounds access can occur in Snap...
CVE-2018-11997	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2018-11998	While processing a packet decode request in MQTT, Race condition can occur leading to an out-of-boun...
CVE-2018-11999	Improper input validation in trustzone can lead to denial of service in snapdragon automobile, snapd...