| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2018-14001 | An integer overflow vulnerability exists in the function batchTransfer of SHARKTECH (SKT), an Ethere... | E | |
| CVE-2018-14002 | An integer overflow vulnerability exists in the function distribute of MP3 Coin (MP3), an Ethereum t... | E | |
| CVE-2018-14003 | An integer overflow vulnerability exists in the function batchTransfer of WeMediaChain (WMC), an Eth... | E | |
| CVE-2018-14004 | An integer overflow vulnerability exists in the function transfer_tokens_after_ICO of GlobeCoin (GLB... | E | |
| CVE-2018-14005 | An integer overflow vulnerability exists in the function transferAny of Malaysia coins (Xmc), an Eth... | E | |
| CVE-2018-14006 | An integer overflow vulnerability exists in the function multipleTransfer of Neo Genesis Token (NGT)... | E | |
| CVE-2018-14007 | Citrix XenServer 7.1 and newer allows Directory Traversal.... | | |
| CVE-2018-14008 | Arista EOS through 4.21.0F allows a crash because 802.1x authentication is mishandled.... | | |
| CVE-2018-14009 | Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and... | E | |
| CVE-2018-14010 | OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.... | E | |
| CVE-2018-14012 | WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the default URI.... | E | |
| CVE-2018-14013 | Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clie... | E | |
| CVE-2018-14014 | In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.... | E | |
| CVE-2018-14015 | The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of... | E S | |
| CVE-2018-14016 | The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to c... | E S | |
| CVE-2018-14017 | The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers... | E S | |
| CVE-2018-14020 | An issue was discovered in the Paymorrow module 1.0.0 before 1.0.2 and 2.0.0 before 2.0.1 for OXID e... | | |
| CVE-2018-14023 | Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage.... | E | |
| CVE-2018-14027 | Digisol Wireless Wifi Home Router HR-3300 allows XSS via the userid or password parameter to the adm... | E | |
| CVE-2018-14028 | In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This al... | | |
| CVE-2018-14029 | CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a ... | E | |
| CVE-2018-14031 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in th... | | |
| CVE-2018-14032 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-11206. Reason: This candida... | R | |
| CVE-2018-14033 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in th... | | |
| CVE-2018-14034 | An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the functi... | | |
| CVE-2018-14035 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in th... | | |
| CVE-2018-14036 | Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insuffi... | E S | |
| CVE-2018-14037 | Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attac... | E | |
| CVE-2018-14038 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7642. Reason: This candidate... | R | |
| CVE-2018-14040 | In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.... | E S | |
| CVE-2018-14041 | In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.... | E S | |
| CVE-2018-14042 | In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.... | E S | |
| CVE-2018-14043 | mstdlib (aka the M Standard Library for C) 1.2.0 has incorrect file access control in situations whe... | S | |
| CVE-2018-14044 | The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen... | | |
| CVE-2018-14045 | The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in libSoundTouch.a in Olli Parviainen S... | | |
| CVE-2018-14046 | Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp.... | E | |
| CVE-2018-14047 | An issue has been found in PNGwriter 0.7.0. It is a SEGV in pngwriter::readfromfile in pngwriter.cc.... | E | |
| CVE-2018-14048 | An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, relat... | E S | |
| CVE-2018-14049 | An issue has been found in libwav through 2017-04-20. It is a SEGV in the function print_info in wav... | | |
| CVE-2018-14050 | An issue has been found in libwav through 2017-04-20. It is a SEGV in the function wav_free in libwa... | | |
| CVE-2018-14051 | The function wav_read in libwav.c in libwav through 2017-04-20 has an infinite loop.... | E | |
| CVE-2018-14052 | An issue has been found in libwav through 2017-04-20. It is a SEGV in the function apply_gain in wav... | | |
| CVE-2018-14054 | A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling po... | E | |
| CVE-2018-14055 | ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a ... | S | |
| CVE-2018-14056 | ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files ou... | S | |
| CVE-2018-14057 | Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by... | E | |
| CVE-2018-14058 | Pimcore before 5.3.0 allows SQL Injection via the REST web service API.... | E | |
| CVE-2018-14059 | Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collec... | E | |
| CVE-2018-14060 | OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifia... | E | |
| CVE-2018-14062 | The COSPAS-SARSAT protocol allows remote attackers to forge messages, replay encrypted messages, con... | | |
| CVE-2018-14063 | The increaseApproval function of a smart contract implementation for Tracto (TRCT), an Ethereum ERC2... | | |
| CVE-2018-14064 | The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as de... | E | |
| CVE-2018-14065 | XMLReader.php in PHPOffice Common before 0.2.9 allows XXE.... | | |
| CVE-2018-14066 | The content://wappush content provider in com.android.provider.telephony, as found in some custom RO... | E | |
| CVE-2018-14067 | Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated rem... | E | |
| CVE-2018-14068 | An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add an admin account... | E | |
| CVE-2018-14069 | An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add a user account v... | | |
| CVE-2018-14071 | The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and o... | E S | |
| CVE-2018-14072 | libsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c, image_buffer_resize in fromsi... | | |
| CVE-2018-14073 | libsixel 1.8.1 has a memory leak in sixel_allocator_new in allocator.c.... | | |
| CVE-2018-14077 | Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to backup the device confi... | | |
| CVE-2018-14078 | Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to reset the admin passwor... | | |
| CVE-2018-14079 | Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to obtain sensitive inform... | | |
| CVE-2018-14080 | An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1... | | |
| CVE-2018-14081 | An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1... | | |
| CVE-2018-14082 | PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has Cross-site Scripting (XSS) via the search bar.... | E | |
| CVE-2018-14083 | LICA miniCMTS E8K(u/i/...) devices allow remote attackers to obtain sensitive information via a dire... | E | |
| CVE-2018-14084 | An issue was discovered in a smart contract implementation for MKCB, an Ethereum token. If the owner... | E | |
| CVE-2018-14085 | An issue was discovered in a smart contract implementation for UserWallet 0x0a7bca9FB7AfF26c6ED8029B... | E | |
| CVE-2018-14086 | An issue was discovered in a smart contract implementation for SingaporeCoinOrigin (SCO), an Ethereu... | E | |
| CVE-2018-14087 | An issue was discovered in a smart contract implementation for EUC (EUC), an Ethereum token. The con... | E | |
| CVE-2018-14088 | An issue was discovered in a smart contract implementation for STeX White List (STE(WL)), an Ethereu... | E | |
| CVE-2018-14089 | An issue was discovered in a smart contract implementation for Virgo_ZodiacToken, an Ethereum token.... | E | |
| CVE-2018-14241 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14242 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14243 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14244 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14245 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14246 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14247 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14248 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14249 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14250 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14251 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14252 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14253 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | | |
| CVE-2018-14254 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14255 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14256 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14257 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14258 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14259 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14260 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14261 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14262 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14263 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14264 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14265 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14266 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14267 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14268 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14269 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14270 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14271 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14272 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14273 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14274 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14275 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14276 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14277 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14278 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14279 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14280 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14281 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14282 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14283 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14284 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14285 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14286 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14287 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14288 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14289 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2018-14290 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14291 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14292 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14293 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14294 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14295 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14296 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14297 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14298 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14299 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14300 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14301 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14302 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14303 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14304 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14305 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14306 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14307 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14308 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14309 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14310 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14311 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14312 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14313 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14314 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14315 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-14316 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2018-14317 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | | |
| CVE-2018-14318 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | | |
| CVE-2018-14320 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | | |
| CVE-2018-14324 | The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with ... | | |
| CVE-2018-14325 | In MP4v2 2.0.0, there is an integer underflow (with resultant memory corruption) when parsing MP4Ato... | E | |
| CVE-2018-14326 | In MP4v2 2.0.0, there is an integer overflow (with resultant memory corruption) when resizing MP4Arr... | E | |
| CVE-2018-14327 | The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems w... | E S | |
| CVE-2018-14328 | Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attacke... | E | |
| CVE-2018-14329 | In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary fil... | E | |
| CVE-2018-14331 | An issue was discovered in XiaoCms X1 v20140305. There is a CSRF vulnerability to change the adminis... | E | |
| CVE-2018-14332 | An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mod... | E | |
| CVE-2018-14333 | TeamViewer through 13.1.1548 stores a password in Unicode format within TeamViewer.exe process memor... | E | |
| CVE-2018-14334 | manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a p... | E | |
| CVE-2018-14335 | An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allow... | E | |
| CVE-2018-14336 | TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a... | E | |
| CVE-2018-14337 | The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer over... | E | |
| CVE-2018-14338 | samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platform... | E S | |
| CVE-2018-14339 | In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into a... | | |
| CVE-2018-14340 | In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decom... | E | |
| CVE-2018-14341 | In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into ... | | |
| CVE-2018-14342 | In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could g... | | |
| CVE-2018-14343 | In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could cras... | | |
| CVE-2018-14344 | In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. Th... | S | |
| CVE-2018-14345 | An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password i... | S | |
| CVE-2018-14346 | GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).... | E S | |
| CVE-2018-14347 | GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method... | E S | |
| CVE-2018-14348 | libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configure... | S | |
| CVE-2018-14349 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandl... | S | |
| CVE-2018-14350 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a st... | S | |
| CVE-2018-14351 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandl... | S | |
| CVE-2018-14352 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in im... | S | |
| CVE-2018-14353 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in im... | S | |
| CVE-2018-14354 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP ... | S | |
| CVE-2018-14355 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ... | S | |
| CVE-2018-14356 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero... | S | |
| CVE-2018-14357 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP ... | S | |
| CVE-2018-14358 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a st... | S | |
| CVE-2018-14359 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer over... | S | |
| CVE-2018-14360 | An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in newsrc.c has a stack-based b... | S | |
| CVE-2018-14361 | An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds even if memory allocation fail... | S | |
| CVE-2018-14362 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid c... | S | |
| CVE-2018-14363 | An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' charac... | S | |
| CVE-2018-14364 | GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 ... | E | |
| CVE-2018-14366 | download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pul... | | |
| CVE-2018-14367 | In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was ad... | | |
| CVE-2018-14368 | In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector coul... | E | |
| CVE-2018-14369 | In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. T... | | |
| CVE-2018-14370 | In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This... | E S | |
| CVE-2018-14371 | The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by ... | S | |
| CVE-2018-14373 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2018-14374 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2018-14375 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2018-14378 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2018-14379 | MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certa... | | |
| CVE-2018-14380 | In Graylog before 2.4.6, XSS was possible in typeahead components, related to components/common/Type... | S | |
| CVE-2018-14381 | Pagekit before 1.0.14 has a /user/login?redirect= open redirect vulnerability.... | E | |
| CVE-2018-14382 | InstantCMS 2.10.1 has /redirect?url= XSS.... | E | |
| CVE-2018-14383 | The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows XXE due to a weakly configured... | | |
| CVE-2018-14384 | The Website Manager module in SEO Panel 3.13.0 and earlier is affected by a stored Cross-Site Script... | E | |
| CVE-2018-14387 | An issue was discovered in WonderCMS before 2.5.2. An attacker can create a new session on a web app... | E | |
| CVE-2018-14388 | joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_device array parameter.... | E | |
| CVE-2018-14389 | joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val parameter.... | E | |
| CVE-2018-14392 | The New Threads plugin before 1.2 for MyBB has XSS.... | E | |
| CVE-2018-14394 | libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (applicati... | S | |
| CVE-2018-14395 | libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (applicat... | S | |
| CVE-2018-14396 | An issue was discovered in Creme CRM 1.6.12. The salesman creation page is affected by 10 stored cro... | E | |
| CVE-2018-14397 | An issue was discovered in Creme CRM 1.6.12. The organization creation page is affected by 9 stored ... | E | |
| CVE-2018-14398 | An issue was discovered in Creme CRM 1.6.12. The value of the cancel button uses the content of the ... | E | |
| CVE-2018-14399 | libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbi... | | |
| CVE-2018-14400 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2018-14401 | CopyData in AxmlParser.c in AXML Parser through 2018-01-04 has an out-of-bounds read.... | E | |
| CVE-2018-14402 | axmldec 1.2.0 has an out-of-bounds write in the jitana::axml_parser::parse_start_namespace function ... | E | |
| CVE-2018-14403 | MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to us... | E | |
| CVE-2018-14404 | A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libx... | | |
| CVE-2018-14415 | An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists via the fourth and fifth input ... | E | |
| CVE-2018-14417 | A command injection vulnerability was found in the web administration console in SoftNAS Cloud befor... | E | |
| CVE-2018-14418 | In Msvod Cms v10, SQL Injection exists via an images/lists?cid= URI.... | E | |
| CVE-2018-14419 | MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page.... | | |
| CVE-2018-14420 | MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, ... | E | |
| CVE-2018-14421 | SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_... | | |
| CVE-2018-14422 | blog/index.php in SansCMS 0.7 has XSS via the q parameter.... | E | |
| CVE-2018-14423 | Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in li... | E S | |
| CVE-2018-14424 | The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface... | | |
| CVE-2018-14425 | There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration S... | | |
| CVE-2018-14429 | man-cgi before 1.16 allows Local File Inclusion via absolute path traversal, as demonstrated by a cg... | S | |
| CVE-2018-14430 | The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fw_data [id][1], f... | E | |
| CVE-2018-14432 | In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticate... | S | |
| CVE-2018-14434 | ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c.... | E | |
| CVE-2018-14435 | ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c.... | E | |
| CVE-2018-14436 | ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c.... | E | |
| CVE-2018-14437 | ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c.... | E | |
| CVE-2018-14438 | In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSec... | | |
| CVE-2018-14439 | espritblock eos4j, an unofficial SDK for EOS, through 2018-07-12 mishandles floating-point numbers w... | E | |
| CVE-2018-14440 | An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. SQL injection exists vi... | | |
| CVE-2018-14441 | An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. admin/admin/fileUploadA... | | |
| CVE-2018-14442 | Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free that leads to Remote Code Ex... | | |
| CVE-2018-14443 | get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial o... | | |
| CVE-2018-14444 | libdxfrw 0.6.3 has an Integer Overflow in dwgCompressor::decompress18 in dwgutil.cpp, leading to an ... | | |
| CVE-2018-14445 | In Bento4 v1.5.1-624, AP4_File::ParseStream in Ap4File.cpp allows remote attackers to cause a denial... | E | |
| CVE-2018-14446 | MP4Integer32Property::Read in atom_avcC.cpp in MP4v2 2.1.0 allows remote attackers to cause a denial... | | |
| CVE-2018-14447 | trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds read.... | E S | |
| CVE-2018-14448 | Codec::parse in track.cpp in Untrunc through 2018-06-07 has a NULL pointer dereference via a crafted... | E S | |
| CVE-2018-14449 | An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks i... | E | |
| CVE-2018-14450 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "update dimension reg... | E | |
| CVE-2018-14451 | An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF:... | E | |
| CVE-2018-14452 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "always assign the sa... | E | |
| CVE-2018-14453 | An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in... | E | |
| CVE-2018-14454 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the function RIFF::Chunk:... | E | |
| CVE-2018-14455 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the f... | E | |
| CVE-2018-14456 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::... | E | |
| CVE-2018-14457 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::... | E | |
| CVE-2018-14458 | An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in... | E | |
| CVE-2018-14459 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the f... | E | |
| CVE-2018-14460 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in th... | | |
| CVE-2018-14461 | The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().... | S | |
| CVE-2018-14462 | The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().... | S | |
| CVE-2018-14463 | The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP... | S | |
| CVE-2018-14464 | The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_sub... | S | |
| CVE-2018-14465 | The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().... | S | |
| CVE-2018-14466 | The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_ca... | S | |
| CVE-2018-14467 | The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print(... | S | |
| CVE-2018-14468 | The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().... | S | |
| CVE-2018-14469 | The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().... | S | |
| CVE-2018-14470 | The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().... | S | |
| CVE-2018-14471 | dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attacker... | | |
| CVE-2018-14472 | An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.p... | E | |
| CVE-2018-14473 | OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities.... | E | |
| CVE-2018-14474 | views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the next parameter to /login or /sig... | S | |
| CVE-2018-14476 | GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation.... | E | |
| CVE-2018-14478 | ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, gre... | E | |
| CVE-2018-14481 | Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-628... | E | |
| CVE-2018-14485 | BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd.... | | |
| CVE-2018-14486 | DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML.... | E | |
| CVE-2018-14492 | Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_... | E | |
| CVE-2018-14493 | Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows rem... | E | |
| CVE-2018-14494 | Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor... | | |
| CVE-2018-14495 | Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability ... | E | |
| CVE-2018-14496 | Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-b... | E | |
| CVE-2018-14497 | Tenda D152 ADSL routers allow XSS via a crafted SSID.... | E | |
| CVE-2018-14498 | get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers t... | E S | |
| CVE-2018-14499 | An issue was found in HYBBS through 2016-03-08. There is an XSS vulnerablity via an article title to... | | |
| CVE-2018-14500 | joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter.... | E | |
| CVE-2018-14501 | manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data ... | E | |
| CVE-2018-14502 | controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote u... | E | |
| CVE-2018-14503 | Cross-site scripting (XSS) vulnerability in intervalCheck.jsp in Coremail XT 3.0 allows remote attac... | E | |
| CVE-2018-14504 | An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site ... | E S | |
| CVE-2018-14505 | mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to tools/web/app.py.... | E | |
| CVE-2018-14512 | An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote a... | E | |
| CVE-2018-14513 | An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote a... | E | |
| CVE-2018-14514 | An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensiti... | E | |
| CVE-2018-14515 | A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious... | E | |
| CVE-2018-14517 | SeaCMS 6.61 has two XSS issues in the admin_config.php file via certain form fields.... | E | |
| CVE-2018-14519 | An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A r... | E | |
| CVE-2018-14520 | An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent i... | E | |
| CVE-2018-14521 | An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_source_avcodec_readframe in... | E | |
| CVE-2018-14522 | An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pit... | E | |
| CVE-2018-14523 | An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pit... | E | |
| CVE-2018-14524 | dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a double free (in dwg_free_eed in fre... | S | |
| CVE-2018-14526 | An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain condition... | S | |
| CVE-2018-14527 | Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insuff... | E | |
| CVE-2018-14528 | Invoxia NVX220 devices allow TELNET access as admin with a default password.... | E | |
| CVE-2018-14529 | Invoxia NVX220 devices allow access to /bin/sh via escape from a restricted CLI, leading to disclosu... | E | |
| CVE-2018-14531 | An issue was discovered in Bento4 1.5.1-624. There is an unspecified "heap-buffer-overflow" crash in... | E | |
| CVE-2018-14532 | An issue was discovered in Bento4 1.5.1-624. There is a heap-based buffer over-read in AP4_Mpeg2TsVi... | | |
| CVE-2018-14533 | read_tmp and write_tmp in Inteno IOPSYS allow attackers to gain privileges after writing to /tmp/etc... | E | |
| CVE-2018-14541 | PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, ... | E | |
| CVE-2018-14543 | There exists one NULL pointer dereference vulnerability in AP4_JsonInspector::AddField in Ap4Atom.cp... | | |
| CVE-2018-14544 | There exists one invalid memory read bug in AP4_SampleDescription::GetFormat() in Ap4SampleDescripti... | | |
| CVE-2018-14545 | There exists one invalid memory read bug in AP4_SampleDescription::GetType() in Ap4SampleDescription... | | |
| CVE-2018-14549 | An issue has been found in libwav through 2017-04-20. It is a SEGV in the function wav_write in libw... | | |
| CVE-2018-14550 | An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-bas... | E S | |
| CVE-2018-14551 | The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, l... | E | |
| CVE-2018-14553 | gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attack... | S | |
| CVE-2018-14557 | An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices... | E | |
| CVE-2018-14558 | An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices... | KEV E | |
| CVE-2018-14559 | An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices... | E | |
| CVE-2018-14562 | An issue was discovered in libthulac.so in THULAC through 2018-02-25. A NULL pointer dereference can... | E | |
| CVE-2018-14563 | An issue was discovered in libthulac.so in THULAC through 2018-02-25. "operator delete" is used with... | E | |
| CVE-2018-14564 | An issue was discovered in libthulac.so in THULAC through 2018-02-25. A SEGV can occur in NGramFeatu... | E | |
| CVE-2018-14565 | An issue was discovered in libthulac.so in THULAC through 2018-02-25. A heap-based buffer over-read ... | E | |
| CVE-2018-14567 | libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinit... | S | |
| CVE-2018-14568 | Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detectio... | E S | |
| CVE-2018-14570 | A file upload vulnerability in application/shop/controller/member.php in Niushop B2B2C Multi-busines... | E | |
| CVE-2018-14572 | In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute ... | E | |
| CVE-2018-14573 | A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carous... | | |
| CVE-2018-14574 | django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has... | S | |
| CVE-2018-14575 | Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site... | E | |
| CVE-2018-14576 | The mintTokens function of a smart contract implementation for SunContract, an Ethereum token, has a... | | |
| CVE-2018-14579 | GolemCMS through 2008-12-24, if the install/ directory remains active after an installation, allows ... | E | |
| CVE-2018-14581 | Redgate .NET Reflector before 10.0.7.774 and SmartAssembly before 6.12.5 allow attackers to execute ... | E | |
| CVE-2018-14582 | index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator acco... | E | |
| CVE-2018-14583 | xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account.... | E | |
| CVE-2018-14584 | An issue has been discovered in Bento4 1.5.1-624. AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp has a... | E | |
| CVE-2018-14585 | An issue has been discovered in Bento4 1.5.1-624. AP4_BytesToUInt16BE in Core/Ap4Utils.h has a heap-... | E | |
| CVE-2018-14586 | An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in AP4_Mpeg2TsAudioSampleStream::... | E | |
| CVE-2018-14587 | An issue has been discovered in Bento4 1.5.1-624. AP4_MemoryByteStream::WritePartial in Core/Ap4Byte... | E | |
| CVE-2018-14588 | An issue has been discovered in Bento4 1.5.1-624. A NULL pointer dereference can occur in AP4_DataBu... | | |
| CVE-2018-14589 | An issue has been discovered in Bento4 1.5.1-624. AP4_Mp4AudioDsiParser::ReadBits in Codecs/Ap4Mp4Au... | E | |
| CVE-2018-14590 | An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in AP4_Processor::ProcessFragment... | | |
| CVE-2018-14592 | The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE exten... | E | |
| CVE-2018-14593 | An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.... | | |
| CVE-2018-14596 | wancms 1.0 through 5.0 allows remote attackers to cause a denial of service (resource consumption) v... | E | |
| CVE-2018-14597 | CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Applian... | S | |
| CVE-2018-14598 | An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server ... | S | |
| CVE-2018-14599 | An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulner... | S | |
| CVE-2018-14600 | An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interpret... | S | |
| CVE-2018-14601 | An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of... | | |
| CVE-2018-14602 | An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0... | | |
| CVE-2018-14603 | An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0... | | |
| CVE-2018-14604 | An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0... | | |
| CVE-2018-14605 | An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0... | | |
| CVE-2018-14606 | An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0... | E | |
| CVE-2018-14607 | Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer re... | E | |
| CVE-2018-14608 | Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level of ... | E | |
| CVE-2018-14609 | An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference... | E S | |
| CVE-2018-14610 | An issue was discovered in the Linux kernel through 4.17.10. There is out-of-bounds access in write_... | E S | |
| CVE-2018-14611 | An issue was discovered in the Linux kernel through 4.17.10. There is a use-after-free in try_merge_... | E S | |
| CVE-2018-14612 | An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference... | E S | |
| CVE-2018-14613 | An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference... | E S | |
| CVE-2018-14614 | An issue was discovered in the Linux kernel through 4.17.10. There is an out-of-bounds access in __r... | | |
| CVE-2018-14615 | An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_... | E | |
| CVE-2018-14616 | An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference in ... | E | |
| CVE-2018-14617 | An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and... | E S | |
| CVE-2018-14618 | curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The in... | | |
| CVE-2018-14619 | A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "nu... | S | |
| CVE-2018-14620 | The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HT... | | |
| CVE-2018-14621 | An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to usin... | S | |
| CVE-2018-14622 | A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return ... | | |
| CVE-2018-14623 | A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can... | | |
| CVE-2018-14624 | A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The l... | E S | |
| CVE-2018-14625 | A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to k... | S | |
| CVE-2018-14626 | PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 in... | | |
| CVE-2018-14627 | The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL t... | S | |
| CVE-2018-14628 | An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access contr... | E S | |
| CVE-2018-14629 | A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.... | E S | |
| CVE-2018-14630 | moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could le... | E S | |
| CVE-2018-14631 | moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET paramete... | S | |
| CVE-2018-14632 | An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality... | S | |
| CVE-2018-14633 | A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the ... | S | |
| CVE-2018-14634 | An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileg... | E S | |
| CVE-2018-14635 | When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports w... | S | |
| CVE-2018-14636 | Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervis... | | |
| CVE-2018-14637 | The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditio... | | |
| CVE-2018-14638 | A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_pa... | M | |
| CVE-2018-14639 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-14640 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-14641 | A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux ker... | E S | |
| CVE-2018-14642 | An information leak vulnerability was found in Undertow. If all headers are not written out in the f... | S | |
| CVE-2018-14643 | An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A mali... | S | |
| CVE-2018-14644 | An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker... | | |
| CVE-2018-14645 | A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An ou... | M | |
| CVE-2018-14646 | The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the... | S | |
| CVE-2018-14647 | Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. Thi... | S | |
| CVE-2018-14648 | A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive C... | | |
| CVE-2018-14649 | It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-w... | E S | |
| CVE-2018-14650 | It was discovered that sos-collector does not properly set the default permissions of newly created ... | E | |
| CVE-2018-14651 | It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CV... | S | |
| CVE-2018-14652 | The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'f... | | |
| CVE-2018-14653 | The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflo... | | |
| CVE-2018-14654 | The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' transla... | | |
| CVE-2018-14655 | A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_p... | | |
| CVE-2018-14656 | A missing address check in the callers of the show_opcodes() in the Linux kernel allows an attacker ... | S | |
| CVE-2018-14657 | A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation... | | |
| CVE-2018-14658 | A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not n... | | |
| CVE-2018-14659 | The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack... | | |
| CVE-2018-14660 | A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage o... | | |
| CVE-2018-14661 | It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, ... | | |
| CVE-2018-14662 | It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions co... | S | |
| CVE-2018-14663 | An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS q... | | |
| CVE-2018-14664 | A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists d... | | |
| CVE-2018-14665 | A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and... | E S | |
| CVE-2018-14666 | An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use ... | | |
| CVE-2018-14667 | The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via th... | KEV | |
| CVE-2018-14668 | In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "passwo... | | |
| CVE-2018-14669 | ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled... | | |
| CVE-2018-14670 | Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use... | | |
| CVE-2018-14671 | In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system... | | |
| CVE-2018-14672 | In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and read... | | |
| CVE-2018-14678 | An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_... | S | |
| CVE-2018-14679 | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error ... | S | |
| CVE-2018-14680 | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM ... | S | |
| CVE-2018-14681 | An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KW... | S | |
| CVE-2018-14682 | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error ... | S | |
| CVE-2018-14683 | PRTG before 19.1.49.1966 has Cross Site Scripting (XSS) in the WEBGUI.... | | |
| CVE-2018-14685 | The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in Gxlcms v1.1.4 allows remote atta... | E | |
| CVE-2018-14686 | system/edit_book.php in XYCMS 1.7 has stored XSS via a crafted add_do.php request, related to add_bo... | E | |
| CVE-2018-14688 | An issue was discovered in Subsonic 6.1.1. The radio settings are affected by three stored cross-sit... | E | |
| CVE-2018-14689 | An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cros... | E | |
| CVE-2018-14690 | An issue was discovered in Subsonic 6.1.1. The general settings are affected by two stored cross-sit... | E | |
| CVE-2018-14691 | An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-... | E | |
| CVE-2018-14695 | Incorrect access control in the /mysql/api/diags.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.9... | E | |
| CVE-2018-14696 | Incorrect access control in the /mysql/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.9... | E | |
| CVE-2018-14697 | Cross-site scripting in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.9... | E | |
| CVE-2018-14698 | Cross-site scripting in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.9... | E | |
| CVE-2018-14699 | System command injection in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.... | E | |
| CVE-2018-14700 | Incorrect access control in the /mysql/api/logfile.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28... | E | |
| CVE-2018-14701 | System command injection in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.... | E | |
| CVE-2018-14702 | Incorrect access control in the /drobopix/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.2... | E | |
| CVE-2018-14703 | Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.... | E | |
| CVE-2018-14704 | Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows a... | E | |
| CVE-2018-14705 | Lack of Authentication/Authorization on Administrative Web Pages | | |
| CVE-2018-14706 | System command injection in the /DroboPix/api/drobopix/demo endpoint on Drobo 5N2 NAS version 4.0.5-... | E | |
| CVE-2018-14707 | Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS version 4.0.5-13.28.96115 allo... | E | |
| CVE-2018-14708 | An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.9611... | E | |
| CVE-2018-14709 | Incorrect access control in the Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows atta... | E | |
| CVE-2018-14710 | Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to e... | E | |
| CVE-2018-14711 | Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50... | E | |
| CVE-2018-14712 | Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to inject... | E | |
| CVE-2018-14713 | Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attacke... | E | |
| CVE-2018-14714 | System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers ... | E | |
| CVE-2018-14715 | The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptog... | | |
| CVE-2018-14716 | A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft... | E S | |
| CVE-2018-14718 | FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code b... | S | |
| CVE-2018-14719 | FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code b... | S | |
| CVE-2018-14720 | FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XX... | S | |
| CVE-2018-14721 | FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side requ... | S | |
| CVE-2018-14722 | An issue was discovered in evaluate_auto_mountpoint in btrfsmaintenance-functions in btrfsmaintenanc... | | |
| CVE-2018-14724 | In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an X... | E | |
| CVE-2018-14728 | upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.... | E | |
| CVE-2018-14729 | The database backup feature in upload/source/admincp/admincp_db.php in Discuz! 2.5 and 3.4 allows re... | E | |
| CVE-2018-14730 | An issue was discovered in Browserify-HMR. Attackers are able to steal developer's code because the ... | E | |
| CVE-2018-14731 | An issue was discovered in HMRServer.js in Parcel parcel-bundler. Attackers are able to steal develo... | E S | |
| CVE-2018-14732 | An issue was discovered in lib/Server.js in webpack-dev-server before 3.1.6. Attackers are able to s... | E S | |
| CVE-2018-14733 | The Odoo Community Association (OCA) dbfilter_from_header module makes Odoo 8.x, 9.x, 10.x, and 11.x... | M | |
| CVE-2018-14734 | drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to ac... | S | |
| CVE-2018-14735 | An Information Exposure issue was discovered in Hitachi Command Suite 8.5.3. A remote attacker may b... | | |
| CVE-2018-14736 | An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A buffer over-read can occur ... | | |
| CVE-2018-14737 | An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A NULL pointer dereference ca... | | |
| CVE-2018-14738 | An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_rmess... | | |
| CVE-2018-14739 | An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_patte... | | |
| CVE-2018-14740 | An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field... | | |
| CVE-2018-14741 | An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_patte... | | |
| CVE-2018-14742 | An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field... | | |
| CVE-2018-14743 | An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in wiretype_... | | |
| CVE-2018-14744 | An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A use-after-free can occur in... | | |
| CVE-2018-14745 | Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G9... | E | |
| CVE-2018-14746 | Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 bui... | | |
| CVE-2018-14747 | NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.... | | |
| CVE-2018-14748 | Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.... | | |
| CVE-2018-14749 | Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build... | | |
| CVE-2018-14767 | In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and... | E S | |
| CVE-2018-14768 | Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXX... | M | |
| CVE-2018-14769 | VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF.... | M | |
| CVE-2018-14770 | VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (is... | M | |
| CVE-2018-14771 | VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (is... | M | |
| CVE-2018-14772 | Pydio 4.2.1 through 8.2.1 has an authenticated remote code execution vulnerability in which an attac... | S | |
| CVE-2018-14773 | An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.... | S | |
| CVE-2018-14774 | An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 t... | S | |
| CVE-2018-14775 | tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has a Local Denial of Service (system c... | S | |
| CVE-2018-14776 | Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authenticated users via an uploaded ... | | |
| CVE-2018-14777 | An issue was discovered in DataLife Engine (DLE) through 13.0. An attacker can use XSS (related to t... | E | |
| CVE-2018-14779 | A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.... | | |
| CVE-2018-14780 | An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/yk... | | |
| CVE-2018-14781 | Medtronic MiniMed MMT-500/MMT-503 Remote Controllers Authentication Bypass by Capture-replay | M | |
| CVE-2018-14782 | NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The d... | | |
| CVE-2018-14783 | NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. A cro... | | |
| CVE-2018-14784 | NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The d... | | |
| CVE-2018-14785 | NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The d... | | |
| CVE-2018-14786 | Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, A... | | |
| CVE-2018-14787 | In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 2.x or prior and Xcelera Versi... | | |
| CVE-2018-14788 | Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. A buffer overflow information disclosure v... | M | |
| CVE-2018-14789 | In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Versi... | | |
| CVE-2018-14790 | Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC... | M | |
| CVE-2018-14791 | Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to... | | |
| CVE-2018-14792 | WECON PLC Editor version 1.3.3U may allow an attacker to execute code under the current process when... | | |
| CVE-2018-14793 | DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit th... | | |
| CVE-2018-14794 | Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. The device does not perform a check on the... | M | |
| CVE-2018-14795 | DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation... | | |
| CVE-2018-14796 | Tec4Data SmartCooler, all versions prior to firmware 180806, the device responds to a remote unauthe... | | |
| CVE-2018-14797 | Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to... | | |
| CVE-2018-14798 | Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC... | M | |
| CVE-2018-14799 | In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the... | | |
| CVE-2018-14800 | Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, by opening a crafted file, to c... | | |
| CVE-2018-14801 | In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an ... | | |
| CVE-2018-14802 | Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC... | M | |
| CVE-2018-14803 | Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The Philips e-Alert contains a ba... | | |
| CVE-2018-14804 | Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitr... | | |
| CVE-2018-14805 | ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonym... | M | |
| CVE-2018-14806 | Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker... | | |
| CVE-2018-14807 | A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professiona... | | |
| CVE-2018-14808 | Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable a... | | |
| CVE-2018-14809 | Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which ... | | |
| CVE-2018-14810 | WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and ... | | |
| CVE-2018-14811 | Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities hav... | | |
| CVE-2018-14812 | An uncontrolled search path element (DLL Hijacking) vulnerability has been identified in Fuji Electr... | | |
| CVE-2018-14813 | Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identi... | | |
| CVE-2018-14814 | WECON Technology PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior lack... | | |
| CVE-2018-14815 | Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been iden... | | |
| CVE-2018-14816 | Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that h... | | |
| CVE-2018-14817 | Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, wh... | | |
| CVE-2018-14818 | WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and ... | | |
| CVE-2018-14819 | Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, w... | | |
| CVE-2018-14820 | Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control o... | | |
| CVE-2018-14821 | Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote... | E | |
| CVE-2018-14822 | Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability in t... | | |
| CVE-2018-14823 | Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been ident... | | |
| CVE-2018-14824 | Delta Electronics Delta Industrial Automation PMSoft v2.11 or prior has an out-of-bounds read vulner... | M | |
| CVE-2018-14825 | On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40 runnin... | | |
| CVE-2018-14826 | Entes EMG12 versions 2.57 and prior The application uses a web interface where it is possible for an... | | |
| CVE-2018-14827 | Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat acto... | | |
| CVE-2018-14828 | Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may ... | | |
| CVE-2018-14829 | Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote... | E | |
| CVE-2018-14831 | An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to... | E | |
| CVE-2018-14833 | Intuit Lacerte 2017 has Incorrect Access Control.... | E | |
| CVE-2018-14835 | Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping added to the tooltip informati... | E S | |
| CVE-2018-14836 | Subrion 4.2.1 is vulnerable to Improper Access control because user groups not having access to the ... | | |
| CVE-2018-14837 | Wolf CMS 0.8.3.1 has XSS in the Snippets tab, as demonstrated by a ?/admin/snippet/edit/1 URI.... | E | |
| CVE-2018-14838 | rejucms 2.1 has stored XSS via the admin/book.php content parameter.... | E | |
| CVE-2018-14839 | LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code... | KEV E | |
| CVE-2018-14840 | uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but ... | E S | |
| CVE-2018-14846 | The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/a... | E S | |
| CVE-2018-14847 | MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and r... | KEV E M | |
| CVE-2018-14849 | Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputL... | | |
| CVE-2018-14850 | Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting... | | |
| CVE-2018-14851 | exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x be... | S | |
| CVE-2018-14852 | Out-of-bounds array access in dhd_rx_frame in drivers/net/wireless/bcmdhd4358/dhd_linux.c in the bcm... | E | |
| CVE-2018-14853 | A NULL pointer dereference in dhd_prot_txdata_write_flush in drivers/net/wireless/bcmdhd4358/dhd_msg... | E | |
| CVE-2018-14854 | Buffer overflow in dhd_bus_flow_ring_delete_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c i... | E | |
| CVE-2018-14855 | Buffer overflow in dhd_bus_flow_ring_flush_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in... | E | |
| CVE-2018-14856 | Buffer overflow in dhd_bus_flow_ring_create_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c i... | E | |
| CVE-2018-14857 | Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webcon... | | |
| CVE-2018-14858 | An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function i... | E | |
| CVE-2018-14859 | Incorrect access control in the password reset component in Odoo Community 11.0 and earlier and Odoo... | S | |
| CVE-2018-14860 | Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterp... | S | |
| CVE-2018-14861 | Improper data access control in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allow... | S | |
| CVE-2018-14862 | Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo E... | S | |
| CVE-2018-14863 | Incorrect access control in the RPC framework in Odoo Community 8.0 through 11.0 and Odoo Enterprise... | S | |
| CVE-2018-14864 | Incorrect access control in asset bundles in Odoo Community 9.0 through 11.0 and earlier and Odoo En... | S | |
| CVE-2018-14865 | Report engine in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 an... | S | |
| CVE-2018-14866 | Incorrect access control in the TransientModel framework in Odoo Community 11.0 and earlier and Odoo... | S | |
| CVE-2018-14867 | Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Ente... | S | |
| CVE-2018-14868 | Incorrect access control in the Password Encryption module in Odoo Community 9.0 and Odoo Enterprise... | S | |
| CVE-2018-14869 | PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C... | E | |
| CVE-2018-14872 | An issue was discovered in Rincewind 0.1. A reinstall vulnerability exists because the parameter p o... | E | |
| CVE-2018-14873 | An issue was discovered in Rincewind 0.1. There is a cross-site scripting (XSS) vulnerability involv... | E | |
| CVE-2018-14874 | An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. Input passed... | E | |
| CVE-2018-14875 | An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. R... | E | |
| CVE-2018-14876 | An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF... | E | |
| CVE-2018-14877 | An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site Language, Site Title, Site Descript... | E | |
| CVE-2018-14878 | JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute co... | S | |
| CVE-2018-14879 | The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next... | S | |
| CVE-2018-14880 | The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr(... | S | |
| CVE-2018-14881 | The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print(... | S | |
| CVE-2018-14882 | The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.... | S | |
| CVE-2018-14883 | An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x be... | E S | |
| CVE-2018-14884 | An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Ina... | E S | |
| CVE-2018-14885 | Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo ... | S | |
| CVE-2018-14886 | The module-description renderer in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earl... | S | |
| CVE-2018-14887 | Improper Host header sanitization in the dbfilter routing component in Odoo Community 11.0 and earli... | S | |
| CVE-2018-14888 | inc/plugins/thankyoulike.php in the Eldenroot Thank You/Like plugin before 3.1.0 for MyBB allows XSS... | E S | |
| CVE-2018-14889 | CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulne... | | |
| CVE-2018-14890 | Vectra Networks Cognito Brain and Sensor before 4.2 contains a cross-site scripting (XSS) vulnerabil... | | |
| CVE-2018-14891 | Management Console in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local privilege... | | |
| CVE-2018-14892 | Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 ver... | E | |
| CVE-2018-14893 | A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attack... | E | |
| CVE-2018-14894 | CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit p... | E | |
| CVE-2018-14899 | On the EPSON WF-2750 printer with firmware JP02I2, the Web interface AirPrint Setup page is vulnerab... | E | |
| CVE-2018-14900 | On EPSON WF-2750 printers with firmware JP02I2, there is no filtering of print jobs. Remote attacker... | E | |
| CVE-2018-14901 | The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropb... | E | |
| CVE-2018-14902 | The ContentProvider in the EPSON iPrint application 6.6.3 for Android does not properly restrict dat... | E | |
| CVE-2018-14903 | EPSON WF-2750 printers with firmware JP02I2 do not properly validate files before running updates, w... | E M | |
| CVE-2018-14904 | Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on sever... | E | |
| CVE-2018-14905 | The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZone... | E | |
| CVE-2018-14906 | The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' proper... | E | |
| CVE-2018-14907 | The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper ... | E | |
| CVE-2018-14908 | Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws... | E | |
| CVE-2018-14910 | SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /... | E | |
| CVE-2018-14911 | A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vulnerability is due to the syst... | E | |
| CVE-2018-14912 | cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-cl... | E | |
| CVE-2018-14915 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2018-14916 | LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion.... | E | |
| CVE-2018-14917 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2018-14918 | LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal.... | E | |
| CVE-2018-14919 | LOYTEC LGATE-902 6.3.2 devices allow XSS.... | E | |
| CVE-2018-14922 | Multiple cross-site scripting (XSS) vulnerabilities in Monstra CMS 3.0.4 allow remote attackers to i... | E | |
| CVE-2018-14923 | A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to execute arbitrary code on a tar... | | |
| CVE-2018-14924 | Matera Banco 1.0.0 is vulnerable to multiple stored XSS, as demonstrated by the sca/privilegio/consu... | | |
| CVE-2018-14925 | Matera Banco 1.0.0 mishandles Java errors in the backend, as demonstrated by a stack trace revealing... | | |
| CVE-2018-14926 | Matera Banco 1.0.0 allows CSRF, as demonstrated by a /contingency/web/messageSend/messageSendHandler... | | |
| CVE-2018-14927 | Matera Banco 1.0.0 is vulnerable to path traversal (allowing access to system files outside the defa... | | |
| CVE-2018-14928 | /contingency/servlet/ServletFileDownload executes as root and provides unauthenticated access to fil... | | |
| CVE-2018-14929 | Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonstrated by the /contingency/web/... | | |
| CVE-2018-14930 | An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. CSRF can occ... | E | |
| CVE-2018-14931 | An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. A... | E | |
| CVE-2018-14933 | upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters ... | KEV E | |
| CVE-2018-14934 | The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Cont... | | |
| CVE-2018-14935 | The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS.... | | |
| CVE-2018-14936 | The Add page option in my little forum 2.4.12 allows XSS via the Title field.... | E | |
| CVE-2018-14937 | The Add page option in my little forum 2.4.12 allows XSS via the Menu Link field.... | E | |
| CVE-2018-14938 | An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer... | E S | |
| CVE-2018-14939 | The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the ... | | |
| CVE-2018-14940 | PHPCMS 9 allows remote attackers to cause a denial of service (resource consumption) via large font_... | E | |
| CVE-2018-14941 | Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a d... | | |
| CVE-2018-14942 | Harmonic NSG 9000 devices allow remote authenticated users to conduct directory traversal attacks, a... | | |
| CVE-2018-14943 | Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default passw... | | |
| CVE-2018-14944 | An issue has been found in jpeg_encoder through 2015-11-27. It is a SEGV in the function readFromBMP... | E | |
| CVE-2018-14945 | An issue has been found in jpeg_encoder through 2015-11-27. It is a heap-based buffer overflow in th... | E | |
| CVE-2018-14946 | An issue has been found in PDF2JSON 0.69. The HtmlString class in ImgOutputDev.cc has Mismatched Mem... | E | |
| CVE-2018-14947 | An issue has been found in PDF2JSON 0.69. XmlFontAccu::CSStyle in XmlFonts.cc has Mismatched Memory ... | E | |
| CVE-2018-14948 | An issue has been found in dilawar sound through 2017-11-27. The end of openWavFile in wav-file.cc h... | E | |
| CVE-2018-14950 | The mail message display page in SquirrelMail through 1.4.22 has XSS via a " | ||
| CVE-2018-14951 | The mail message display page in SquirrelMail through 1.4.22 has XSS via a " |