| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2018-16000 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16001 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16002 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16003 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16004 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16005 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16006 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16007 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16008 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16009 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16010 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16011 | Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.3... | S | |
| CVE-2018-16012 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16013 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16014 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16015 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16016 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16017 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16018 | Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.3... | S | |
| CVE-2018-16019 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16020 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16021 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16022 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16023 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16024 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16025 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16026 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16027 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16028 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16029 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16030 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16031 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16032 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16033 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16034 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16035 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16036 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16037 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16038 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16039 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16040 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16041 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16042 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16043 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16044 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16045 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16046 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16047 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.2... | S | |
| CVE-2018-16048 | An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1... | E | |
| CVE-2018-16049 | An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1... | E | |
| CVE-2018-16050 | An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x b... | E | |
| CVE-2018-16051 | An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1... | E | |
| CVE-2018-16055 | An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish... | M | |
| CVE-2018-16056 | In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol d... | | |
| CVE-2018-16057 | In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash... | | |
| CVE-2018-16058 | In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector coul... | | |
| CVE-2018-16059 | Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/w... | E | |
| CVE-2018-16060 | Mitsubishi Electric Europe B.V. SmartRTU devices allow remote attackers to obtain sensitive informat... | E | |
| CVE-2018-16061 | Mitsubishi Electric Europe B.V. SmartRTU devices allow XSS via the username parameter or PATH_INFO t... | E | |
| CVE-2018-16062 | dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attacker... | | |
| CVE-2018-16064 | Insufficient data validation in Extensions API in Google Chrome prior to 68.0.3440.75 allowed an att... | | |
| CVE-2018-16065 | A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.349... | | |
| CVE-2018-16066 | A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potent... | | |
| CVE-2018-16067 | A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to pot... | | |
| CVE-2018-16068 | Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to poten... | | |
| CVE-2018-16069 | Unintended floating-point error accumulation in SwiftShader in Google Chrome prior to 69.0.3497.81 a... | | |
| CVE-2018-16070 | Integer overflows in Skia in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potent... | | |
| CVE-2018-16071 | A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to poten... | E | |
| CVE-2018-16072 | A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allo... | | |
| CVE-2018-16073 | Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a r... | | |
| CVE-2018-16074 | Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a r... | | |
| CVE-2018-16075 | Insufficient file type enforcement in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote ... | | |
| CVE-2018-16076 | Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to p... | | |
| CVE-2018-16077 | Object lifecycle issue in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to ... | | |
| CVE-2018-16078 | Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a ... | | |
| CVE-2018-16079 | A race condition between permission prompts and navigations in Prompts in Google Chrome prior to 69.... | | |
| CVE-2018-16080 | A missing check for popup window handling in Fullscreen in Google Chrome on macOS prior to 69.0.3497... | | |
| CVE-2018-16081 | Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3... | | |
| CVE-2018-16082 | An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacke... | | |
| CVE-2018-16083 | An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497... | E | |
| CVE-2018-16084 | The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed ... | | |
| CVE-2018-16085 | A use after free in ResourceCoordinator in Google Chrome prior to 69.0.3497.81 allowed a remote atta... | | |
| CVE-2018-16086 | Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed an ... | | |
| CVE-2018-16087 | Lack of proper state tracking in Permissions in Google Chrome prior to 69.0.3497.81 allowed a remote... | | |
| CVE-2018-16088 | A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowe... | | |
| CVE-2018-16089 | System Management Module Vulnerabilities | S | |
| CVE-2018-16090 | System Management Module Vulnerabilities | S | |
| CVE-2018-16091 | System Management Module Vulnerabilities | S | |
| CVE-2018-16092 | System Management Module Vulnerabilities | S | |
| CVE-2018-16093 | LXCI for VMware | S | |
| CVE-2018-16094 | System Management Module Vulnerabilities | S | |
| CVE-2018-16095 | System Management Module Vulnerabilities | S | |
| CVE-2018-16096 | System Management Module Vulnerabilities | S | |
| CVE-2018-16097 | LXCI for VMware and LXCI for Microsoft System Center | S | |
| CVE-2018-16098 | In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the... | S | |
| CVE-2018-16099 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-16100 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-16101 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-16102 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-16103 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-16104 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-16105 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-16106 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-16107 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-16108 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-16109 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-16110 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-16111 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-16112 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-16113 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-16115 | Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG erro... | | |
| CVE-2018-16116 | SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 a... | | |
| CVE-2018-16117 | A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 ... | S | |
| CVE-2018-16118 | A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Soph... | S | |
| CVE-2018-16119 | Stack-based buffer overflow in the httpd server of TP-Link WR1043nd (Firmware Version 3) allows remo... | E | |
| CVE-2018-16130 | System command injection in request_mitv in Xiaomi Mi Router 3 version 2.22.15 allows attackers to e... | E | |
| CVE-2018-16131 | The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and ... | S | |
| CVE-2018-16132 | The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 f... | | |
| CVE-2018-16133 | Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI.... | E | |
| CVE-2018-16134 | Cybrotech CyBroHttpServer 1.0.3 allows XSS via a URI.... | E | |
| CVE-2018-16135 | The Opera Mini application 47.1.2249.129326 for Android allows remote attackers to spoof the Locatio... | | |
| CVE-2018-16136 | An issue was discovered in the administrator interface in IPBRICK OS 6.3. The application doesn't ch... | E | |
| CVE-2018-16137 | An issue was discovered in the Web Management Console in IPBRICK OS 6.3. There are multiple SQL inje... | E | |
| CVE-2018-16138 | An issue was discovered in the administration page in IPBRICK OS 6.3. There are multiple XSS vulnera... | E | |
| CVE-2018-16139 | Cross-site scripting (XSS) vulnerability in BIBLIOsoft BIBLIOpac 2008 allows remote attackers to inj... | E | |
| CVE-2018-16140 | A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to wri... | | |
| CVE-2018-16141 | ThinkCMF X2.2.3 has an arbitrary file deletion vulnerability in do_avatar in \application\User\Contr... | E | |
| CVE-2018-16142 | PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login_control.php via the _back par... | E | |
| CVE-2018-16144 | The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x ... | E | |
| CVE-2018-16145 | The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3... | E | |
| CVE-2018-16146 | The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible b... | E | |
| CVE-2018-16147 | The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x be... | E | |
| CVE-2018-16148 | The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x befor... | E | |
| CVE-2018-16149 | In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification ... | E S | |
| CVE-2018-16150 | In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification ... | S | |
| CVE-2018-16151 | In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x... | | |
| CVE-2018-16152 | In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x... | | |
| CVE-2018-16153 | An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest cred... | S | |
| CVE-2018-16156 | In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC service running with SYSTEM p... | E | |
| CVE-2018-16157 | waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submiss... | E | |
| CVE-2018-16158 | Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key ... | E | |
| CVE-2018-16159 | The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parame... | E | |
| CVE-2018-16160 | SecureCore Standard Edition Version 2.x allows an attacker to bypass the product 's authentication t... | | |
| CVE-2018-16161 | OpenDolphin 2.7.0 and earlier allows authenticated users to gain administrative privileges and perfo... | | |
| CVE-2018-16162 | OpenDolphin 2.7.0 and earlier allows authenticated attackers to obtain other users credentials such ... | | |
| CVE-2018-16163 | OpenDolphin 2.7.0 and earlier allows authenticated attackers to bypass authentication to create and/... | | |
| CVE-2018-16164 | Cross-site scripting vulnerability in Event Calendar WD version 1.1.21 and earlier allows remote aut... | | |
| CVE-2018-16165 | Cross-site scripting vulnerability in LogonTracer 1.2.0 and earlier allows remote attackers to injec... | | |
| CVE-2018-16166 | LogonTracer 1.2.0 and earlier allows remote attackers to conduct XML External Entity (XXE) attacks v... | | |
| CVE-2018-16167 | LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecifi... | | |
| CVE-2018-16168 | LogonTracer 1.2.0 and earlier allows remote attackers to conduct Python code injection attacks via u... | | |
| CVE-2018-16169 | Cybozu Remote Service 3.0.0 to 3.1.0 allows remote authenticated attackers to upload and execute Jav... | | |
| CVE-2018-16170 | Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 for Windows allows remote ... | | |
| CVE-2018-16171 | Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 allows remote attackers to... | | |
| CVE-2018-16172 | Improper countermeasure against clickjacking attack in client certificates management screen was dis... | | |
| CVE-2018-16173 | Cross-site scripting vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to i... | | |
| CVE-2018-16174 | Open redirect vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to redirect... | | |
| CVE-2018-16175 | SQL injection vulnerability in the LearnPress prior to version 3.1.0 allows attacker with administra... | | |
| CVE-2018-16176 | Untrusted search path vulnerability in Installer of Mapping Tool 2.0.1.6 and 2.0.1.7 allows remote a... | | |
| CVE-2018-16177 | Untrusted search path vulnerability in The installer of Windows 10 Fall Creators Update Modify modul... | | |
| CVE-2018-16178 | Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view informati... | S | |
| CVE-2018-16179 | The Mizuho Direct App for Android version 3.13.0 and earlier does not verify server certificates, wh... | | |
| CVE-2018-16180 | Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to in... | | |
| CVE-2018-16181 | HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers t... | | |
| CVE-2018-16182 | Untrusted search path vulnerability in the installer of MARKET SPEED Ver.16.4 and earlier allows an ... | | |
| CVE-2018-16183 | An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Wind... | | |
| CVE-2018-16184 | RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the dis... | | |
| CVE-2018-16185 | RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display... | | |
| CVE-2018-16186 | RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display... | | |
| CVE-2018-16187 | The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the dis... | | |
| CVE-2018-16188 | SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2... | | |
| CVE-2018-16189 | Untrusted search path vulnerability in Self-Extracting Archives created by UNLHA32.DLL prior to Ver ... | | |
| CVE-2018-16190 | Untrusted search path vulnerability in UNARJ32.DLL for Win32, LHMelting for Win32, and LMLzh32.DLL (... | S | |
| CVE-2018-16191 | Open redirect vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, ... | | |
| CVE-2018-16192 | Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firm... | | |
| CVE-2018-16193 | Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver... | | |
| CVE-2018-16194 | Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firm... | | |
| CVE-2018-16195 | Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firm... | | |
| CVE-2018-16196 | Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 -... | | |
| CVE-2018-16197 | Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier a... | | |
| CVE-2018-16198 | Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier m... | | |
| CVE-2018-16199 | Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home... | | |
| CVE-2018-16200 | Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier a... | | |
| CVE-2018-16201 | Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier u... | | |
| CVE-2018-16202 | Directory traversal vulnerability in cordova-plugin-ionic-webview versions prior to 2.2.0 (not inclu... | | |
| CVE-2018-16203 | PgpoolAdmin 4.0 and earlier allows remote attackers to bypass the login authentication and obtain th... | | |
| CVE-2018-16204 | Cross-site scripting vulnerability in Google XML Sitemaps Version 4.0.9 and earlier allows remote au... | | |
| CVE-2018-16205 | Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arb... | | |
| CVE-2018-16206 | Cross-site scripting vulnerability in WordPress plugin spam-byebye 2.2.1 and earlier allows remote a... | | |
| CVE-2018-16207 | PowerAct Pro Master Agent for Windows Version 5.13 and earlier allows authenticated attackers to byp... | | |
| CVE-2018-16210 | WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XS... | E | |
| CVE-2018-16216 | A command injection (missing input validation, escaping) in the monitoring or memory status web inte... | E M | |
| CVE-2018-16217 | The network diagnostic function (ping) in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.... | | |
| CVE-2018-16218 | A CSRF (Cross Site Request Forgery) in the web interface of the Yeahlink Ultra-elegant IP Phone SIP-... | E M | |
| CVE-2018-16219 | A missing password verification in the web interface in AudioCodes 405HD VoIP phone with firmware 2.... | E M | |
| CVE-2018-16220 | Cross Site Scripting in different input fields (domain field and personal settings) in AudioCodes 40... | M | |
| CVE-2018-16221 | The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) ... | | |
| CVE-2018-16222 | Cleartext Storage of credentials in the iSmartAlarmData.xml configuration file in the iSmartAlarm ap... | | |
| CVE-2018-16223 | Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBe... | | |
| CVE-2018-16224 | Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allow... | | |
| CVE-2018-16225 | The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as... | E | |
| CVE-2018-16226 | A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) ... | | |
| CVE-2018-16227 | The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh... | S | |
| CVE-2018-16228 | The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().... | S | |
| CVE-2018-16229 | The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().... | S | |
| CVE-2018-16230 | The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_RE... | S | |
| CVE-2018-16231 | Michael Roth Software Personal FTP Server (PFTP) through 8.4f allows remote attackers to cause a den... | | |
| CVE-2018-16232 | An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 1... | E S | |
| CVE-2018-16233 | MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter.... | E | |
| CVE-2018-16234 | MorningStar WhatWeb 0.4.9 has XSS via JSON report files.... | E | |
| CVE-2018-16235 | Telligent Community 6.x, 7.x, 8.x, 9.x before 9.2.10.11796, 10.1.x before 10.1.10.11792, and 10.2.x ... | | |
| CVE-2018-16236 | cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, beca... | E | |
| CVE-2018-16237 | An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s ... | E | |
| CVE-2018-16238 | An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipa... | E | |
| CVE-2018-16239 | An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() function for cookies, which m... | E | |
| CVE-2018-16242 | oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the... | E | |
| CVE-2018-16243 | SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vu... | | |
| CVE-2018-16247 | YzmCMS 5.1 has XSS via the admin/system_manage/user_config_add.html title parameter.... | E | |
| CVE-2018-16248 | b3log Solo 2.9.3 has XSS in the Input page under the "Publish Articles" menu with an ID of "articleT... | E | |
| CVE-2018-16249 | In Symphony before 3.3.0, there is XSS in the Title under Post. The ID "articleTitle" of this is sto... | E | |
| CVE-2018-16250 | The "utilisateur" menu in Creatiwity wityCMS 0.6.2 modifies the presence of XSS at two input points ... | E | |
| CVE-2018-16251 | A "search for user discovery" injection issue exists in Creatiwity wityCMS 0.6.2 via the "Utilisateu... | E | |
| CVE-2018-16252 | FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection.... | E | |
| CVE-2018-16253 | In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification ... | E S | |
| CVE-2018-16254 | There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=options. NOTE: ... | | |
| CVE-2018-16255 | There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=evaluate. NOTE:... | | |
| CVE-2018-16256 | There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering Options(... | E | |
| CVE-2018-16257 | There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=templa... | | |
| CVE-2018-16258 | There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import cust... | | |
| CVE-2018-16259 | There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings la... | | |
| CVE-2018-16261 | In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation V... | | |
| CVE-2018-16262 | The pkgmgr system service in Tizen allows an unprivileged process to perform package management acti... | | |
| CVE-2018-16263 | The PulseAudio system service in Tizen allows an unprivileged process to control its A2DP MediaEndpo... | | |
| CVE-2018-16264 | The BlueZ system service in Tizen allows an unprivileged process to partially control Bluetooth or a... | | |
| CVE-2018-16265 | The bt/bt_core system service in Tizen allows an unprivileged process to create a system user interf... | | |
| CVE-2018-16266 | The Enlightenment system service in Tizen allows an unprivileged process to fully control or capture... | | |
| CVE-2018-16267 | The system-popup system service in Tizen allows an unprivileged process to perform popup-related sys... | | |
| CVE-2018-16268 | The SoundServer/FocusServer system services in Tizen allow an unprivileged process to perform media-... | | |
| CVE-2018-16269 | The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over t... | E | |
| CVE-2018-16270 | Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permis... | E | |
| CVE-2018-16271 | The wemail_consumer_service (from the built-in application wemail) in Samsung Galaxy Gear series all... | E | |
| CVE-2018-16272 | The wpa_supplicant system service in Samsung Galaxy Gear series allows an unprivileged process to fu... | E | |
| CVE-2018-16275 | OPSWAT MetaDefender before v4.11.2 allows CSV injection.... | | |
| CVE-2018-16276 | An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7.... | S | |
| CVE-2018-16277 | The Image Import function in XWiki through 10.7 has XSS.... | E | |
| CVE-2018-16278 | phpkaiyuancms PhpOpenSourceCMS (POSCMS) V3.2.0 allows an unauthenticated user to execute arbitrary S... | E | |
| CVE-2018-16281 | The DEISER "Profields - Project Custom Fields" app before 6.0.2 for Jira has Incorrect Access Contro... | S | |
| CVE-2018-16282 | A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 1804101... | E | |
| CVE-2018-16283 | The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image... | E | |
| CVE-2018-16285 | The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_... | E | |
| CVE-2018-16286 | LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captch... | E | |
| CVE-2018-16287 | LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs.... | E | |
| CVE-2018-16288 | LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.... | E | |
| CVE-2018-16291 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9... | S | |
| CVE-2018-16292 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9... | S | |
| CVE-2018-16293 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9... | S | |
| CVE-2018-16294 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9... | S | |
| CVE-2018-16295 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9... | S | |
| CVE-2018-16296 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9... | S | |
| CVE-2018-16297 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9... | S | |
| CVE-2018-16298 | An issue was discovered in MiniCMS 1.10. There is an mc-admin/post.php?tag= XSS vulnerability for a ... | E | |
| CVE-2018-16299 | The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php fi... | E | |
| CVE-2018-16300 | The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() beca... | S | |
| CVE-2018-16301 | The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_in... | | |
| CVE-2018-16302 | MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted file.... | E | |
| CVE-2018-16303 | PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource ... | E | |
| CVE-2018-16307 | An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devi... | E | |
| CVE-2018-16308 | The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.... | E | |
| CVE-2018-16309 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2018-16310 | Technicolor TG588V V2 devices allow remote attackers to cause a denial of service (networking outage... | E | |
| CVE-2018-16313 | Bludit 2.3.4 allows XSS via a user name.... | E | |
| CVE-2018-16314 | An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF... | E | |
| CVE-2018-16315 | In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via ad... | E | |
| CVE-2018-16316 | A stored Cross-site scripting (XSS) vulnerability in Portainer through 1.19.1 allows remote authenti... | S | |
| CVE-2018-16320 | idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of ... | | |
| CVE-2018-16323 | ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing... | E S | |
| CVE-2018-16324 | In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field.... | E | |
| CVE-2018-16325 | There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field.... | E S | |
| CVE-2018-16326 | PHP Scripts Mall Olx Clone 3.4.2 has XSS.... | E | |
| CVE-2018-16327 | There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration.... | E S | |
| CVE-2018-16328 | In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function i... | | |
| CVE-2018-16329 | In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function i... | | |
| CVE-2018-16330 | Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element.... | E | |
| CVE-2018-16331 | admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's passwo... | E | |
| CVE-2018-16332 | An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerabil... | E | |
| CVE-2018-16333 | An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_C... | E | |
| CVE-2018-16334 | An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac... | E | |
| CVE-2018-16335 | newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote... | S | |
| CVE-2018-16336 | Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of... | | |
| CVE-2018-16337 | An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's b... | E | |
| CVE-2018-16338 | An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administra... | E | |
| CVE-2018-16339 | An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators ... | E | |
| CVE-2018-16342 | ShowDoc v1.8.0 has XSS via a new page.... | E | |
| CVE-2018-16343 | SeaCMS 6.61 allows remote attackers to execute arbitrary code because parseIf() in include/main.clas... | E | |
| CVE-2018-16344 | An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via direc... | E | |
| CVE-2018-16345 | An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin pass... | E | |
| CVE-2018-16346 | ChemCMS 1.0.6 has XSS via the "setting -> website information" field.... | E | |
| CVE-2018-16347 | An issue was discovered in Gleez CMS v1.2.0. There is XSS via media/imagecache/resize.... | E | |
| CVE-2018-16348 | SeaCMS V6.61 has XSS via the admin_video.php v_content parameter, related to the site name.... | E | |
| CVE-2018-16349 | WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter.... | E | |
| CVE-2018-16350 | WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter.... | E | |
| CVE-2018-16352 | There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedd... | E | |
| CVE-2018-16353 | An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the /index.php/Cus... | | |
| CVE-2018-16354 | An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the index.php/User... | | |
| CVE-2018-16356 | An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order param... | E | |
| CVE-2018-16357 | An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order param... | E | |
| CVE-2018-16358 | A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dot... | | |
| CVE-2018-16359 | Google gVisor before 2018-08-23, within the seccomp sandbox, permits access to the renameat system c... | | |
| CVE-2018-16361 | An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS via the id parameter.... | E S | |
| CVE-2018-16362 | An issue was discovered in the Source Integration plugin before 1.5.9 and 2.x before 2.1.5 for Manti... | | |
| CVE-2018-16363 | The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin... | E S | |
| CVE-2018-16364 | A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows fo... | E M | |
| CVE-2018-16365 | An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF.... | E | |
| CVE-2018-16366 | An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF.... | E | |
| CVE-2018-16367 | In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file ... | E | |
| CVE-2018-16368 | SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a d... | E | |
| CVE-2018-16369 | XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack cons... | E | |
| CVE-2018-16370 | In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team&m=... | E | |
| CVE-2018-16371 | PESCMS Team 2.2.1 has multiple reflected XSS via the keyword parameter: g=Team&m=User&a=index&keywor... | E | |
| CVE-2018-16372 | The issue was discovered in IdeaCMS through 2016-04-30. There is reflected XSS via the index.php?c=c... | | |
| CVE-2018-16373 | Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/sa... | E | |
| CVE-2018-16374 | Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings.... | E | |
| CVE-2018-16375 | An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.wid... | S | |
| CVE-2018-16376 | An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the functi... | | |
| CVE-2018-16379 | Ogma CMS 0.4 Beta has XSS via the "Footer Text footer" field on the "Theme/Theme Options" screen.... | E | |
| CVE-2018-16380 | An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF vulnerability in users.php?action=crea... | E | |
| CVE-2018-16381 | e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter.... | E | |
| CVE-2018-16382 | Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c.... | E | |
| CVE-2018-16384 | A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity... | E | |
| CVE-2018-16385 | ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string.... | E | |
| CVE-2018-16386 | An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection (and an arbitrary log... | | |
| CVE-2018-16387 | An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF vulnerability that can add an a... | E | |
| CVE-2018-16388 | e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code ... | E S | |
| CVE-2018-16389 | e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter.... | S | |
| CVE-2018-16391 | Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopens... | E S | |
| CVE-2018-16392 | Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/c... | E S | |
| CVE-2018-16393 | Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len... | E S | |
| CVE-2018-16395 | An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x befor... | S | |
| CVE-2018-16396 | An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x befo... | | |
| CVE-2018-16397 | In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrar... | | |
| CVE-2018-16398 | In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/... | S | |
| CVE-2018-16402 | libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free... | E | |
| CVE-2018-16403 | libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwar... | E | |
| CVE-2018-16405 | An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly... | E S | |
| CVE-2018-16406 | An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app has XSS via a crafted cabinet l... | E S | |
| CVE-2018-16407 | An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values ar... | E S | |
| CVE-2018-16408 | D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root... | E | |
| CVE-2018-16409 | In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF.... | | |
| CVE-2018-16410 | Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, re... | E S | |
| CVE-2018-16412 | ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlo... | E | |
| CVE-2018-16413 | ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushS... | E | |
| CVE-2018-16416 | Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows re... | E | |
| CVE-2018-16417 | Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.... | M | |
| CVE-2018-16418 | A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC be... | E S | |
| CVE-2018-16419 | Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/... | E S | |
| CVE-2018-16420 | Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libo... | E S | |
| CVE-2018-16421 | Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in l... | E S | |
| CVE-2018-16422 | A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_ini... | E S | |
| CVE-2018-16423 | A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in ... | E S | |
| CVE-2018-16424 | A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in Op... | E S | |
| CVE-2018-16425 | A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs... | E S | |
| CVE-2018-16426 | Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/ca... | E S | |
| CVE-2018-16427 | Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by att... | S | |
| CVE-2018-16428 | In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference... | E S | |
| CVE-2018-16429 | GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmark... | E S | |
| CVE-2018-16430 | GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method... | E S | |
| CVE-2018-16431 | admin/admin/adminsave.html in YFCMF v3.0 allows CSRF to add an administrator account.... | E | |
| CVE-2018-16432 | BlueCMS 1.6 allows SQL Injection via the user_name parameter to uploads/user.php?act=index_login.... | E | |
| CVE-2018-16435 | Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet f... | E S | |
| CVE-2018-16436 | Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an administrator.... | E | |
| CVE-2018-16437 | Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable by an administrator.... | E M | |
| CVE-2018-16438 | An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern... | E | |
| CVE-2018-16444 | An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter.... | E | |
| CVE-2018-16445 | An issue was discovered in SeaCMS through 6.61. SQL injection exists via the tid parameter in an adm... | E | |
| CVE-2018-16446 | An issue was discovered in SeaCMS through 6.61. adm1n/admin_database.php allows remote attackers to ... | | |
| CVE-2018-16447 | Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF.... | E | |
| CVE-2018-16448 | Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members... | E | |
| CVE-2018-16449 | OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog v... | E | |
| CVE-2018-16450 | CraftedWeb through 2013-09-24 has reflected XSS via the p parameter.... | E | |
| CVE-2018-16451 | The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILS... | S | |
| CVE-2018-16452 | The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.... | S | |
| CVE-2018-16453 | PHP Scripts Mall Domain Lookup Script 3.0.5 allows XSS in the search bar.... | E | |
| CVE-2018-16454 | PHP Scripts Mall Currency Converter Script 2.0.5 allows remote attackers to cause a denial of servic... | E | |
| CVE-2018-16455 | PHP Scripts Mall Market Place Script 1.0.1 allows XSS via a keyword.... | E | |
| CVE-2018-16456 | PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a keyword. NOTE: This may overlap with CVE-... | E | |
| CVE-2018-16457 | PHP Scripts Mall Open Source Real-estate Script 3.6.2 allows remote attackers to list the wp-content... | E | |
| CVE-2018-16458 | An issue was discovered in baigo CMS v2.1.1. There is an index.php?m=article&c=request CSRF that can... | E | |
| CVE-2018-16459 | An unescaped payload in exceljs | E | |
| CVE-2018-16460 | A command Injection in ps package versions <1.0.0 for Node.js allowed arbitrary commands to be execu... | | |
| CVE-2018-16461 | A command injection vulnerability in libnmapp package for versions <0.4.16 allows arbitrary commands... | E | |
| CVE-2018-16462 | A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which a... | E | |
| CVE-2018-16463 | A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentia... | | |
| CVE-2018-16464 | A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to passwor... | | |
| CVE-2018-16465 | Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at lo... | | |
| CVE-2018-16466 | Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to... | | |
| CVE-2018-16467 | A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews o... | E | |
| CVE-2018-16468 | In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output whe... | | |
| CVE-2018-16469 | The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying pro... | E | |
| CVE-2018-16470 | There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafte... | | |
| CVE-2018-16471 | There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests ca... | | |
| CVE-2018-16472 | A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject p... | | |
| CVE-2018-16473 | A path traversal in takeapeek module versions <=0.2.2 allows an attacker to list directory and files... | E | |
| CVE-2018-16474 | A stored xss in tianma-static module versions <=1.0.4 allows an attacker to execute arbitrary javasc... | E | |
| CVE-2018-16475 | A Path Traversal in Knightjs versions <= 0.0.1 allows an attacker to read content of arbitrary files... | E | |
| CVE-2018-16476 | A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft us... | E M | |
| CVE-2018-16477 | A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow a... | E M | |
| CVE-2018-16478 | A Path Traversal in simplehttpserver versions <=0.2.1 allows to list any file in another folder of w... | | |
| CVE-2018-16479 | Path traversal vulnerability in http-live-simulator <1.0.7 causes unauthorized access to arbitrary f... | E | |
| CVE-2018-16480 | A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run i... | E | |
| CVE-2018-16481 | A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be execu... | E | |
| CVE-2018-16482 | A server directory traversal vulnerability was found on node module mcstatic <=0.0.20 that would all... | | |
| CVE-2018-16483 | A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add n... | E | |
| CVE-2018-16484 | A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTM... | E | |
| CVE-2018-16485 | Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized ... | E | |
| CVE-2018-16486 | A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious ... | E | |
| CVE-2018-16487 | A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWit... | E | |
| CVE-2018-16489 | A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject pro... | E | |
| CVE-2018-16490 | A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inje... | E | |
| CVE-2018-16491 | A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker... | E | |
| CVE-2018-16492 | A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attack... | E | |
| CVE-2018-16493 | A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthor... | E | |
| CVE-2018-16494 | In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthoriz... | | |
| CVE-2018-16495 | In VOS user session identifier (authentication token) is issued to the browser prior to authenticati... | | |
| CVE-2018-16496 | In Versa Director, the un-authentication request found.... | | |
| CVE-2018-16497 | In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific da... | | |
| CVE-2018-16498 | In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials s... | | |
| CVE-2018-16499 | In VOS compromised, an attacker at network endpoints can possibly view communications between an uns... | | |
| CVE-2018-16509 | An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" che... | E | |
| CVE-2018-16510 | An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS... | S | |
| CVE-2018-16511 | An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be use... | S | |
| CVE-2018-16513 | In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a ty... | S | |
| CVE-2018-16514 | A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit... | E | |
| CVE-2018-16515 | Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified... | S | |
| CVE-2018-16516 | helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL.... | E | |
| CVE-2018-16517 | asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the atta... | E | |
| CVE-2018-16518 | A directory traversal vulnerability with remote code execution in Prim'X Zed! FREE through 1.0 build... | | |
| CVE-2018-16519 | COYO 9.0.8, 10.0.11 and 12.0.4 has cross-site scripting (XSS) via URLs used by "iFrame" widgets.... | E | |
| CVE-2018-16521 | An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMR... | S | |
| CVE-2018-16522 | Amazon Web Services (AWS) FreeRTOS through 1.3.1 has an uninitialized pointer free in SOCKETS_SetSoc... | E | |
| CVE-2018-16523 | Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WI... | E | |
| CVE-2018-16524 | Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WI... | E | |
| CVE-2018-16525 | Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WI... | E | |
| CVE-2018-16526 | Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WI... | E | |
| CVE-2018-16527 | Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WI... | E S | |
| CVE-2018-16528 | Amazon Web Services (AWS) FreeRTOS through 1.3.1 allows remote attackers to execute arbitrary code b... | | |
| CVE-2018-16529 | A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password ... | E | |
| CVE-2018-16530 | A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft m... | | |
| CVE-2018-16531 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-16532 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-16533 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-16534 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-16535 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-16536 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-16537 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-16538 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-16539 | In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use inco... | S | |
| CVE-2018-16540 | In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin... | S | |
| CVE-2018-16541 | In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use inco... | S | |
| CVE-2018-16542 | In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insu... | | |
| CVE-2018-16543 | In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an u... | | |
| CVE-2018-16545 | Kaizen Asset Manager (Enterprise Edition) and Training Manager (Enterprise Edition) allow a remote a... | E | |
| CVE-2018-16546 | Amcrest networked devices use the same hardcoded SSL private key across different customers' install... | | |
| CVE-2018-16548 | An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function... | E S | |
| CVE-2018-16549 | HScripts PHP File Browser Script v1.0 allows Directory Traversal via the index.php path parameter.... | E | |
| CVE-2018-16550 | TeamViewer 10.x through 13.x allows remote attackers to bypass the brute-force authentication protec... | | |
| CVE-2018-16551 | LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit.... | E | |
| CVE-2018-16552 | MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/edit/, and /accounts/##/delete... | E | |
| CVE-2018-16553 | In Jspxcms 9.0.0, a vulnerable URL routing implementation allows remote code execution after logging... | | |
| CVE-2018-16554 | The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause... | E S | |
| CVE-2018-16555 | A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All v... | | |
| CVE-2018-16556 | A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-4... | | |
| CVE-2018-16557 | A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-4... | | |
| CVE-2018-16558 | A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATI... | | |
| CVE-2018-16559 | A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATI... | | |
| CVE-2018-16560 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16561 | A vulnerability has been identified in SIMATIC S7-300 CPUs (All versions < V3.X.16). The affected CP... | | |
| CVE-2018-16562 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16563 | A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All ver... | | |
| CVE-2018-16564 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16565 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16566 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16567 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16568 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16569 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16570 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16571 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16572 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16573 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16574 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16575 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16576 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16577 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16578 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16579 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16580 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16581 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16582 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16583 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16584 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16585 | An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command... | S | |
| CVE-2018-16586 | In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.... | S | |
| CVE-2018-16587 | In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.... | S | |
| CVE-2018-16588 | Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE sha... | | |
| CVE-2018-16590 | FURUNO FELCOM 250 and 500 devices use only client-side JavaScript in login.js for authentication.... | E | |
| CVE-2018-16591 | FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the Admin, ... | E | |
| CVE-2018-16593 | The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Shell Metacharacter ... | S | |
| CVE-2018-16594 | The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Directory Traversal.... | S | |
| CVE-2018-16595 | The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices has a Buffer Overflow.... | S | |
| CVE-2018-16596 | A stack-based buffer overflow in the LAN UPnP service running on UDP port 1900 of Swisscom Internet-... | | |
| CVE-2018-16597 | An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mount... | S | |
| CVE-2018-16598 | An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 ... | S | |
| CVE-2018-16599 | An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 ... | E | |
| CVE-2018-16600 | An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 ... | E | |
| CVE-2018-16601 | An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 ... | E | |
| CVE-2018-16602 | An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 ... | E | |
| CVE-2018-16603 | An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 ... | E | |
| CVE-2018-16604 | An issue was discovered in Nibbleblog v4.0.5. With an admin's username and password, an attacker can... | E | |
| CVE-2018-16605 | D-Link DIR-600M devices allow XSS via the Hostname and Username fields in the Dynamic DNS Configurat... | E | |
| CVE-2018-16606 | In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab... | E | |
| CVE-2018-16607 | Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.... | E | |
| CVE-2018-16608 | In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administra... | E | |
| CVE-2018-16613 | An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress... | | |
| CVE-2018-16618 | VTech Storio Max before 56.D3JM6 allows remote command execution via shell metacharacters in an Andr... | E | |
| CVE-2018-16619 | Sonatype Nexus Repository Manager before 3.14 allows XSS.... | | |
| CVE-2018-16620 | Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control.... | | |
| CVE-2018-16621 | Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.... | E S | |
| CVE-2018-16622 | Multiple cross-site scripting (XSS) vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow r... | E | |
| CVE-2018-16623 | Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the "Site options" in the admin p... | E | |
| CVE-2018-16624 | panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a new page.... | E | |
| CVE-2018-16625 | index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT el... | E | |
| CVE-2018-16626 | index.php/Admin/Classes in Typesetter 5.1 allows XSS via the description of a new class name.... | E | |
| CVE-2018-16627 | panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature.... | E | |
| CVE-2018-16628 | panel/login in Kirby v2.5.12 allows XSS via a blog name.... | E | |
| CVE-2018-16629 | panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIP... | E | |
| CVE-2018-16630 | Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file.... | E | |
| CVE-2018-16631 | Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter.... | E | |
| CVE-2018-16632 | Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?_to_field=id&_popup=1 title pa... | E | |
| CVE-2018-16633 | Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title.... | E | |
| CVE-2018-16634 | Pluck v4.7.7 allows CSRF via admin.php?action=settings.... | E | |
| CVE-2018-16635 | Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php.... | E | |
| CVE-2018-16636 | Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter.... | E | |
| CVE-2018-16637 | Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI.... | E | |
| CVE-2018-16638 | Evolution CMS 1.4.x allows XSS via the manager/ search parameter.... | E | |
| CVE-2018-16639 | Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter during new page creation.... | E | |
| CVE-2018-16640 | ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c.... | S | |
| CVE-2018-16641 | ImageMagick 7.0.8-6 has a memory leak vulnerability in the TIFFWritePhotoshopLayers function in code... | E S | |
| CVE-2018-16642 | The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a de... | S | |
| CVE-2018-16643 | The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/ca... | S | |
| CVE-2018-16644 | There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage ... | S | |
| CVE-2018-16645 | There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and Read... | S | |
| CVE-2018-16646 | In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a cra... | E S | |
| CVE-2018-16647 | In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers t... | E | |
| CVE-2018-16648 | In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cau... | E | |
| CVE-2018-16650 | phpMyFAQ before 2.9.11 allows CSRF.... | M | |
| CVE-2018-16651 | The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports.... | | |
| CVE-2018-16653 | rejucms 2.1 has XSS via the ucenter/cms_user_add.php u_name parameter.... | E | |
| CVE-2018-16654 | Zurmo 3.2.4 Stable allows XSS via app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTa... | E | |
| CVE-2018-16655 | Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php.... | E | |
| CVE-2018-16656 | DoBox_CstmBox_Info.model.htm on Kyocera TASKalfa 4002i and 6002i devices allows remote attackers to ... | E | |
| CVE-2018-16657 | In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header ca... | E S | |
| CVE-2018-16658 | An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_... | S | |
| CVE-2018-16659 | An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft ... | E | |
| CVE-2018-16660 | A command injection vulnerability in PWS in Imperva SecureSphere 13.0.0.10 and 13.1.0.10 Gateway all... | E | |
| CVE-2018-16663 | An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in parse_r... | | |
| CVE-2018-16664 | An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow in lvm_set_type in os/... | M | |
| CVE-2018-16665 | An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow while parsing AQL in l... | M | |
| CVE-2018-16666 | An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in next_st... | M | |
| CVE-2018-16667 | An issue was discovered in Contiki-NG through 4.1. There is a buffer over-read in lookup in os/stora... | | |
| CVE-2018-16668 | An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path dis... | E | |
| CVE-2018-16669 | An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in Cir... | E | |
| CVE-2018-16670 | An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to l... | E | |
| CVE-2018-16671 | An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information di... | E | |
| CVE-2018-16672 | An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitiv... | E | |
| CVE-2018-16703 | A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker to... | | |
| CVE-2018-16704 | An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerab... | M | |
| CVE-2018-16705 | FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file contai... | E | |
| CVE-2018-16706 | LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request... | E | |
| CVE-2018-16709 | Fuji Xerox DocuCentre-V 3065, ApeosPort-VI C3371, ApeosPort-V C4475, ApeosPort-V C3375, DocuCentre-V... | E | |
| CVE-2018-16710 | OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of... | E | |
| CVE-2018-16711 | IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (an... | | |
| CVE-2018-16712 | IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (an... | E | |
| CVE-2018-16713 | IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (an... | | |
| CVE-2018-16715 | An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security per... | | |
| CVE-2018-16716 | A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of th... | | |
| CVE-2018-16717 | A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 through 2.2.26 legacy versions o... | | |
| CVE-2018-16718 | An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI To... | | |
| CVE-2018-16719 | In Jingyun Antivirus v2.4.2.39, the driver file (hookbody.sys) allows local users to cause a denial ... | | |
| CVE-2018-16720 | In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial... | | |
| CVE-2018-16721 | In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial... | | |
| CVE-2018-16722 | In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial... | | |
| CVE-2018-16723 | In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial... | | |
| CVE-2018-16724 | An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an ind... | E | |
| CVE-2018-16725 | An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClip... | E | |
| CVE-2018-16726 | razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings compone... | E | |
| CVE-2018-16727 | razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component.... | E | |
| CVE-2018-16728 | feindura 2.0.7 allows XSS via the tags field of a new page created at index.php?category=0&page=new.... | | |
| CVE-2018-16729 | Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded... | E | |
| CVE-2018-16730 | \upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name.... | | |
| CVE-2018-16731 | CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default file... | E | |
| CVE-2018-16732 | \upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save.... | | |
| CVE-2018-16733 | In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the en... | | |
| CVE-2018-16736 | In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters... | E | |
| CVE-2018-16737 | tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation.... | | |
| CVE-2018-16738 | tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigat... | | |
| CVE-2018-16739 | An issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/file... | E | |
| CVE-2018-16741 | An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() doe... | E | |
| CVE-2018-16742 | An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow ca... | E | |
| CVE-2018-16743 | An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line para... | E | |
| CVE-2018-16744 | An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parame... | E | |
| CVE-2018-16745 | An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parame... | E | |
| CVE-2018-16749 | In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows ... | E S | |
| CVE-2018-16750 | In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/me... | E S | |
| CVE-2018-16752 | LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metachara... | E | |
| CVE-2018-16758 | Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a ... | | |
| CVE-2018-16759 | The removeXSS function in App/Common/common.php (called from App/Modules/Index/Action/SearchAction.c... | E | |
| CVE-2018-16761 | Eventum before 3.4.0 has an open redirect vulnerability.... | | |
| CVE-2018-16762 | FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/ite... | S | |
| CVE-2018-16763 | FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ dat... | E S | |
| CVE-2018-16764 | In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denia... | E S | |
| CVE-2018-16765 | In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denia... | E S | |
| CVE-2018-16766 | In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denia... | E S | |
| CVE-2018-16767 | In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denia... | E S | |
| CVE-2018-16768 | In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denia... | E S | |
| CVE-2018-16769 | In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denia... | E S | |
| CVE-2018-16770 | In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denia... | E S | |
| CVE-2018-16771 | Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishan... | E | |
| CVE-2018-16772 | Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new.... | E | |
| CVE-2018-16773 | EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/clo... | E | |
| CVE-2018-16774 | HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/lang... | E | |
| CVE-2018-16775 | An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the site name in the "Cat... | E | |
| CVE-2018-16776 | wityCMS 0.6.2 has XSS via the "Site Name" field found in the "Contact" "Configuration" page.... | E | |
| CVE-2018-16778 | Cross-site scripting (XSS) vulnerability in Jenzabar v8.2.1 through 9.2.0 allows remote attackers to... | E | |
| CVE-2018-16779 | BlogCMS through 2016-10-25 has XSS via a comment.... | | |
| CVE-2018-16780 | Complete Responsive CMS Blog through 2018-05-20 has XSS via a comment.... | E | |
| CVE-2018-16781 | ffjpeg.dll in ffjpeg before 2018-08-22 allows remote attackers to cause a denial of service (FPE sig... | | |
| CVE-2018-16782 | libimageworsener.a in ImageWorsener 1.3.2 has a buffer overflow in the bmpr_read_rle_internal functi... | E | |
| CVE-2018-16784 | DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a " | E | |
| CVE-2018-16785 | XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by... | E | |
| CVE-2018-16786 | DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax... | E | |
| CVE-2018-16789 | libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing log... | E S | |
| CVE-2018-16790 | _bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and oth... | S | |
| CVE-2018-16791 | In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writa... | | |
| CVE-2018-16792 | SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable... | | |
| CVE-2018-16793 | Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via... | E | |
| CVE-2018-16794 | Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SS... | E | |
| CVE-2018-16795 | OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as de... | E | |
| CVE-2018-16796 | HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files with Dangerous Types.... | E | |
| CVE-2018-16797 | A heap-based buffer overflow in PotPlayerMini.exe in PotPlayer 1.7.8556 allows remote attackers to e... | E | |
| CVE-2018-16802 | An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" che... | | |
| CVE-2018-16803 | In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code.... | | |
| CVE-2018-16804 | An issue was discovered in UCMS 1.4.6. There is XSS in the title bar, as demonstrated by a do=list r... | E | |
| CVE-2018-16805 | In b3log Solo 2.9.3, XSS in the Input page under the Publish Articles menu, with an ID of linkAddres... | | |
| CVE-2018-16806 | A Pektron Passive Keyless Entry and Start (PKES) system, as used on the Tesla Model S and possibly o... | E | |
| CVE-2018-16807 | In Bro through 2.5.5, there is a memory leak potentially leading to DoS in scripts/base/protocols/kr... | S | |
| CVE-2018-16808 | An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in ... | E | |
| CVE-2018-16809 | An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports mod... | E | |
| CVE-2018-16819 | admin/index.php in Monstra CMS 3.0.4 allows arbitrary file deletion via id=filesmanager&path=uploads... | E | |
| CVE-2018-16820 | admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=upl... | E | |
| CVE-2018-16821 | SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/... | E | |
| CVE-2018-16822 | SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter.... | E | |
| CVE-2018-16831 | Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a fil... | E | |
| CVE-2018-16832 | CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via ... | E S | |
| CVE-2018-16833 | Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the... | | |
| CVE-2018-16836 | Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing u... | E | |
| CVE-2018-16837 | Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lea... | | |
| CVE-2018-16838 | A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD d... | | |
| CVE-2018-16839 | Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication co... | S | |
| CVE-2018-16840 | A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related... | S | |
| CVE-2018-16841 | Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of s... | S | |
| CVE-2018-16842 | Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs... | S | |
| CVE-2018-16843 | nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can... | | |
| CVE-2018-16844 | nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can... | | |
| CVE-2018-16845 | nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might all... | S | |
| CVE-2018-16846 | It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of ... | S | |
| CVE-2018-16847 | An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It co... | S | |
| CVE-2018-16848 | A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including... | | |
| CVE-2018-16849 | A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh act... | | |
| CVE-2018-16850 | postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump ... | S | |
| CVE-2018-16851 | Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of servi... | S | |
| CVE-2018-16852 | Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. Duri... | S | |
| CVE-2018-16853 | Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KD... | | |
| CVE-2018-16854 | A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earl... | S | |
| CVE-2018-16855 | An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a ... | | |
| CVE-2018-16856 | In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions ope... | | |
| CVE-2018-16857 | Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad pa... | S | |
| CVE-2018-16858 | It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversa... | E | |
| CVE-2018-16859 | Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module l... | S | |
| CVE-2018-16860 | A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.... | M | |
| CVE-2018-16861 | A cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with ... | S | |
| CVE-2018-16862 | A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode... | S | |
| CVE-2018-16863 | It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploi... | S | |
| CVE-2018-16864 | An allocation of memory without limits, that could result in the stack clashing with another memory ... | E S | |
| CVE-2018-16865 | An allocation of memory without limits, that could result in the stack clashing with another memory ... | E S | |
| CVE-2018-16866 | An out of bounds read was discovered in systemd-journald in the way it parses log messages that term... | E S | |
| CVE-2018-16867 | A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the... | S | |
| CVE-2018-16868 | A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles v... | | |
| CVE-2018-16869 | A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles e... | | |
| CVE-2018-16870 | It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack ... | S | |
| CVE-2018-16871 | A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up ... | | |
| CVE-2018-16872 | A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object... | S | |
| CVE-2018-16873 | In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code exec... | M | |
| CVE-2018-16874 | In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traver... | M | |
| CVE-2018-16875 | The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of wo... | M | |
| CVE-2018-16876 | ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+... | S | |
| CVE-2018-16877 | A flaw was found in the way pacemaker's client-server authentication was implemented in versions up ... | S | |
| CVE-2018-16878 | A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflic... | S | |
| CVE-2018-16879 | Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure... | | |
| CVE-2018-16880 | A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious v... | S | |
| CVE-2018-16881 | A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send ... | S | |
| CVE-2018-16882 | A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted inter... | S | |
| CVE-2018-16883 | sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according... | | |
| CVE-2018-16884 | A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network ... | S | |
| CVE-2018-16885 | A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and sim... | | |
| CVE-2018-16886 | etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authenticati... | S | |
| CVE-2018-16887 | A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with ... | E S | |
| CVE-2018-16888 | It was discovered systemd does not correctly check the content of PIDFile files before using it to k... | S | |
| CVE-2018-16889 | Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the le... | E S | |
| CVE-2018-16890 | libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The... | S | |
| CVE-2018-16891 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16892 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16893 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16894 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16895 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16896 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16897 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16898 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16899 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16900 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16901 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16902 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16903 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16904 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16905 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16906 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16907 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16908 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16909 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16910 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16911 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16912 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16913 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16914 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16915 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16916 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16917 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16918 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16919 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16920 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16921 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16922 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16923 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16924 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16925 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16926 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16927 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16928 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16929 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16930 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16931 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16932 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16933 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16934 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16935 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16936 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-16946 | LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are... | E | |
| CVE-2018-16947 | An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller ... | | |
| CVE-2018-16948 | An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines... | | |
| CVE-2018-16949 | An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as ... | | |
| CVE-2018-16950 | Inteno DG400 WU7U_ELION3.11.6-170614_1328 devices allow remote attackers to cause a denial of servic... | | |
| CVE-2018-16951 | xunfeng 0.2.0 allows command execution via CSRF because masscan.py mishandles backquote characters, ... | E | |
| CVE-2018-16952 | The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Requ... | | |
| CVE-2018-16953 | The AjaxView::DisplayResponse() function of the portalpages.dll assembly in Oracle WebCenter Interac... | | |
| CVE-2018-16954 | An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The login function of the por... | E S | |
| CVE-2018-16955 | The login function of Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-si... | | |
| CVE-2018-16956 | The AjaxControl component of Oracle WebCenter Interaction Portal 10.3.3 does not validate the names ... | | |
| CVE-2018-16957 | The Oracle WebCenter Interaction 10.3.3 search service queryd.exe binary is compiled with the i1g2s3... | | |
| CVE-2018-16958 | An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NET_SessionID primary... | | |
| CVE-2018-16959 | An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The portal component is deliv... | | |
| CVE-2018-16960 | An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/login.php has Reflected XSS vi... | | |
| CVE-2018-16961 | An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/dl_publication.php allows Path... | | |
| CVE-2018-16962 | Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that la... | E | |
| CVE-2018-16965 | In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XS... | | |
| CVE-2018-16966 | There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page... | E | |
| CVE-2018-16967 | There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page... | E | |
| CVE-2018-16968 | Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal.... | S | |
| CVE-2018-16969 | Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Mess... | S | |
| CVE-2018-16970 | Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) atta... | E | |
| CVE-2018-16971 | Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) atta... | E | |
| CVE-2018-16974 | An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in ... | E S | |
| CVE-2018-16975 | An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in ... | E S | |
| CVE-2018-16976 | Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restri... | S | |
| CVE-2018-16977 | Monstra CMS V3.0.4 has an information leakage risk (e.g., PATH, DOCUMENT_ROOT, and SERVER_ADMIN) in ... | E | |
| CVE-2018-16978 | Monstra CMS V3.0.4 has XSS when ones tries to register an account with a crafted password parameter ... | E | |
| CVE-2018-16979 | Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg pa... | E | |
| CVE-2018-16980 | dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode ... | E | |
| CVE-2018-16981 | stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer ove... | E | |
| CVE-2018-16982 | Open Chinese Convert (OpenCC) 1.0.5 allows attackers to cause a denial of service (segmentation faul... | E | |
| CVE-2018-16983 | NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to ... | | |
| CVE-2018-16984 | An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the passwor... | | |
| CVE-2018-16985 | In Lizard (formerly LZ5) 2.0, use of an invalid memory address was discovered in LZ5_compress_contin... | E | |
| CVE-2018-16986 | Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices allows remote attackers ... | M | |
| CVE-2018-16987 | Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration... | E | |
| CVE-2018-16988 | An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exi... | | |
| CVE-2018-16994 | An issue was discovered on PHOENIX CONTACT AXL F BK PN <=1.0.4, AXL F BK ETH <= 1.12, and AXL F BK E... | | |
| CVE-2018-16999 | Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro ... | E |