| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2018-5000 | Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successfu... | S | |
| CVE-2018-5001 | Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Success... | S | |
| CVE-2018-5002 | Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability.... | KEV S | |
| CVE-2018-5003 | Adobe Creative Cloud Desktop Application before 4.5.5.342 (installer) has an insecure library loadin... | | |
| CVE-2018-5004 | Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Request Forgery vulnerability. Succ... | S | |
| CVE-2018-5005 | Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a Cross-site Scripting vulnerabil... | S | |
| CVE-2018-5006 | Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. ... | | |
| CVE-2018-5007 | Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusion vulnerability. Successful e... | S | |
| CVE-2018-5008 | Adobe Flash Player 30.0.0.113 and earlier versions have an Out-of-bounds read vulnerability. Success... | | |
| CVE-2018-5009 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5010 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5011 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5012 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5013 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-5103. Reason: This candidat... | R | |
| CVE-2018-5014 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5015 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5016 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5017 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5018 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5019 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5020 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5021 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5022 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5023 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5024 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5025 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5026 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5027 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5028 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5029 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5030 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5031 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5032 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5033 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5034 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5035 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5036 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5037 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5038 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5039 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5040 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5041 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5042 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5043 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5044 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5045 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5046 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5047 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5048 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5049 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5050 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5051 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5052 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5053 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5054 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5055 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5056 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5057 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5058 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5059 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5060 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5061 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5062 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5063 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5064 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5065 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5066 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5067 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5068 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5069 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5070 | Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 ... | | |
| CVE-2018-5071 | Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication s... | E | |
| CVE-2018-5072 | Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter.... | E | |
| CVE-2018-5073 | Online Ticket Booking has CSRF via admin/movieedit.php.... | E | |
| CVE-2018-5074 | Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter.... | E | |
| CVE-2018-5075 | Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter.... | E | |
| CVE-2018-5076 | Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter.... | E | |
| CVE-2018-5077 | Online Ticket Booking has XSS via the admin/movieedit.php moviename parameter.... | E | |
| CVE-2018-5078 | Online Ticket Booking has XSS via the admin/eventlist.php cast parameter.... | E | |
| CVE-2018-5079 | In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se... | E | |
| CVE-2018-5080 | In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se... | E | |
| CVE-2018-5081 | In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se... | E | |
| CVE-2018-5082 | In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se... | E | |
| CVE-2018-5083 | In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se... | E | |
| CVE-2018-5084 | In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se... | E | |
| CVE-2018-5085 | In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se... | E | |
| CVE-2018-5086 | In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se... | E | |
| CVE-2018-5087 | In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se... | E | |
| CVE-2018-5088 | In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se... | E | |
| CVE-2018-5089 | Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evide... | | |
| CVE-2018-5090 | Memory safety bugs were reported in Firefox 57. Some of these bugs showed evidence of memory corrupt... | | |
| CVE-2018-5091 | A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF ti... | | |
| CVE-2018-5092 | A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prema... | | |
| CVE-2018-5093 | A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resultin... | | |
| CVE-2018-5094 | A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called follow... | | |
| CVE-2018-5095 | An integer overflow vulnerability in the Skia library when allocating memory for edge builders on so... | | |
| CVE-2018-5096 | A use-after-free vulnerability can occur while editing events in form elements on a page, resulting ... | | |
| CVE-2018-5097 | A use-after-free vulnerability can occur during XSL transformations when the source document for the... | | |
| CVE-2018-5098 | A use-after-free vulnerability can occur when form input elements, focus, and selections are manipul... | | |
| CVE-2018-5099 | A use-after-free vulnerability can occur when the widget listener is holding strong references to br... | | |
| CVE-2018-5100 | A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" func... | | |
| CVE-2018-5101 | A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, r... | | |
| CVE-2018-5102 | A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, r... | | |
| CVE-2018-5103 | A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess... | | |
| CVE-2018-5104 | A use-after-free vulnerability can occur during font face manipulation when a font face is freed whi... | | |
| CVE-2018-5105 | WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. Th... | | |
| CVE-2018-5106 | Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third... | | |
| CVE-2018-5107 | The printing process can bypass local access protections to read files available through symlinks, b... | | |
| CVE-2018-5108 | A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private brows... | | |
| CVE-2018-5109 | An audio capture session can started under an incorrect origin from the site making the capture requ... | | |
| CVE-2018-5110 | If cursor visibility is toggled by script using from 'none' to an image and back through script, the... | | |
| CVE-2018-5111 | When the text of a specially formatted URL is dragged to the addressbar from page content, the displ... | | |
| CVE-2018-5112 | Development Tools panels of an extension are required to load URLs for the panels as relative URLs f... | | |
| CVE-2018-5113 | The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content o... | | |
| CVE-2018-5114 | If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remai... | | |
| CVE-2018-5115 | If an HTTP authentication prompt is triggered by a background network request from a page or extensi... | | |
| CVE-2018-5116 | WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active tab... | | |
| CVE-2018-5117 | If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some... | S | |
| CVE-2018-5118 | The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is cr... | | |
| CVE-2018-5119 | The reader view will display cross-origin content when CORS headers are set to prohibit the loading ... | | |
| CVE-2018-5121 | Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the ... | | |
| CVE-2018-5122 | A potential integer overflow in the "DoCrypt" function of WebCrypto was identified. If a means was f... | | |
| CVE-2018-5123 | A third party website can access information available to a user with access to a restricted bug ent... | E S | |
| CVE-2018-5124 | Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code exec... | | |
| CVE-2018-5125 | Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evide... | | |
| CVE-2018-5126 | Memory safety bugs were reported in Firefox 58. Some of these bugs showed evidence of memory corrupt... | | |
| CVE-2018-5127 | A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This res... | | |
| CVE-2018-5128 | A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges du... | | |
| CVE-2018-5129 | A lack of parameter validation on IPC messages results in a potential out-of-bounds write through ma... | | |
| CVE-2018-5130 | When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstance... | | |
| CVE-2018-5131 | Under certain circumstances the "fetch()" API can return transient local copies of resources that we... | | |
| CVE-2018-5132 | The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these... | | |
| CVE-2018-5133 | If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and ... | | |
| CVE-2018-5134 | WebExtensions may use "view-source:" URLs to view local "file:" URL content, as well as content stor... | | |
| CVE-2018-5135 | WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScri... | | |
| CVE-2018-5136 | A shared worker created from a "data:" URL in one tab can be shared by another tab with a different ... | | |
| CVE-2018-5137 | A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page... | | |
| CVE-2018-5138 | A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opene... | | |
| CVE-2018-5140 | Image for moz-icons can be accessed through the "moz-icon:" protocol through script in web content e... | | |
| CVE-2018-5141 | A vulnerability in the notifications Push API where notifications can be sent through service worker... | | |
| CVE-2018-5142 | If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs... | | |
| CVE-2018-5143 | URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users ... | | |
| CVE-2018-5144 | An integer overflow can occur during conversion of text to some Unicode character sets due to an unc... | | |
| CVE-2018-5145 | Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruptio... | | |
| CVE-2018-5146 | An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own co... | | |
| CVE-2018-5147 | The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place o... | | |
| CVE-2018-5148 | A use-after-free vulnerability can occur in the compositor during certain graphics operations when a... | | |
| CVE-2018-5150 | Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of thes... | | |
| CVE-2018-5151 | Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corrupt... | | |
| CVE-2018-5152 | WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as a... | S | |
| CVE-2018-5153 | If websocket data is sent with mixed text and binary in a single message, the binary data can be cor... | | |
| CVE-2018-5154 | A use-after-free vulnerability can occur while enumerating attributes during SVG animations with cli... | | |
| CVE-2018-5155 | A use-after-free vulnerability can occur while adjusting layout during SVG animations with text path... | | |
| CVE-2018-5156 | A vulnerability can occur when capturing a media stream when the media source type is changed as the... | | |
| CVE-2018-5157 | Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept m... | | |
| CVE-2018-5158 | The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious Ja... | | |
| CVE-2018-5159 | An integer overflow can occur in the Skia library due to 32-bit integer use in an array without inte... | E | |
| CVE-2018-5160 | WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it ... | | |
| CVE-2018-5161 | Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulne... | | |
| CVE-2018-5162 | Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vu... | | |
| CVE-2018-5163 | If a malicious attacker has used another vulnerability to gain full control over a content process, ... | | |
| CVE-2018-5164 | Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with t... | | |
| CVE-2018-5165 | In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode... | E S | |
| CVE-2018-5166 | WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission... | | |
| CVE-2018-5167 | The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both wil... | | |
| CVE-2018-5168 | Sites can bypass security checks on permissions to install lightweight themes by manipulating the "b... | | |
| CVE-2018-5169 | If manipulated hyperlinked text with "chrome:" URL contained in it is dragged and dropped on the "ho... | | |
| CVE-2018-5170 | It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This... | | |
| CVE-2018-5172 | The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script f... | | |
| CVE-2018-5173 | The filename appearing in the "Downloads" panel improperly renders some Unicode characters, allowing... | | |
| CVE-2018-5174 | In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" f... | | |
| CVE-2018-5175 | A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" po... | | |
| CVE-2018-5176 | The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "jav... | | |
| CVE-2018-5177 | A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocate... | | |
| CVE-2018-5178 | A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremel... | | |
| CVE-2018-5179 | A service worker can send the activate event on itself periodically which allows it to run perpetual... | | |
| CVE-2018-5180 | A use-after-free vulnerability can occur during WebGL operations. While this results in a potentiall... | | |
| CVE-2018-5181 | If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a dif... | E | |
| CVE-2018-5182 | If a text string that happens to be a filename in the operating system's native format is dragged an... | | |
| CVE-2018-5183 | Mozilla developers backported selected changes in the Skia library. These changes correct memory cor... | | |
| CVE-2018-5184 | Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerabili... | | |
| CVE-2018-5185 | Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerabili... | | |
| CVE-2018-5186 | Memory safety bugs present in Firefox 60. Some of these bugs showed evidence of memory corruption an... | E | |
| CVE-2018-5187 | Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of m... | | |
| CVE-2018-5188 | Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs s... | | |
| CVE-2018-5189 | Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service (buffer ove... | E | |
| CVE-2018-5190 | PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access arbitr... | | |
| CVE-2018-5191 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-1000479. Reason: This candi... | R | |
| CVE-2018-5195 | Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow vulnerability that leads remote at... | | |
| CVE-2018-5196 | Alzip Stack Overflow Vulnerability | S | |
| CVE-2018-5197 | A vulnerability in the ExtCommon.dll user extension module version 9.2, 9.2.1, 9.2.2 of Xplatform Ac... | | |
| CVE-2018-5198 | WIZVERA Veraport Race Condition Vulnerability | S | |
| CVE-2018-5199 | WIZVERA Remote Code Execution Vulnerability | S | |
| CVE-2018-5200 | KMPlayer Heap Overflow Vulnerability | | |
| CVE-2018-5201 | Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office... | S | |
| CVE-2018-5202 | SKCertService 2.5.5 and earlier contains a vulnerability that could allow remote attacker to execute... | | |
| CVE-2018-5203 | DEXTUploadX5 version Between 1.0.0.0 and 2.2.0.0 contains a vulnerability that could allow remote at... | | |
| CVE-2018-5204 | ML Report version Between 2.00.000.0000 and 2.18.628.5980 contains a vulnerability that could allow ... | | |
| CVE-2018-5205 | When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string.... | S | |
| CVE-2018-5206 | When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL... | S | |
| CVE-2018-5207 | When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the... | S | |
| CVE-2018-5208 | In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow... | S | |
| CVE-2018-5210 | On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet... | | |
| CVE-2018-5211 | PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with the p... | E | |
| CVE-2018-5212 | The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (... | E S | |
| CVE-2018-5213 | The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downlo... | E S | |
| CVE-2018-5214 | The "Add Link to Facebook" plugin through 2.3 for WordPress has XSS via the al2fb_facebook_id parame... | E | |
| CVE-2018-5215 | Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter.... | E | |
| CVE-2018-5216 | Radiant CMS 1.1.4 has XSS via crafted Markdown input in the part_body_content parameter to an admin/... | E | |
| CVE-2018-5217 | In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of se... | E | |
| CVE-2018-5218 | In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of se... | E | |
| CVE-2018-5219 | In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se... | E | |
| CVE-2018-5220 | In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of se... | E | |
| CVE-2018-5221 | Multiple buffer overflows in BarCodeWiz BarCode before 6.7 ActiveX control (BarcodeWiz.DLL) allow re... | E | |
| CVE-2018-5223 | Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained valu... | S | |
| CVE-2018-5224 | Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Wi... | M | |
| CVE-2018-5225 | In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version... | | |
| CVE-2018-5226 | There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag... | | |
| CVE-2018-5227 | Various administrative application link resources in Atlassian Application Links before version 5.4.... | | |
| CVE-2018-5228 | The /browse/~raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attac... | | |
| CVE-2018-5229 | The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version... | S | |
| CVE-2018-5230 | The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4,... | | |
| CVE-2018-5231 | The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before ve... | | |
| CVE-2018-5232 | The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before ver... | | |
| CVE-2018-5233 | Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before ... | E | |
| CVE-2018-5234 | The Norton Core router prior to v237 may be susceptible to a command injection exploit. This is a ty... | E | |
| CVE-2018-5235 | Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is... | M | |
| CVE-2018-5236 | Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condi... | | |
| CVE-2018-5237 | Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privileg... | | |
| CVE-2018-5238 | Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL P... | M | |
| CVE-2018-5239 | Norton App Lock prior to v1.3.0.332 can be susceptible to a bypass exploit. In this type of circumst... | M | |
| CVE-2018-5240 | The Inventory Plugin for Symantec Management Agent prior to 7.6 POST HF7, 8.0 POST HF6, or 8.1 RU7 m... | M | |
| CVE-2018-5241 | Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to... | | |
| CVE-2018-5242 | Norton App Lock prior to version 1.3.0.329 can be susceptible to a bypass exploit. In this type of c... | M | |
| CVE-2018-5243 | The Symantec Encryption Management Server (SEMS) product, prior to version 3.4.2 MP1, may be suscept... | M | |
| CVE-2018-5244 | In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens f... | M | |
| CVE-2018-5246 | In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c.... | E | |
| CVE-2018-5247 | In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c.... | E | |
| CVE-2018-5248 | In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIX... | E | |
| CVE-2018-5249 | Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remot... | | |
| CVE-2018-5251 | In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value... | E | |
| CVE-2018-5252 | libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is used, has a large loop in the get_raw_... | E | |
| CVE-2018-5253 | The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted ... | E | |
| CVE-2018-5254 | Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service (Rib agent restart) v... | | |
| CVE-2018-5255 | The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before 4.20.2F allows remote attackers to ... | S | |
| CVE-2018-5256 | CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct prox... | | |
| CVE-2018-5258 | The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL servers, which allows remote att... | | |
| CVE-2018-5259 | Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restri... | | |
| CVE-2018-5261 | An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext infor... | E | |
| CVE-2018-5262 | A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier allows unauthenticated remote ... | E | |
| CVE-2018-5263 | The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0.21 for Joomla! allows XSS.... | E | |
| CVE-2018-5264 | Ubiquiti UniFi 52 devices, when Hotspot mode is used, allow remote attackers to bypass intended rest... | E | |
| CVE-2018-5265 | Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code w... | E | |
| CVE-2018-5266 | Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive infor... | E | |
| CVE-2018-5267 | Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct... | E | |
| CVE-2018-5268 | In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modul... | E | |
| CVE-2018-5269 | In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bi... | E | |
| CVE-2018-5270 | In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia... | E | |
| CVE-2018-5271 | In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia... | E | |
| CVE-2018-5272 | In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia... | E | |
| CVE-2018-5273 | In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia... | E | |
| CVE-2018-5274 | In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia... | E | |
| CVE-2018-5275 | In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia... | E | |
| CVE-2018-5276 | In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia... | E | |
| CVE-2018-5277 | In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia... | E | |
| CVE-2018-5278 | In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia... | E | |
| CVE-2018-5279 | In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia... | E | |
| CVE-2018-5280 | SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO ... | E | |
| CVE-2018-5281 | SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Cat... | E | |
| CVE-2018-5282 | Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserN... | E | |
| CVE-2018-5283 | The Photos in Wifi application 1.0.1 for iOS has directory traversal via the ext parameter to assets... | E | |
| CVE-2018-5284 | The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid parameter to wp-admin/options... | E | |
| CVE-2018-5285 | The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php.... | E | |
| CVE-2018-5286 | The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for... | E | |
| CVE-2018-5287 | The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php pane... | E | |
| CVE-2018-5288 | The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for... | E | |
| CVE-2018-5289 | The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php pane... | E | |
| CVE-2018-5290 | The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php pane... | E | |
| CVE-2018-5291 | The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php pane... | E | |
| CVE-2018-5292 | The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for... | E | |
| CVE-2018-5293 | The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for... | E | |
| CVE-2018-5294 | In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUIn... | | |
| CVE-2018-5295 | In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function... | E | |
| CVE-2018-5296 | In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection fun... | E | |
| CVE-2018-5298 | In the Procter & Gamble "Oral-B App" (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES ... | | |
| CVE-2018-5299 | A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect S... | S | |
| CVE-2018-5301 | Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resu... | S | |
| CVE-2018-5303 | An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The license ke... | E | |
| CVE-2018-5304 | An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The affected w... | E | |
| CVE-2018-5306 | Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) ... | E | |
| CVE-2018-5307 | Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) ... | E | |
| CVE-2018-5308 | PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write functio... | E | |
| CVE-2018-5309 | In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStr... | E | |
| CVE-2018-5310 | In the "Media from FTP" plugin before 9.85 for WordPress, Directory Traversal exists via the searchd... | E | |
| CVE-2018-5311 | The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the tonjoo_ecae_options[custom_c... | E | |
| CVE-2018-5312 | The tabs-responsive plugin 1.8.0 for WordPress has XSS via the post_title parameter to wp-admin/post... | E | |
| CVE-2018-5313 | A vulnerability allows local attackers to escalate privilege on Rapid Scada 5.5.0 because of weak C:... | | |
| CVE-2018-5314 | Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.1... | | |
| CVE-2018-5315 | The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter... | E | |
| CVE-2018-5316 | The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for WordPress has XSS via the inclu... | | |
| CVE-2018-5319 | RAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP req... | E | |
| CVE-2018-5326 | Cheetah Mobile CM Browser 5.22.06.0012, when installed on unspecified "older" Android platforms, all... | | |
| CVE-2018-5327 | Cheetah Mobile Armorfly Browser & Downloader 1.1.05.0010, when installed on unspecified "older" Andr... | | |
| CVE-2018-5328 | ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules... | E | |
| CVE-2018-5329 | ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) on /CWEBN... | E | |
| CVE-2018-5330 | ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unr... | E | |
| CVE-2018-5331 | Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated... | E | |
| CVE-2018-5332 | In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that... | S | |
| CVE-2018-5333 | In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases... | S | |
| CVE-2018-5334 | In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was ad... | | |
| CVE-2018-5335 | In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed i... | | |
| CVE-2018-5336 | In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could ... | | |
| CVE-2018-5337 | An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traver... | E | |
| CVE-2018-5338 | An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authenti... | E | |
| CVE-2018-5339 | An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enf... | E | |
| CVE-2018-5340 | An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access ... | E | |
| CVE-2018-5341 | An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server... | E | |
| CVE-2018-5342 | An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: network services... | E | |
| CVE-2018-5344 | In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which... | S | |
| CVE-2018-5345 | A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attacker... | | |
| CVE-2018-5347 | Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTe... | E | |
| CVE-2018-5349 | A vulnerability has been found in Heimdal PRO v2.2.190, but it is most likely also present in Heimda... | E | |
| CVE-2018-5353 | The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remot... | E | |
| CVE-2018-5354 | The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote attacker... | E | |
| CVE-2018-5357 | ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c.... | E | |
| CVE-2018-5358 | ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as... | E | |
| CVE-2018-5359 | The server in Flexense SysGauge 3.6.18 operating on port 9221 can be exploited remotely with the att... | E | |
| CVE-2018-5360 | LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer ov... | E S | |
| CVE-2018-5361 | The WPGlobus plugin 1.9.6 for WordPress has CSRF via wp-admin/options.php.... | E | |
| CVE-2018-5362 | The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][page] parameter t... | E | |
| CVE-2018-5363 | The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[enabled_languages][en] or wp... | E | |
| CVE-2018-5364 | The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[browser_redirect][redirect_b... | E | |
| CVE-2018-5365 | The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[selector_wp_list_pages][show... | E | |
| CVE-2018-5366 | The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[more_languages] parameter to... | E | |
| CVE-2018-5367 | The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][post] parameter t... | E | |
| CVE-2018-5368 | The SrbTransLatin plugin 1.46 for WordPress has CSRF via an srbtranslatoptions action to wp-admin/op... | E | |
| CVE-2018-5369 | The SrbTransLatin plugin 1.46 for WordPress has XSS via an srbtranslatoptions action to wp-admin/opt... | E | |
| CVE-2018-5370 | BizLogic xnami 1.0 has XSS via the comment parameter in an addComment action to the /media/ajax URI.... | E | |
| CVE-2018-5371 | diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices w... | E | |
| CVE-2018-5372 | The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\sliders.php... | E | |
| CVE-2018-5373 | The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection via smooth-slider.php (trid p... | E | |
| CVE-2018-5374 | The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL Injection via settings\sliders.ph... | E | |
| CVE-2018-5375 | Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete a... | E | |
| CVE-2018-5376 | Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter.... | E | |
| CVE-2018-5377 | Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver... | | |
| CVE-2018-5378 | The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent wit... | | |
| CVE-2018-5379 | The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain f... | | |
| CVE-2018-5380 | The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversi... | | |
| CVE-2018-5381 | The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BG... | M | |
| CVE-2018-5382 | Bouncy Castle BKS-V1 keystore files vulnerable to trivial hash collisions | | |
| CVE-2018-5383 | Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange | M | |
| CVE-2018-5384 | Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection | E | |
| CVE-2018-5385 | Navarino Infinity web interface up to version 2.2 is prone to session fixation attacks | E | |
| CVE-2018-5386 | Some Navarino Infinity functions placed in the URL can bypass any authentication mechanism leading to an information leak | E | |
| CVE-2018-5387 | Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs... | E S | |
| CVE-2018-5388 | In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer un... | | |
| CVE-2018-5389 | CVE-2018-5389 | E | |
| CVE-2018-5390 | Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service | S | |
| CVE-2018-5391 | The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets | S | |
| CVE-2018-5392 | mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR | | |
| CVE-2018-5393 | TP-Link EAP Controller versions 2.5.3 and earlier lack RMI authentication | | |
| CVE-2018-5399 | The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running and is configured with a hard-coded credentials | S | |
| CVE-2018-5400 | The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices, resulting in an origin validation error | S | |
| CVE-2018-5401 | The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors | S | |
| CVE-2018-5402 | The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN | S | |
| CVE-2018-5403 | Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Logi... | E | |
| CVE-2018-5404 | The Quest Kace K1000 Appliance is vulnerable to multiple Blind SQL Injections. | | |
| CVE-2018-5405 | The Quest Kace K1000 Appliance is vulnerable to JavaScript injection. | E | |
| CVE-2018-5406 | The Quest Kace K1000 Appliance misconfigures the Cross-Origin Resource Sharing (CORS) mechanism. | E | |
| CVE-2018-5407 | Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerab... | E S | |
| CVE-2018-5408 | PrinterLogic Print Management Software fails to validate the management portal SSL certificates | | |
| CVE-2018-5409 | PrinterLogic Print Management Software updates and executes the code without origin and code verification | | |
| CVE-2018-5410 | Dokan file system driver contains a stack-based buffer overflow | E S | |
| CVE-2018-5411 | Pixar's Tractor software, versions 2.2 and earlier, contains a stored cross-site scripting vulnerability | S | |
| CVE-2018-5412 | Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping se... | E | |
| CVE-2018-5413 | Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login key... | E | |
| CVE-2018-5414 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-5415 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-5416 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-5417 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-5418 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-5419 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-5420 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-5421 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-5422 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-5423 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-5424 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-5425 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-5426 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-5427 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-5428 | TIBCO Data Virtualization Command Injection Vulnerability | S | |
| CVE-2018-5429 | TIBCO JasperReports Library Code Sandboxing Problem | S | |
| CVE-2018-5430 | TIBCO JasperReports Server Information Disclosure Vulnerability | KEV E S | |
| CVE-2018-5431 | TIBCO JasperReports Server Cross Site Scripting Vulnerability | S | |
| CVE-2018-5432 | TIBCO Administrator - Enterprise Edition Cross-Site Scripting Vulnerability | S | |
| CVE-2018-5433 | XML eXternal Entity Expansion Vulnerabilities with TIBCO Administrator | S | |
| CVE-2018-5434 | XML eXternal Entity Expansion Vulnerabilities with TIBCO Runtime Agent | S | |
| CVE-2018-5435 | TIBCO Spotfire Product Family Remote Code Execution Vulnerability | S | |
| CVE-2018-5436 | TIBCO Spotfire Server information disclosure vulnerabilities | S | |
| CVE-2018-5437 | TIBCO Spotfire Product Family Information Disclosure Vulnerability | S | |
| CVE-2018-5438 | Philips ISCV application prior to version 2.3.0 has an insufficient session expiration vulnerability... | M | |
| CVE-2018-5439 | A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and pr... | | |
| CVE-2018-5440 | A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all... | | |
| CVE-2018-5441 | An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmw... | S | |
| CVE-2018-5442 | A Stack-based Buffer Overflow issue was discovered in Fuji Electric V-Server VPR 4.0.1.0 and prior. ... | M | |
| CVE-2018-5443 | A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. W... | | |
| CVE-2018-5445 | A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. ... | | |
| CVE-2018-5446 | Medtronic 2090 Carelink Programmer Storing Passwords in a Recoverable Format | M | |
| CVE-2018-5447 | An Improper Input Validation issue was discovered in Nari PCS-9611 relay. An improper input validati... | | |
| CVE-2018-5448 | Medtronic 2090 Carelink Programmer Relative Path Traversal | M | |
| CVE-2018-5449 | A NULL Pointer Dereference issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 1... | | |
| CVE-2018-5451 | In Philips Alice 6 System version R8.0.2 or prior, when an actor claims to have a given identity, th... | | |
| CVE-2018-5452 | A Stack-based Buffer Overflow issue was discovered in Emerson Process Management ControlWave Micro P... | | |
| CVE-2018-5453 | An Improper Handling of Length Parameter Inconsistency issue was discovered in Moxa OnCell G3100-HSP... | S | |
| CVE-2018-5454 | Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability where code debuggi... | | |
| CVE-2018-5455 | A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell ... | S | |
| CVE-2018-5457 | A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility... | | |
| CVE-2018-5458 | Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy e... | | |
| CVE-2018-5459 | An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.... | | |
| CVE-2018-5461 | An Inadequate Encryption Strength issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, M... | M | |
| CVE-2018-5462 | Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certific... | | |
| CVE-2018-5463 | A structured exception handler overflow vulnerability in Leao Consultoria e Desenvolvimento de Siste... | | |
| CVE-2018-5464 | Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulne... | | |
| CVE-2018-5465 | A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH40... | M | |
| CVE-2018-5466 | Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vuln... | | |
| CVE-2018-5467 | An Information Exposure Through Query Strings in GET Request issue was discovered in Belden Hirschma... | M | |
| CVE-2018-5468 | Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability ... | | |
| CVE-2018-5469 | An Improper Restriction of Excessive Authentication Attempts issue was discovered in Belden Hirschma... | M | |
| CVE-2018-5470 | Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element... | | |
| CVE-2018-5471 | A Cleartext Transmission of Sensitive Information issue was discovered in Belden Hirschmann RS, RSR,... | M | |
| CVE-2018-5472 | Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulner... | | |
| CVE-2018-5473 | An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in G... | | |
| CVE-2018-5474 | Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that... | | |
| CVE-2018-5475 | A Stack-based Buffer Overflow issue was discovered in GE D60 Line Distance Relay devices running fir... | S | |
| CVE-2018-5476 | A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation ... | | |
| CVE-2018-5477 | An Information Exposure issue was discovered in ABB netCADOPS Web Application Version 3.4 and prior,... | | |
| CVE-2018-5478 | Contao 3.x before 3.5.32 allows XSS via the unsubscribe module in the frontend newsletter extension.... | | |
| CVE-2018-5479 | FoxSash ImgHosting 1.5 (according to footer information) is vulnerable to XSS attacks. The affected ... | E | |
| CVE-2018-5480 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-5481 | OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure... | | |
| CVE-2018-5482 | NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTP... | S | |
| CVE-2018-5483 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-5484 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-5485 | NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3 are susceptible to a vulnerabi... | S | |
| CVE-2018-5486 | NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Pro... | M | |
| CVE-2018-5487 | NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Ex... | S | |
| CVE-2018-5488 | NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity S... | | |
| CVE-2018-5489 | NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and informatio... | | |
| CVE-2018-5490 | Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candida... | | |
| CVE-2018-5491 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-5492 | NetApp E-Series SANtricity OS Controller Software 11.30 and later version 11.30.5 is susceptible to ... | | |
| CVE-2018-5493 | ATTO FibreBridge 7500N firmware versions prior to 2.90 are susceptible to a vulnerability which allo... | | |
| CVE-2018-5494 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-5495 | All StorageGRID Webscale versions are susceptible to a vulnerability which could permit an unauthent... | | |
| CVE-2018-5496 | Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are susceptible to a vulnerability which di... | | |
| CVE-2018-5497 | Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability w... | | |
| CVE-2018-5498 | Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote... | S | |
| CVE-2018-5499 | ATTO FibreBridge 7500N firmware version 2.95 is susceptible to a vulnerability which allows attacker... | S | |
| CVE-2018-5500 | On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCT... | | |
| CVE-2018-5501 | In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x ... | | |
| CVE-2018-5502 | On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP sys... | | |
| CVE-2018-5503 | On F5 BIG-IP versions 13.0.0 - 13.1.0.3 or 12.0.0 - 12.1.3.1, TMM may restart when processing a spec... | | |
| CVE-2018-5504 | In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain mal... | | |
| CVE-2018-5505 | On F5 BIG-IP versions 13.1.0 - 13.1.0.3, when ASM and AVR are both provisioned, TMM may restart whil... | | |
| CVE-2018-5506 | In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apache_auth_... | | |
| CVE-2018-5507 | On F5 BIG-IP versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5, vCMP guests running ... | | |
| CVE-2018-5508 | On F5 BIG-IP PEM versions 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.5.1-11.5.5, or 11.2.1, under ce... | | |
| CVE-2018-5509 | On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server rec... | | |
| CVE-2018-5510 | On F5 BIG-IP 11.5.4 HF4-11.5.5, the Traffic Management Microkernel (TMM) may restart when processing... | | |
| CVE-2018-5511 | On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in ... | E | |
| CVE-2018-5512 | On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) and SYN cookies are enabled (default ... | | |
| CVE-2018-5513 | On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a ... | | |
| CVE-2018-5514 | On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request frames can lead to denial of servic... | | |
| CVE-2018-5515 | On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses from a RADIUS server with IPv6 a... | | |
| CVE-2018-5516 | On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Ce... | | |
| CVE-2018-5517 | On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP address or a FastL4 virtual se... | | |
| CVE-2018-5518 | On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest ca... | | |
| CVE-2018-5519 | On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of un... | | |
| CVE-2018-5520 | On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance ... | | |
| CVE-2018-5521 | On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can ... | | |
| CVE-2018-5522 | On F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, when processing DIAME... | | |
| CVE-2018-5523 | On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and... | | |
| CVE-2018-5524 | Under certain conditions, on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.6.1 HF2-11.6.3.1, vir... | | |
| CVE-2018-5525 | A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-... | | |
| CVE-2018-5526 | Under certain conditions, on F5 BIG-IP ASM 13.1.0-13.1.0.5, Behavioral DOS (BADOS) protection may fa... | | |
| CVE-2018-5527 | On BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed methods against virtual servers confi... | | |
| CVE-2018-5528 | Under certain conditions, TMM may restart and produce a core file while processing APM data on BIG-I... | | |
| CVE-2018-5529 | The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as... | | |
| CVE-2018-5530 | F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual servers with HTTP/2 profiles ... | | |
| CVE-2018-5531 | Through undisclosed methods, on F5 BIG-IP 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2... | M | |
| CVE-2018-5532 | On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within th... | | |
| CVE-2018-5533 | Under certain conditions on F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM ... | | |
| CVE-2018-5534 | Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 12.1.0-12.1.3.1, 11.6.0-11.6.3.1, or ... | | |
| CVE-2018-5535 | On F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.5.1-11.6.3 specifically crafted HTTP respon... | | |
| CVE-2018-5536 | A remote attacker via undisclosed measures, may be able to exploit an F5 BIG-IP APM 13.0.0-13.1.0.7 ... | | |
| CVE-2018-5537 | A remote attacker may be able to disrupt services on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.... | | |
| CVE-2018-5538 | On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on... | M | |
| CVE-2018-5539 | Under certain conditions, on F5 BIG-IP ASM 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, 11.5.1... | | |
| CVE-2018-5540 | On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3... | | |
| CVE-2018-5541 | When F5 BIG-IP ASM 13.0.0-13.1.0.1, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.5.1-11.5.6 is processing... | | |
| CVE-2018-5542 | F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS health monitors do not validate t... | | |
| CVE-2018-5543 | The F5 BIG-IP Controller for Kubernetes 1.0.0-1.5.0 (k8s-bigip-crtl) passes BIG-IP username and pass... | | |
| CVE-2018-5544 | When the F5 BIG-IP APM 13.0.0-13.1.1 or 12.1.0-12.1.3 renders certain pages (pages with a logon agen... | | |
| CVE-2018-5545 | On F5 WebSafe Alert Server 1.0.0-4.2.6, a malicious, authenticated user can execute code on the aler... | | |
| CVE-2018-5546 | The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux ... | E | |
| CVE-2018-5547 | Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by de... | | |
| CVE-2018-5548 | On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclos... | E | |
| CVE-2018-5549 | On BIG-IP APM 11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0, and 13.1.0-13.1.0.3, APMD may core when proc... | | |
| CVE-2018-5550 | Versions of Epson AirPrint released prior to January 19, 2018 contain a reflective cross-site script... | E | |
| CVE-2018-5551 | DocuTrac DTISQLInstaller.exe Hard-Coded Credentials | E | |
| CVE-2018-5552 | DocuTrac DTISQLInstaller.exe Hard-Coded Salt | E | |
| CVE-2018-5553 | Crestron DGE-100 Console Command Injection (FIXED) | S | |
| CVE-2018-5559 | In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encryp... | E S | |
| CVE-2018-5560 | Guardzilla All-In-One Video Security System Hard-Coded Credential | E S | |
| CVE-2018-5650 | In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the unzip_mat... | E | |
| CVE-2018-5651 | An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profi... | E | |
| CVE-2018-5652 | An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profi... | E | |
| CVE-2018-5653 | An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via t... | E | |
| CVE-2018-5654 | An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via t... | E | |
| CVE-2018-5655 | An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via t... | E | |
| CVE-2018-5656 | An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. CSRF exists via ... | E | |
| CVE-2018-5657 | An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v... | E | |
| CVE-2018-5658 | An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. CSRF exists ... | E | |
| CVE-2018-5659 | An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v... | E | |
| CVE-2018-5660 | An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v... | E | |
| CVE-2018-5661 | An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v... | E | |
| CVE-2018-5662 | An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v... | E | |
| CVE-2018-5663 | An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v... | E | |
| CVE-2018-5664 | An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v... | E | |
| CVE-2018-5665 | An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v... | E | |
| CVE-2018-5666 | An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v... | E | |
| CVE-2018-5667 | An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-a... | E | |
| CVE-2018-5668 | An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-a... | E | |
| CVE-2018-5669 | An issue was discovered in the read-and-understood plugin 2.1 for WordPress. CSRF exists via wp-admi... | E | |
| CVE-2018-5670 | An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-ad... | E | |
| CVE-2018-5671 | An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-ad... | E | |
| CVE-2018-5672 | An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-ad... | E | |
| CVE-2018-5673 | An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin... | E | |
| CVE-2018-5674 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | | |
| CVE-2018-5675 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | | |
| CVE-2018-5676 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | | |
| CVE-2018-5677 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | | |
| CVE-2018-5678 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | | |
| CVE-2018-5679 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | | |
| CVE-2018-5680 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | | |
| CVE-2018-5681 | PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit page" screen.... | | |
| CVE-2018-5682 | PrestaShop 1.7.2.4 allows user enumeration via the Reset Password feature, by noticing which reset a... | | |
| CVE-2018-5683 | The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of servi... | E S | |
| CVE-2018-5684 | In Libav through 12.2, there is an invalid memcpy call in the ff_mov_read_stsd_entries function of l... | E | |
| CVE-2018-5685 | In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage functio... | E S | |
| CVE-2018-5686 | In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array... | E | |
| CVE-2018-5687 | NewsBee allows XSS via the Company Name field in the Settings under admin/admin.php.... | E | |
| CVE-2018-5688 | ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/clas... | E S | |
| CVE-2018-5689 | Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenti... | | |
| CVE-2018-5690 | Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authent... | | |
| CVE-2018-5691 | SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sg... | E | |
| CVE-2018-5692 | Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` paramet... | E | |
| CVE-2018-5693 | The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows local users to discover mailbox ... | E | |
| CVE-2018-5694 | The callforward module in User Control Panel (UCP) in Nicolas Gudino (aka Asternic) Flash Operator P... | E | |
| CVE-2018-5695 | The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the order or sort parameter to th... | E | |
| CVE-2018-5696 | The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection via the `advertiser_status` a... | E | |
| CVE-2018-5697 | Icy Phoenix 2.2.0.105 allows SQL injection via an unapprove request to admin_kb_art.php or the order... | E | |
| CVE-2018-5698 | libreadstat.a in WizardMac ReadStat 0.1.1 has a heap-based buffer over-read via an unterminated stri... | E | |
| CVE-2018-5700 | Winmail Server through 6.2 allows remote code execution by authenticated users who leverage director... | E | |
| CVE-2018-5701 | In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys driver file contains an Arbit... | E | |
| CVE-2018-5702 | Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for F... | E | |
| CVE-2018-5703 | The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows ... | | |
| CVE-2018-5704 | Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to ... | E S | |
| CVE-2018-5705 | Reservo Image Hosting 1.6 is vulnerable to XSS attacks. The affected function is its search engine (... | E | |
| CVE-2018-5706 | An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can m... | M | |
| CVE-2018-5708 | An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on the same local network as, but... | E | |
| CVE-2018-5709 | An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_k... | | |
| CVE-2018-5710 | An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen"... | | |
| CVE-2018-5711 | gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.2... | S | |
| CVE-2018-5712 | An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x be... | S | |
| CVE-2018-5713 | In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows local users to cause a denia... | E | |
| CVE-2018-5714 | In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows local users to cause a denia... | E | |
| CVE-2018-5715 | phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable)... | E | |
| CVE-2018-5716 | An issue was discovered in Reprise License Manager 11.0. This vulnerability is a Path Traversal wher... | E | |
| CVE-2018-5717 | Memory write mechanism in NCR S2 Dispenser controller before firmware version 0x0108 allows an unaut... | | |
| CVE-2018-5718 | Improper restriction of write operations within the bounds of a memory buffer in snscore.sys in Soft... | | |
| CVE-2018-5720 | An issue was discovered on DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.2... | E | |
| CVE-2018-5721 | Stack-based buffer overflow in the ej_update_variables function in router/httpd/web.c on ASUS router... | E | |
| CVE-2018-5723 | MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1029 for the root account.... | E | |
| CVE-2018-5724 | MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Download and Upload, as dem... | E | |
| CVE-2018-5725 | MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Change, as demonstrated by ... | E | |
| CVE-2018-5726 | MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain sensitive information via a cr... | E | |
| CVE-2018-5727 | In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (o... | E | |
| CVE-2018-5728 | Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive infor... | E | |
| CVE-2018-5729 | MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Ke... | S | |
| CVE-2018-5730 | MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Ke... | S | |
| CVE-2018-5731 | An issue was discovered in Heimdal PRO 2.2.190. As part of the scanning feature, a process called md... | E | |
| CVE-2018-5732 | A specially constructed response from a malicious server can cause a buffer overflow in dhclient | S | |
| CVE-2018-5733 | A malicious client can overflow a reference counter in ISC dhcpd | S | |
| CVE-2018-5734 | A malformed request can trigger an assertion failure in badcache.c | S | |
| CVE-2018-5735 | Backport of the fix for CVE-2017-3137 leads to assertion failure in validator.c:1858 | | |
| CVE-2018-5736 | An error in zone database reference counting can lead to an assertion failure if a server which is r... | | |
| CVE-2018-5737 | BIND 9.12's serve-stale implementation can cause an assertion failure in rbtdb.c or other undesirable behavior, even if serve-stale is not enabled. | S | |
| CVE-2018-5738 | Some versions of BIND can improperly permit recursive query service to unauthorized clients | S | |
| CVE-2018-5739 | Failure to release memory may exhaust system resources | S | |
| CVE-2018-5740 | A flaw in the "deny-answer-aliases" feature can cause an assertion failure in named | S | |
| CVE-2018-5741 | Update policies krb5-subdomain and ms-subdomain do not enforce controls promised in their documentation | S | |
| CVE-2018-5742 | An oversight while backporting a feature leads to an assertion failure in buffer.c:420 | | |
| CVE-2018-5743 | Limiting simultaneous TCP clients was ineffective | S | |
| CVE-2018-5744 | A specially crafted packet can cause named to leak memory | S | |
| CVE-2018-5745 | An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys | S | |
| CVE-2018-5746 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this ... | R | |
| CVE-2018-5747 | In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c... | E | |
| CVE-2018-5748 | qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) vi... | S | |
| CVE-2018-5749 | install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List ... | E S | |
| CVE-2018-5750 | The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows lo... | S | |
| CVE-2018-5751 | The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8... | E | |
| CVE-2018-5752 | The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8... | E | |
| CVE-2018-5753 | The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.... | E | |
| CVE-2018-5754 | Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite be... | E | |
| CVE-2018-5755 | Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite bef... | E | |
| CVE-2018-5756 | The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8... | E | |
| CVE-2018-5757 | An issue was discovered on AudioCodes 450HD IP Phone devices with firmware 3.0.0.535.106. The tracer... | E | |
| CVE-2018-5758 | The Upload File functionality in upload.jspa in Aurea Jive Jive-n 9.0.2.1 On-Premises allows for an ... | E | |
| CVE-2018-5759 | jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the AST depth for binary expressi... | E S | |
| CVE-2018-5761 | A man-in-the-middle vulnerability related to vCenter access was found in Rubrik CDM 3.x and 4.x befo... | | |
| CVE-2018-5762 | The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-S... | | |
| CVE-2018-5763 | An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 and 6.x before 6.0.1. By enter... | M | |
| CVE-2018-5764 | The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple ... | | |
| CVE-2018-5766 | In Libav through 12.2, there is an invalid memcpy in the av_packet_ref function of libavcodec/avpack... | E | |
| CVE-2018-5767 | An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker ... | E | |
| CVE-2018-5768 | A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router with ... | | |
| CVE-2018-5770 | An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a request... | E | |
| CVE-2018-5772 | In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::p... | E | |
| CVE-2018-5773 | An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. The safe_mode feature, wh... | | |
| CVE-2018-5776 | WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/med... | S | |
| CVE-2018-5777 | An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Remote clients can t... | | |
| CVE-2018-5778 | An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Multiple SQL injecti... | | |
| CVE-2018-5779 | A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earli... | | |
| CVE-2018-5780 | A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earli... | | |
| CVE-2018-5781 | A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earli... | | |
| CVE-2018-5782 | A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earli... | E | |
| CVE-2018-5783 | In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve fu... | E | |
| CVE-2018-5784 | In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of ... | E S | |
| CVE-2018-5785 | In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k... | E | |
| CVE-2018-5786 | In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the get_filei... | E S | |
| CVE-2018-5787 | An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before... | M | |
| CVE-2018-5788 | An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before... | M | |
| CVE-2018-5789 | An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before... | M | |
| CVE-2018-5790 | An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before... | M | |
| CVE-2018-5791 | An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before... | M | |
| CVE-2018-5792 | An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before... | M | |
| CVE-2018-5793 | An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before... | M | |
| CVE-2018-5794 | An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before... | M | |
| CVE-2018-5795 | An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before... | M | |
| CVE-2018-5796 | An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before... | M | |
| CVE-2018-5797 | An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before... | M | |
| CVE-2018-5798 | This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager.... | | |
| CVE-2018-5799 | In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary ... | | |
| CVE-2018-5800 | An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp)... | S | |
| CVE-2018-5801 | An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.1... | S | |
| CVE-2018-5802 | An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf... | S | |
| CVE-2018-5803 | In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error i... | | |
| CVE-2018-5804 | A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versio... | S | |
| CVE-2018-5805 | A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRa... | S | |
| CVE-2018-5806 | An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions pr... | S | |
| CVE-2018-5807 | An error within the "samsung_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions pri... | S | |
| CVE-2018-5808 | An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to ... | S | |
| CVE-2018-5809 | An error within the "LibRaw::parse_exif()" function (internal/dcraw_common.cpp) in LibRaw versions p... | S | |
| CVE-2018-5810 | An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prio... | S | |
| CVE-2018-5811 | An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versi... | S | |
| CVE-2018-5812 | An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versi... | S | |
| CVE-2018-5813 | An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 c... | S | |
| CVE-2018-5814 | In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition e... | S | |
| CVE-2018-5815 | An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw ver... | S | |
| CVE-2018-5816 | An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw ver... | S | |
| CVE-2018-5817 | A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.1... | | |
| CVE-2018-5818 | An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions pri... | | |
| CVE-2018-5819 | An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions p... | | |
| CVE-2018-5820 | In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF ... | | |
| CVE-2018-5821 | In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF ... | | |
| CVE-2018-5822 | In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF ... | | |
| CVE-2018-5823 | In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF ... | | |
| CVE-2018-5824 | In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF ... | | |
| CVE-2018-5825 | In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF ... | | |
| CVE-2018-5826 | In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF ... | | |
| CVE-2018-5827 | In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF ... | S | |
| CVE-2018-5828 | In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF ... | | |
| CVE-2018-5829 | In wlan_hdd_cfg80211_set_privacy_ibss() in Android releases from CAF using the linux kernel (Android... | S | |
| CVE-2018-5830 | While processing the HTT_T2H_MSG_TYPE_MGMT_TX_COMPL_IND message, a buffer overflow can potentially o... | S | |
| CVE-2018-5831 | In the KGSL driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS ... | S | |
| CVE-2018-5832 | Due to a race condition in a camera driver ioctl handler in Android releases from CAF using the linu... | | |
| CVE-2018-5834 | In __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur in Android releases f... | S | |
| CVE-2018-5835 | If the seq_len is greater then CSR_MAX_RSC_LEN, a buffer overflow in __wlan_hdd_cfg80211_add_key() m... | S | |
| CVE-2018-5836 | In wma_nan_rsp_event_handler() in Android releases from CAF using the linux kernel (Android for MSM,... | S | |
| CVE-2018-5837 | In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM... | | |
| CVE-2018-5838 | Improper Validation of Array Index In the adreno OpenGL driver in Snapdragon Automobile, Snapdragon ... | | |
| CVE-2018-5839 | Improperly configured memory protection allows read/write access to modem image from HLOS kernel in ... | | |
| CVE-2018-5840 | Buffer Copy without Checking Size of Input can occur during the DRM SDE driver initialization sequen... | S | |
| CVE-2018-5841 | dcc_curr_list is initialized with a default invalid value that is expected to be programmed by the u... | S | |
| CVE-2018-5842 | An arbitrary address write can occur if a compromised WLAN firmware sends incorrect data to WLAN dri... | S | |
| CVE-2018-5843 | In the function wma_pdev_div_info_evt_handler() in all Android releases from CAF (Android for MSM, F... | S | |
| CVE-2018-5844 | In the video driver function set_output_buffers(), binfo can be accessed after being freed in a fail... | S | |
| CVE-2018-5845 | A race condition in drm_atomic_nonblocking_commit() in the display driver can potentially lead to a ... | S | |
| CVE-2018-5846 | A Use After Free condition can occur in the IPA driver whenever the IPA IOCTLs IPA_IOC_NOTIFY_WAN_UP... | S | |
| CVE-2018-5847 | Early or late retirement of rotation requests can result in a Use After Free condition in all Androi... | S | |
| CVE-2018-5848 | In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow p... | S | |
| CVE-2018-5849 | Due to a race condition in the QTEECOM driver in all Android releases from CAF (Android for MSM, Fir... | S | |
| CVE-2018-5850 | In the function csr_update_fils_params_rso(), insufficient validation on a key length can result in ... | S | |
| CVE-2018-5851 | Buffer over flow can occur while processing a HTT_T2H_MSG_TYPE_TX_COMPL_IND message with an out-of-r... | S | |
| CVE-2018-5852 | Buffer Over-read in IPA | | |
| CVE-2018-5853 | A race condition exists in a driver in all Android releases from CAF using the Linux kernel (Android... | | |
| CVE-2018-5854 | A stack-based buffer overflow can occur in fastboot from all Android releases(Android for MSM, Firef... | S | |
| CVE-2018-5855 | While padding or shrinking a nested wmi packet in all Android releases from CAF using the Linux kern... | S | |
| CVE-2018-5856 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k... | S | |
| CVE-2018-5857 | In the WCD CPE codec, a Use After Free condition can occur in all Android releases(Android for MSM, ... | S | |
| CVE-2018-5858 | In the audio debugfs in all Android releases from CAF using the Linux kernel (Android for MSM, Firef... | | |
| CVE-2018-5859 | Due to a race condition in the MDSS MDP driver in all Android releases from CAF using the Linux kern... | S | |
| CVE-2018-5860 | In the MDSS driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CA... | S | |
| CVE-2018-5861 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k... | S | |
| CVE-2018-5862 | In __wlan_hdd_cfg80211_vendor_scan() in all Android releases from CAF using the Linux kernel (Androi... | S | |
| CVE-2018-5863 | If userspace provides a too-large WPA RSN IE length in wlan_hdd_cfg80211_set_ie(), a buffer overflow... | S | |
| CVE-2018-5864 | While processing a WMI_APFIND event in all Android releases from CAF using the Linux kernel (Android... | S | |
| CVE-2018-5865 | While processing a debug log event from firmware in all Android releases from CAF using the Linux ke... | S | |
| CVE-2018-5866 | While processing logs, data is copied into a buffer pointed to by an untrusted pointer in Snapdragon... | | |
| CVE-2018-5867 | Lack of checking input size can lead to buffer overflow In WideVine in snapdragon automobile, snapdr... | | |
| CVE-2018-5868 | Lack of checking input size can lead to buffer overflow In WideVine in snapdragon automobile and sna... | | |
| CVE-2018-5869 | Improper input validation in the QTEE keymaster app can lead to invalid memory access in snapdragon ... | | |
| CVE-2018-5870 | While loading a service image, an untrusted pointer dereference can occur in Snapdragon Mobile in ve... | | |
| CVE-2018-5871 | In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, Q... | | |
| CVE-2018-5872 | While parsing over-the-air information elements in all Android releases from CAF using the Linux ker... | S | |
| CVE-2018-5873 | An issue was discovered in the __ns_get_path function in fs/nsfs.c in the Linux kernel before 4.11. ... | S | |
| CVE-2018-5874 | While parsing an mp4 file, a stack-based buffer overflow can occur in Snapdragon Automobile, Snapdra... | | |
| CVE-2018-5875 | While parsing an mp4 file, an integer overflow leading to a buffer overflow can occur in Snapdragon ... | | |
| CVE-2018-5876 | While parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile a... | | |
| CVE-2018-5877 | In the device programmer target-side code for firehose, a string may not be properly NULL terminated... | | |
| CVE-2018-5878 | While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message, a buffer overflow can occur in... | | |
| CVE-2018-5879 | Improper length check while processing an MQTT message can lead to heap overflow in snapdragon mobil... | | |
| CVE-2018-5880 | Improper data length check while processing an event report indication can lead to a buffer overflow... | | |
| CVE-2018-5881 | Improper validation of buffer length checks in the lwm2m device management protocol can leads to a b... | | |
| CVE-2018-5882 | While parsing a Flac file with a corrupted comment block, a buffer over-read can occur in Snapdragon... | | |
| CVE-2018-5883 | Buffer overflow in WLAN driver event handlers due to improper validation of array index in Snapdrago... | | |
| CVE-2018-5884 | Improper Access Control in Multimedia in Snapdragon Mobile and Snapdragon Wear, Non-standard applica... | | |
| CVE-2018-5885 | While loading dynamic fonts, a buffer overflow may occur if the number of segments in the font file ... | | |
| CVE-2018-5886 | A pointer in an ADSPRPC command is not properly validated in all Android releases from CAF using the... | S | |
| CVE-2018-5887 | While processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Androi... | S | |
| CVE-2018-5888 | While processing the system path, an out of bounds access can occur in Android releases from CAF usi... | S | |
| CVE-2018-5889 | While processing a compressed kernel image, a buffer overflow can occur in Android releases from CAF... | S | |
| CVE-2018-5890 | If the fdt_totalsize is reported as 0 for the current device tree, it bypasses an error check for a ... | S | |
| CVE-2018-5891 | While processing modem SSR after IMS is registered, the IMS data daemon is restarted but the ipc_dat... | | |
| CVE-2018-5892 | The Touch Pal application can collect user behavior data without awareness by the user in Snapdragon... | | |
| CVE-2018-5893 | While processing a message from firmware in htt_t2h_msg_handler_fast() in Android releases from CAF ... | S | |
| CVE-2018-5894 | Improper Validation of Array Index in Multimedia While parsing an mp4 file in Snapdragon Automobile,... | | |
| CVE-2018-5895 | Buffer over-read may happen in wma_process_utf_event() due to improper buffer length validation befo... | S | |
| CVE-2018-5896 | In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Androi... | | |
| CVE-2018-5897 | While reading the data from buffer in dci_process_ctrl_status() there can be buffer over-read proble... | | |
| CVE-2018-5898 | Integer overflow can occur in msm_pcm_adsp_stream_cmd_put() function if the user supplied data "para... | | |
| CVE-2018-5899 | In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Androi... | S | |
| CVE-2018-5903 | Out of bounds read occurs due to improper validation of array while processing VDEV stop response fr... | | |
| CVE-2018-5904 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k... | S | |
| CVE-2018-5905 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux ... | S | |
| CVE-2018-5906 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k... | S | |
| CVE-2018-5907 | Possible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-pro... | | |
| CVE-2018-5908 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k... | S | |
| CVE-2018-5909 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k... | S | |
| CVE-2018-5910 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k... | S | |
| CVE-2018-5911 | Buffer overflow in WLAN function due to improper check of buffer size before copying in Snapdragon A... | | |
| CVE-2018-5912 | Potential buffer overflow in Video due to lack of input validation in input and output values in Sna... | | |
| CVE-2018-5913 | A non-time constant function memcmp is used which creates a side channel that could leak information... | | |
| CVE-2018-5914 | Improper input validation in TZ led to array out of bound in TZ function while accessing the periphe... | | |
| CVE-2018-5915 | Exception in Modem IP stack while processing IPv6 packet in snapdragon automobile, snapdragon mobile... | | |
| CVE-2018-5916 | Buffer overread while decoding PDP modify request or network initiated secondary PDP activation in S... | | |
| CVE-2018-5917 | Possible buffer overflow in OEM crypto function due to improper input validation in Snapdragon Autom... | | |
| CVE-2018-5918 | Possible buffer overflow in DRM Trusted application due to lack of check function return values in S... | | |
| CVE-2018-5919 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k... | S | |
| CVE-2018-5921 | A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_... | | |
| CVE-2018-5923 | In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise ... | | |
| CVE-2018-5924 | A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted ... | | |
| CVE-2018-5925 | A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted ... | E | |
| CVE-2018-5926 | A potential vulnerability has been identified in HP Remote Graphics Software’s certificate authentic... | | |
| CVE-2018-5927 | HP Support Assistant before 8.7.50.3 allows an unauthorized person with local access to load arbitra... | E | |
| CVE-2018-5950 | Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attack... | E S | |
| CVE-2018-5951 | An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sendin... | E | |
| CVE-2018-5953 | The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local us... | S | |
| CVE-2018-5954 | phpFreeChat 1.7 and earlier allows remote attackers to cause a denial of service by sending a large ... | E | |
| CVE-2018-5955 | An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filter... | E | |
| CVE-2018-5956 | In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of s... | | |
| CVE-2018-5957 | In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of s... | | |
| CVE-2018-5958 | In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of s... | | |
| CVE-2018-5960 | Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.aja... | | |
| CVE-2018-5961 | CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of t... | E | |
| CVE-2018-5962 | index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id par... | E | |
| CVE-2018-5963 | CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter.... | E | |
| CVE-2018-5964 | CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter.... | E | |
| CVE-2018-5965 | CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter.... | E | |
| CVE-2018-5967 | Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rul... | E | |
| CVE-2018-5968 | FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code... | | |
| CVE-2018-5969 | Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via clients/resources/ajax/ajax_new_... | E | |
| CVE-2018-5970 | SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaig... | E | |
| CVE-2018-5971 | SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or t... | E | |
| CVE-2018-5972 | SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat par... | E | |
| CVE-2018-5973 | SQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php In... | E | |
| CVE-2018-5974 | SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter... | E | |
| CVE-2018-5975 | SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter... | E | |
| CVE-2018-5976 | Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 via function/account.php, as ... | E | |
| CVE-2018-5977 | SQL Injection exists in Affiligator Affiliate Webshop Management System 2.1.0 via a search/?q=&price... | E | |
| CVE-2018-5978 | SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the login.php User field.... | E | |
| CVE-2018-5979 | SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 via the login.php User field... | E | |
| CVE-2018-5980 | SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hu... | E | |
| CVE-2018-5981 | SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or galle... | E | |
| CVE-2018-5982 | SQL Injection exists in the Advertisement Board 3.1.0 component for Joomla! via a task=show_rss_cate... | E | |
| CVE-2018-5983 | SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= re... | E | |
| CVE-2018-5984 | SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 component for Joomla! via the PATH... | E | |
| CVE-2018-5985 | SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for Joomla! via an r=site/login&company... | E | |
| CVE-2018-5986 | SQL Injection exists in Easy Car Script 2014 via the s_order or s_row parameter to site_search.php.... | E | |
| CVE-2018-5987 | SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id... | E | |
| CVE-2018-5988 | SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php.... | E | |
| CVE-2018-5989 | SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=re... | E | |
| CVE-2018-5990 | SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter.... | E | |
| CVE-2018-5991 | SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to paramete... | E | |
| CVE-2018-5992 | SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name paramet... | E | |
| CVE-2018-5993 | SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=sh... | E | |
| CVE-2018-5994 | SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newes... | E | |
| CVE-2018-5995 | The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local ... | | |
| CVE-2018-5996 | Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00... | E | |
| CVE-2018-5997 | An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upl... | E | |
| CVE-2018-5999 | An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in route... | E |