| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2018-6000 | An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in route... | E | |
| CVE-2018-6001 | The Soundy Audio Playlist plugin 4.6 and below for WordPress has Cross-Site Scripting via soundy-aud... | E | |
| CVE-2018-6002 | The Soundy Background Music plugin 3.9 and below for WordPress has Cross-Site Scripting via soundy-b... | E | |
| CVE-2018-6003 | An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before... | S | |
| CVE-2018-6004 | SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] ... | E | |
| CVE-2018-6005 | SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter.... | E | |
| CVE-2018-6006 | SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs paramete... | E | |
| CVE-2018-6007 | CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and allows attackers to inject HTML... | E | |
| CVE-2018-6008 | Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the dow... | E | |
| CVE-2018-6009 | In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate t... | S | |
| CVE-2018-6010 | In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information ... | | |
| CVE-2018-6011 | The time-based one-time-password (TOTP) function in the application logic of the Green Electronics R... | E | |
| CVE-2018-6012 | The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an... | E | |
| CVE-2018-6013 | Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote users to inject arbitrary web script ... | E | |
| CVE-2018-6014 | Subsonic v6.1.3 has an insecure allow-access-from domain="*" Flash cross-domain policy that allows a... | E | |
| CVE-2018-6015 | An issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress. ... | E | |
| CVE-2018-6016 | Unquoted Windows search path vulnerability in the srvInventoryWebServer service in 10-Strike Network... | | |
| CVE-2018-6017 | Unencrypted transmission of images in Tinder iOS app and Tinder Android app allows an attacker to ex... | | |
| CVE-2018-6018 | Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android app allow an attacker to extract... | | |
| CVE-2018-6019 | Samsung Display Solutions App before 3.02 for Android allows man-in-the-middle attackers to spoof B2... | | |
| CVE-2018-6020 | In Silex SX-500 all versions and GE MobileLink(GEH-500) version 1.54 and prior, authentication is no... | | |
| CVE-2018-6021 | Silex SD-320AN version 2.01 and prior and GE MobileLink(GEH-SD-320AN) version GEH-1.1 and prior have... | | |
| CVE-2018-6022 | Directory traversal vulnerability in application/admin/controller/Main.php in NoneCms through 1.3.0 ... | E | |
| CVE-2018-6023 | Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts including Wi-Fi password chang... | E | |
| CVE-2018-6024 | SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter.... | E | |
| CVE-2018-6029 | The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attacke... | E | |
| CVE-2018-6031 | Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potent... | | |
| CVE-2018-6032 | Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote at... | | |
| CVE-2018-6033 | Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote a... | | |
| CVE-2018-6034 | Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attac... | | |
| CVE-2018-6035 | Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote... | | |
| CVE-2018-6036 | Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker... | | |
| CVE-2018-6037 | Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote at... | | |
| CVE-2018-6038 | Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to p... | | |
| CVE-2018-6039 | Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote at... | | |
| CVE-2018-6040 | Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote at... | | |
| CVE-2018-6041 | Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacke... | | |
| CVE-2018-6042 | Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker t... | | |
| CVE-2018-6043 | Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 al... | | |
| CVE-2018-6044 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-16064. Reason: This candidat... | R | |
| CVE-2018-6045 | Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote... | | |
| CVE-2018-6046 | Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote at... | | |
| CVE-2018-6047 | Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote at... | | |
| CVE-2018-6048 | Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote at... | | |
| CVE-2018-6049 | Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote... | | |
| CVE-2018-6050 | Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker t... | | |
| CVE-2018-6051 | XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the sam... | | |
| CVE-2018-6052 | Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.... | | |
| CVE-2018-6053 | Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local... | | |
| CVE-2018-6054 | Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potenti... | | |
| CVE-2018-6055 | Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a... | | |
| CVE-2018-6056 | Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.16... | | |
| CVE-2018-6057 | Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote at... | | |
| CVE-2018-6058 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11215. Reason: This candidat... | R | |
| CVE-2018-6059 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11225. Reason: This candidat... | R | |
| CVE-2018-6060 | Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to pote... | | |
| CVE-2018-6061 | A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 ... | | |
| CVE-2018-6062 | Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to per... | | |
| CVE-2018-6063 | Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowe... | | |
| CVE-2018-6064 | Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.1... | E | |
| CVE-2018-6065 | Integer overflow in computing the required allocation size when instantiating a new javascript objec... | KEV E | |
| CVE-2018-6066 | Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325... | | |
| CVE-2018-6067 | Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacke... | | |
| CVE-2018-6068 | Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote... | | |
| CVE-2018-6069 | Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to p... | | |
| CVE-2018-6070 | Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an at... | | |
| CVE-2018-6071 | An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to per... | | |
| CVE-2018-6072 | An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allo... | | |
| CVE-2018-6073 | A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to... | | |
| CVE-2018-6074 | Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remo... | | |
| CVE-2018-6075 | Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 ... | | |
| CVE-2018-6076 | Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 a... | | |
| CVE-2018-6077 | Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrom... | | |
| CVE-2018-6078 | Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allow... | | |
| CVE-2018-6079 | Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome pri... | | |
| CVE-2018-6080 | Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a r... | | |
| CVE-2018-6081 | XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who... | | |
| CVE-2018-6082 | Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325... | | |
| CVE-2018-6083 | Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior ... | | |
| CVE-2018-6084 | Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359... | E | |
| CVE-2018-6085 | Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a ... | | |
| CVE-2018-6086 | A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cach... | | |
| CVE-2018-6087 | A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to... | | |
| CVE-2018-6088 | An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote atta... | | |
| CVE-2018-6089 | A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in... | | |
| CVE-2018-6090 | An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.... | | |
| CVE-2018-6091 | Service Workers can intercept any request made by an | | |
| CVE-2018-6092 | An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed... | E | |
| CVE-2018-6093 | Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacke... | | |
| CVE-2018-6094 | Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attack... | | |
| CVE-2018-6095 | Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.33... | | |
| CVE-2018-6096 | A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome... | | |
| CVE-2018-6097 | Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.335... | | |
| CVE-2018-6098 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117... | | |
| CVE-2018-6099 | A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to ... | | |
| CVE-2018-6100 | Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0... | | |
| CVE-2018-6101 | A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attac... | | |
| CVE-2018-6102 | Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowe... | | |
| CVE-2018-6103 | A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote att... | | |
| CVE-2018-6104 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117... | | |
| CVE-2018-6105 | Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allow... | | |
| CVE-2018-6106 | An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.11... | | |
| CVE-2018-6107 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117... | | |
| CVE-2018-6108 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117... | | |
| CVE-2018-6109 | readAsText() can indefinitely read the file picked by the user, rather than only once at the time th... | | |
| CVE-2018-6110 | Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote atta... | | |
| CVE-2018-6111 | An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.... | | |
| CVE-2018-6112 | Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359... | | |
| CVE-2018-6113 | Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.... | | |
| CVE-2018-6114 | Incorrect enforcement of CSP for | | |
| CVE-2018-6115 | Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66... | | |
| CVE-2018-6116 | A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attack... | | |
| CVE-2018-6117 | Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to ... | | |
| CVE-2018-6118 | A double-eviction in the Incognito mode cache that lead to a user-after-free in cache in Google Chro... | | |
| CVE-2018-6119 | Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker t... | | |
| CVE-2018-6120 | An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in ... | | |
| CVE-2018-6121 | Insufficient validation of input in Blink in Google Chrome prior to 66.0.3359.170 allowed a remote a... | | |
| CVE-2018-6122 | Type confusion in WebAssembly in Google Chrome prior to 66.0.3359.139 allowed a remote attacker to p... | | |
| CVE-2018-6123 | A use after free in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potent... | | |
| CVE-2018-6124 | Type confusion in ReadableStreams in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote a... | | |
| CVE-2018-6125 | Insufficient policy enforcement in USB in Google Chrome on Windows prior to 67.0.3396.62 allowed a r... | | |
| CVE-2018-6126 | A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perfor... | E | |
| CVE-2018-6127 | Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attac... | | |
| CVE-2018-6128 | Incorrect URL parsing in WebKit in Google Chrome on iOS prior to 67.0.3396.62 allowed a remote attac... | | |
| CVE-2018-6129 | Out of bounds array access in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacke... | | |
| CVE-2018-6130 | Incorrect handling of object lifetimes in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a re... | | |
| CVE-2018-6131 | Object lifecycle issue in WebAssembly in Google Chrome prior to 67.0.3396.62 allowed a remote attack... | | |
| CVE-2018-6132 | Uninitialized data in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to obt... | | |
| CVE-2018-6133 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62 ... | | |
| CVE-2018-6134 | Information leak in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass... | | |
| CVE-2018-6135 | Lack of clearing the previous site before loading alerts from a new one in Blink in Google Chrome pr... | | |
| CVE-2018-6136 | Missing type check in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform... | | |
| CVE-2018-6137 | CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cros... | | |
| CVE-2018-6138 | Insufficient policy enforcement in Extensions API in Google Chrome prior to 67.0.3396.62 allowed an ... | | |
| CVE-2018-6139 | Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.339... | | |
| CVE-2018-6140 | Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.... | | |
| CVE-2018-6141 | Insufficient validation of an image filter in Skia in Google Chrome prior to 67.0.3396.62 allowed a ... | | |
| CVE-2018-6142 | Array bounds check failure in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to... | | |
| CVE-2018-6143 | Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to pe... | | |
| CVE-2018-6144 | Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perfo... | | |
| CVE-2018-6145 | Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote ... | | |
| CVE-2018-6147 | Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a... | | |
| CVE-2018-6148 | Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a... | | |
| CVE-2018-6149 | Type confusion in JavaScript in Google Chrome prior to 67.0.3396.87 allowed a remote attacker to per... | | |
| CVE-2018-6150 | Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 66.0.3359.117 allowed a remote... | | |
| CVE-2018-6151 | Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed a... | | |
| CVE-2018-6152 | The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as s... | | |
| CVE-2018-6153 | A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had c... | | |
| CVE-2018-6154 | Insufficient data validation in WebGL in Google Chrome prior to 68.0.3440.75 allowed a remote attack... | | |
| CVE-2018-6155 | Incorrect handling of frames in the VP8 parser in Google Chrome prior to 68.0.3440.75 allowed a remo... | | |
| CVE-2018-6156 | Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a re... | | |
| CVE-2018-6157 | Type confusion in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potenti... | | |
| CVE-2018-6158 | A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to poten... | | |
| CVE-2018-6159 | Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 68.0.3440.75 allowed a re... | | |
| CVE-2018-6160 | JavaScript alert handling in Prompts in Google Chrome prior to 68.0.3440.75 allowed a remote attacke... | | |
| CVE-2018-6161 | Insufficient policy enforcement in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote att... | | |
| CVE-2018-6162 | Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote att... | | |
| CVE-2018-6163 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 ... | | |
| CVE-2018-6164 | Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a... | | |
| CVE-2018-6165 | Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a remote ... | | |
| CVE-2018-6166 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 ... | | |
| CVE-2018-6167 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 ... | | |
| CVE-2018-6168 | Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to... | | |
| CVE-2018-6169 | Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 all... | | |
| CVE-2018-6170 | A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially... | | |
| CVE-2018-6171 | Use after free in Bluetooth in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced... | | |
| CVE-2018-6172 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 ... | | |
| CVE-2018-6173 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 ... | | |
| CVE-2018-6174 | Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.75 potentially allowed a remote... | | |
| CVE-2018-6175 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 ... | | |
| CVE-2018-6176 | Insufficient file type enforcement in Extensions API in Google Chrome prior to 68.0.3440.75 allowed ... | | |
| CVE-2018-6177 | Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to... | | |
| CVE-2018-6178 | Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed... | | |
| CVE-2018-6179 | Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chr... | | |
| CVE-2018-6180 | A flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an a... | E | |
| CVE-2018-6182 | Mahara 16.10 before 16.10.9 and 17.04 before 17.04.7 and 17.10 before 17.10.4 are vulnerable to bad ... | | |
| CVE-2018-6183 | BitDefender Total Security 2018 allows local users to gain privileges or cause a denial of service b... | | |
| CVE-2018-6184 | ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.... | | |
| CVE-2018-6185 | In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote acces... | M | |
| CVE-2018-6186 | Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an ... | | |
| CVE-2018-6187 | In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_docu... | E | |
| CVE-2018-6188 | django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allo... | S | |
| CVE-2018-6189 | F-Secure Radar (on-premises) before 2018-02-15 has XSS via vectors involving the Tags parameter in t... | | |
| CVE-2018-6190 | Netis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page.... | E | |
| CVE-2018-6191 | The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an integer overflow because of ... | E S | |
| CVE-2018-6192 | In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to... | E | |
| CVE-2018-6193 | A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, affecting the 'rtr' GET param... | E | |
| CVE-2018-6194 | A cross-site scripting (XSS) vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the S... | E S | |
| CVE-2018-6195 | admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images) befo... | E S | |
| CVE-2018-6196 | w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_blo... | E S | |
| CVE-2018-6197 | w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.... | E S | |
| CVE-2018-6198 | w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, ... | S | |
| CVE-2018-6200 | vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter.... | E | |
| CVE-2018-6201 | In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a deni... | E | |
| CVE-2018-6202 | In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a deni... | E | |
| CVE-2018-6203 | In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a deni... | E | |
| CVE-2018-6204 | In Max Secure Anti Virus 19.0.3.019,, the driver file (SDActMon.sys) allows local users to cause a d... | E | |
| CVE-2018-6205 | In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32.sys) allows local users to cau... | E | |
| CVE-2018-6206 | In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32.sys) allows local users to cau... | E | |
| CVE-2018-6207 | In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32.sys) allows local users to cau... | E | |
| CVE-2018-6208 | In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32.sys) allows local users to cau... | E | |
| CVE-2018-6209 | In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxCryptMon.sys) allows local users to cause ... | E | |
| CVE-2018-6210 | D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded roste... | | |
| CVE-2018-6211 | On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.... | E | |
| CVE-2018-6212 | On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.... | E | |
| CVE-2018-6213 | In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1... | E | |
| CVE-2018-6217 | The WStr::_alloc_iostr_data() function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978... | E | |
| CVE-2018-6218 | A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacke... | | |
| CVE-2018-6219 | An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an... | E | |
| CVE-2018-6220 | An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an att... | E S | |
| CVE-2018-6221 | An unvalidated software update vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow... | E S | |
| CVE-2018-6222 | Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to chang... | E S | |
| CVE-2018-6223 | A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Ga... | E S | |
| CVE-2018-6224 | A lack of cross-site request forgery (CSRF) protection vulnerability in Trend Micro Email Encryption... | E S | |
| CVE-2018-6225 | An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 cou... | E S | |
| CVE-2018-6226 | Reflected cross-site scripting (XSS) vulnerabilities in two Trend Micro Email Encryption Gateway 5.5... | E S | |
| CVE-2018-6227 | A stored cross-site scripting (XSS) vulnerability in Trend Micro Email Encryption Gateway 5.5 could ... | E S | |
| CVE-2018-6228 | A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allo... | E S | |
| CVE-2018-6229 | A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script coul... | E S | |
| CVE-2018-6230 | A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 search configuration sc... | E S | |
| CVE-2018-6231 | A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection ... | | |
| CVE-2018-6232 | A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018... | M | |
| CVE-2018-6233 | A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018... | M | |
| CVE-2018-6234 | An Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer... | M | |
| CVE-2018-6235 | An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer)... | M | |
| CVE-2018-6236 | A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Cons... | M | |
| CVE-2018-6237 | A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticat... | E | |
| CVE-2018-6239 | NVIDIA Jetson TX2 contains a vulnerability by means of speculative execution where local and unprivi... | | |
| CVE-2018-6240 | NVIDIA Tegra contains a vulnerability in BootRom where a user with kernel level privileges can write... | | |
| CVE-2018-6241 | NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input p... | | |
| CVE-2018-6242 | Some NVIDIA Tegra mobile processors released prior to 2016 contain a buffer overflow vulnerability i... | | |
| CVE-2018-6243 | NVIDIA Tegra TLK Widevine Trust Application contains a vulnerability in which missing the input para... | | |
| CVE-2018-6246 | In Android before the 2018-05-05 security patch level, NVIDIA Widevine Trustlet contains a vulnerabi... | | |
| CVE-2018-6247 | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) h... | | |
| CVE-2018-6248 | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for Dxgk... | | |
| CVE-2018-6249 | NVIDIA GPU Display Driver contains a vulnerability in kernel mode layer handler where a NULL pointer... | | |
| CVE-2018-6250 | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) h... | | |
| CVE-2018-6251 | NVIDIA Windows GPU Display Driver contains a vulnerability in the DirectX 10 Usermode driver, where ... | | |
| CVE-2018-6252 | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for Dxgk... | | |
| CVE-2018-6253 | NVIDIA GPU Display Driver contains a vulnerability in the DirectX and OpenGL Usermode drivers where ... | | |
| CVE-2018-6254 | In Android before the 2018-05-05 security patch level, NVIDIA Media Server contains an out-of-bounds... | | |
| CVE-2018-6257 | NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameS... | S | |
| CVE-2018-6258 | NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability during Gam... | S | |
| CVE-2018-6259 | NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameS... | S | |
| CVE-2018-6260 | NVIDIA graphics driver contains a vulnerability that may allow access to application data processed ... | | |
| CVE-2018-6261 | NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which se... | | |
| CVE-2018-6262 | NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where li... | | |
| CVE-2018-6263 | NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which... | S | |
| CVE-2018-6265 | NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application ... | S | |
| CVE-2018-6266 | NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a ... | S | |
| CVE-2018-6267 | NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software does not valid... | | |
| CVE-2018-6268 | NVIDIA Tegra library contains a vulnerability in libnvmmlite_video.so, where referencing memory afte... | | |
| CVE-2018-6269 | NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where input/output control (IOCTL) h... | | |
| CVE-2018-6271 | NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software delivers extra... | | |
| CVE-2018-6288 | Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gatew... | E | |
| CVE-2018-6289 | Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway vers... | E | |
| CVE-2018-6290 | Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1.... | E | |
| CVE-2018-6291 | WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1.... | E | |
| CVE-2018-6292 | Remote Code Execution in Saperion Web Client version 7.5.2 83166.... | | |
| CVE-2018-6293 | Arbitrary File Read in Saperion Web Client version 7.5.2 83166.... | | |
| CVE-2018-6294 | Unsecured way of firmware update in Hanwha Techwin Smartcams... | | |
| CVE-2018-6295 | Unencrypted way of remote control and communications in Hanwha Techwin Smartcams... | | |
| CVE-2018-6296 | An undocumented (hidden) capability for switching the web interface in Hanwha Techwin Smartcams... | | |
| CVE-2018-6297 | Buffer overflow in Hanwha Techwin Smartcams... | | |
| CVE-2018-6298 | Remote code execution in Hanwha Techwin Smartcams... | | |
| CVE-2018-6299 | Authentication bypass in Hanwha Techwin Smartcams... | | |
| CVE-2018-6300 | Remote password change in Hanwha Techwin Smartcams... | | |
| CVE-2018-6301 | Arbitrary camera access and monitoring via cloud in Hanwha Techwin Smartcams... | | |
| CVE-2018-6302 | Denial of service by blocking of new camera registration on the cloud server in Hanwha Techwin Smart... | | |
| CVE-2018-6303 | Denial of service by uploading malformed firmware in Hanwha Techwin Smartcams... | | |
| CVE-2018-6304 | Stack overflow in custom XML-parser in Gemalto's Sentinel LDK RTE version before 7.65 leads to remot... | | |
| CVE-2018-6305 | Denial of service in Gemalto's Sentinel LDK RTE version before 7.65... | | |
| CVE-2018-6306 | Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Pass... | | |
| CVE-2018-6307 | LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerabi... | | |
| CVE-2018-6308 | Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter... | E | |
| CVE-2018-6311 | One can gain root access on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 ... | | |
| CVE-2018-6312 | A privileged account with a weak default password on the Foxconn femtocell FEMTO AP-FC4064-T version... | | |
| CVE-2018-6313 | Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticated administrators to inject ar... | E | |
| CVE-2018-6315 | The outputSWF_TEXT_RECORD function (util/outputscript.c) in libming through 0.4.8 is vulnerable to a... | E | |
| CVE-2018-6316 | Ivanti Endpoint Security (formerly HEAT Endpoint Management and Security Suite) 8.5 Update 1 and ear... | | |
| CVE-2018-6317 | The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthen... | E | |
| CVE-2018-6318 | In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test... | | |
| CVE-2018-6319 | In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't c... | | |
| CVE-2018-6320 | A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX be... | | |
| CVE-2018-6321 | Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protec... | | |
| CVE-2018-6322 | Panda Global Protection 17.0.1 allows local users to gain privileges or cause a denial of service by... | | |
| CVE-2018-6323 | The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as ... | E | |
| CVE-2018-6324 | F-Secure Radar (on-premises) before 2018-02-15 has an Unvalidated Redirect via the ReturnUrl paramet... | | |
| CVE-2018-6328 | It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an auth... | E | |
| CVE-2018-6329 | It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be b... | E | |
| CVE-2018-6330 | Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version p... | E | |
| CVE-2018-6331 | Buck parser-cache command loads/saves state using Java serialized object. If the state information i... | S | |
| CVE-2018-6332 | A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cau... | | |
| CVE-2018-6333 | The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname paramet... | S | |
| CVE-2018-6334 | Multipart-file uploads call variables to be improperly registered in the global scope. In cases wher... | S | |
| CVE-2018-6335 | A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This b... | S | |
| CVE-2018-6336 | An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party... | E | |
| CVE-2018-6337 | folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. T... | S | |
| CVE-2018-6339 | When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for th... | | |
| CVE-2018-6340 | The Memcache::getextendedstats function can be used to trigger an out-of-bounds read. Exploiting thi... | S | |
| CVE-2018-6341 | React applications which rendered to HTML using the ReactDOMServer API were not escaping user-suppli... | | |
| CVE-2018-6342 | react-dev-utils on Windows allows developers to run a local webserver for accepting various commands... | | |
| CVE-2018-6343 | Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can ca... | S | |
| CVE-2018-6344 | A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is est... | E | |
| CVE-2018-6345 | The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_poi... | S | |
| CVE-2018-6346 | A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings (spe... | S | |
| CVE-2018-6347 | An issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-servi... | S | |
| CVE-2018-6349 | When receiving calls using WhatsApp for Android, a missing size check when parsing a sender-provided... | | |
| CVE-2018-6350 | An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. Th... | | |
| CVE-2018-6352 | In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of b... | | |
| CVE-2018-6353 | The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code wi... | E | |
| CVE-2018-6354 | templates/forms/thanks.html in Formspree before 2018-01-23 allows XSS related to the _next parameter... | E | |
| CVE-2018-6355 | /goform/setLang on iBall 300M devices with "iB-WRB302N_1.0.1-Sep 8 2017" firmware has Unauthenticate... | E | |
| CVE-2018-6356 | Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative path... | S | |
| CVE-2018-6357 | The acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin be... | E | |
| CVE-2018-6358 | The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-base... | | |
| CVE-2018-6359 | The decompileIF function (util/decompile.c) in libming through 0.4.8 is vulnerable to a use-after-fr... | E | |
| CVE-2018-6360 | mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because... | E S | |
| CVE-2018-6361 | Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the op parameter, as demonstrated by adding... | E | |
| CVE-2018-6362 | Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the domainop action parameter, as demonstra... | E | |
| CVE-2018-6363 | SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter.... | E | |
| CVE-2018-6364 | SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php s... | E | |
| CVE-2018-6365 | SQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site.php, /pagelist.php, or /page_... | E | |
| CVE-2018-6367 | SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.p... | E | |
| CVE-2018-6368 | SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in ... | E | |
| CVE-2018-6370 | SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name o... | E | |
| CVE-2018-6372 | SQL Injection exists in the JB Bus 2.3 component for Joomla! via the order_number parameter.... | E | |
| CVE-2018-6373 | SQL Injection exists in the Fastball 2.5 component for Joomla! via the season parameter in a view=pl... | E | |
| CVE-2018-6374 | The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x ... | | |
| CVE-2018-6376 | In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL in... | | |
| CVE-2018-6377 | In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in m... | | |
| CVE-2018-6378 | In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS att... | | |
| CVE-2018-6379 | In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS... | | |
| CVE-2018-6380 | In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the ... | | |
| CVE-2018-6381 | In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58,... | E | |
| CVE-2018-6382 | MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/s... | | |
| CVE-2018-6383 | Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) ... | E | |
| CVE-2018-6384 | Unquoted Windows search path vulnerability in NSClient++ before 0.4.1.73 allows non-privileged local... | E | |
| CVE-2018-6387 | iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded password of admin for the ad... | E | |
| CVE-2018-6388 | iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote authenticated users to execute a... | E | |
| CVE-2018-6389 | In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consum... | E | |
| CVE-2018-6390 | The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not val... | E | |
| CVE-2018-6391 | A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 device... | E | |
| CVE-2018-6392 | The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attack... | S | |
| CVE-2018-6393 | FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection... | E | |
| CVE-2018-6394 | SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a v... | E | |
| CVE-2018-6395 | SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! via the id parameter in a vi... | E | |
| CVE-2018-6396 | SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or... | E | |
| CVE-2018-6397 | Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla! via the list.php fold... | E | |
| CVE-2018-6398 | SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a ... | E | |
| CVE-2018-6400 | Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain privileges or cause a denial of serv... | | |
| CVE-2018-6401 | Meross MSS110 devices before 1.1.24 contain a TELNET listener providing access for an undocumented a... | E | |
| CVE-2018-6402 | Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and connect to an unencrypted Wi-Fi... | E | |
| CVE-2018-6405 | In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, ... | E S | |
| CVE-2018-6406 | The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does no... | | |
| CVE-2018-6407 | An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. An unauthenticated attack... | | |
| CVE-2018-6408 | An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. CSRF exists in hy-cgi/use... | | |
| CVE-2018-6409 | An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored fi... | E | |
| CVE-2018-6410 | An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via... | E | |
| CVE-2018-6411 | An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklis... | E | |
| CVE-2018-6412 | In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4... | S | |
| CVE-2018-6413 | There is a buffer overflow in the Hikvision Camera DS-2CD9111-S of V4.1.2 build 160203 and before, a... | | |
| CVE-2018-6414 | A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to... | | |
| CVE-2018-6433 | A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f... | | |
| CVE-2018-6434 | A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, ... | | |
| CVE-2018-6435 | A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) version... | | |
| CVE-2018-6436 | A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) ve... | | |
| CVE-2018-6437 | A Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions befor... | | |
| CVE-2018-6438 | A Vulnerability in the supportsave command of Brocade Fabric OS command line interface (CLI) version... | | |
| CVE-2018-6439 | A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) vers... | | |
| CVE-2018-6440 | A vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4... | M | |
| CVE-2018-6441 | A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8... | | |
| CVE-2018-6442 | A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8... | | |
| CVE-2018-6443 | A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, re... | | |
| CVE-2018-6444 | A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticat... | | |
| CVE-2018-6445 | A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticat... | | |
| CVE-2018-6446 | A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, rem... | | |
| CVE-2018-6447 | A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Bro... | | |
| CVE-2018-6448 | A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v... | | |
| CVE-2018-6449 | Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions b... | | |
| CVE-2018-6458 | Easy Hosting Control Panel (EHCP) v0.37.12.b allows remote attackers to conduct cross-site request f... | E | |
| CVE-2018-6459 | The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan... | | |
| CVE-2018-6460 | Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. The web server uses... | E | |
| CVE-2018-6461 | March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Inse... | E | |
| CVE-2018-6462 | Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB c... | S | |
| CVE-2018-6464 | Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrat... | E | |
| CVE-2018-6465 | The PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin... | | |
| CVE-2018-6466 | A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPr... | E | |
| CVE-2018-6467 | The flickrRSS plugin 5.3.1 for WordPress has CSRF via wp-admin/options-general.php.... | E | |
| CVE-2018-6468 | A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPr... | E | |
| CVE-2018-6469 | A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPr... | E | |
| CVE-2018-6470 | Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each directory, causing DS_Store informati... | | |
| CVE-2018-6471 | In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users t... | | |
| CVE-2018-6472 | In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users t... | | |
| CVE-2018-6473 | In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users t... | | |
| CVE-2018-6474 | In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users t... | | |
| CVE-2018-6475 | In SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe allows DLL hijacking, leading ... | | |
| CVE-2018-6476 | In SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS driver allows privilege escalation... | | |
| CVE-2018-6479 | An issue was discovered on Netwave IP Camera devices. An unauthenticated attacker can crash a device... | E | |
| CVE-2018-6480 | A type confusion issue was discovered in CCN-lite 2, leading to a memory access violation and a fail... | | |
| CVE-2018-6481 | A buffer overflow vulnerability in the control protocol of Disk Savvy Enterprise v10.4.18 allows rem... | E | |
| CVE-2018-6484 | In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer... | E | |
| CVE-2018-6485 | An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C L... | S | |
| CVE-2018-6486 | MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection | | |
| CVE-2018-6487 | MFSBGN03799 rev.1 - Micro Focus UCMDB, Remote Disclosure of Information | | |
| CVE-2018-6488 | MFSBGN03798 rev.1 - Micro Focus Universal CMDB, Apache Struts Instance | | |
| CVE-2018-6489 | XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, vers... | | |
| CVE-2018-6490 | MFSBGN03801 rev.1 - Micro Focus Operations Orchestration, Remote Denial of Service (DoS) | | |
| CVE-2018-6491 | MFSBGN03803 rev.1 - UCMDB, Installation File Access Control Privilege Escalation Vulnerability | | |
| CVE-2018-6492 | MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities | | |
| CVE-2018-6493 | MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities | | |
| CVE-2018-6494 | MFSBGN03807 rev.1 - HP Service Manager Software, Multiple Vulnerabilities | | |
| CVE-2018-6495 | MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting | | |
| CVE-2018-6496 | MFSBGN03809 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF | | |
| CVE-2018-6497 | MFSBGN03810 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF | | |
| CVE-2018-6498 | Micro Focus Container Deployment Foundation (CDF), Remote Code Execution | | |
| CVE-2018-6499 | Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.... | | |
| CVE-2018-6500 | MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability | | |
| CVE-2018-6501 | Potential security vulnerability of Insufficient Access Controls has been identified in ArcSight Man... | | |
| CVE-2018-6502 | MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability | | |
| CVE-2018-6503 | MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability | | |
| CVE-2018-6504 | MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability | | |
| CVE-2018-6505 | MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability | | |
| CVE-2018-6506 | Cross-Site Scripting (XSS) exists in the Add Forum feature in the Administrative Panel in miniBB 3.2... | E | |
| CVE-2018-6508 | Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a special... | | |
| CVE-2018-6510 | XSS Vulnerability in Puppet Enterprise Console | | |
| CVE-2018-6511 | XSS Vulnerability in Puppet Enterprise Console | | |
| CVE-2018-6512 | The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgradi... | | |
| CVE-2018-6513 | Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet ... | | |
| CVE-2018-6514 | In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior... | | |
| CVE-2018-6515 | Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prio... | | |
| CVE-2018-6516 | On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE clie... | | |
| CVE-2018-6517 | Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unkno... | | |
| CVE-2018-6518 | Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 reque... | E | |
| CVE-2018-6519 | The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regul... | | |
| CVE-2018-6520 | SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism ... | | |
| CVE-2018-6521 | The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates ... | E | |
| CVE-2018-6522 | In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKRgFtXp.SYS) allows local users to cause a d... | | |
| CVE-2018-6523 | In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a den... | | |
| CVE-2018-6524 | In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a den... | | |
| CVE-2018-6525 | In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a den... | | |
| CVE-2018-6526 | view_all_bug_page.php in MantisBT 2.10.0-development before 2018-02-02 allows remote attackers to di... | | |
| CVE-2018-6527 | XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 ... | E | |
| CVE-2018-6528 | XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and p... | E | |
| CVE-2018-6529 | XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and pr... | E | |
| CVE-2018-6530 | OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_... | KEV E | |
| CVE-2018-6532 | An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted (authenticated and... | | |
| CVE-2018-6533 | An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be ... | | |
| CVE-2018-6534 | An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attac... | | |
| CVE-2018-6535 | An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison... | | |
| CVE-2018-6536 | An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dr... | | |
| CVE-2018-6537 | A buffer overflow vulnerability in the control protocol of Flexense SyncBreeze Enterprise v10.4.18 a... | E | |
| CVE-2018-6538 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2018-6540 | In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_... | E | |
| CVE-2018-6541 | In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling di... | E | |
| CVE-2018-6542 | In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loadi... | E | |
| CVE-2018-6543 | In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in o... | E | |
| CVE-2018-6544 | pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursi... | E | |
| CVE-2018-6545 | Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability, as demonstr... | E | |
| CVE-2018-6546 | plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation... | E | |
| CVE-2018-6547 | plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation... | | |
| CVE-2018-6548 | A use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initia... | E | |
| CVE-2018-6550 | Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a ... | E S | |
| CVE-2018-6551 | The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on po... | | |
| CVE-2018-6552 | Apport treats the container PID as the global PID when /proc/ | | |
| CVE-2018-6553 | AppArmor cupsd Sandbox Bypass Due to Use of Hard Links | | |
| CVE-2018-6554 | Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af... | S | |
| CVE-2018-6555 | The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c i... | S | |
| CVE-2018-6556 | The lxc-user-nic component of LXC allows unprivileged users to open arbitrary files | S | |
| CVE-2018-6557 | Insecure temporary file use in base-files | | |
| CVE-2018-6558 | The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary gro... | S | |
| CVE-2018-6559 | The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names o... | E | |
| CVE-2018-6560 | In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D... | S | |
| CVE-2018-6561 | dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.... | E | |
| CVE-2018-6562 | totemomail Encryption Gateway before 6.0_b567 allows remote attackers to obtain sensitive informatio... | | |
| CVE-2018-6563 | Multiple cross-site request forgery (CSRF) vulnerabilities in totemomail Encryption Gateway before 6... | E | |
| CVE-2018-6569 | West Wind Web Server 6.x does not require authentication for /ADMIN.ASP.... | M | |
| CVE-2018-6574 | Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" re... | E | |
| CVE-2018-6575 | SQL Injection exists in the JEXTN Classified 1.0.0 component for Joomla! via a view=boutique&sid= re... | E | |
| CVE-2018-6576 | SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parame... | E | |
| CVE-2018-6577 | SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter ... | E | |
| CVE-2018-6578 | SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter in... | E | |
| CVE-2018-6579 | SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products&ui... | E | |
| CVE-2018-6580 | Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view=upload&... | E | |
| CVE-2018-6581 | SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, art... | E | |
| CVE-2018-6582 | SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for Joomla! via the id parameter in a get... | E | |
| CVE-2018-6583 | SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event... | E | |
| CVE-2018-6584 | SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request.... | E | |
| CVE-2018-6585 | SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via a view=events action with a ... | E | |
| CVE-2018-6586 | CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerabil... | S | |
| CVE-2018-6587 | CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnera... | S | |
| CVE-2018-6588 | CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnera... | S | |
| CVE-2018-6589 | CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers t... | | |
| CVE-2018-6590 | CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site... | | |
| CVE-2018-6591 | Converse.js and Inverse.js through 3.3 allow remote attackers to obtain sensitive information becaus... | M | |
| CVE-2018-6592 | Unisys Stealth 3.3 Windows endpoints before 3.3.016.1 allow local users to gain access to Stealth-en... | | |
| CVE-2018-6593 | An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper access control in zam32.sys a... | E | |
| CVE-2018-6594 | lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, whi... | E | |
| CVE-2018-6596 | webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone to a timing attack vulnerabil... | S | |
| CVE-2018-6597 | The Alcatel A30 device with a build fingerprint of TCL/5046G/MICKEY6US:7.0/NRD90M/J63:user/release-k... | | |
| CVE-2018-6598 | An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys d... | | |
| CVE-2018-6599 | An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys d... | | |
| CVE-2018-6603 | Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response Splitti... | | |
| CVE-2018-6604 | SQL Injection exists in the Zh YandexMap 6.2.1.0 component for Joomla! via the id parameter in a tas... | E | |
| CVE-2018-6605 | SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getP... | E | |
| CVE-2018-6606 | An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper access control in zam32.sys a... | E | |
| CVE-2018-6608 | In the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather com... | | |
| CVE-2018-6609 | SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via the ticketcode parameter in a ... | E | |
| CVE-2018-6610 | Information Leakage exists in the jLike 1.0 component for Joomla! via a task=getUserByCommentId requ... | E | |
| CVE-2018-6611 | soundlib/Load_stp.cpp in OpenMPT through 1.27.04.00, and libopenmpt before 0.3.6, has an out-of-boun... | S | |
| CVE-2018-6612 | An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap... | | |
| CVE-2018-6616 | In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c.... | E | |
| CVE-2018-6617 | Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a local MySQL server, allows attackers to c... | E | |
| CVE-2018-6618 | Easy Hosting Control Panel (EHCP) v0.37.12.b allows attackers to obtain sensitive information by lev... | E | |
| CVE-2018-6619 | Easy Hosting Control Panel (EHCP) v0.37.12.b makes it easier for attackers to crack database passwor... | E | |
| CVE-2018-6620 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2018-6621 | The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers t... | S | |
| CVE-2018-6622 | An issue was discovered that affects all producers of BIOS firmware who make a certain realistic int... | | |
| CVE-2018-6623 | An issue was discovered in Hola 1.79.859. An unprivileged user could modify or overwrite the executa... | | |
| CVE-2018-6624 | OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct reques... | | |
| CVE-2018-6625 | In WatchDog Anti-Malware 2.74.186.150, the driver file (ZAMGUARD32.SYS) allows local users to cause ... | E | |
| CVE-2018-6626 | In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local... | E | |
| CVE-2018-6627 | In WatchDog Anti-Malware 2.74.186.150, the driver file (ZAMGUARD32.SYS) allows local users to cause ... | E | |
| CVE-2018-6628 | In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local... | E | |
| CVE-2018-6629 | In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local... | E | |
| CVE-2018-6630 | In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local... | E | |
| CVE-2018-6631 | In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110009.sys) allows local... | E | |
| CVE-2018-6632 | In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local... | E | |
| CVE-2018-6633 | In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local... | E | |
| CVE-2018-6634 | A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1 allo... | | |
| CVE-2018-6635 | System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authenticati... | | |
| CVE-2018-6638 | A stack-based buffer overflow (Remote Code Execution) issue was discovered in Design Science MathTyp... | E | |
| CVE-2018-6639 | An out-of-bounds write (Remote Code Execution) issue was discovered in Design Science MathType 6.9c.... | E | |
| CVE-2018-6640 | A Heap Overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafte... | E | |
| CVE-2018-6641 | An Arbitrary Free (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Craf... | E | |
| CVE-2018-6643 | Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter... | E | |
| CVE-2018-6644 | SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null pointer (DoS) vulnerability via a crafted P... | E | |
| CVE-2018-6651 | In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, ... | S | |
| CVE-2018-6653 | comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used in SSLOBJ on HPE NonStop SSL T091... | | |
| CVE-2018-6654 | The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover authenticat... | E | |
| CVE-2018-6655 | PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an arbitrary profile field.... | E | |
| CVE-2018-6656 | Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as demonstrated by deleting file... | E S | |
| CVE-2018-6659 | SB10228 ePO Reflected Cross-Site Scripting vulnerability | | |
| CVE-2018-6660 | SB10228 ePO Directory Traversal vulnerability | | |
| CVE-2018-6661 | TS102801 True Key DLL Side-Loading vulnerability | | |
| CVE-2018-6662 | SB10232 - McAfee Management of Native Encryption (MNE) - Privilege Escalation vulnerability | | |
| CVE-2018-6664 | SB10233 - Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 - Application Protections Bypass vulnerability | | |
| CVE-2018-6667 | McAfee Web Gateway - Authentication Bypass vulnerability | | |
| CVE-2018-6668 | Bypass Application Control with simple DLL | S | |
| CVE-2018-6669 | Bypass Application Control through an ASP.NET form | S | |
| CVE-2018-6670 | External Entity Attack vulnerability in McAfee Common UI (CUI) | | |
| CVE-2018-6671 | SB10240 - ePolicy Orchestrator (ePO) - Application Protection Bypass vulnerability | E | |
| CVE-2018-6672 | SB10240 - ePolicy Orchestrator (ePO) - Information disclosure vulnerablity | | |
| CVE-2018-6674 | Privilege escalation vulnerability in McAfee VSE when McTray run with elevated privileges | | |
| CVE-2018-6677 | McAfee Web Gateway (MWG) - Directory Traversal vulnerability | | |
| CVE-2018-6678 | McAfee Web Gateway (MWG) - Configuration/Environment manipulation vulnerability | | |
| CVE-2018-6681 | SB10244 - Network Security Management (NSM) - Abuse of Functionality vulnerability | | |
| CVE-2018-6682 | True Key (TK) - Cross Site Scripting Exposure | | |
| CVE-2018-6683 | - Data Loss Prevention (DLP) for Windows - Exploiting Incorrectly Configured Access Control Security Levels vulnerability | | |
| CVE-2018-6686 | Drive Encryption (MDE) - Authentication Bypass vulnerability | | |
| CVE-2018-6687 | GetSusp (a free McAfee tool) update fixes an infinite loop vulnerability (CVE-2018-6687) | | |
| CVE-2018-6689 | Data Loss Prevention Endpoint (DLPe) - Authentication Bypass vulnerability | | |
| CVE-2018-6690 | McAfee Application Control (MAC) - Whitelist bypass using a hard drive solidified by MACC | | |
| CVE-2018-6692 | Wemo Insight Smart Plug - Remote Code Execution vulnerability | | |
| CVE-2018-6693 | Endpoint Security for Linux Threat Prevention (ENSLTP) privilege escalation vulnerability | | |
| CVE-2018-6695 | Threat Intelligence Exchange Server (TIE Server) SSH host keys generation vulnerability | | |
| CVE-2018-6700 | True Key (TK) - DLL Search Order Hijacking vulnerability | | |
| CVE-2018-6703 | Remote Logging functionality had a use after free vulnerability in McAfee Agent | M | |
| CVE-2018-6704 | McAfee Agent for Linux Privilege Escalation vulnerability | S | |
| CVE-2018-6705 | McAfee Agent (MA) for Linux Privilege Escalation vulnerability | S | |
| CVE-2018-6706 | McAfee Agent (MA) non-Windows versions incorrect use of temporary file vulnerability | S | |
| CVE-2018-6707 | McAfee Agent Insecure usage of temporary files vulnerability | S | |
| CVE-2018-6755 | True Key (TK) Windows Client - Weak Directory Permission Vulnerability | E | |
| CVE-2018-6756 | True Key (TK) Windows Client - Authentication Abuse vulnerability | E | |
| CVE-2018-6757 | True Key (TK) Windows Client - Privilege Escalation vulnerability | E | |
| CVE-2018-6758 | The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffe... | S | |
| CVE-2018-6759 | The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka ... | | |
| CVE-2018-6764 | util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which al... | S | |
| CVE-2018-6765 | Swisscom MySwisscomAssistant 2.17.1.1065 contains a vulnerability that could allow an unauthenticate... | | |
| CVE-2018-6766 | Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that could allow an unauthenticated, remote... | | |
| CVE-2018-6767 | A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5... | E S | |
| CVE-2018-6768 | In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denia... | E | |
| CVE-2018-6769 | In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denia... | E | |
| CVE-2018-6770 | In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denia... | E | |
| CVE-2018-6771 | In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denia... | E | |
| CVE-2018-6772 | In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denia... | E | |
| CVE-2018-6773 | In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denia... | E | |
| CVE-2018-6774 | In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denia... | E | |
| CVE-2018-6775 | In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denia... | E | |
| CVE-2018-6776 | In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denia... | E | |
| CVE-2018-6777 | In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of... | E | |
| CVE-2018-6778 | In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denia... | E | |
| CVE-2018-6779 | In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denia... | E | |
| CVE-2018-6780 | In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denia... | E | |
| CVE-2018-6781 | In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denia... | E | |
| CVE-2018-6782 | In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denia... | E | |
| CVE-2018-6783 | In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denia... | E | |
| CVE-2018-6784 | In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denia... | E | |
| CVE-2018-6785 | In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denia... | E | |
| CVE-2018-6786 | In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of... | E | |
| CVE-2018-6787 | In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of... | E | |
| CVE-2018-6788 | In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of... | E | |
| CVE-2018-6789 | An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sendi... | KEV E S | |
| CVE-2018-6790 | An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificatio... | | |
| CVE-2018-6791 | An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12... | | |
| CVE-2018-6792 | Multiple SQL injection vulnerabilities in Saifor CVMS HUB 1.3.1 allow an authenticated user to execu... | | |
| CVE-2018-6794 | Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.... | E S | |
| CVE-2018-6795 | PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every profile input field.... | E | |
| CVE-2018-6796 | PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored XSS via every profile input fie... | E | |
| CVE-2018-6797 | An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-bas... | S | |
| CVE-2018-6798 | An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expre... | | |
| CVE-2018-6799 | The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote... | S | |
| CVE-2018-6806 | Marked 2 through 2.5.11 allows remote attackers to read arbitrary files via a crafted HTML document ... | E | |
| CVE-2018-6808 | NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow rem... | | |
| CVE-2018-6809 | NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow rem... | | |
| CVE-2018-6810 | Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway... | | |
| CVE-2018-6811 | Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12... | S | |
| CVE-2018-6817 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-6818 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-6819 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-6820 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-6821 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-6822 | In PureVPN 6.0.1 on macOS, HelperTool LaunchDaemon implements an unprotected XPC service that can be... | | |
| CVE-2018-6823 | In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool L... | | |
| CVE-2018-6824 | Cozy version 2 has XSS allowing remote attackers to obtain administrative access via JavaScript code... | E | |
| CVE-2018-6825 | An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH server exists with a hardcoded... | E | |
| CVE-2018-6826 | An issue was discovered on VOBOT CLOCK before 0.99.30 devices. Cleartext HTTP is used to download a ... | E | |
| CVE-2018-6827 | VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates from SSL servers, which allows m... | E | |
| CVE-2018-6829 | cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly enco... | E | |
| CVE-2018-6830 | Directory traversal vulnerability in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 an... | E | |
| CVE-2018-6831 | The setSystemTime function in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earli... | E | |
| CVE-2018-6832 | Stack-based buffer overflow in the getSWFlag function in Foscam Cameras C1 Lite V3, and C1 V3 with f... | E | |
| CVE-2018-6834 | static/js/pad_utils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href.... | S | |
| CVE-2018-6835 | node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote ... | S | |
| CVE-2018-6836 | The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a fre... | E S | |
| CVE-2018-6842 | Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which a crafted URL results in improper co... | | |
| CVE-2018-6843 | Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface.... | | |
| CVE-2018-6844 | MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen.... | | |
| CVE-2018-6845 | PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the Leave Comment field.... | E | |
| CVE-2018-6846 | Z-BlogPHP 1.5.1 allows remote attackers to discover the full path via a direct request to zb_system/... | | |
| CVE-2018-6849 | In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather compl... | E | |
| CVE-2018-6851 | Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt bef... | E S | |
| CVE-2018-6852 | Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt bef... | E S | |
| CVE-2018-6853 | Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt bef... | E S | |
| CVE-2018-6854 | Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt bef... | E S | |
| CVE-2018-6855 | Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt bef... | E S | |
| CVE-2018-6856 | Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt bef... | E S | |
| CVE-2018-6857 | Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt bef... | E S | |
| CVE-2018-6858 | Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone Script.... | E | |
| CVE-2018-6859 | SQL Injection exists in PHP Scripts Mall Schools Alert Management Script 2.0.2 via the Login Paramet... | E | |
| CVE-2018-6860 | Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management S... | E | |
| CVE-2018-6861 | Cross Site Scripting (XSS) exists in PHP Scripts Mall Lawyer Search Script 1.0.2 via a profile updat... | E | |
| CVE-2018-6862 | Cross Site Scripting (XSS) exists in PHP Scripts Mall Bitcoin MLM Software 1.0.2 via a profile field... | E | |
| CVE-2018-6863 | SQL Injection exists in PHP Scripts Mall Select Your College Script 2.0.2 via a Login Parameter.... | E | |
| CVE-2018-6864 | Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi religion Responsive Matrimonial 4.7.2 vi... | E | |
| CVE-2018-6866 | Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and Examination Management System Scr... | E | |
| CVE-2018-6867 | Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone Script 1.0.2 via a profile param... | E | |
| CVE-2018-6868 | Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3... | E | |
| CVE-2018-6869 | In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_... | E S | |
| CVE-2018-6870 | Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 via the Listings Search feature... | E | |
| CVE-2018-6871 | LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =W... | E S | |
| CVE-2018-6872 | The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as d... | E S | |
| CVE-2018-6873 | The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audie... | | |
| CVE-2018-6874 | CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled... | | |
| CVE-2018-6875 | Format String vulnerability in KeepKey version 4.0.0 allows attackers to trigger information display... | | |
| CVE-2018-6876 | The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ImageMagick 7.0.7-22 Q16 and... | E | |
| CVE-2018-6878 | Cross Site Scripting (XSS) exists in the review section in PHP Scripts Mall Hot Scripts Clone Script... | E | |
| CVE-2018-6879 | PHP Scripts Mall Website Seller Script 2.0.3 uses the client side to enforce validation of an e-mail... | E | |
| CVE-2018-6880 | EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full path via an array value for a... | E | |
| CVE-2018-6881 | EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter t... | E | |
| CVE-2018-6882 | Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimb... | KEV E | |
| CVE-2018-6883 | Piwigo before 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags ar... | | |
| CVE-2018-6885 | An issue was discovered in MicroStrategy Web Services (the Microsoft Office plugin) before 10.4 Hotf... | | |
| CVE-2018-6888 | An issue was discovered in Typesetter 5.1. The User Permissions page (aka Admin/Users) suffers from ... | E | |
| CVE-2018-6889 | An issue was discovered in Typesetter 5.1. It suffers from a Host header injection vulnerability, Us... | E | |
| CVE-2018-6890 | Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via the page editing feature, as demons... | E | |
| CVE-2018-6891 | Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a jQuery.ajax request to ng-payment_... | E | |
| CVE-2018-6892 | An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connec... | E | |
| CVE-2018-6893 | controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,... | | |
| CVE-2018-6900 | PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name field on the My Profile page.... | E | |
| CVE-2018-6902 | PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name field in an Edit Profile actio... | E | |
| CVE-2018-6903 | PHP Scripts Mall Hot Scripts Clone Script Classified v3.1 uses the client side to enforce validation... | E | |
| CVE-2018-6904 | PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action.... | E | |
| CVE-2018-6905 | The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['s... | E S | |
| CVE-2018-6906 | A persistent Cross Site Scripting (XSS) vulnerability in the Green Electronics RainMachine Mini-8 (2... | E | |
| CVE-2018-6907 | A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd G... | E | |
| CVE-2018-6908 | An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 (2nd Gener... | E | |
| CVE-2018-6909 | A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and To... | E | |
| CVE-2018-6910 | DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downm... | E | |
| CVE-2018-6911 | The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to ... | E | |
| CVE-2018-6912 | The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers... | | |
| CVE-2018-6913 | Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attac... | | |
| CVE-2018-6914 | Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.... | S | |
| CVE-2018-6916 | In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, 10.4-RELEASE-p7, and 10.3-RELEASE-p28, ... | S | |
| CVE-2018-6917 | In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, i... | | |
| CVE-2018-6918 | In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, t... | | |
| CVE-2018-6919 | In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, d... | M | |
| CVE-2018-6920 | In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9,... | | |
| CVE-2018-6921 | In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to insufficient initialization of m... | | |
| CVE-2018-6922 | One of the data structures that holds TCP segments in all versions of FreeBSD prior to 11.2-RELEASE-... | S | |
| CVE-2018-6923 | In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vul... | M | |
| CVE-2018-6924 | In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4-STABLE, and 10.4-RELEASE-p12,... | S | |
| CVE-2018-6925 | In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985), and... | S | |
| CVE-2018-6926 | In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a... | S | |
| CVE-2018-6927 | The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attacker... | S | |
| CVE-2018-6928 | PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a search term.... | E | |
| CVE-2018-6930 | A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c fil... | | |
| CVE-2018-6934 | CSRF exists in student/personal-info in PHP Scripts Mall Online Tutoring Script 2.0.3.... | E | |
| CVE-2018-6935 | PHP Scripts Mall Student Profile Management System Script v2.0.6 has XSS via the Name field to list_... | E | |
| CVE-2018-6936 | Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user ... | E | |
| CVE-2018-6940 | A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be ... | E | |
| CVE-2018-6941 | A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be... | E | |
| CVE-2018-6942 | An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATIO... | S | |
| CVE-2018-6943 | core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site ... | E | |
| CVE-2018-6944 | core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site s... | E | |
| CVE-2018-6947 | An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS libr... | E | |
| CVE-2018-6948 | In CCN-lite 2, the function ccnl_prefix_to_str_detailed can cause a buffer overflow, when writing a ... | | |
| CVE-2018-6951 | An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a... | S | |
| CVE-2018-6952 | A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.... | | |
| CVE-2018-6953 | In CCN-lite 2, the Parser of NDNTLV does not verify whether a certain component's length field match... | | |
| CVE-2018-6954 | systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components,... | E S | |
| CVE-2018-6957 | VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a deni... | | |
| CVE-2018-6958 | VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-ba... | | |
| CVE-2018-6959 | VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session ... | | |
| CVE-2018-6960 | VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow... | | |
| CVE-2018-6961 | VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerabilit... | KEV E | |
| CVE-2018-6962 | VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a loc... | | |
| CVE-2018-6963 | VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-s... | S | |
| CVE-2018-6964 | VMware Horizon Client for Linux (4.x before 4.8.0 and prior) contains a local privilege escalation v... | | |
| CVE-2018-6965 | VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x be... | | |
| CVE-2018-6966 | VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x be... | | |
| CVE-2018-6967 | VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x be... | | |
| CVE-2018-6968 | The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.... | | |
| CVE-2018-6969 | VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Su... | S | |
| CVE-2018-6970 | VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and... | S | |
| CVE-2018-6971 | VMware Horizon View Agents (7.x.x before 7.5.1) contain a local information disclosure vulnerability... | | |
| CVE-2018-6972 | VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-20... | S | |
| CVE-2018-6973 | VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds wri... | | |
| CVE-2018-6974 | VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi60... | S | |
| CVE-2018-6975 | The AirWatch Agent for iOS prior to 5.8.1 contains a data protection vulnerability whereby the files... | | |
| CVE-2018-6976 | The VMware Content Locker for iOS prior to 4.14 contains a data protection vulnerability in the SQLi... | | |
| CVE-2018-6977 | VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial... | M | |
| CVE-2018-6978 | vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.1... | S | |
| CVE-2018-6979 | The VMware Workspace ONE Unified Endpoint Management Console (A/W Console) 9.7.x prior to 9.7.0.3, 9... | | |
| CVE-2018-6980 | VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due... | S | |
| CVE-2018-6981 | VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMwar... | | |
| CVE-2018-6982 | VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contai... | | |
| CVE-2018-6983 | VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and Fusion (11.x before 11.0.2 and 10... | | |
| CVE-2018-6985 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-6986 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-6987 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-6988 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-6989 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-6990 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-6991 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-6992 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-6993 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-6994 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-6995 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-6996 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-6997 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-6998 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-6999 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R |