| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2018-20000 | Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply docume... | S | |
| CVE-2018-20001 | In Libav 12.3, there is a floating point exception in the range_decode_culshift function (called fro... | E | |
| CVE-2018-20002 | The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (ak... | E S | |
| CVE-2018-20004 | An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_wri... | E | |
| CVE-2018-20005 | An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-... | E | |
| CVE-2018-20006 | An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title paramet... | E | |
| CVE-2018-20007 | Yeelight Smart AI Speaker 3.3.10_0074 devices have improper access control over the UART interface, ... | E | |
| CVE-2018-20008 | iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowin... | E | |
| CVE-2018-20009 | DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL ... | E | |
| CVE-2018-20010 | DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field.... | E | |
| CVE-2018-20011 | DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field.... | E | |
| CVE-2018-20012 | PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI.... | E | |
| CVE-2018-20013 | In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trig... | | |
| CVE-2018-20014 | In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trig... | | |
| CVE-2018-20015 | YzmCMS v5.2 has admin/role/add.html CSRF.... | E | |
| CVE-2018-20017 | SEMCMS 3.5 has XSS via the first text box to the SEMCMS_Main.php URI.... | E | |
| CVE-2018-20018 | S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_i... | E | |
| CVE-2018-20019 | LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound wr... | S | |
| CVE-2018-20020 | LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulne... | | |
| CVE-2018-20021 | LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vuln... | | |
| CVE-2018-20022 | LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Imprope... | | |
| CVE-2018-20023 | LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vul... | | |
| CVE-2018-20024 | LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in V... | | |
| CVE-2018-20025 | Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.... | M | |
| CVE-2018-20026 | Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.... | M | |
| CVE-2018-20027 | The yaml_parse.load method in Pylearn2 allows code injection.... | E | |
| CVE-2018-20028 | Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control.... | | |
| CVE-2018-20029 | The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows loca... | | |
| CVE-2018-20030 | An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version... | S | |
| CVE-2018-20031 | A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon com... | S | |
| CVE-2018-20032 | A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components ... | S | |
| CVE-2018-20033 | A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher ver... | S | |
| CVE-2018-20034 | A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon com... | S | |
| CVE-2018-20050 | Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remot... | E | |
| CVE-2018-20051 | Mishandling of '>' on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers ... | | |
| CVE-2018-20052 | An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The user running the main CCE... | | |
| CVE-2018-20053 | An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The hostname, timezone, and N... | | |
| CVE-2018-20056 | An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 device... | E | |
| CVE-2018-20057 | An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 device... | E | |
| CVE-2018-20058 | In Evernote before 7.6 on macOS, there is a local file path traversal issue in attachment previewing... | | |
| CVE-2018-20059 | jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE.... | E | |
| CVE-2018-20060 | urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-ori... | S | |
| CVE-2018-20061 | A SQL injection issue was discovered in ERPNext 10.x and 11.x through 11.0.3-beta.29. This attack is... | | |
| CVE-2018-20062 | An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to e... | KEV E | |
| CVE-2018-20063 | An issue was discovered in Gurock TestRail 5.6.0.3853. An "Unrestricted Upload of File" vulnerabilit... | | |
| CVE-2018-20064 | doorGets 7.0 allows remote attackers to write to arbitrary files via directory traversal, as demonst... | E | |
| CVE-2018-20065 | Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to... | | |
| CVE-2018-20066 | Incorrect object lifecycle in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote att... | | |
| CVE-2018-20067 | A renderer initiated back navigation was incorrectly allowed to cancel a browser initiated one in Na... | | |
| CVE-2018-20068 | Incorrect handling of 304 status codes in Navigation in Google Chrome prior to 71.0.3578.80 allowed ... | | |
| CVE-2018-20069 | Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior ... | | |
| CVE-2018-20070 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 ... | | |
| CVE-2018-20071 | Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome... | | |
| CVE-2018-20072 | Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75 allowed a remote attacker... | | |
| CVE-2018-20073 | Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attac... | | |
| CVE-2018-20090 | An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated... | | |
| CVE-2018-20091 | An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4... | S | |
| CVE-2018-20092 | PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory traversal attack on ZIP files via ... | | |
| CVE-2018-20094 | An issue was discovered in XXL-CONF 1.6.0. There is a path traversal vulnerability via ../ in the ke... | E | |
| CVE-2018-20095 | An issue was discovered in EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input ... | E | |
| CVE-2018-20096 | There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2... | E S | |
| CVE-2018-20097 | There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv... | E S | |
| CVE-2018-20098 | There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 ... | E S | |
| CVE-2018-20099 | There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A c... | E S | |
| CVE-2018-20100 | An issue was discovered on August Connect devices. Insecure data transfer between the August app and... | | |
| CVE-2018-20101 | The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via th... | | |
| CVE-2018-20102 | An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14... | | |
| CVE-2018-20103 | An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a c... | | |
| CVE-2018-20104 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-20105 | yast2-rmt exposes CA private key passhrase in log-file | | |
| CVE-2018-20106 | SMB printer settings don't escape characters in passwords properly | | |
| CVE-2018-20107 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-20108 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-20109 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-20110 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-20111 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-20112 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-20113 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-20114 | On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS co... | E | |
| CVE-2018-20121 | Podcast Generator 2.7 has stored cross-site scripting (XSS) via the URL addcategory parameter.... | E | |
| CVE-2018-20122 | The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 ... | | |
| CVE-2018-20123 | pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error.... | S | |
| CVE-2018-20124 | hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqW... | S | |
| CVE-2018-20125 | hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer derefer... | S | |
| CVE-2018-20126 | hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mish... | S | |
| CVE-2018-20127 | An issue was discovered in zzzphp cms 1.5.8. del_file in /admin/save.php allows remote attackers to ... | E | |
| CVE-2018-20128 | An issue was discovered in UsualToolCMS v8.0. cmsadmin\a_sqlback.php allows remote attackers to dele... | E | |
| CVE-2018-20129 | An issue was discovered in DedeCMS V5.7 SP2. uploads/include/dialog/select_images_post.php allows re... | E | |
| CVE-2018-20131 | The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permiss... | | |
| CVE-2018-20132 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2018-20133 | ymlref allows code injection.... | E | |
| CVE-2018-20135 | Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostname used for load balancing on i... | E | |
| CVE-2018-20136 | XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Variables during new-page creation... | E | |
| CVE-2018-20137 | XSS exists in FUEL CMS 1.4.3 via the Page title, Meta description, or Meta keywords during page data... | E | |
| CVE-2018-20138 | PHP Scripts Mall Entrepreneur B2B Script 3.0.6 allows Stored XSS via Account Settings fields such as... | E | |
| CVE-2018-20140 | Zenphoto 1.4.14 has multiple cross-site scripting (XSS) vulnerabilities via different URL parameters... | E S | |
| CVE-2018-20141 | AbanteCart 1.2.12 has reflected cross-site scripting (XSS) via the sort parameter, as demonstrated b... | | |
| CVE-2018-20144 | GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x before 11.4.11, and 11.5.x befor... | E | |
| CVE-2018-20145 | Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set ... | S | |
| CVE-2018-20146 | An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0... | | |
| CVE-2018-20147 | In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended res... | | |
| CVE-2018-20148 | In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection atta... | E | |
| CVE-2018-20149 | In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could u... | S | |
| CVE-2018-20150 | In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases... | S | |
| CVE-2018-20151 | In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search e... | | |
| CVE-2018-20152 | In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post t... | | |
| CVE-2018-20153 | In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users... | | |
| CVE-2018-20154 | The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to disco... | | |
| CVE-2018-20155 | The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber use... | | |
| CVE-2018-20156 | The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated "site administ... | | |
| CVE-2018-20157 | The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack t... | E S | |
| CVE-2018-20159 | i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an uploa... | E | |
| CVE-2018-20160 | ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration S... | | |
| CVE-2018-20161 | A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attacke... | E | |
| CVE-2018-20162 | Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows... | E | |
| CVE-2018-20164 | An issue was discovered in regex.yaml (aka regexes.yaml) in UA-Parser UAP-Core before 0.6.0. A Regul... | E S | |
| CVE-2018-20165 | Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject ... | | |
| CVE-2018-20166 | A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows ... | E | |
| CVE-2018-20167 | Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrate... | E S | |
| CVE-2018-20168 | Google gVisor before 2018-08-22 reuses a pagetable in a different level with the paging-structure ca... | S | |
| CVE-2018-20169 | An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks ... | S | |
| CVE-2018-20170 | OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames hav... | E | |
| CVE-2018-20171 | An issue was discovered in Nagios XI before 5.5.8. The url parameter of rss_dashlet/magpierss/script... | E | |
| CVE-2018-20172 | An issue was discovered in Nagios XI before 5.5.8. The rss_url parameter of rss_dashlet/magpierss/sc... | E | |
| CVE-2018-20173 | Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API.... | | |
| CVE-2018-20174 | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_h... | E S | |
| CVE-2018-20175 | rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to... | E S | |
| CVE-2018-20176 | rdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure... | E S | |
| CVE-2018-20177 | rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based ... | E S | |
| CVE-2018-20178 | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_d... | E S | |
| CVE-2018-20179 | rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based... | E S | |
| CVE-2018-20180 | rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based... | E S | |
| CVE-2018-20181 | rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based... | E S | |
| CVE-2018-20182 | rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in ... | E S | |
| CVE-2018-20184 | In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAIma... | E S | |
| CVE-2018-20185 | In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-re... | E S | |
| CVE-2018-20186 | An issue was discovered in Bento4 1.5.1-627. AP4_Sample::ReadData in Core/Ap4Sample.cpp allows attac... | E | |
| CVE-2018-20187 | A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measurin... | | |
| CVE-2018-20188 | FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account.... | E | |
| CVE-2018-20189 | In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a c... | E S | |
| CVE-2018-20190 | In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_O... | E | |
| CVE-2018-20191 | hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy t... | S | |
| CVE-2018-20193 | Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now s... | E | |
| CVE-2018-20194 | There is a stack-based buffer underflow in the third instance of the calculate_gain function in libf... | E | |
| CVE-2018-20195 | A NULL pointer dereference was discovered in ic_predict of libfaad/ic_predict.c in Freeware Advanced... | E | |
| CVE-2018-20196 | There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfa... | E | |
| CVE-2018-20197 | There is a stack-based buffer underflow in the third instance of the calculate_gain function in libf... | E | |
| CVE-2018-20198 | A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced... | E | |
| CVE-2018-20199 | A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced... | E | |
| CVE-2018-20200 | CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass cer... | E S | |
| CVE-2018-20201 | There is a stack-based buffer over-read in the jsfNameFromString function of jsflash.c in Espruino 2... | E | |
| CVE-2018-20211 | ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\par-%username%\cache-exifto... | E | |
| CVE-2018-20212 | bin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter.... | | |
| CVE-2018-20213 | wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01 allows attackers to cause a denial o... | E | |
| CVE-2018-20216 | QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checke... | S | |
| CVE-2018-20217 | A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If a... | S | |
| CVE-2018-20218 | An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form pass... | E | |
| CVE-2018-20219 | An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful au... | | |
| CVE-2018-20220 | An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web inter... | | |
| CVE-2018-20221 | Secure/SAService.rem in Deltek Ajera Timesheets 9.10.16 and prior are vulnerable to remote code exec... | E | |
| CVE-2018-20222 | XXE issue in Airsonic before 10.1.2 during parse.... | | |
| CVE-2018-20225 | An issue was discovered in pip (all versions) because it installs the version with the highest versi... | | |
| CVE-2018-20226 | An organization administrator can add a super administrator in THEHIVE PROJECT Cortex before 2.1.3 d... | S | |
| CVE-2018-20227 | RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP archive.... | E S | |
| CVE-2018-20228 | Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF.... | E | |
| CVE-2018-20229 | GitLab Community and Enterprise Edition before 11.3.14, 11.4.x before 11.4.12, and 11.5.x before 11.... | | |
| CVE-2018-20230 | An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_by... | E | |
| CVE-2018-20231 | Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPres... | E | |
| CVE-2018-20232 | The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before versi... | | |
| CVE-2018-20233 | The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remot... | | |
| CVE-2018-20234 | There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 bef... | | |
| CVE-2018-20235 | There was an argument injection vulnerability in Atlassian Sourcetree for Windows from version 0.5a ... | | |
| CVE-2018-20236 | There was an command injection vulnerability in Sourcetree for Windows from version 0.5a before vers... | | |
| CVE-2018-20237 | Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to do... | | |
| CVE-2018-20238 | Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version... | | |
| CVE-2018-20239 | Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before... | | |
| CVE-2018-20240 | The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allow... | | |
| CVE-2018-20241 | The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows ... | | |
| CVE-2018-20242 | A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, from versions up to 2.... | | |
| CVE-2018-20243 | The implementation of POST with the username and password in the URL parameters exposed the credenti... | E S | |
| CVE-2018-20244 | In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airfl... | | |
| CVE-2018-20245 | The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was m... | | |
| CVE-2018-20246 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-20247 | In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicio... | | |
| CVE-2018-20248 | In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicio... | | |
| CVE-2018-20249 | In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicio... | | |
| CVE-2018-20250 | In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting ... | KEV E | |
| CVE-2018-20251 | In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting ... | E | |
| CVE-2018-20252 | In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during... | E | |
| CVE-2018-20253 | In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during... | E | |
| CVE-2018-20298 | S3 Browser before 8.1.5 contains an XML external entity (XXE) vulnerability, allowing remote attacke... | | |
| CVE-2018-20299 | An issue was discovered in several Bosch Smart Home cameras (360 degree indoor camera and Eyes outdo... | M | |
| CVE-2018-20300 | Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an e... | E | |
| CVE-2018-20301 | An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment ... | | |
| CVE-2018-20302 | An XSS issue was discovered in Steve Pallen Xain before 0.6.2 via the order parameter.... | E S | |
| CVE-2018-20303 | In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functional... | E S | |
| CVE-2018-20304 | wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01 allows attackers to cause a denial o... | E | |
| CVE-2018-20305 | D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via ... | E | |
| CVE-2018-20306 | A stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse ... | | |
| CVE-2018-20307 | Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1 allow a remote authentic... | | |
| CVE-2018-20309 | Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyGetAppEdition r... | | |
| CVE-2018-20310 | Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race c... | | |
| CVE-2018-20311 | Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCPDFAction race... | | |
| CVE-2018-20312 | Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race c... | | |
| CVE-2018-20313 | Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyPreviewAction r... | | |
| CVE-2018-20314 | Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCheckLicence ra... | | |
| CVE-2018-20315 | Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a race condition that ... | | |
| CVE-2018-20316 | Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race c... | | |
| CVE-2018-20318 | An issue was discovered in weixin-java-tools v3.2.0. There is an XXE vulnerability in the getXmlDoc ... | E | |
| CVE-2018-20320 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-11032. Reason: This candidat... | R | |
| CVE-2018-20321 | An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default na... | M | |
| CVE-2018-20322 | LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS) vulnerability in Survey Resource zip... | S | |
| CVE-2018-20323 | www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attacker... | E | |
| CVE-2018-20325 | There is a vulnerability in load() method in definitions/parser.py in the Danijar Hafner definitions... | E | |
| CVE-2018-20326 | ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have XSS via the cgi... | E | |
| CVE-2018-20327 | Chamilo LMS version 1.11.8 contains XSS in main/template/default/admin/gradebook_list.tpl in the gra... | S | |
| CVE-2018-20328 | Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, all... | S | |
| CVE-2018-20329 | Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection... | S | |
| CVE-2018-20330 | The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based ... | S | |
| CVE-2018-20331 | Local attackers can trigger a Kernel Pool Buffer Overflow in Antiy AVL ATool v1.0.0.22. An attacker ... | E | |
| CVE-2018-20332 | An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Readin... | E S | |
| CVE-2018-20333 | An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_ap... | E | |
| CVE-2018-20334 | An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data... | E | |
| CVE-2018-20335 | An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of t... | E | |
| CVE-2018-20336 | An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack-based buffer overflow issue i... | E | |
| CVE-2018-20337 | There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw... | E S | |
| CVE-2018-20338 | Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section.... | | |
| CVE-2018-20339 | Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms se... | | |
| CVE-2018-20340 | Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token ... | S | |
| CVE-2018-20341 | WINMAGIC SecureDoc Disk Encryption software before 8.3 has an Unquoted Service Path vulnerability, w... | | |
| CVE-2018-20342 | The Floureon IP Camera SP012 provides a root terminal on a UART serial interface without proper acce... | E | |
| CVE-2018-20343 | Multiple buffer overflow vulnerabilities have been found in Ken Silverman Build Engine 1. An attacke... | | |
| CVE-2018-20345 | Incorrect access control in StackStorm API (st2api) in StackStorm before 2.9.2 and 2.10.x before 2.1... | | |
| CVE-2018-20346 | SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and result... | E S | |
| CVE-2018-20347 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-20348 | libpff_item_tree_create_node in libpff_item_tree.c in libpff before experimental-20180714 allows att... | E | |
| CVE-2018-20349 | The igraph_i_strdiff function in igraph_trie.c in igraph through 0.7.1 has an NULL pointer dereferen... | E | |
| CVE-2018-20351 | The Markdown component in Evernote (Chinese) before 8.3.2 on macOS allows stored XSS, aka MAC-832.... | | |
| CVE-2018-20352 | Use-after-free vulnerability in the mg_cgi_ev_handler function in mongoose.c in Cesanta Mongoose Emb... | E | |
| CVE-2018-20353 | An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the mg_http... | E | |
| CVE-2018-20354 | An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the mg_http_ge... | E | |
| CVE-2018-20355 | An invalid write of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi... | E | |
| CVE-2018-20356 | An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi ... | E | |
| CVE-2018-20357 | A NULL pointer dereference was discovered in sbr_process_channel of libfaad/sbr_dec.c in Freeware Ad... | E | |
| CVE-2018-20358 | An invalid memory address dereference was discovered in the lt_prediction function of libfaad/lt_pre... | E | |
| CVE-2018-20359 | An invalid memory address dereference was discovered in the sbrDecodeSingleFramePS function of libfa... | E | |
| CVE-2018-20360 | An invalid memory address dereference was discovered in the sbr_process_channel function of libfaad/... | E | |
| CVE-2018-20361 | An invalid memory address dereference was discovered in the hf_assembly function of libfaad/sbr_hfad... | E | |
| CVE-2018-20362 | A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced... | E | |
| CVE-2018-20363 | LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.... | E S | |
| CVE-2018-20364 | LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.... | E S | |
| CVE-2018-20365 | LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow.... | E S | |
| CVE-2018-20367 | The "mall some commodity details: commodity consultation" component in WSTMart 2.0.8_181212 has stor... | E | |
| CVE-2018-20368 | The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name ... | E | |
| CVE-2018-20369 | Barracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user ... | E | |
| CVE-2018-20370 | SZ NetChat before 7.9 has XSS in the MyName input field of the Options module. Attackers are able to... | S | |
| CVE-2018-20371 | PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it easier ... | E | |
| CVE-2018-20372 | TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client.... | E | |
| CVE-2018-20373 | Tenda ADSL modem routers 1.0.1 allow XSS via the hostname of a DHCP client.... | E | |
| CVE-2018-20374 | An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source fi... | E | |
| CVE-2018-20375 | An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source fi... | E | |
| CVE-2018-20376 | An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source fi... | E | |
| CVE-2018-20377 | Orange Livebox 00.96.320S devices allow remote attackers to discover Wi-Fi credentials via /get_getn... | E | |
| CVE-2018-20378 | The L2CAP signaling channel implementation and SDP server implementation in OpenSynergy Blue SDK 3.2... | E | |
| CVE-2018-20379 | Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a devices allow XSS via a Cross Protoco... | E | |
| CVE-2018-20380 | Ambit DDW2600 5.100.1009, DDW2602 5.105.1003, T60C926 4.64.1012, and U10C019 5.66.1026 devices allow... | E | |
| CVE-2018-20381 | Technicolor DPC2320 dpc2300r2-v202r1244101-150420a-v6 devices allow remote attackers to discover cre... | E | |
| CVE-2018-20382 | Jiuzhou BCM93383WRG 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover... | E | |
| CVE-2018-20383 | ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote attackers to discover credential... | E | |
| CVE-2018-20384 | iNovo Broadband IB-8120-W21 139.4410mp1.004200.002 and IB-8120-W21E1 139.4410mp1.3921132mp1.899.0044... | E | |
| CVE-2018-20385 | CastleNet CBV38Z4EC 125.553mp1.39219mp1.899.007, CBV38Z4ECNIT 125.553mp1.39219mp1.899.005ITT, CBW383... | E | |
| CVE-2018-20386 | ARRIS SBG6580-2 D30GW-SEAEAGLE-1.5.2.5-GA-00-NOSH devices allow remote attackers to discover credent... | E | |
| CVE-2018-20387 | Bnmux BCW700J 5.20.7, BCW710J 5.30.6a, and BCW710J2 5.30.16 devices allow remote attackers to discov... | E | |
| CVE-2018-20388 | Comtrend CM-6200un 123.447.007 and CM-6300n 123.553mp1.005 devices allow remote attackers to discove... | E | |
| CVE-2018-20389 | D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote atta... | E | |
| CVE-2018-20390 | Kaonmedia CG2001-AN22A 1.2.1, CG2001-UDBNA 3.0.8, and CG2001-UN2NA 3.0.8 devices allow remote attack... | E | |
| CVE-2018-20391 | TEKNOTEL CBW700N 81.447.392110.729.024 devices allow remote attackers to discover credentials via is... | E | |
| CVE-2018-20392 | S-A WebSTAR DPC2100 v2.0.2r1256-060303 devices allow remote attackers to discover credentials via is... | E | |
| CVE-2018-20393 | Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU, CWA0101 CWA0101E-A23E-c7000r5712... | E | |
| CVE-2018-20394 | Thomson DWG849 STC0.01.16, DWG850-4 ST9C.05.25, DWG855 ST80.20.26, and TWG870 STB2.01.36 devices all... | E | |
| CVE-2018-20395 | NETWAVE MNG6200 C4835805jrc12FU121413.cpr devices allow remote attackers to discover credentials via... | E | |
| CVE-2018-20396 | NET&SYS MNG2120J 5.76.1006c and MNG6300 5.83.6305jrc2 devices allow remote attackers to discover cre... | E | |
| CVE-2018-20397 | mplus CBC383Z CBC383Z_mplus_MDr026 devices allow remote attackers to discover credentials via iso.3.... | E | |
| CVE-2018-20398 | Skyworth CM5100 V1.1.0, CM5100-440 V1.2.1, CM5100-511 4.1.0.14, CM5100-GHD00 V1.2.2, and CM5100.g2 4... | E | |
| CVE-2018-20399 | Motorola SBG901 SBG901-2.10.1.1-GA-00-581-NOSH, SBG941 SBG941-2.11.0.0-GA-07-624-NOSH, and SVG1202 S... | E | |
| CVE-2018-20400 | Ubee DVW2108 6.28.1017 and DVW2110 6.28.2012 devices allow remote attackers to discover credentials ... | E | |
| CVE-2018-20401 | Zoom 5352 v5.5.8.6Y devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.... | E | |
| CVE-2018-20402 | Safe Software FME Server through 2018.1 creates and enables three additional accounts in addition to... | | |
| CVE-2018-20404 | ETK_E900.sys, a SmartETK driver for VIA Technologies EPIA-E900 system board, is vulnerable to denial... | E | |
| CVE-2018-20405 | BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax e... | E | |
| CVE-2018-20406 | Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that ... | E S | |
| CVE-2018-20407 | An issue was discovered in Bento4 1.5.1-627. There is a memory leak in AP4_DescriptorFactory::Create... | E | |
| CVE-2018-20408 | An issue was discovered in Bento4 1.5.1-627. There is a memory leak in AP4_StdcFileByteStream::Creat... | E | |
| CVE-2018-20409 | An issue was discovered in Bento4 1.5.1-627. There is a heap-based buffer over-read in AP4_AvccAtom:... | E | |
| CVE-2018-20410 | WellinTech KingSCADA before 3.7.0.0.1 contains a stack-based buffer overflow. The vulnerability is t... | E | |
| CVE-2018-20418 | index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title fr... | E | |
| CVE-2018-20419 | DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account.... | | |
| CVE-2018-20420 | In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwri... | E | |
| CVE-2018-20421 | Go Ethereum (aka geth) 1.8.19 allows attackers to cause a denial of service (memory consumption) by ... | E | |
| CVE-2018-20422 | Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication ... | E | |
| CVE-2018-20423 | Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled reg... | E | |
| CVE-2018-20424 | Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to delete the common_memb... | E | |
| CVE-2018-20425 | libming 0.4.8 has a NULL pointer dereference in the pushdup function of the decompile.c file.... | E | |
| CVE-2018-20426 | libming 0.4.8 has a NULL pointer dereference in the newVar3 function of the decompile.c file, a diff... | E | |
| CVE-2018-20427 | libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file, a diffe... | E | |
| CVE-2018-20428 | libming 0.4.8 has a NULL pointer dereference in the strlenext function of the decompile.c file, a di... | E | |
| CVE-2018-20429 | libming 0.4.8 has a NULL pointer dereference in the getName function of the decompile.c file, a diff... | E | |
| CVE-2018-20430 | GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract... | E S | |
| CVE-2018-20431 | GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_me... | E S | |
| CVE-2018-20432 | D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connec... | E S | |
| CVE-2018-20433 | c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlU... | S | |
| CVE-2018-20434 | LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['communit... | E | |
| CVE-2018-20436 | The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram serve... | E | |
| CVE-2018-20437 | An issue was discovered in the fileDownload function in the CommonController class in FEBS-Shiro bef... | E S | |
| CVE-2018-20438 | Technicolor TC7110.AR STD3.38.03 devices allow remote attackers to discover Wi-Fi credentials via is... | E | |
| CVE-2018-20439 | Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a devices allow remote attackers to dis... | | |
| CVE-2018-20440 | Technicolor CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC devices allow remote attackers to discover W... | E | |
| CVE-2018-20441 | Technicolor TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover Wi-Fi credentials via... | E | |
| CVE-2018-20442 | Technicolor TC7110.B STC8.62.02 devices allow remote attackers to discover Wi-Fi credentials via iso... | E | |
| CVE-2018-20443 | Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT devices allow remote attackers to disc... | E | |
| CVE-2018-20444 | Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU devices allow remote attackers to... | | |
| CVE-2018-20445 | D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote atta... | E | |
| CVE-2018-20448 | Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI.... | E | |
| CVE-2018-20449 | The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the Linux kernel 4.14.90 allows loc... | S | |
| CVE-2018-20450 | The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a d... | E | |
| CVE-2018-20451 | The process_file function in reader.c in libdoc through 2017-10-23 has a heap-based buffer over-read... | E | |
| CVE-2018-20452 | The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid free that allows attackers to ca... | E | |
| CVE-2018-20453 | The getlong function in numutils.c in libdoc through 2017-10-23 has a heap-based buffer over-read th... | E | |
| CVE-2018-20454 | An issue was discovered in 74cms v4.2.111. upload/index.php?c=resume&a=resume_list has XSS via the k... | E | |
| CVE-2018-20455 | In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attack... | E S | |
| CVE-2018-20456 | In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attack... | E S | |
| CVE-2018-20457 | In radare2 through 3.1.3, the assemble function inside libr/asm/p/asm_arm_cs.c allows attackers to c... | S | |
| CVE-2018-20458 | In radare2 prior to 3.1.1, r_bin_dyldcache_extract in libr/bin/format/mach0/dyldcache.c may allow at... | E S | |
| CVE-2018-20459 | In radare2 through 3.1.3, the armass_assemble function in libr/asm/arch/arm/armass.c allows attacker... | E S | |
| CVE-2018-20460 | In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attacke... | E S | |
| CVE-2018-20461 | In radare2 prior to 3.1.1, core_anal_bytes in libr/core/cmd_anal.c allows attackers to cause a denia... | E S | |
| CVE-2018-20462 | An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. A cross-site scripting (XSS) vuln... | E | |
| CVE-2018-20463 | An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. There is an arbitrary file read v... | E | |
| CVE-2018-20464 | There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulner... | E | |
| CVE-2018-20465 | Craft CMS through 3.0.34 allows remote authenticated administrators to read sensitive information vi... | E | |
| CVE-2018-20467 | In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and han... | E S | |
| CVE-2018-20468 | An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A web reports module has "export t... | E | |
| CVE-2018-20469 | An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports mod... | E | |
| CVE-2018-20470 | An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary f... | E | |
| CVE-2018-20472 | An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. The logs web interface is vulnerab... | E | |
| CVE-2018-20476 | An issue was discovered in S-CMS 3.0. It allows XSS via the admin/demo.php T_id parameter.... | E | |
| CVE-2018-20477 | An issue was discovered in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php P_no field.... | E | |
| CVE-2018-20478 | An issue was discovered in S-CMS 1.0. It allows reading certain files, such as PHP source code, via ... | E | |
| CVE-2018-20479 | An issue was discovered in S-CMS 1.0. It allows SQL Injection via the wap_index.php?type=newsinfo S_... | E | |
| CVE-2018-20480 | An issue was discovered in S-CMS 1.0. It allows SQL Injection via the js/pic.php P_id parameter.... | E | |
| CVE-2018-20481 | XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote... | E S | |
| CVE-2018-20482 | GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which all... | E S | |
| CVE-2018-20483 | set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.or... | E | |
| CVE-2018-20484 | Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout impleme... | | |
| CVE-2018-20485 | Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature.... | | |
| CVE-2018-20486 | MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php url_array[] parameter.... | E | |
| CVE-2018-20487 | An issue was discovered in the firewall3 component in Inteno IOPSYS 1.0 through 3.16. The attacker m... | E | |
| CVE-2018-20488 | An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.... | | |
| CVE-2018-20489 | An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.... | S | |
| CVE-2018-20490 | An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4... | E | |
| CVE-2018-20491 | An issue was discovered in GitLab Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before... | | |
| CVE-2018-20492 | An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.... | | |
| CVE-2018-20493 | An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.... | E | |
| CVE-2018-20494 | An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.... | E S | |
| CVE-2018-20495 | An issue was discovered in GitLab Community and Enterprise Edition 11.3.x and 11.4.x before 11.4.13,... | | |
| CVE-2018-20496 | An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4... | E | |
| CVE-2018-20497 | An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.... | | |
| CVE-2018-20498 | An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.... | | |
| CVE-2018-20499 | An issue was discovered in GitLab Community and Enterprise Edition before 11.x before 11.4.13, 11.5.... | | |
| CVE-2018-20500 | An insecure permissions issue was discovered in GitLab Community and Enterprise Edition 9.4 and late... | | |
| CVE-2018-20501 | An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.... | | |
| CVE-2018-20502 | An issue was discovered in Bento4 1.5.1-627. There is an attempt at excessive memory allocation in t... | E | |
| CVE-2018-20503 | Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.php vlanid or subnet_mask param... | E | |
| CVE-2018-20505 | SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers... | E | |
| CVE-2018-20506 | SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and result... | | |
| CVE-2018-20507 | An issue was discovered in GitLab Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x be... | | |
| CVE-2018-20508 | CrashFix 1.0.4 has SQL Injection via the User[status] parameter. This is related to actionIndex in U... | E | |
| CVE-2018-20509 | The print_binder_ref_olocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows... | | |
| CVE-2018-20510 | The print_binder_transaction_ilocked function in drivers/android/binder.c in the Linux kernel 4.14.9... | | |
| CVE-2018-20511 | An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/... | S | |
| CVE-2018-20512 | EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, c... | E | |
| CVE-2018-20519 | An issue was discovered in 74cms v4.2.111. It allows remote authenticated users to read or modify ar... | E | |
| CVE-2018-20520 | MiniCMS V1.10 has XSS via the mc-admin/post-edit.php query string, a related issue to CVE-2018-10296... | E | |
| CVE-2018-20523 | Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allo... | E | |
| CVE-2018-20524 | The Chat Anywhere extension 2.4.0 for Chrome allows XSS via crafted use of < in a message, becaus... | E | |
| CVE-2018-20525 | Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php.... | E | |
| CVE-2018-20526 | Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php.... | E | |
| CVE-2018-20528 | JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter.... | | |
| CVE-2018-20530 | PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a ... | E | |
| CVE-2018-20532 | There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in li... | E S | |
| CVE-2018-20533 | There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolv... | E S | |
| CVE-2018-20534 | There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will... | E S | |
| CVE-2018-20535 | There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc1... | E | |
| CVE-2018-20536 | There is a heap-based buffer over-read at liblas::SpatialReference::GetGTIF() (spatialreference.cpp)... | E | |
| CVE-2018-20537 | There is a NULL pointer dereference at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in... | E | |
| CVE-2018-20538 | There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc1... | E | |
| CVE-2018-20539 | There is a Segmentation fault triggered by illegal address access at liblas::SpatialReference::GetGT... | E | |
| CVE-2018-20540 | There is memory leak at liblas::Open (liblas/liblas.hpp) in libLAS 1.8.1.... | E | |
| CVE-2018-20541 | There is a heap-based buffer overflow in libxsmm_sparse_csc_reader at generator_spgemm_csc_reader.c ... | E S | |
| CVE-2018-20542 | There is a heap-based buffer-overflow at generator_spgemm_csc_reader.c (function libxsmm_sparse_csc_... | E S | |
| CVE-2018-20543 | There is an attempted excessive memory allocation at libxsmm_sparse_csc_reader in generator_spgemm_c... | E | |
| CVE-2018-20544 | There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.bet... | E | |
| CVE-2018-20545 | There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta... | E S | |
| CVE-2018-20546 | There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.... | E S | |
| CVE-2018-20547 | There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.... | E S | |
| CVE-2018-20548 | There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta... | E S | |
| CVE-2018-20549 | There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.bet... | E | |
| CVE-2018-20551 | A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of serv... | E S | |
| CVE-2018-20552 | Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c.... | E S | |
| CVE-2018-20553 | Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len in common/get.c.... | E S | |
| CVE-2018-20555 | The Design Chemical Social Network Tabs plugin 1.7.1 for WordPress allows remote attackers to discov... | E | |
| CVE-2018-20556 | SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers t... | E | |
| CVE-2018-20557 | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the page_n... | E | |
| CVE-2018-20558 | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the si... | E | |
| CVE-2018-20559 | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the n... | E | |
| CVE-2018-20560 | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the show... | E | |
| CVE-2018-20561 | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the t... | E | |
| CVE-2018-20562 | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS ... | E | |
| CVE-2018-20563 | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS... | E | |
| CVE-2018-20564 | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS ... | E | |
| CVE-2018-20565 | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_n... | E | |
| CVE-2018-20566 | An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty erro... | E | |
| CVE-2018-20567 | An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the prod... | E | |
| CVE-2018-20568 | Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 a... | S | |
| CVE-2018-20569 | user/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL... | | |
| CVE-2018-20570 | jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.... | E | |
| CVE-2018-20571 | DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id r... | | |
| CVE-2018-20572 | WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=pro... | E | |
| CVE-2018-20573 | The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attacker... | E | |
| CVE-2018-20574 | The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attack... | E | |
| CVE-2018-20575 | Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware... | E | |
| CVE-2018-20576 | Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, lea... | E | |
| CVE-2018-20577 | Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup... | E | |
| CVE-2018-20578 | An issue was discovered in NuttX before 7.27. The function netlib_parsehttpurl() in apps/netutils/ne... | E S | |
| CVE-2018-20579 | Contiki-NG before 4.2 has a stack-based buffer overflow in the push function in os/lib/json/jsonpars... | M | |
| CVE-2018-20580 | The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 allows remote attackers to execu... | E | |
| CVE-2018-20582 | The GREE+ (aka com.gree.greeplus) application 1.4.0.8 for Android suffers from Cross Site Request Fo... | | |
| CVE-2018-20583 | Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library versions 0.15.6 throug... | E | |
| CVE-2018-20584 | JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempt... | E S | |
| CVE-2018-20586 | bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an ... | E | |
| CVE-2018-20587 | Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots201812... | | |
| CVE-2018-20588 | lib/support/unicodeconv/unicodeconv.c in libotfcc.a in otfcc v0.10.3-alpha has a buffer over-read.... | E | |
| CVE-2018-20589 | Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrato... | S | |
| CVE-2018-20590 | Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrato... | S | |
| CVE-2018-20591 | A heap-based buffer over-read was discovered in decompileJUMP function in util/decompile.c of libmin... | E | |
| CVE-2018-20592 | In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c f... | E | |
| CVE-2018-20593 | In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxml... | E | |
| CVE-2018-20594 | An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of ty... | E S | |
| CVE-2018-20595 | A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hs... | E S | |
| CVE-2018-20596 | Jspxcms v9.0.0 allows SSRF.... | | |
| CVE-2018-20597 | UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action.... | E | |
| CVE-2018-20598 | UCMS 1.4.7 has ?do=user_addpost CSRF.... | E | |
| CVE-2018-20599 | UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an ind... | E | |
| CVE-2018-20600 | sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action.... | E | |
| CVE-2018-20601 | UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action.... | E | |
| CVE-2018-20602 | Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the /install.php?s=/1 URI.... | E | |
| CVE-2018-20603 | Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html CSRF.... | E | |
| CVE-2018-20604 | Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal via crafted use of ..* in Template/edit... | E | |
| CVE-2018-20605 | imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify ... | E | |
| CVE-2018-20606 | imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI.... | E | |
| CVE-2018-20607 | imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root... | E | |
| CVE-2018-20608 | imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1... | E | |
| CVE-2018-20609 | imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the ... | E | |
| CVE-2018-20610 | imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter.... | E | |
| CVE-2018-20611 | imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI.... | E | |
| CVE-2018-20612 | UWA 2.3.11 allows index.php?g=admin&c=admin&a=add_admin_do CSRF.... | E | |
| CVE-2018-20613 | TEMMOKU T1.09 Beta allows admin/user/add CSRF.... | E | |
| CVE-2018-20614 | public\install\install.php in CIM 0.9.3 allows remote attackers to reload the product via the public... | E | |
| CVE-2018-20615 | An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x... | | |
| CVE-2018-20616 | ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_wav_decode_ms_adpcm_da... | E | |
| CVE-2018-20617 | ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_csv_decode2 function i... | E | |
| CVE-2018-20618 | ok-file-formats through 2018-10-16 has a heap-based buffer over-read in the ok_mo_decode2 function i... | E | |
| CVE-2018-20621 | An issue was discovered in Microvirt MEmu 6.0.6. The MemuService.exe service binary is vulnerable to... | E | |
| CVE-2018-20622 | JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is us... | | |
| CVE-2018-20623 | In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called fro... | E | |
| CVE-2018-20626 | PHP Scripts Mall Consumer Reviews Script 4.0.3 has directory traversal via a direct request for a li... | E | |
| CVE-2018-20627 | PHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via the search box.... | E | |
| CVE-2018-20628 | PHP Scripts Mall Charity Foundation Script 1 through 3 allows directory traversal via a direct reque... | E | |
| CVE-2018-20629 | PHP Scripts Mall Charity Donation Script readymadeb2bscript has directory traversal via a direct req... | E | |
| CVE-2018-20630 | PHP Scripts Mall Advance Crowdfunding Script 2.0.3 has directory traversal via a direct request for ... | E | |
| CVE-2018-20631 | PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitr... | E | |
| CVE-2018-20632 | PHP Scripts Mall Advance B2B Script 2.1.4 has stored Cross-Site Scripting (XSS) via the FIRST NAME o... | E | |
| CVE-2018-20633 | PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile... | E | |
| CVE-2018-20634 | PHP Scripts Mall Advance B2B Script 2.1.4 allows remote attackers to cause a denial of service (chan... | E | |
| CVE-2018-20635 | PHP Scripts Mall Advance B2B Script 2.1.4 has directory traversal via a direct request for a listing... | E | |
| CVE-2018-20636 | PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has HTML injection via the First Name ... | E | |
| CVE-2018-20637 | PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 allows remote attackers to cause a den... | E | |
| CVE-2018-20638 | PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has directory traversal via a direct r... | E | |
| CVE-2018-20639 | PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has HTML injection via the Search Bar.... | E | |
| CVE-2018-20640 | PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has stored Cross-Site Scripting (XSS) via the ... | E | |
| CVE-2018-20641 | PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has Cross-Site Request Forgery (CSRF) via the ... | E | |
| CVE-2018-20642 | PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 allows remote attackers to cause a denial of s... | E | |
| CVE-2018-20643 | PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory traversal via a direct request f... | E | |
| CVE-2018-20644 | PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery (CSRF) via the Edit profile f... | E | |
| CVE-2018-20645 | PHP Scripts Mall Basic B2B Script 2.0.9 has HTML injection via the First Name or Last Name field.... | E | |
| CVE-2018-20646 | PHP Scripts Mall Basic B2B Script 2.0.9 has has directory traversal via a direct request for a listi... | E | |
| CVE-2018-20647 | PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a direct request for a listing ... | E | |
| CVE-2018-20648 | PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via accountedit.php.... | E | |
| CVE-2018-20650 | A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of ser... | S | |
| CVE-2018-20651 | A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary ... | E | |
| CVE-2018-20652 | An attempted excessive memory allocation was discovered in the function tinyexr::AllocateImage in ti... | E | |
| CVE-2018-20655 | When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided pac... | | |
| CVE-2018-20657 | The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.... | E | |
| CVE-2018-20658 | The server in Core FTP 2.0 build 653 on 32-bit platforms allows remote attackers to cause a denial o... | E | |
| CVE-2018-20659 | An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom class in Core/Ap4StcoAtom.cpp has an a... | E | |
| CVE-2018-20662 | In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (applica... | S | |
| CVE-2018-20663 | The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Platform through 6.10.x has Pers... | E | |
| CVE-2018-20664 | Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license.... | | |
| CVE-2018-20669 | An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuf... | E S | |
| CVE-2018-20671 | load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow... | E | |
| CVE-2018-20673 | The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.... | E | |
| CVE-2018-20674 | D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B0... | | |
| CVE-2018-20675 | D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B0... | | |
| CVE-2018-20676 | In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.... | S | |
| CVE-2018-20677 | In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.... | E S | |
| CVE-2018-20678 | LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exp... | | |
| CVE-2018-20679 | An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consume... | E S | |
| CVE-2018-20680 | Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field.... | E | |
| CVE-2018-20681 | mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically proximate attackers to ... | E S | |
| CVE-2018-20682 | Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admi... | E | |
| CVE-2018-20683 | commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync comman... | S | |
| CVE-2018-20684 | In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary... | S | |
| CVE-2018-20685 | In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrict... | S | |
| CVE-2018-20686 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-20687 | An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan CommandCen... | | |
| CVE-2018-20698 | The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects ... | S | |
| CVE-2018-20699 | Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption... | S | |
| CVE-2018-20703 | CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string.... | E | |
| CVE-2018-20710 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-6285. Reason: This candidate... | R | |
| CVE-2018-20712 | A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libibert... | E | |
| CVE-2018-20713 | Shopware before 5.4.3 allows SQL Injection by remote authenticated users, aka SW-21404.... | M | |
| CVE-2018-20714 | The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to ... | | |
| CVE-2018-20715 | The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or syncho... | | |
| CVE-2018-20716 | CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!"... | E | |
| CVE-2018-20717 | In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a ... | E | |
| CVE-2018-20718 | In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to u... | E | |
| CVE-2018-20719 | In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_task... | E | |
| CVE-2018-20720 | ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and 1.3 before 1.3.0.A6 allow remot... | | |
| CVE-2018-20721 | URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functi... | S | |
| CVE-2018-20723 | A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due t... | E S | |
| CVE-2018-20724 | A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack o... | E S | |
| CVE-2018-20725 | A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due t... | E S | |
| CVE-2018-20726 | A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 d... | E S | |
| CVE-2018-20727 | Multiple command injection vulnerabilities in NeDi before 1.7Cp3 allow authenticated users to execut... | E | |
| CVE-2018-20728 | A cross site request forgery (CSRF) vulnerability in NeDi before 1.7Cp3 allows remote attackers to e... | E | |
| CVE-2018-20729 | A reflected cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers t... | E | |
| CVE-2018-20730 | A SQL injection vulnerability in NeDi before 1.7Cp3 allows any user to execute arbitrary SQL read co... | E | |
| CVE-2018-20731 | A stored cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to i... | E | |
| CVE-2018-20732 | SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a... | | |
| CVE-2018-20733 | BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE.... | S | |
| CVE-2018-20735 | An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli applica... | E | |
| CVE-2018-20736 | An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store par... | S | |
| CVE-2018-20737 | An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part... | S | |
| CVE-2018-20742 | An issue was discovered in UC Berkeley RISE Opaque before 2018-12-01. There is no boundary check on ... | E S | |
| CVE-2018-20743 | murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are p... | S | |
| CVE-2018-20744 | The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into refl... | | |
| CVE-2018-20745 | Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origi... | | |
| CVE-2018-20748 | LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbp... | E S | |
| CVE-2018-20749 | LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. ... | E S | |
| CVE-2018-20750 | LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c.... | E S | |
| CVE-2018-20751 | An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()... | E | |
| CVE-2018-20752 | An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py... | S | |
| CVE-2018-20753 | Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileg... | KEV E | |
| CVE-2018-20755 | MODX Revolution through v2.7.0-pl allows XSS via the User Photo field.... | E S | |
| CVE-2018-20756 | MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is m... | E S | |
| CVE-2018-20757 | MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or At... | E S | |
| CVE-2018-20758 | MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description.... | S | |
| CVE-2018-20760 | In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a al... | E S | |
| CVE-2018-20761 | GPAC version 0.7.1 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function i... | E S | |
| CVE-2018-20762 | GPAC version 0.7.1 and earlier has a buffer overflow vulnerability in the cat_multiple_files functio... | E S | |
| CVE-2018-20763 | In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a al... | E S | |
| CVE-2018-20764 | A buffer overflow exists in HelpSystems tcpcrypt on Linux, used for BoKS encrypted telnet through Bo... | | |
| CVE-2018-20767 | An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX... | | |
| CVE-2018-20768 | An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX... | S | |
| CVE-2018-20769 | An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX... | | |
| CVE-2018-20770 | An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX... | | |
| CVE-2018-20771 | An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX... | | |
| CVE-2018-20772 | Frog CMS 0.9.5 allows PHP code execution via | E | |
| CVE-2018-20773 | Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional | E | |
| CVE-2018-20774 | Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field.... | E | |
| CVE-2018-20775 | admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file ... | E | |
| CVE-2018-20776 | Frog CMS 0.9.5 provides a directory listing for a /public request.... | E | |
| CVE-2018-20777 | Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field.... | E | |
| CVE-2018-20778 | admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted... | E | |
| CVE-2018-20779 | Traq 3.7.1 allows SQL Injection via a tickets?search= URI.... | E | |
| CVE-2018-20780 | Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1).... | E | |
| CVE-2018-20781 | In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-chi... | S | |
| CVE-2018-20782 | The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN messages.... | E S | |
| CVE-2018-20783 | In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over... | E | |
| CVE-2018-20784 | In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attack... | S | |
| CVE-2018-20785 | Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. Du... | E | |
| CVE-2018-20786 | libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory condi... | E S | |
| CVE-2018-20787 | The ft5x46 touchscreen driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device thro... | | |
| CVE-2018-20788 | drivers/leds/leds-aw2023.c in the led driver for custom Linux kernels on the Xiaomi Redmi 6pro daisy... | | |
| CVE-2018-20789 | tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a ... | E | |
| CVE-2018-20790 | tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a conse... | E | |
| CVE-2018-20791 | tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the ... | E | |
| CVE-2018-20792 | tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traver... | E | |
| CVE-2018-20793 | tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a con... | E | |
| CVE-2018-20794 | tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (j... | E | |
| CVE-2018-20795 | tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path trave... | E | |
| CVE-2018-20796 | In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec... | E S | |
| CVE-2018-20797 | An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo... | E | |
| CVE-2018-20798 | The expiretable configuration in pfSense 2.4.4_1 establishes block durations that are incompatible w... | E S | |
| CVE-2018-20799 | In pfSense 2.4.4_1, blocking of source IP addresses on the basis of failed HTTPS authentication is i... | E S | |
| CVE-2018-20800 | An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13. Users updating to 6.... | S | |
| CVE-2018-20801 | In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of backtracking regular expression... | E S | |
| CVE-2018-20802 | Post-auth queries on compound index may crash mongod | | |
| CVE-2018-20803 | Infinite loop in aggregation expression | S | |
| CVE-2018-20804 | Invariant failure in applyOps | | |
| CVE-2018-20805 | Invariant with $elemMatch | | |
| CVE-2018-20806 | Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.p... | E | |
| CVE-2018-20807 | An XSS issue has been found in welcome.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1.x before 8... | | |
| CVE-2018-20808 | An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due ... | | |
| CVE-2018-20809 | A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3... | | |
| CVE-2018-20810 | Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse... | | |
| CVE-2018-20811 | A hidden RPC service issue was found with Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2 and 8... | | |
| CVE-2018-20812 | An information exposure issue where IPv6 DNS traffic would be sent outside of the VPN tunnel (when T... | | |
| CVE-2018-20813 | An input validation issue has been found with login_meeting.cgi in Pulse Secure Pulse Connect Secure... | | |
| CVE-2018-20814 | An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before... | | |
| CVE-2018-20815 | In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has... | | |
| CVE-2018-20816 | An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.... | S | |
| CVE-2018-20817 | SV_SteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is missi... | E | |
| CVE-2018-20818 | A buffer overflow vulnerability was discovered in the OpenPLC controller, in the OpenPLC_v2 and Open... | | |
| CVE-2018-20819 | io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cau... | E S | |
| CVE-2018-20820 | read_ujpg in jpgcoder.cc in Dropbox Lepton 1.2.1 allows attackers to cause a denial-of-service (appl... | E S | |
| CVE-2018-20821 | The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncont... | E S | |
| CVE-2018-20822 | LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex... | E | |
| CVE-2018-20823 | The gyroscope on Xiaomi Mi 5s devices allows attackers to cause a denial of service (resonance and f... | E | |
| CVE-2018-20824 | The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitr... | | |
| CVE-2018-20826 | The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers ... | E | |
| CVE-2018-20827 | The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary... | E | |
| CVE-2018-20834 | A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary F... | E S | |
| CVE-2018-20835 | A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when ext... | E S | |
| CVE-2018-20836 | An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timed... | S | |
| CVE-2018-20837 | include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS.... | E S | |
| CVE-2018-20838 | ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS.... | E | |
| CVE-2018-20839 | systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords i... | S | |
| CVE-2018-20840 | An unhandled exception vulnerability exists during Google Sign-In with Google API C++ Client before ... | E S | |
| CVE-2018-20841 | HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote c... | E | |
| CVE-2018-20843 | In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colo... | E S | |
| CVE-2018-20845 | Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in op... | S | |
| CVE-2018-20846 | Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_n... | S | |
| CVE-2018-20847 | An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters... | S | |
| CVE-2018-20848 | Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and en/achat/caddie_affichage.php... | E | |
| CVE-2018-20849 | Arastta eCommerce 1.6.2 is vulnerable to XSS via the PATH_INFO to the login/ URI.... | E | |
| CVE-2018-20850 | Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the comman... | | |
| CVE-2018-20851 | Helpy before 2.2.0 allows agents to edit admins.... | S | |
| CVE-2018-20852 | http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does n... | E | |
| CVE-2018-20853 | An issue was discovered in the MailPoet Newsletters (aka wysija-newsletters) plugin before 2.8.2 for... | | |
| CVE-2018-20854 | An issue was discovered in the Linux kernel before 4.20. drivers/phy/mscc/phy-ocelot-serdes.c has an... | S | |
| CVE-2018-20855 | An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband... | S | |
| CVE-2018-20856 | An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_dr... | S | |
| CVE-2018-20857 | Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a name_id node with user@examp... | S | |
| CVE-2018-20858 | Recommender before 2018-07-18 allows XSS.... | S | |
| CVE-2018-20859 | edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem.... | S | |
| CVE-2018-20860 | libopenmpt before 0.3.13 allows a crash with malformed MED files.... | S | |
| CVE-2018-20861 | libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files.... | S | |
| CVE-2018-20862 | cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366).... | | |
| CVE-2018-20863 | cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments ... | | |
| CVE-2018-20864 | cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain... | | |
| CVE-2018-20865 | cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459).... | | |
| CVE-2018-20866 | cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feature (SEC-461).... | | |
| CVE-2018-20867 | cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462).... | | |
| CVE-2018-20868 | cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464).... | | |
| CVE-2018-20869 | cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec a... | | |
| CVE-2018-20870 | The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467).... | | |
| CVE-2018-20871 | In Univa Grid Engine before 8.6.3, when configured for Docker jobs and execd spooling on root_squash... | | |
| CVE-2018-20872 | DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or DHCP settings, a related issue... | | |
| CVE-2018-20873 | cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409).... | | |
| CVE-2018-20874 | cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" interface (SEC-428).... | | |
| CVE-2018-20875 | cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433).... | | |
| CVE-2018-20876 | cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434).... | | |
| CVE-2018-20877 | cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437).... | | |
| CVE-2018-20878 | cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface (SEC-441).... | | |
| CVE-2018-20879 | cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (S... | | |
| CVE-2018-20880 | cPanel before 74.0.8 mishandles account suspension because of an invalid email_accounts.json file (S... | | |
| CVE-2018-20881 | cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446).... | | |
| CVE-2018-20882 | cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account durin... | | |
| CVE-2018-20883 | cPanel before 74.0.8 allows FTP access during account suspension (SEC-449).... | | |
| CVE-2018-20884 | cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367).... | | |
| CVE-2018-20885 | cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot varia... | | |
| CVE-2018-20886 | cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418).... | | |
| CVE-2018-20887 | cPanel before 74.0.0 allows SQL injection during database backups (SEC-420).... | | |
| CVE-2018-20888 | cPanel before 74.0.0 allows file modification in the context of the root account because of incorrec... | | |
| CVE-2018-20889 | cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425).... | | |
| CVE-2018-20890 | cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426).... | | |
| CVE-2018-20891 | cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436).... | | |
| CVE-2018-20892 | cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handli... | | |
| CVE-2018-20893 | cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442).... | | |
| CVE-2018-20894 | cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories (S... | | |
| CVE-2018-20895 | In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the correspond... | | |
| CVE-2018-20896 | cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394).... | | |
| CVE-2018-20897 | cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system ... | | |
| CVE-2018-20898 | cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396).... | | |
| CVE-2018-20899 | cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398).... | | |
| CVE-2018-20900 | cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399).... | | |
| CVE-2018-20901 | cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400).... | | |
| CVE-2018-20902 | cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installat... | | |
| CVE-2018-20903 | cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421).... | | |
| CVE-2018-20904 | cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction... | | |
| CVE-2018-20905 | cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restricti... | | |
| CVE-2018-20906 | cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restricti... | | |
| CVE-2018-20907 | cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API feature restriction (SEC-432).... | | |
| CVE-2018-20908 | cPanel before 71.9980.37 allows arbitrary file-read operations during pkgacct custom template handli... | | |
| CVE-2018-20909 | cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups (SEC-... | | |
| CVE-2018-20910 | cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357).... | | |
| CVE-2018-20911 | cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpa... | | |
| CVE-2018-20912 | cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362).... | | |
| CVE-2018-20913 | cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermast... | | |
| CVE-2018-20914 | In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-... | | |
| CVE-2018-20915 | cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-369).... | | |
| CVE-2018-20916 | cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-370).... | | |
| CVE-2018-20917 | cPanel before 70.0.23 allows any user to disable Solr (SEC-371).... | | |
| CVE-2018-20918 | cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372).... | | |
| CVE-2018-20919 | cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373).... | | |
| CVE-2018-20920 | cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374).... | | |
| CVE-2018-20921 | cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action (SEC-375).... | | |
| CVE-2018-20922 | cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376).... | | |
| CVE-2018-20923 | cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377).... | | |
| CVE-2018-20924 | cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (S... | | |
| CVE-2018-20925 | cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload inte... | | |
| CVE-2018-20926 | cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC... | | |
| CVE-2018-20927 | cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382).... | | |
| CVE-2018-20928 | cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391).... | | |
| CVE-2018-20929 | cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392).... | | |
| CVE-2018-20930 | cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SE... | | |
| CVE-2018-20931 | cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405).... | | |
| CVE-2018-20932 | cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406).... | | |
| CVE-2018-20933 | cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410).... | | |
| CVE-2018-20934 | cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned acco... | | |
| CVE-2018-20935 | cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412).... | | |
| CVE-2018-20936 | cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308).... | | |
| CVE-2018-20937 | cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321).... | | |
| CVE-2018-20938 | cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-3... | | |
| CVE-2018-20939 | cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that ... | | |
| CVE-2018-20940 | cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon... | | |
| CVE-2018-20941 | cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349).... | | |
| CVE-2018-20942 | cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon... | | |
| CVE-2018-20943 | cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon... | | |
| CVE-2018-20944 | cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax ... | | |
| CVE-2018-20945 | bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354).... | | |
| CVE-2018-20946 | cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is ... | | |
| CVE-2018-20947 | cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356).... | | |
| CVE-2018-20948 | cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383).... | | |
| CVE-2018-20949 | cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385).... | | |
| CVE-2018-20950 | cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386).... | | |
| CVE-2018-20951 | cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387).... | | |
| CVE-2018-20952 | cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388... | | |
| CVE-2018-20953 | cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389).... | | |
| CVE-2018-20954 | The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled,... | S | |
| CVE-2018-20955 | Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root. NOTE: all... | E | |
| CVE-2018-20956 | Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset. NOTE: all affected custom... | E | |
| CVE-2018-20957 | The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 allows replay attacks... | E | |
| CVE-2018-20958 | The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 relies on Key1 and Se... | | |
| CVE-2018-20959 | Jura E8 devices lack Bluetooth connection security.... | | |
| CVE-2018-20960 | Nespresso Prodigio devices lack Bluetooth connection security.... | | |
| CVE-2018-20961 | In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of dri... | E S | |
| CVE-2018-20962 | The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows XSS via the select field type.... | E S | |
| CVE-2018-20963 | The contact-form-to-email plugin before 1.2.66 for WordPress has XSS.... | | |
| CVE-2018-20964 | The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF.... | | |
| CVE-2018-20965 | The ultimate-member plugin before 2.0.4 for WordPress has XSS.... | | |
| CVE-2018-20966 | The woocommerce-jetpack plugin before 3.8.0 for WordPress has XSS in the Products Per Page feature.... | | |
| CVE-2018-20967 | The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF.... | | |
| CVE-2018-20968 | The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF.... | | |
| CVE-2018-20969 | do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character... | E S | |
| CVE-2018-20970 | The pdf-print plugin before 2.0.3 for WordPress has multiple XSS issues.... | | |
| CVE-2018-20971 | The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading... | | |
| CVE-2018-20972 | The companion-auto-update plugin before 3.2.1 for WordPress has CSRF.... | | |
| CVE-2018-20973 | The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion.... | | |
| CVE-2018-20974 | The js-jobs plugin before 1.0.7 for WordPress has CSRF.... | | |
| CVE-2018-20975 | Fat Free CRM before 0.18.1 has XSS in the tags_helper in app/helpers/tags_helper.rb.... | S | |
| CVE-2018-20976 | An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exis... | S | |
| CVE-2018-20977 | The all-in-one-schemaorg-rich-snippets plugin before 1.5.0 for WordPress has XSS on the settings pag... | | |
| CVE-2018-20978 | The wp-all-import plugin before 3.4.7 for WordPress has XSS.... | | |
| CVE-2018-20979 | The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_... | | |
| CVE-2018-20980 | The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering.... | | |
| CVE-2018-20981 | The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data r... | | |
| CVE-2018-20982 | The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Sett... | | |
| CVE-2018-20983 | The wp-retina-2x plugin before 5.2.3 for WordPress has XSS.... | | |
| CVE-2018-20984 | The patreon-connect plugin before 1.2.2 for WordPress has Object Injection.... | | |
| CVE-2018-20985 | The wp-payeezy-pay plugin before 2.98 for WordPress has local file inclusion in pay.php, donate.php,... | | |
| CVE-2018-20986 | The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPr... | | |
| CVE-2018-20987 | The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection.... | | |
| CVE-2018-20988 | The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA calculation.... | | |
| CVE-2018-20989 | An issue was discovered in the untrusted crate before 0.6.2 for Rust. Error handling can trigger an ... | | |
| CVE-2018-20990 | An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur ... | | |
| CVE-2018-20991 | An issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mis... | | |
| CVE-2018-20992 | An issue was discovered in the claxon crate before 0.4.1 for Rust. Uninitialized memory can be expos... | S | |
| CVE-2018-20993 | An issue was discovered in the yaml-rust crate before 0.4.1 for Rust. There is uncontrolled recursio... | S | |
| CVE-2018-20994 | An issue was discovered in the trust-dns-proto crate before 0.5.0-alpha.3 for Rust. There is infinit... | | |
| CVE-2018-20995 | An issue was discovered in the slice-deque crate before 0.1.16 for Rust. move_head_unchecked allows ... | | |
| CVE-2018-20996 | An issue was discovered in the crossbeam crate before 0.4.1 for Rust. There is a double free because... | | |
| CVE-2018-20997 | An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS ... | | |
| CVE-2018-20998 | An issue was discovered in the arrayfire crate before 3.6.0 for Rust. Addition of the repr() attribu... | | |
| CVE-2018-20999 | An issue was discovered in the orion crate before 0.11.2 for Rust. reset() calls cause incorrect res... | S |