| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2018-12000 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12001 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12002 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12003 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12004 | Secure keypad is unlocked with secure display still intact in Snapdragon Auto, Snapdragon Compute, S... | | |
| CVE-2018-12005 | An unprivileged user can issue a binder call and cause a system halt in Snapdragon Auto, Snapdragon ... | | |
| CVE-2018-12006 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k... | S | |
| CVE-2018-12007 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12008 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12009 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12010 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k... | S | |
| CVE-2018-12011 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k... | S | |
| CVE-2018-12012 | While updating blacklisting region shared buffered memory region is not validated against newly upda... | | |
| CVE-2018-12013 | Improper authentication in locked memory region can lead to unprivilged access to the memory in Snap... | | |
| CVE-2018-12014 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k... | S | |
| CVE-2018-12015 | In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traver... | E S | |
| CVE-2018-12016 | libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denia... | E | |
| CVE-2018-12018 | The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1... | E S | |
| CVE-2018-12019 | The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control me... | E | |
| CVE-2018-12020 | mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification... | S | |
| CVE-2018-12021 | Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting ove... | | |
| CVE-2018-12022 | An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When De... | S | |
| CVE-2018-12023 | An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When De... | S | |
| CVE-2018-12025 | The transferFrom function of a smart contract implementation for FuturXE (FXE), an Ethereum ERC20 to... | | |
| CVE-2018-12026 | During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5... | M | |
| CVE-2018-12027 | An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes ... | M | |
| CVE-2018-12028 | An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 all... | M | |
| CVE-2018-12029 | A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local ... | M | |
| CVE-2018-12030 | Chevereto Free before 1.0.13 has XSS.... | E S | |
| CVE-2018-12031 | Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file vi... | E | |
| CVE-2018-12034 | In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds r... | E S | |
| CVE-2018-12035 | In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds w... | E S | |
| CVE-2018-12036 | OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archi... | E | |
| CVE-2018-12037 | An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in "ATA high" mode, not vulnera... | S | |
| CVE-2018-12038 | An issue was discovered on Samsung 840 EVO devices. Vendor-specific commands may allow access to the... | S | |
| CVE-2018-12039 | joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue i... | E | |
| CVE-2018-12040 | Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 a... | E | |
| CVE-2018-12041 | An issue was discovered on the MediaTek AWUS036NH wireless USB adapter through 5.1.25.0. Attackers c... | | |
| CVE-2018-12042 | Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter.... | E | |
| CVE-2018-12043 | content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page.... | S | |
| CVE-2018-12045 | DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file... | E | |
| CVE-2018-12046 | DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_m... | E | |
| CVE-2018-12047 | xfind/search in Ximdex 4.0 has XSS via the filter[n][value] parameters for non-negative values of n,... | E | |
| CVE-2018-12048 | A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN ... | E | |
| CVE-2018-12049 | A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a P... | E | |
| CVE-2018-12051 | Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management S... | E | |
| CVE-2018-12052 | SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_... | E | |
| CVE-2018-12053 | Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img param... | E | |
| CVE-2018-12054 | Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter i... | E | |
| CVE-2018-12055 | Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST d... | E | |
| CVE-2018-12056 | The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game... | | |
| CVE-2018-12062 | The sell function of a smart contract implementation for SwftCoin (SWFTC), a tradable Ethereum ERC20... | | |
| CVE-2018-12063 | The sell function of a smart contract implementation for Internet Node Token (INT), a tradable Ether... | | |
| CVE-2018-12064 | tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChannelInfo in tinyexr.h.... | | |
| CVE-2018-12065 | A Local File Inclusion vulnerability in /system/WCore/WHelper.php in Creatiwity wityCMS 0.6.2 allows... | E | |
| CVE-2018-12066 | BIRD Internet Routing Daemon before 1.6.4 allows local users to cause a denial of service (stack con... | S | |
| CVE-2018-12067 | The sell function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20... | | |
| CVE-2018-12068 | The sell function of a smart contract implementation for Target Coin (TGT), a tradable Ethereum ERC2... | | |
| CVE-2018-12070 | The sell function of a smart contract implementation for SEC, a tradable Ethereum ERC20 token, allow... | | |
| CVE-2018-12071 | A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the S... | | |
| CVE-2018-12072 | An issue was discovered in Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware. It is con... | | |
| CVE-2018-12073 | An issue was discovered on Eminent EM4544 9.10 devices. The device does not require the user's curre... | | |
| CVE-2018-12076 | A vulnerability in the UPC bar code of the Avanti Markets MarketCard could allow an unauthenticated,... | | |
| CVE-2018-12078 | The mintToken function of a smart contract implementation for PolyAI (AI), a tradable Ethereum ERC20... | | |
| CVE-2018-12079 | The mintToken function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ... | | |
| CVE-2018-12080 | The mintToken function of a smart contract implementation for Internet Node Token (INT), a tradable ... | | |
| CVE-2018-12081 | The mintToken function of a smart contract implementation for Target Coin (TGT), a tradable Ethereum... | | |
| CVE-2018-12082 | The mintToken function of a smart contract implementation for Fujinto (NTO), a tradable Ethereum ERC... | | |
| CVE-2018-12083 | The mintToken function of a smart contract implementation for GOAL Bonanza (GOAL), a tradable Ethere... | | |
| CVE-2018-12084 | The mintToken function of a smart contract implementation for BitAsean (BAS), a tradable Ethereum ER... | | |
| CVE-2018-12085 | Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTab... | S | |
| CVE-2018-12086 | Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with care... | | |
| CVE-2018-12087 | Failure to validate certificates in OPC Foundation UA Client Applications communicating without secu... | M | |
| CVE-2018-12088 | S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacke... | E S | |
| CVE-2018-12089 | In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for... | | |
| CVE-2018-12090 | There is unauthenticated reflected cross-site scripting (XSS) in LAMS before 3.1 that allows a remot... | E | |
| CVE-2018-12092 | tinyexr 0.9.5 has a heap-based buffer over-read in tinyexr::DecodePixelData in tinyexr.h, related to... | | |
| CVE-2018-12093 | tinyexr 0.9.5 has a memory leak in ParseEXRHeaderFromMemory in tinyexr.h.... | | |
| CVE-2018-12094 | Cross-site scripting (XSS) vulnerability in news.php in Dimofinf CMS Version 3.0.0 allows remote att... | E | |
| CVE-2018-12095 | A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-applica... | E | |
| CVE-2018-12096 | The liblnk_data_string_get_utf8_string_size function in liblnk_data_string.c in liblnk through 2018-... | | |
| CVE-2018-12097 | The liblnk_location_information_read_data function in liblnk_location_information.c in liblnk throug... | | |
| CVE-2018-12098 | The liblnk_data_block_read function in liblnk_data_block.c in liblnk through 2018-04-19 allows remot... | | |
| CVE-2018-12099 | Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links.... | E S | |
| CVE-2018-12100 | Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Admini... | | |
| CVE-2018-12101 | CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resourc... | E | |
| CVE-2018-12102 | md4c 0.2.6 has a NULL pointer dereference in the function md_process_line in md4c.c, related to ctx-... | | |
| CVE-2018-12103 | An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with ... | | |
| CVE-2018-12104 | Cross-site scripting (XSS) vulnerability in Airbnb Knowledge Repo 0.7.4 allows remote attackers to i... | E M | |
| CVE-2018-12108 | An issue was discovered in Dropbox Lepton 1.2.1. The validateAndCompress function in validation.cc a... | E S | |
| CVE-2018-12109 | An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The TransformPaletteC | E | |
| CVE-2018-12110 | portfolioCMS 1.0.5 has SQL Injection via the admin/portfolio.php preview parameter.... | E | |
| CVE-2018-12111 | Cross-site scripting (XSS) vulnerability in the Canon PrintMe EFI webinterface allows remote attacke... | E | |
| CVE-2018-12112 | md_build_attribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service (Seg... | E | |
| CVE-2018-12113 | Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a ... | E | |
| CVE-2018-12114 | Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.... | E | |
| CVE-2018-12115 | In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recogni... | | |
| CVE-2018-12116 | Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be ... | S | |
| CVE-2018-12120 | Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by defaul... | S | |
| CVE-2018-12121 | Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with la... | S | |
| CVE-2018-12122 | Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of ... | S | |
| CVE-2018-12123 | Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL ... | S | |
| CVE-2018-12125 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12126 | Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizi... | | |
| CVE-2018-12127 | Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing spe... | | |
| CVE-2018-12128 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12129 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12130 | Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing... | | |
| CVE-2018-12131 | Permissions in the driver pack installers for Intel NVMe before version 4.0.0.1007 and Intel RSTe be... | S | |
| CVE-2018-12132 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12133 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12134 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12135 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12136 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12137 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12138 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12139 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12140 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12141 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12142 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12143 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12144 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12145 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12146 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12147 | Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, Intel® Ser... | | |
| CVE-2018-12148 | Privilege escalation in file permissions in Intel Driver and Support Assistant before 3.5.0.1 may al... | | |
| CVE-2018-12149 | Buffer overflow in input handling in Intel Extreme Tuning Utility before 6.4.1.21 may allow an authe... | S | |
| CVE-2018-12150 | Escalation of privilege in Installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an a... | S | |
| CVE-2018-12151 | Buffer overflow in installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an authentic... | S | |
| CVE-2018-12152 | Pointer corruption in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.... | M | |
| CVE-2018-12153 | Denial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.3... | | |
| CVE-2018-12154 | Denial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.3... | | |
| CVE-2018-12155 | Data leakage in cryptographic libraries for Intel IPP before 2019 update1 release may allow an authe... | | |
| CVE-2018-12156 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12157 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12158 | Insufficient input validation in BIOS update utility in Intel NUC FW kits downloaded before May 24, ... | S | |
| CVE-2018-12159 | Buffer overflow in the command-line interface for Intel(R) PROSet Wireless v20.50 and before may all... | S | |
| CVE-2018-12160 | DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3... | | |
| CVE-2018-12161 | Insufficient session validation in the webserver component of the Intel Rapid Web Server 3 may allow... | M | |
| CVE-2018-12162 | Directory permissions in the Intel OpenVINO Toolkit for Windows before version 2018.1.265 may allow ... | | |
| CVE-2018-12163 | A DLL injection vulnerability in the Intel IoT Developers Kit 4.0 installer may allow an authenticat... | | |
| CVE-2018-12164 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12165 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12166 | Insufficient write protection in firmware for Intel(R) Optane(TM) SSD DC P4800X before version E2010... | S | |
| CVE-2018-12167 | Firmware update routine in bootloader for Intel(R) Optane(TM) SSD DC P4800X before version E2010435 ... | S | |
| CVE-2018-12168 | Privilege escalation in file permissions in Intel Computing Improvement Program before version 2.2.0... | | |
| CVE-2018-12169 | Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Proc... | M | |
| CVE-2018-12170 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12171 | Privilege escalation in Intel Baseboard Management Controller (BMC) firmware before version 1.43.91f... | | |
| CVE-2018-12172 | Improper password hashing in firmware in Intel Server Board (S7200AP,S7200APR) and Intel Compute Mod... | | |
| CVE-2018-12173 | Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Comp... | | |
| CVE-2018-12174 | Heap overflow in Intel Trace Analyzer 2018 in Intel Parallel Studio XE 2018 Update 3 may allow an au... | | |
| CVE-2018-12175 | Default install directory permissions in Intel Distribution for Python (IDP) version 2018 may allow ... | | |
| CVE-2018-12176 | Improper input validation in firmware for Intel NUC Kits may allow a privileged user to potentially ... | | |
| CVE-2018-12177 | Improper directory permissions in the ZeroConfig service in Intel(R) PROSet/Wireless WiFi Software b... | S | |
| CVE-2018-12178 | Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escala... | S | |
| CVE-2018-12179 | Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially e... | S | |
| CVE-2018-12180 | Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enabl... | S | |
| CVE-2018-12181 | Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial ... | S | |
| CVE-2018-12182 | Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potenti... | S | |
| CVE-2018-12183 | Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalat... | S | |
| CVE-2018-12184 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12185 | Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.... | | |
| CVE-2018-12186 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12187 | Insufficient input validation in Intel(R) Active Management Technology (Intel(R) AMT) before version... | | |
| CVE-2018-12188 | Insufficient input validation in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 o... | | |
| CVE-2018-12189 | Unhandled exception in Content Protection subsystem in Intel CSME before versions 11.8.60, 11.11.60,... | | |
| CVE-2018-12190 | Insufficient input validation in Intel(r) CSME subsystem before versions 11.8.60, 11.11.60, 11.22.60... | | |
| CVE-2018-12191 | Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20... | | |
| CVE-2018-12192 | Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, o... | | |
| CVE-2018-12193 | Insufficient access control in driver stack for Intel QuickAssist Technology for Linux before versio... | S | |
| CVE-2018-12194 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12195 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12196 | Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.... | | |
| CVE-2018-12197 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-12198 | Insufficient input validation in Intel(R) Server Platform Services HECI subsystem before version SPS... | | |
| CVE-2018-12199 | Buffer overflow in an OS component in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0... | | |
| CVE-2018-12200 | Insufficient access control in Intel(R) Capability Licensing Service before version 1.50.638.1 may a... | | |
| CVE-2018-12201 | Buffer overflow vulnerability in Platform Sample / Silicon Reference firmware for 8th Generation Int... | | |
| CVE-2018-12202 | Privilege escalation vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation... | | |
| CVE-2018-12203 | Denial of service vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation In... | | |
| CVE-2018-12204 | Improper memory initialization in Platform Sample/Silicon Reference firmware Intel(R) Server Board, ... | | |
| CVE-2018-12205 | Improper certificate validation in Platform Sample/ Silicon Reference firmware for 8th Generation In... | | |
| CVE-2018-12206 | Improper configuration of hardware access in Intel QuickAssist Technology for Linux (all versions) m... | | |
| CVE-2018-12207 | Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(... | S | |
| CVE-2018-12208 | Buffer overflow in HECI subsystem in Intel(R) CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12... | | |
| CVE-2018-12209 | Insufficient access control in User Mode Driver in Intel(R) Graphics Driver for Windows* before vers... | S | |
| CVE-2018-12210 | Multiple pointer dereferences in User Mode Driver in Intel(R) Graphics Driver for Windows* before ve... | S | |
| CVE-2018-12211 | Insufficient input validation in User Mode Driver in Intel(R) Graphics Driver for Windows* before ve... | S | |
| CVE-2018-12212 | Buffer overflow in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x... | S | |
| CVE-2018-12213 | Potential memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before ve... | S | |
| CVE-2018-12214 | Potential memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before ve... | S | |
| CVE-2018-12215 | Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before ... | S | |
| CVE-2018-12216 | Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before ... | S | |
| CVE-2018-12217 | Insufficient access control in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before ve... | S | |
| CVE-2018-12218 | Unhandled exception in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.... | S | |
| CVE-2018-12219 | Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before ... | S | |
| CVE-2018-12220 | Logic bug in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions before vers... | S | |
| CVE-2018-12221 | Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before ... | S | |
| CVE-2018-12222 | Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before ... | S | |
| CVE-2018-12223 | Insufficient access control in User Mode Driver in Intel(R) Graphics Driver for Windows* before vers... | S | |
| CVE-2018-12224 | Buffer leakage in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 ... | S | |
| CVE-2018-12227 | An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x be... | S | |
| CVE-2018-12228 | An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via T... | E | |
| CVE-2018-12229 | Cross-site scripting (XSS) vulnerability in Public Knowledge Project (PKP) Open Journal System (OJS)... | | |
| CVE-2018-12230 | An wrong logical check identified in the transferFrom function of a smart contract implementation fo... | E | |
| CVE-2018-12232 | In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and c... | S | |
| CVE-2018-12233 | In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug... | | |
| CVE-2018-12234 | A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4.0 HRMS Software... | E | |
| CVE-2018-12237 | The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS ... | | |
| CVE-2018-12238 | Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec E... | M | |
| CVE-2018-12239 | Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec E... | | |
| CVE-2018-12240 | The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation iss... | M | |
| CVE-2018-12241 | The Symantec Security Analytics (SA) 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-s... | | |
| CVE-2018-12242 | The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypas... | | |
| CVE-2018-12243 | The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (... | M | |
| CVE-2018-12244 | SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a C... | | |
| CVE-2018-12245 | Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability,... | | |
| CVE-2018-12246 | Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting... | | |
| CVE-2018-12247 | An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class, related to... | S | |
| CVE-2018-12248 | An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OP_EN... | S | |
| CVE-2018-12249 | An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class_real becaus... | E S | |
| CVE-2018-12250 | An issue was discovered in Elite CMS Pro 2.01. In /admin/add_sidebar.php, the ?page= parameter is vu... | E | |
| CVE-2018-12254 | router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for Joomla! allows SQL Injection v... | E | |
| CVE-2018-12255 | An XSS issue was discovered in InvoicePlane 1.5.10 via the "Quote PDF Password(Optional)" field.... | E | |
| CVE-2018-12256 | admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to up... | S | |
| CVE-2018-12257 | An issue was discovered on Momentum Axel 720P 5.1.8 devices. There is Authenticated Custom Firmware ... | E | |
| CVE-2018-12258 | An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Firmware Upgrade is possible via... | E | |
| CVE-2018-12259 | An issue was discovered on Momentum Axel 720P 5.1.8 devices. Root access can be obtained via UART pi... | E | |
| CVE-2018-12260 | An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root password can be obtained in cl... | E | |
| CVE-2018-12261 | An issue was discovered on Momentum Axel 720P 5.1.8 devices. All processes run as root.... | E | |
| CVE-2018-12262 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2018-12263 | portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true UR... | | |
| CVE-2018-12264 | Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bound... | E | |
| CVE-2018-12265 | Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-... | E | |
| CVE-2018-12266 | system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status cod... | E | |
| CVE-2018-12268 | acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metacharacters in a username or pas... | E | |
| CVE-2018-12270 | In Valve Steam 1528829181 BETA, it is possible to perform a homograph / homoglyph attack to create f... | | |
| CVE-2018-12271 | An issue was discovered in the com.getdropbox.Dropbox app 100.2 for iOS. The LAContext class for Bio... | | |
| CVE-2018-12272 | xowl/request.php in Ximdex 4.0 has XSS via the content parameter.... | E | |
| CVE-2018-12273 | The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciudad or Nombre parameter.... | E | |
| CVE-2018-12290 | The Yii2-StateMachine extension v2.x.x for Yii2 has XSS.... | E | |
| CVE-2018-12291 | The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a s... | S | |
| CVE-2018-12292 | A use-after-free vulnerability exists in DOMProxyHandler::EnsureExpandoObject in Pale Moon before 27... | E | |
| CVE-2018-12293 | The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBuff... | E S | |
| CVE-2018-12294 | WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to ve... | | |
| CVE-2018-12295 | SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows attackers to execu... | E | |
| CVE-2018-12296 | Insufficient access control in /api/external/7.0/system.System.get_infos in Seagate NAS OS version 4... | E | |
| CVE-2018-12297 | Cross-site scripting in API error pages in Seagate NAS OS version 4.3.15.1 allows attackers to execu... | E | |
| CVE-2018-12298 | Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows attackers to read files within ... | E | |
| CVE-2018-12299 | Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute J... | E | |
| CVE-2018-12300 | Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows attackers to disclo... | E | |
| CVE-2018-12301 | Unvalidated URL in Download Manager in Seagate NAS OS version 4.3.15.1 allows attackers to access th... | | |
| CVE-2018-12302 | Missing HTTPOnly flag on session cookies in the Seagate NAS OS version 4.3.15.1 web application allo... | | |
| CVE-2018-12303 | Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute J... | E | |
| CVE-2018-12304 | Cross-site scripting in Application Manager in Seagate NAS OS version 4.3.15.1 allows attackers to e... | E | |
| CVE-2018-12305 | Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaS... | E | |
| CVE-2018-12306 | Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary... | E | |
| CVE-2018-12307 | OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system com... | E | |
| CVE-2018-12308 | Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the e... | E | |
| CVE-2018-12309 | Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to a... | E | |
| CVE-2018-12310 | Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute Java... | E | |
| CVE-2018-12311 | Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to... | E | |
| CVE-2018-12312 | OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system com... | E | |
| CVE-2018-12313 | OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system com... | E | |
| CVE-2018-12314 | Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to downlo... | E | |
| CVE-2018-12315 | Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account p... | E | |
| CVE-2018-12316 | OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system c... | E | |
| CVE-2018-12317 | OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system co... | E | |
| CVE-2018-12318 | Information disclosure in the SNMP settings page in ASUSTOR ADM version 3.1.1 allows attackers to ob... | E | |
| CVE-2018-12319 | Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from sign... | E | |
| CVE-2018-12320 | There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr/anal/bb.c via a crafted Java ... | S | |
| CVE-2018-12321 | There is a heap out of bounds read in radare2 2.6.0 in java_switch_op() in libr/anal/p/anal_java.c v... | S | |
| CVE-2018-12322 | There is a heap out of bounds read in radare2 2.6.0 in _6502_op() in libr/anal/p/anal_6502.c via a c... | S | |
| CVE-2018-12323 | An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for ... | E | |
| CVE-2018-12326 | Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to ach... | E S | |
| CVE-2018-12327 | Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve ... | E | |
| CVE-2018-12329 | Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows a local attacker to du... | M | |
| CVE-2018-12330 | Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to comprom... | M | |
| CVE-2018-12331 | Authentication Bypass by Spoofing vulnerability in ECOS System Management Appliance (aka SMA) 5.2.68... | M | |
| CVE-2018-12332 | Incomplete Cleanup vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to com... | M | |
| CVE-2018-12333 | Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6... | M | |
| CVE-2018-12334 | Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to comprom... | M | |
| CVE-2018-12335 | Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compr... | M | |
| CVE-2018-12336 | Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows the vendor to extract... | M | |
| CVE-2018-12337 | Reliance on Security Through Obscurity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allow... | M | |
| CVE-2018-12338 | Undocumented Factory Backdoor in ECOS System Management Appliance (aka SMA) 5.2.68 allows the vendor... | M | |
| CVE-2018-12339 | ArticleCMS through 2017-02-19 has XSS via an "add an article" action.... | E | |
| CVE-2018-12353 | Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the "Business Model's Catalogue" c... | | |
| CVE-2018-12354 | Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-s... | | |
| CVE-2018-12355 | Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or description field to the "Olap Schemas' ... | | |
| CVE-2018-12356 | An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. Th... | S | |
| CVE-2018-12357 | Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions.... | | |
| CVE-2018-12358 | Service workers can use redirection to avoid the tainting of cross-origin resources in some instance... | M | |
| CVE-2018-12359 | A buffer overflow can occur when rendering canvas content while adjusting the height and width of th... | | |
| CVE-2018-12360 | A use-after-free vulnerability can occur when deleting an input element during a mutation event hand... | | |
| CVE-2018-12361 | An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed... | M | |
| CVE-2018-12362 | An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Ext... | | |
| CVE-2018-12363 | A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between ... | | |
| CVE-2018-12364 | NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by mak... | | |
| CVE-2018-12365 | A compromised IPC child process can escape the content sandbox and list the names of arbitrary files... | | |
| CVE-2018-12366 | An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds rea... | | |
| CVE-2018-12367 | In the previous mitigations for Spectre, the resolution or precision of various methods was reduced ... | | |
| CVE-2018-12368 | Windows 10 does not warn users before opening executable files with the SettingContent-ms extension ... | E | |
| CVE-2018-12369 | WebExtensions bundled with embedded experiments were not correctly checked for proper authorization.... | | |
| CVE-2018-12370 | In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to ... | S | |
| CVE-2018-12371 | An integer overflow vulnerability in the Skia library when allocating memory for edge builders on so... | E S | |
| CVE-2018-12372 | Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when include... | | |
| CVE-2018-12373 | dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included i... | | |
| CVE-2018-12374 | Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter... | S | |
| CVE-2018-12375 | Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption an... | | |
| CVE-2018-12376 | Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of... | | |
| CVE-2018-12377 | A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstan... | | |
| CVE-2018-12378 | A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by Ja... | | |
| CVE-2018-12379 | When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of... | | |
| CVE-2018-12380 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-17009. Reason: This candidat... | R | |
| CVE-2018-12381 | Manually dragging and dropping an Outlook email message into the browser will trigger a page navigat... | S | |
| CVE-2018-12382 | The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concer... | E | |
| CVE-2018-12383 | If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted cop... | E | |
| CVE-2018-12384 | When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value... | | |
| CVE-2018-12385 | A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data store... | | |
| CVE-2018-12386 | A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arb... | E S | |
| CVE-2018-12387 | A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple argumen... | E S | |
| CVE-2018-12388 | Mozilla developers and community members reported memory safety bugs present in Firefox 62. Some of ... | | |
| CVE-2018-12389 | Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. So... | | |
| CVE-2018-12390 | Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firef... | S | |
| CVE-2018-12391 | During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins i... | | |
| CVE-2018-12392 | When manipulating user events in nested loops while opening a document through script, it is possibl... | | |
| CVE-2018-12393 | A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion... | | |
| CVE-2018-12395 | By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain re... | | |
| CVE-2018-12396 | A vulnerability where a WebExtension can run content scripts in disallowed contexts following naviga... | | |
| CVE-2018-12397 | A WebExtension can request access to local files without the warning prompt stating that the extensi... | | |
| CVE-2018-12398 | By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject ... | | |
| CVE-2018-12399 | When a new protocol handler is registered, the API accepts a title argument which can be used to mis... | | |
| CVE-2018-12400 | In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as th... | | |
| CVE-2018-12401 | Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters fol... | | |
| CVE-2018-12402 | The internal WebBrowserPersist code does not use correct origin context for a resource being saved. ... | | |
| CVE-2018-12403 | If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed conten... | | |
| CVE-2018-12404 | A cached side channel attack during handshakes using RSA encryption could allow for the decryption o... | | |
| CVE-2018-12405 | Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firef... | | |
| CVE-2018-12406 | Mozilla developers and community members reported memory safety bugs present in Firefox 63. Some of ... | E | |
| CVE-2018-12407 | A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used ... | | |
| CVE-2018-12408 | TIBCO ActiveMatrix BusinessWorks 5.X XML eXternal Entity Vulnerability | S | |
| CVE-2018-12409 | The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability t... | S | |
| CVE-2018-12410 | TIBCO Spotfire Statistics Services remote execution vulnerabilities | S | |
| CVE-2018-12411 | TIBCO ActiveSpaces Administrative Daemon Vulnerable to CSRF Attacks | S | |
| CVE-2018-12412 | TIBCO FTL Realm Server Vulnerable to CSRF Attacks | S | |
| CVE-2018-12413 | TIBCO Messaging - Apache Kafka Distribution - Schema Repository Vulnerable to CSRF Attacks | S | |
| CVE-2018-12414 | TIBCO Rendezvous Vulnerable to CSRF Attacks | S | |
| CVE-2018-12415 | TIBCO Enterprise Message Service Vulnerable to CSRF Attacks | S | |
| CVE-2018-12416 | TIBCO DataSynapse GridServer Manager Component Vulnerable to Cross-Site Request Forgery | S | |
| CVE-2018-12417 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-12418 | Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a den... | S | |
| CVE-2018-12420 | IceHrm before 23.0.1.OS has a risky usage of a hashed password in a request.... | S | |
| CVE-2018-12421 | LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without... | S | |
| CVE-2018-12422 | addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through ... | S | |
| CVE-2018-12423 | In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels e... | | |
| CVE-2018-12426 | The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Rem... | E | |
| CVE-2018-12429 | JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted ... | E | |
| CVE-2018-12430 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-12429. Reason: This candida... | R | |
| CVE-2018-12431 | SeaCMS V6.61 has XSS via the site name parameter on an adm1n/admin_config.php page (aka a system man... | E | |
| CVE-2018-12432 | JavaMelody through 1.60.0 has XSS via the counter parameter in a clear_counter action to the /monito... | E | |
| CVE-2018-12433 | cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka th... | E | |
| CVE-2018-12434 | LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and EC... | | |
| CVE-2018-12435 | Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures... | E S | |
| CVE-2018-12436 | wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDS... | S | |
| CVE-2018-12437 | LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Re... | E | |
| CVE-2018-12438 | The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel a... | E | |
| CVE-2018-12439 | MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the ... | | |
| CVE-2018-12440 | BoringSSL through 2018-06-14 allows a memory-cache side-channel attack on DSA signatures, aka the Re... | | |
| CVE-2018-12441 | The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions,... | | |
| CVE-2018-12445 | An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The FingerprintMa... | | |
| CVE-2018-12446 | An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feat... | | |
| CVE-2018-12447 | The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.8 and other pr... | E | |
| CVE-2018-12448 | Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the brow... | | |
| CVE-2018-12449 | The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking.... | | |
| CVE-2018-12453 | Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allow... | E S | |
| CVE-2018-12454 | The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum ... | | |
| CVE-2018-12455 | Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an atta... | E | |
| CVE-2018-12456 | Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interfac... | E | |
| CVE-2018-12457 | expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer ... | S | |
| CVE-2018-12458 | An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FF... | S | |
| CVE-2018-12459 | An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/m... | S | |
| CVE-2018-12460 | libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the studio profile is incorrectly... | S | |
| CVE-2018-12461 | Certificate Revocation Check failure | S | |
| CVE-2018-12462 | NetIQ iManager XSS vulnerabilities | S | |
| CVE-2018-12463 | MFSBGN03811 rev.1 - Fortify Software Security Center (SSC), Multiple vulnerabilities | E | |
| CVE-2018-12464 | Unauthenticated SQL injection in Micro Focus Secure Messaging Gateway | E S | |
| CVE-2018-12465 | Remote Code Execution in Micro Focus Secure Messaging Gateway | E S | |
| CVE-2018-12466 | openbuildservice allowed deleting packages via project links | | |
| CVE-2018-12467 | delete package via link exploit in open buildservice | | |
| CVE-2018-12468 | Arbitrary File Upload in GroupWise Administration Console | | |
| CVE-2018-12469 | Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterp... | | |
| CVE-2018-12470 | SQL injection in RegistrationSharing module | | |
| CVE-2018-12471 | External Entity processing in the RegistrationSharing module | | |
| CVE-2018-12472 | Authentication bypass in sibling check | | |
| CVE-2018-12473 | path traversal in obs-service-tar_scm | | |
| CVE-2018-12474 | Crafted service parameters allows to induce unexpected behaviour in obs-service-tar_scm | | |
| CVE-2018-12475 | obs-service-download_files allows downloading from localhost or intranet hosts | | |
| CVE-2018-12476 | obs-service-extract_file's outfilename parameter allows to write files outside of package directory | | |
| CVE-2018-12477 | obs-service-refresh_patches can be tricked into deleting '..' or other unrelated directories | | |
| CVE-2018-12478 | obs-service-replace_using_package_version allows to specify arbitrary input files | | |
| CVE-2018-12479 | Request controller allows to create requests with arbitrary request IDs | | |
| CVE-2018-12480 | NetIQ Access Manager XSS vulnerability in versions prior to 4.4 SP3 | S | |
| CVE-2018-12481 | The Olive Tree Ftp Server application 1.32 for Android has a "Sensitive Data on the Clipboard" vulne... | | |
| CVE-2018-12482 | OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed ... | E | |
| CVE-2018-12483 | OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue o... | E | |
| CVE-2018-12491 | PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework/admin... | E | |
| CVE-2018-12492 | PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/ad... | E | |
| CVE-2018-12493 | An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary ... | E S | |
| CVE-2018-12494 | An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary ... | E | |
| CVE-2018-12495 | The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to... | E | |
| CVE-2018-12498 | spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch r... | E | |
| CVE-2018-12499 | The Motorola MBP853 firmware does not correctly validate server certificates. This allows for a Man ... | | |
| CVE-2018-12501 | Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335.... | | |
| CVE-2018-12503 | tinyexr 0.9.5 has a heap-based buffer over-read in LoadEXRImageFromMemory in tinyexr.h.... | | |
| CVE-2018-12504 | tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout in tinyexr.h.... | | |
| CVE-2018-12511 | In the mintToken function of a smart contract implementation for Substratum (SUB), an Ethereum ERC20... | E | |
| CVE-2018-12519 | An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker to ... | E | |
| CVE-2018-12520 | An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of sess... | E S | |
| CVE-2018-12522 | An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct re... | E | |
| CVE-2018-12523 | An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct re... | E | |
| CVE-2018-12524 | An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct re... | E | |
| CVE-2018-12525 | An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct re... | E | |
| CVE-2018-12526 | Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote atta... | | |
| CVE-2018-12528 | An issue was discovered on Intex N150 devices. The backup/restore option does not check the file ext... | E | |
| CVE-2018-12529 | An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF inject... | E | |
| CVE-2018-12530 | An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delet... | E | |
| CVE-2018-12531 | An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write arbitra... | E | |
| CVE-2018-12532 | JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary ... | E | |
| CVE-2018-12533 | JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression lan... | | |
| CVE-2018-12534 | A SQL injection issue was discovered in the Quick Chat plugin before 4.00 for WordPress.... | | |
| CVE-2018-12536 | In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an... | S | |
| CVE-2018-12537 | In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request heade... | | |
| CVE-2018-12538 | In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDat... | | |
| CVE-2018-12539 | In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API... | S | |
| CVE-2018-12540 | In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie... | E | |
| CVE-2018-12541 | In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers ... | | |
| CVE-2018-12542 | In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct... | E | |
| CVE-2018-12543 | In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that ha... | | |
| CVE-2018-12544 | In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML par... | S | |
| CVE-2018-12545 | In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions i... | S | |
| CVE-2018-12546 | In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to ... | E | |
| CVE-2018-12547 | In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native method... | E | |
| CVE-2018-12548 | In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto cl... | | |
| CVE-2018-12549 | In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the r... | M | |
| CVE-2018-12550 | When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that A... | | |
| CVE-2018-12551 | When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for aut... | E | |
| CVE-2018-12552 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-12553 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-12554 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-12555 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-12556 | The signature verification routine in install.sh in yarnpkg/website through 2018-06-05 only verifies... | | |
| CVE-2018-12557 | An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the no_l... | S | |
| CVE-2018-12558 | The parse() method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic ... | | |
| CVE-2018-12559 | An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount tar... | S | |
| CVE-2018-12560 | An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unm... | | |
| CVE-2018-12561 | An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular use... | S | |
| CVE-2018-12562 | An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper s... | S | |
| CVE-2018-12563 | An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a use... | S | |
| CVE-2018-12564 | An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submi... | S | |
| CVE-2018-12565 | An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of... | S | |
| CVE-2018-12571 | uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows re... | E | |
| CVE-2018-12572 | Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows l... | E | |
| CVE-2018-12574 | CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.... | | |
| CVE-2018-12575 | On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in... | | |
| CVE-2018-12576 | TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking... | | |
| CVE-2018-12577 | The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 R... | | |
| CVE-2018-12578 | There is a heap-based buffer overflow in bmp_compress1_row in appliers.cpp in sam2p 0.49.4 that lead... | E | |
| CVE-2018-12579 | An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x... | S | |
| CVE-2018-12580 | library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin... | S | |
| CVE-2018-12581 | An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vu... | S | |
| CVE-2018-12582 | An issue was discovered in AKCMS 6.1. CSRF can add an admin account via a /index.php?file=account&ac... | E | |
| CVE-2018-12583 | An issue was discovered in AKCMS 6.1. CSRF can delete an article via an admincp deleteitem action to... | E | |
| CVE-2018-12584 | The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate throu... | E S | |
| CVE-2018-12585 | An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger ... | | |
| CVE-2018-12587 | A cross-site scripting (XSS) vulnerability was found in valeuraddons German Spelling Dictionary v1.3... | | |
| CVE-2018-12588 | Cross-site scripting (XSS) vulnerability in templates/frontend/pages/searchResults.tpl in Public Kno... | E S | |
| CVE-2018-12589 | Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkpr... | E | |
| CVE-2018-12590 | Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-str... | | |
| CVE-2018-12591 | Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element i... | | |
| CVE-2018-12592 | Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joi... | M | |
| CVE-2018-12594 | Reliable Controls MACH-ProWebCom 7.80 devices allow remote attackers to obtain sensitive information... | | |
| CVE-2018-12596 | Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU... | E S | |
| CVE-2018-12599 | In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause ... | E | |
| CVE-2018-12600 | In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause ... | E | |
| CVE-2018-12601 | There is a heap-based buffer overflow in ReadImage in input-tga.ci in sam2p 0.49.4 that leads to a d... | E S | |
| CVE-2018-12602 | A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitrarily.... | E | |
| CVE-2018-12603 | Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers ... | E | |
| CVE-2018-12604 | GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request for D... | E | |
| CVE-2018-12605 | An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The... | E S | |
| CVE-2018-12606 | An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x bef... | E S | |
| CVE-2018-12607 | An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x bef... | E S | |
| CVE-2018-12608 | An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS cert... | S | |
| CVE-2018-12609 | OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.... | E S | |
| CVE-2018-12610 | OX App Suite 7.8.4 and earlier allows Information Exposure.... | E S | |
| CVE-2018-12611 | OX App Suite 7.8.4 and earlier allows Directory Traversal.... | E S | |
| CVE-2018-12613 | An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and... | E | |
| CVE-2018-12615 | An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger... | S | |
| CVE-2018-12617 | qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agen... | E S | |
| CVE-2018-12621 | An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Open Redirect via the current_pa... | | |
| CVE-2018-12622 | An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has XSS via the field_name paramete... | | |
| CVE-2018-12623 | An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS via the current_page parameter.... | | |
| CVE-2018-12624 | An issue was discovered in Eventum 3.5.0. /htdocs/post_note.php has XSS via the garlic_prefix parame... | | |
| CVE-2018-12625 | An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter.... | | |
| CVE-2018-12626 | An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS via the cat parameter.... | | |
| CVE-2018-12627 | An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via the show_notification_list_is... | | |
| CVE-2018-12628 | An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another us... | | |
| CVE-2018-12630 | NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI.... | E | |
| CVE-2018-12631 | Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rp... | E | |
| CVE-2018-12632 | Redatam7 (formerly Redatam WebServer) allows remote attackers to discover the installation path via ... | E | |
| CVE-2018-12633 | An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/... | S | |
| CVE-2018-12634 | CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct req... | E | |
| CVE-2018-12635 | CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and servi... | | |
| CVE-2018-12636 | The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by... | E | |
| CVE-2018-12638 | An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input valida... | E | |
| CVE-2018-12640 | The webService binary on Insteon HD IP Camera White 2864-222 devices has a Buffer Overflow via a cra... | E | |
| CVE-2018-12641 | An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.... | E | |
| CVE-2018-12642 | Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user.... | S | |
| CVE-2018-12648 | The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a N... | E | |
| CVE-2018-12649 | An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. An adversary can bypas... | S | |
| CVE-2018-12650 | Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting (XSS) vulnerability in the Ap... | E | |
| CVE-2018-12651 | A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. ... | E M | |
| CVE-2018-12652 | A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. ... | E | |
| CVE-2018-12653 | A Reflected Cross Site Scripting (XSS) vulnerability exists in Adrenalin HRMS 5.4.0. An attacker can... | E | |
| CVE-2018-12654 | Reflected Cross-Site Scripting (XSS) exists in the Bibliography module in SLiMS 8 Akasia 8.3.1 via a... | E | |
| CVE-2018-12655 | Reflected Cross-Site Scripting (XSS) exists in the Circulation module in SLiMS 8 Akasia 8.3.1 via an... | E | |
| CVE-2018-12656 | Reflected Cross-Site Scripting (XSS) exists in the Membership module in SLiMS 8 Akasia 8.3.1 via an ... | E | |
| CVE-2018-12657 | Reflected Cross-Site Scripting (XSS) exists in the Master File module in SLiMS 8 Akasia 8.3.1 via an... | E | |
| CVE-2018-12658 | Reflected Cross-Site Scripting (XSS) exists in the Stock Take module in SLiMS 8 Akasia 8.3.1 via an ... | E | |
| CVE-2018-12659 | SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protection mechanism and obtain admi... | E | |
| CVE-2018-12666 | SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices improperly identifies users only by t... | E | |
| CVE-2018-12667 | The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) is a... | E | |
| CVE-2018-12668 | SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices ha... | E | |
| CVE-2018-12669 | SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices al... | E | |
| CVE-2018-12670 | SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices al... | E | |
| CVE-2018-12671 | An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2... | E | |
| CVE-2018-12672 | The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) does not perform proper validation on u... | E | |
| CVE-2018-12673 | An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2... | E | |
| CVE-2018-12674 | The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) stor... | E | |
| CVE-2018-12675 | The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) does... | E | |
| CVE-2018-12678 | Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalida... | S | |
| CVE-2018-12679 | The Serialize.deserialize() method in CoAPthon3 1.0 and 1.0.1 mishandles certain exceptions, leading... | E | |
| CVE-2018-12680 | The Serialize.deserialize() method in CoAPthon 3.1, 4.0.0, 4.0.1, and 4.0.2 mishandles certain excep... | E | |
| CVE-2018-12684 | Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attac... | S | |
| CVE-2018-12687 | tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h.... | | |
| CVE-2018-12688 | tinyexr 0.9.5 has a segmentation fault in the wav2Decode function.... | | |
| CVE-2018-12689 | phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_fo... | E | |
| CVE-2018-12691 | Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control ... | S | |
| CVE-2018-12692 | TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to... | E | |
| CVE-2018-12693 | Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allow... | E | |
| CVE-2018-12694 | TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a d... | E | |
| CVE-2018-12695 | mao10cms 6 allows XSS via the m=bbs&a=index page.... | | |
| CVE-2018-12696 | mao10cms 6 allows XSS via the article page.... | | |
| CVE-2018-12697 | A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff... | E | |
| CVE-2018-12698 | demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attac... | E | |
| CVE-2018-12699 | finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-base... | E | |
| CVE-2018-12700 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-12702 | The approveAndCallcode function of a smart contract implementation for Globalvillage ecosystem (GVE)... | E | |
| CVE-2018-12703 | The approveAndCallcode function of a smart contract implementation for Block 18 (18T), an tradable E... | E | |
| CVE-2018-12705 | DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side).... | E | |
| CVE-2018-12706 | DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header.... | E | |
| CVE-2018-12710 | An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only... | E | |
| CVE-2018-12711 | An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.... | | |
| CVE-2018-12712 | An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classn... | | |
| CVE-2018-12713 | GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in ... | S | |
| CVE-2018-12714 | An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace... | E S | |
| CVE-2018-12715 | DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged.... | E | |
| CVE-2018-12716 | The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebi... | | |
| CVE-2018-12735 | SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a direct ... | | |
| CVE-2018-12739 | In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-1026... | E | |
| CVE-2018-12754 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | S | |
| CVE-2018-12755 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | S | |
| CVE-2018-12756 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12757 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12758 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12759 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | | |
| CVE-2018-12760 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12761 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12762 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12763 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12764 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12765 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12766 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12767 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12768 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12769 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | | |
| CVE-2018-12770 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12771 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12772 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12773 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12774 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12775 | Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.0... | | |
| CVE-2018-12776 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12777 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12778 | Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.0... | | |
| CVE-2018-12779 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12780 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12781 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12782 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12783 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12784 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12785 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12786 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12787 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12788 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12789 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12790 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12791 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12792 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12793 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12794 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12795 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12796 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12797 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12798 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12799 | Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.0... | S | |
| CVE-2018-12800 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-12801 | Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.0... | | |
| CVE-2018-12802 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12803 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12804 | Adobe Connect versions 9.7.5 and earlier have an Authentication Bypass vulnerability. Successful exp... | | |
| CVE-2018-12805 | Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability. Successful ... | | |
| CVE-2018-12806 | Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting ... | S | |
| CVE-2018-12807 | Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have an input validation bypass vulner... | | |
| CVE-2018-12808 | Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.0... | S | |
| CVE-2018-12809 | Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. ... | | |
| CVE-2018-12810 | Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption v... | | |
| CVE-2018-12811 | Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption v... | | |
| CVE-2018-12812 | Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 ... | | |
| CVE-2018-12813 | Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful explo... | M | |
| CVE-2018-12814 | Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful explo... | M | |
| CVE-2018-12815 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-12816 | Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful... | S | |
| CVE-2018-12817 | Adobe Digital Editions versions 4.5.9 and below have an out of bounds read vulnerability. Successful... | S | |
| CVE-2018-12818 | Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful... | S | |
| CVE-2018-12819 | Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful... | S | |
| CVE-2018-12820 | Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful... | S | |
| CVE-2018-12821 | Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful... | S | |
| CVE-2018-12822 | Adobe Digital Editions versions 4.5.8 and below have an use after free vulnerability. Successful exp... | M | |
| CVE-2018-12823 | Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful explo... | M | |
| CVE-2018-12824 | Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful explo... | S | |
| CVE-2018-12825 | Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Successful exploitat... | S | |
| CVE-2018-12826 | Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful explo... | S | |
| CVE-2018-12827 | Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful explo... | E S | |
| CVE-2018-12828 | Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vul... | S | |
| CVE-2018-12829 | Adobe Creative Cloud Desktop Application before 4.6.1 has an improper certificate validation vulnera... | | |
| CVE-2018-12830 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-12831 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | | |
| CVE-2018-12832 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | | |
| CVE-2018-12833 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | | |
| CVE-2018-12834 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | | |
| CVE-2018-12835 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | | |
| CVE-2018-12836 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | | |
| CVE-2018-12837 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | | |
| CVE-2018-12838 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | | |
| CVE-2018-12839 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | | |
| CVE-2018-12840 | Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.0... | | |
| CVE-2018-12841 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | | |
| CVE-2018-12842 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | S | |
| CVE-2018-12843 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | | |
| CVE-2018-12844 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | | |
| CVE-2018-12845 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | | |
| CVE-2018-12846 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | | |
| CVE-2018-12847 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | | |
| CVE-2018-12848 | Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.0... | | |
| CVE-2018-12849 | Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.0... | | |
| CVE-2018-12850 | Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.0... | | |
| CVE-2018-12851 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | | |
| CVE-2018-12852 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | | |
| CVE-2018-12853 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | | |
| CVE-2018-12854 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-12855 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | | |
| CVE-2018-12856 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | S | |
| CVE-2018-12857 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | S | |
| CVE-2018-12858 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | S | |
| CVE-2018-12859 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | S | |
| CVE-2018-12860 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | S | |
| CVE-2018-12861 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | S | |
| CVE-2018-12862 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | S | |
| CVE-2018-12863 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | S | |
| CVE-2018-12864 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | | |
| CVE-2018-12865 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | S | |
| CVE-2018-12866 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | S | |
| CVE-2018-12867 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | S | |
| CVE-2018-12868 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | S | |
| CVE-2018-12869 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | S | |
| CVE-2018-12870 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | S | |
| CVE-2018-12871 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | S | |
| CVE-2018-12872 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | S | |
| CVE-2018-12873 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | S | |
| CVE-2018-12874 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | S | |
| CVE-2018-12875 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | S | |
| CVE-2018-12876 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | S | |
| CVE-2018-12877 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | S | |
| CVE-2018-12878 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | S | |
| CVE-2018-12879 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | S | |
| CVE-2018-12880 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | S | |
| CVE-2018-12881 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.0... | S | |
| CVE-2018-12882 | exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-... | S | |
| CVE-2018-12884 | In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user with incorrect permissions ma... | | |
| CVE-2018-12885 | The randMod() function of the smart contract implementation for MyCryptoChamp, an Ethereum game, gen... | E | |
| CVE-2018-12886 | stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Colle... | E | |
| CVE-2018-12889 | An issue was discovered in CCN-lite 2.0.1. There is a heap-based buffer overflow in mkAddToRelayCach... | E | |
| CVE-2018-12891 | An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to pro... | S | |
| CVE-2018-12892 | An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu whe... | | |
| CVE-2018-12893 | An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks ... | S | |
| CVE-2018-12895 | WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traver... | E | |
| CVE-2018-12896 | An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix... | E S | |
| CVE-2018-12897 | SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow.... | E M | |
| CVE-2018-12900 | Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.... | E | |
| CVE-2018-12901 | A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and ear... | | |
| CVE-2018-12902 | In Easy Magazine through 2012-10-26, there is XSS in the search bar of the web site.... | E | |
| CVE-2018-12903 | In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via... | E | |
| CVE-2018-12904 | In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local a... | E S | |
| CVE-2018-12905 | joyplus-cms 1.6.0 has XSS in admin_player.php, related to manager/index.php "system manage" and "add... | E | |
| CVE-2018-12907 | In Rclone 1.42, use of "rclone sync" to migrate data between two Google Cloud Storage buckets might ... | M | |
| CVE-2018-12908 | Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attacke... | E | |
| CVE-2018-12909 | Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local fil... | | |
| CVE-2018-12910 | The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified... | S | |
| CVE-2018-12911 | WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_g... | S | |
| CVE-2018-12912 | An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection... | E | |
| CVE-2018-12913 | In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can ... | E | |
| CVE-2018-12914 | A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZI... | E | |
| CVE-2018-12915 | In libpbc.a in PBC through 2017-03-02, there is a buffer over-read in calc_hash in map.c.... | | |
| CVE-2018-12916 | In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcP_message_default in pro... | | |
| CVE-2018-12917 | In libpbc.a in PBC through 2017-03-02, there is a heap-based buffer over-read in _pbcM_ip_new in map... | | |
| CVE-2018-12918 | In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcB_register_fields in boo... | | |
| CVE-2018-12919 | In CraftedWeb through 2013-09-24, aasp_includes/pages/notice.php allows XSS via the e parameter.... | E | |
| CVE-2018-12920 | Brickstream 2300 devices allow remote attackers to obtain potentially sensitive information via a di... | | |
| CVE-2018-12921 | Electro Industries GaugeTech Nexus devices allow remote attackers to obtain potentially sensitive in... | E | |
| CVE-2018-12922 | Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control vi... | | |
| CVE-2018-12923 | BWS Systems HA-Bridge devices allow remote attackers to obtain potentially sensitive information via... | | |
| CVE-2018-12924 | Sollae Serial-Ethernet-Module and Remote-I/O-Device-Server devices have a default password of sollae... | | |
| CVE-2018-12925 | Baseon Lantronix MSS devices do not require a password for TELNET access.... | | |
| CVE-2018-12926 | Pharos Controls devices allow remote attackers to obtain potentially sensitive information via a dir... | | |
| CVE-2018-12927 | Northern Electric & Power (NEP) inverter devices allow remote attackers to obtain potentially sensit... | | |
| CVE-2018-12928 | In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.... | | |
| CVE-2018-12929 | ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers ... | | |
| CVE-2018-12930 | ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attack... | | |
| CVE-2018-12931 | ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigg... | | |
| CVE-2018-12932 | PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (he... | S | |
| CVE-2018-12933 | PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (ou... | S | |
| CVE-2018-12934 | remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attacker... | E | |
| CVE-2018-12938 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-17833. Reason: This candid... | R | |
| CVE-2018-12939 | A directory traversal flaw in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows an authentica... | S | |
| CVE-2018-12940 | Unrestricted file upload vulnerability in "op/op.UploadChunks.php" in SeedDMS (formerly LetoDMS and ... | | |
| CVE-2018-12941 | This vulnerability allows remote attackers to execute arbitrary code in SeedDMS (formerly LetoDMS an... | | |
| CVE-2018-12942 | SQL injection vulnerability in the "Users management" functionality in SeedDMS (formerly LetoDMS and... | S | |
| CVE-2018-12943 | Cross-Site Scripting (XSS) vulnerability in every page that includes the "action" URL parameter in S... | | |
| CVE-2018-12944 | Persistent Cross-Site Scripting (XSS) vulnerability in the "Categories" feature in SeedDMS (formerly... | S | |
| CVE-2018-12959 | The approveAndCall function of a smart contract implementation for Aditus (ADI), an Ethereum ERC20 t... | E | |
| CVE-2018-12971 | EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users.... | E | |
| CVE-2018-12972 | An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, inclu... | | |
| CVE-2018-12973 | An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'json' to the /q URI.... | | |
| CVE-2018-12975 | The random() function of the smart contract implementation for CryptoSaga, an Ethereum game, generat... | | |
| CVE-2018-12976 | In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use specially crafted | S | |
| CVE-2018-12977 | A SQL injection vulnerability in the SoftExpert (SE) Excellence Suite 2.0 allows remote authenticate... | E | |
| CVE-2018-12979 | An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW ... | E | |
| CVE-2018-12980 | An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW ... | E | |
| CVE-2018-12981 | An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW ... | E | |
| CVE-2018-12982 | Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.... | E | |
| CVE-2018-12983 | A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncry... | E | |
| CVE-2018-12984 | Hycus CMS 1.0.4 allows Authentication Bypass via "'=' 'OR'" credentials.... | E | |
| CVE-2018-12988 | GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=do... | E | |
| CVE-2018-12989 | The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 misha... | M | |
| CVE-2018-12990 | phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_va... | E | |
| CVE-2018-12992 | An issue was discovered CMS MaeloStore V.1.5.0. There is stored XSS in the Telephone field of the ad... | E | |
| CVE-2018-12993 | onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force attacks... | E | |
| CVE-2018-12994 | onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code ... | E | |
| CVE-2018-12995 | onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code ... | E | |
| CVE-2018-12996 | A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager befor... | E | |
| CVE-2018-12997 | Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build... | E | |
| CVE-2018-12998 | A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before bu... | E | |
| CVE-2018-12999 | Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allow... | E |