| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2018-7000 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7001 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7002 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7003 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7004 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7005 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7006 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7007 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7008 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7009 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7010 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7011 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7012 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7013 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7014 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7015 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7016 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7017 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7018 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7019 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7020 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7021 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7022 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7023 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7024 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7025 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7026 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7027 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7028 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7029 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7030 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7031 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2018-7032 | webcheckout in myrepos through 1.20171231 does not sanitize URLs that are passed to git clone, allow... | E S | |
| CVE-2018-7033 | SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmD... | S | |
| CVE-2018-7034 | TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01, and TEW733GR v1.03B01 devices allow authentication... | E | |
| CVE-2018-7035 | Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (us... | E | |
| CVE-2018-7039 | CCN-lite 2.0.0 Beta allows remote attackers to cause a denial of service (buffer overflow) or possib... | | |
| CVE-2018-7046 | Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to ... | E | |
| CVE-2018-7047 | An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system... | | |
| CVE-2018-7048 | An issue was discovered in Wowza Streaming Engine before 4.7.1. There is a denial of service (memory... | | |
| CVE-2018-7049 | An issue was discovered in Wowza Streaming Engine before 4.7.1. There is an XSS vulnerability in the... | | |
| CVE-2018-7050 | An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occ... | M | |
| CVE-2018-7051 | An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could resul... | M | |
| CVE-2018-7052 | An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exc... | M | |
| CVE-2018-7053 | An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when... | M | |
| CVE-2018-7054 | An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when... | M | |
| CVE-2018-7055 | GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the url parameter.... | E | |
| CVE-2018-7056 | RoomWizard before 4.4.x allows remote attackers to obtain potentially sensitive information about IP... | E | |
| CVE-2018-7057 | RoomWizard before 4.4.x allows XSS via the HelpAction.action pageName parameter.... | E | |
| CVE-2018-7058 | Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulne... | | |
| CVE-2018-7059 | Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actio... | | |
| CVE-2018-7060 | Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against ... | | |
| CVE-2018-7061 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7062 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7063 | In Aruba ClearPass, disabled API admins can still perform read/write operations. In certain circumst... | | |
| CVE-2018-7064 | A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant ... | S | |
| CVE-2018-7065 | An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege... | | |
| CVE-2018-7066 | An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devic... | | |
| CVE-2018-7067 | A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromis... | | |
| CVE-2018-7068 | HPE has identified a remote HOST header attack vulnerability in HPE CentralView Fraud Risk Managemen... | | |
| CVE-2018-7069 | HPE has identified a remote unauthenticated access to files vulnerability in HPE CentralView Fraud R... | | |
| CVE-2018-7070 | HPE has identified a remote disclosure of information vulnerability in HPE CentralView Fraud Risk Ma... | | |
| CVE-2018-7071 | HPE has identified a remote access to sensitive information vulnerability in HPE Network Function Vi... | | |
| CVE-2018-7072 | A remote bypass of security restrictions vulnerability was identified in HPE Moonshot Provisioning M... | E | |
| CVE-2018-7073 | A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manage... | E | |
| CVE-2018-7074 | A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT... | | |
| CVE-2018-7075 | A remote cross-site scripting (XSS) vulnerability was identified in HPE Intelligent Management Cente... | | |
| CVE-2018-7076 | A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) prio... | | |
| CVE-2018-7077 | A security vulnerability in HPE XP P9000 Command View Advanced Edition (CVAE) Device Manager (DevMgr... | | |
| CVE-2018-7078 | A remote code execution was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than version v... | | |
| CVE-2018-7079 | Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in Cle... | | |
| CVE-2018-7080 | A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access poi... | M | |
| CVE-2018-7081 | A remote code execution vulnerability is present in network-listening components in some versions of... | E | |
| CVE-2018-7082 | A command injection vulnerability is present in Aruba Instant that permits an authenticated administ... | | |
| CVE-2018-7083 | If a process running within Aruba Instant crashes, it may leave behind a "core dump", which contains... | | |
| CVE-2018-7084 | A command injection vulnerability is present that permits an unauthenticated user with access to the... | | |
| CVE-2018-7085 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7086 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7087 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7088 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7089 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7090 | HPE XP P9000 Command View Advanced Edition Software (CVAE) has local and remote cross site scripting... | | |
| CVE-2018-7091 | HPE XP P9000 Command View Advanced Edition Software (CVAE) has open URL redirection vulnerability in... | | |
| CVE-2018-7092 | A potential security vulnerability has been identified in HPE Intelligent Management Center Platform... | | |
| CVE-2018-7093 | A security vulnerability in HPE Integrated Lights-Out 3 prior to v1.90, iLO 4 prior to v2.60, iLO 5 ... | | |
| CVE-2018-7094 | A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913(GA)... | | |
| CVE-2018-7095 | A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7)... | | |
| CVE-2018-7096 | A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7)... | | |
| CVE-2018-7097 | A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7)... | | |
| CVE-2018-7098 | A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7)... | | |
| CVE-2018-7099 | A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7)... | M | |
| CVE-2018-7100 | A potential security vulnerability has been identified in HPE OfficeConnect 1810 Switch Series (HP 1... | | |
| CVE-2018-7101 | A potential remote denial of service security vulnerability has been identified in HPE Integrated Li... | | |
| CVE-2018-7102 | A security vulnerability in HPE Intelligent Management Center (iMC) PLAT E0506P09, createFabricAutoC... | | |
| CVE-2018-7103 | A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wire... | | |
| CVE-2018-7104 | A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wire... | | |
| CVE-2018-7105 | A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35... | M | |
| CVE-2018-7106 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2018-7107 | A potential security vulnerability has been identified in HPE Device Entitlement Gateway (DEG) v3.2.... | | |
| CVE-2018-7108 | HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to earlier than 8.6.1-00 has a l... | | |
| CVE-2018-7109 | HPE has addressed a remote arbitrary file modification vulnerability in HPE enhanced Internet Usage ... | | |
| CVE-2018-7110 | A remote unauthorized disclosure of information vulnerability was identified in HPE Service Governan... | | |
| CVE-2018-7111 | A remote unauthorized access vulnerability was identified in HPE UIoT versions 1.5, 1.4.0, 1.4.1, 1.... | | |
| CVE-2018-7112 | The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows loc... | | |
| CVE-2018-7113 | A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) prior to v1.37 could be locally expl... | | |
| CVE-2018-7114 | HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to remote buf... | | |
| CVE-2018-7115 | HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote b... | | |
| CVE-2018-7116 | HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote d... | | |
| CVE-2018-7117 | A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerability was identified in HPE In... | | |
| CVE-2018-7118 | A local access restriction bypass vulnerability was identified in HPE Service Pack for ProLiant (SPP... | | |
| CVE-2018-7119 | A Local Disclosure of Sensitive Information vulnerability was identified in HPE NonStop Safeguard ea... | | |
| CVE-2018-7120 | A security vulnerability in the HPE Virtual Connect SE 16Gb Fibre Channel Module for HPE Synergy run... | | |
| CVE-2018-7121 | A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT... | | |
| CVE-2018-7122 | A remote disclosure of information vulnerability was identified in HPE Intelligent Management Center... | | |
| CVE-2018-7123 | A remote denial of service vulnerability was identified in HPE Intelligent Management Center (IMC) P... | | |
| CVE-2018-7124 | A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT... | | |
| CVE-2018-7125 | A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT... | | |
| CVE-2018-7126 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7127 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7128 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7129 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7130 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7131 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7132 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7133 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7134 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7135 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7136 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7137 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7138 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7139 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7140 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7141 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7142 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7143 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7144 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7145 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7146 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7147 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7148 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7149 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7150 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7151 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7152 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7153 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7154 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7155 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7156 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7157 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-7158 | The `'path'` module in the Node.js 4.x release line contains a potential regular expression denial o... | | |
| CVE-2018-7159 | The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, al... | | |
| CVE-2018-7160 | The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be explo... | | |
| CVE-2018-7161 | All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can ... | S | |
| CVE-2018-7162 | All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause ... | | |
| CVE-2018-7164 | Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduce... | | |
| CVE-2018-7166 | In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()... | | |
| CVE-2018-7167 | Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result i... | | |
| CVE-2018-7169 | An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivile... | E | |
| CVE-2018-7170 | ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the pr... | | |
| CVE-2018-7171 | Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to sha... | E | |
| CVE-2018-7172 | In index.php in WonderCMS before 2.4.1, remote attackers can delete arbitrary files via directory tr... | S | |
| CVE-2018-7173 | A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of se... | | |
| CVE-2018-7174 | An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause den... | | |
| CVE-2018-7175 | An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacke... | | |
| CVE-2018-7176 | FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users... | E | |
| CVE-2018-7177 | SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter.... | E | |
| CVE-2018-7178 | SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter.... | E | |
| CVE-2018-7179 | SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter.... | E | |
| CVE-2018-7180 | SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter.... | E | |
| CVE-2018-7182 | The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a den... | E S | |
| CVE-2018-7183 | Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote atta... | | |
| CVE-2018-7184 | ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, whic... | | |
| CVE-2018-7185 | The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of serv... | M | |
| CVE-2018-7186 | Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or... | S | |
| CVE-2018-7187 | The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not va... | E | |
| CVE-2018-7188 | An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain admin... | S | |
| CVE-2018-7191 | In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before reg... | E S | |
| CVE-2018-7192 | Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before... | E | |
| CVE-2018-7193 | Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2... | E | |
| CVE-2018-7194 | Integer format vulnerability in the ticket number generator in Enhancesoft osTicket before 1.10.2 al... | E | |
| CVE-2018-7195 | Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an ass... | E | |
| CVE-2018-7196 | Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 all... | E | |
| CVE-2018-7197 | An issue was discovered in Pluck through 4.7.4. A stored cross-site scripting (XSS) vulnerability al... | E | |
| CVE-2018-7198 | October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page.... | E | |
| CVE-2018-7201 | CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into... | | |
| CVE-2018-7202 | An issue was discovered in ProjectSend before r1053. XSS exists in the "Name" field on the My Accoun... | | |
| CVE-2018-7203 | Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers... | E | |
| CVE-2018-7204 | inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for WordPress logged activity related... | S | |
| CVE-2018-7205 | Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 throug... | E | |
| CVE-2018-7206 | An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x be... | S | |
| CVE-2018-7207 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2018-7208 | In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka li... | | |
| CVE-2018-7209 | An issue was discovered in iDashboards 9.6b. It allows remote attackers to obtain sensitive informat... | E | |
| CVE-2018-7210 | An issue was discovered in iDashboards 9.6b. It allows remote attackers to obtain sensitive informat... | E | |
| CVE-2018-7211 | An issue was discovered in iDashboards 9.6b. The SSO implementation is affected by a weak obfuscatio... | E | |
| CVE-2018-7212 | An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x befo... | | |
| CVE-2018-7213 | The Password Manager Extension in Abine Blur 7.8.242* before 7.8.2428 allows attackers to bypass the... | | |
| CVE-2018-7216 | Cross-site request forgery (CSRF) vulnerability in esop/toolkit/profile/regData.do in Bravo Tejari P... | E | |
| CVE-2018-7217 | In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application eit... | | |
| CVE-2018-7218 | The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gate... | | |
| CVE-2018-7219 | application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an adm... | E | |
| CVE-2018-7225 | An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver... | E | |
| CVE-2018-7226 | An issue was discovered in vcSetXCutTextProc() in VNConsole.c in LinuxVNC and VNCommand from the Lib... | S | |
| CVE-2018-7227 | A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions pri... | S | |
| CVE-2018-7228 | A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions pri... | S | |
| CVE-2018-7229 | A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions pri... | S | |
| CVE-2018-7230 | A XML external entity (XXE) vulnerability exists in the import.cgi of the web interface component of... | S | |
| CVE-2018-7231 | A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions pri... | S | |
| CVE-2018-7232 | A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions pri... | S | |
| CVE-2018-7233 | A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions pri... | S | |
| CVE-2018-7234 | A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions pri... | S | |
| CVE-2018-7235 | A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions pri... | S | |
| CVE-2018-7236 | A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions pri... | S | |
| CVE-2018-7237 | A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions pri... | S | |
| CVE-2018-7238 | A buffer overflow vulnerability exist in the web-based GUI of Schneider Electric's Pelco Sarix Profe... | S | |
| CVE-2018-7239 | A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM soft... | | |
| CVE-2018-7240 | A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication ... | | |
| CVE-2018-7241 | Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, an... | | |
| CVE-2018-7242 | Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon ... | | |
| CVE-2018-7243 | An authorization bypass vulnerability exists In Schneider Electric's 66074 MGE Network Management Ca... | | |
| CVE-2018-7244 | An information disclosure vulnerability exists In Schneider Electric's 66074 MGE Network Management ... | | |
| CVE-2018-7245 | An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network Management ... | M | |
| CVE-2018-7246 | A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074... | M | |
| CVE-2018-7247 | An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitize... | | |
| CVE-2018-7248 | An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users ... | E | |
| CVE-2018-7249 | An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, a... | E | |
| CVE-2018-7250 | An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, a... | | |
| CVE-2018-7251 | An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.... | | |
| CVE-2018-7253 | The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attac... | E S | |
| CVE-2018-7254 | The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker ... | E S | |
| CVE-2018-7259 | The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a user's Google account credent... | | |
| CVE-2018-7260 | Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows... | E S | |
| CVE-2018-7261 | There are multiple Persistent XSS vulnerabilities in Radiant CMS 1.1.4. They affect Personal Prefere... | | |
| CVE-2018-7262 | In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in... | | |
| CVE-2018-7263 | The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attacke... | | |
| CVE-2018-7264 | The Pictview image processing library embedded in the ActivePDF toolkit through 2018.1.0.18321 is pr... | E | |
| CVE-2018-7265 | Shimmie 2 2.6.0 allows an attacker to upload a crafted SVG file that enables stored XSS.... | E | |
| CVE-2018-7268 | MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic Automation and other products, conta... | | |
| CVE-2018-7269 | The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote... | | |
| CVE-2018-7271 | An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the co... | E | |
| CVE-2018-7272 | The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows att... | | |
| CVE-2018-7273 | In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and ... | E | |
| CVE-2018-7274 | Yab Quarx through 2.4.3 is prone to multiple persistent cross-site scripting vulnerabilities: Blog (... | | |
| CVE-2018-7276 | An issue was discovered on Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) devices. Remote ... | E | |
| CVE-2018-7277 | An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent XSS exists in the web server. R... | E | |
| CVE-2018-7278 | An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP 2.1 devices. Persistent XSS exi... | E | |
| CVE-2018-7279 | A remote code execution issue was discovered in AlienVault USM and OSSIM before 5.5.1.... | | |
| CVE-2018-7280 | The Ninja Forms plugin before 3.2.14 for WordPress has XSS.... | | |
| CVE-2018-7281 | CactusVPN 5.3.6 for macOS contains a root privilege escalation vulnerability through a setuid root b... | | |
| CVE-2018-7282 | The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to... | E | |
| CVE-2018-7284 | A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x th... | E S | |
| CVE-2018-7285 | A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Aster... | S | |
| CVE-2018-7286 | An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, a... | E | |
| CVE-2018-7287 | An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server ... | | |
| CVE-2018-7289 | An issue was discovered in armadito-windows-driver/src/communication.c in Armadito 0.12.7.2. Malware... | E | |
| CVE-2018-7290 | Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1.... | S | |
| CVE-2018-7295 | ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on Windows is affected by Improper ... | E | |
| CVE-2018-7296 | Directory Traversal / Arbitrary File Read in User.getLanguage method in eQ-3 AG Homematic CCU2 2.29.... | | |
| CVE-2018-7297 | Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier all... | E | |
| CVE-2018-7298 | In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software up... | | |
| CVE-2018-7299 | Remote Code Execution in the addon installation process in eQ-3 AG Homematic CCU2 2.29.2 and earlier... | | |
| CVE-2018-7300 | Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in... | E | |
| CVE-2018-7301 | eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be... | | |
| CVE-2018-7302 | Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS.... | E | |
| CVE-2018-7303 | The Calendar component in Tiki 17.1 allows HTML injection.... | E | |
| CVE-2018-7304 | Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack ... | E | |
| CVE-2018-7305 | MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitrary deletion of user accounts.... | E | |
| CVE-2018-7307 | The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorizatio... | | |
| CVE-2018-7308 | A CSRF issue was found in var/www/html/files.php in DanWin hosting through 2018-02-11 that allows ar... | | |
| CVE-2018-7311 | PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability. The software ins... | | |
| CVE-2018-7312 | SQL Injection exists in the Alexandria Book Library 3.1.2 component for Joomla! via the letter param... | E | |
| CVE-2018-7313 | SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter.... | E | |
| CVE-2018-7314 | SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a ... | E | |
| CVE-2018-7315 | SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion... | E | |
| CVE-2018-7316 | Arbitrary File Upload exists in the Proclaim 9.1.1 component for Joomla! via a mediafileform action.... | E | |
| CVE-2018-7317 | Backup Download exists in the Proclaim 9.1.1 component for Joomla! via a direct request for a .sql f... | E | |
| CVE-2018-7318 | SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, ... | E | |
| CVE-2018-7319 | SQL Injection exists in the OS Property Real Estate 3.12.7 component for Joomla! via the cooling_sys... | E | |
| CVE-2018-7320 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This wa... | | |
| CVE-2018-7321 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thrift.c had a large loop th... | | |
| CVE-2018-7322 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop t... | | |
| CVE-2018-7323 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that... | | |
| CVE-2018-7324 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop ... | | |
| CVE-2018-7325 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite l... | | |
| CVE-2018-7326 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-lltd.c had an infinite loop ... | E | |
| CVE-2018-7327 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-openflow_v6.c had an infinit... | E | |
| CVE-2018-7328 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-usb.c had an infinite loop t... | | |
| CVE-2018-7329 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c had an infinite loo... | | |
| CVE-2018-7330 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loo... | | |
| CVE-2018-7331 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop t... | | |
| CVE-2018-7332 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loo... | | |
| CVE-2018-7333 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite lo... | | |
| CVE-2018-7334 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addres... | | |
| CVE-2018-7335 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was add... | | |
| CVE-2018-7336 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was ad... | | |
| CVE-2018-7337 | In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugin... | | |
| CVE-2018-7339 | The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles Entry Number validation for the M... | | |
| CVE-2018-7340 | Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal | E | |
| CVE-2018-7355 | All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted... | E | |
| CVE-2018-7356 | All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Nu... | | |
| CVE-2018-7357 | ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T ... | E | |
| CVE-2018-7358 | ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T ... | E | |
| CVE-2018-7359 | All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by heap-based buffer overflow ... | | |
| CVE-2018-7360 | All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by information exposure vulner... | | |
| CVE-2018-7361 | All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by null pointer dereference vu... | | |
| CVE-2018-7362 | All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper access control vul... | | |
| CVE-2018-7363 | All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vuln... | | |
| CVE-2018-7364 | All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by impr... | E | |
| CVE-2018-7365 | All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted sea... | | |
| CVE-2018-7366 | ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, the BESTV versio... | | |
| CVE-2018-7367 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-3417. Reason: This candidate... | R | |
| CVE-2018-7368 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-3418. Reason: This candidate... | R | |
| CVE-2018-7405 | Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer before 11.12 Build 11120 allows re... | | |
| CVE-2018-7406 | An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability all... | | |
| CVE-2018-7407 | An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability all... | | |
| CVE-2018-7408 | An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefor... | | |
| CVE-2018-7409 | In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in Drive... | | |
| CVE-2018-7417 | In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed ... | | |
| CVE-2018-7418 | In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was address... | | |
| CVE-2018-7419 | In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed ... | | |
| CVE-2018-7420 | In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addres... | | |
| CVE-2018-7421 | In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. T... | E | |
| CVE-2018-7422 | A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows re... | E | |
| CVE-2018-7427 | Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.0.x before 6.0.14, 6.1... | M | |
| CVE-2018-7429 | Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, and 6.4.x before 6.4.8; and Sp... | | |
| CVE-2018-7431 | Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14,... | | |
| CVE-2018-7432 | Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5... | | |
| CVE-2018-7433 | The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for t... | | |
| CVE-2018-7434 | zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/... | E | |
| CVE-2018-7435 | An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the freexl... | E | |
| CVE-2018-7436 | An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a pointer ... | E | |
| CVE-2018-7437 | An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a memcpy c... | E | |
| CVE-2018-7438 | An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parse_... | E | |
| CVE-2018-7439 | An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the functi... | E | |
| CVE-2018-7440 | An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command inj... | | |
| CVE-2018-7441 | Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite a... | | |
| CVE-2018-7442 | An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/'... | | |
| CVE-2018-7443 | The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate t... | E | |
| CVE-2018-7445 | A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session req... | KEV E | |
| CVE-2018-7447 | mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities beca... | S | |
| CVE-2018-7448 | Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version... | E | |
| CVE-2018-7449 | SEGGER FTP Server for Windows before 3.22a allows remote attackers to cause a denial of service (dae... | E | |
| CVE-2018-7452 | A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers t... | E | |
| CVE-2018-7453 | Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch den... | | |
| CVE-2018-7454 | A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to lau... | | |
| CVE-2018-7455 | An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to la... | | |
| CVE-2018-7456 | A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3... | E S | |
| CVE-2018-7463 | SQL injection vulnerability in files.php in the "files" component in ASANHAMAYESH CMS 3.4.6 allows a... | | |
| CVE-2018-7465 | An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the backend of the plu... | E | |
| CVE-2018-7466 | install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection att... | E S | |
| CVE-2018-7467 | AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI.... | | |
| CVE-2018-7469 | PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9 has XSS via the p_name (aka Edit Category Name... | E | |
| CVE-2018-7470 | An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp... | E | |
| CVE-2018-7471 | KingView 7.5SP1 has an integer overflow during stgopenstorage API read operations.... | | |
| CVE-2018-7472 | INVT Studio 1.2 allows remote attackers to cause a denial of service during import operations.... | | |
| CVE-2018-7473 | Open redirect vulnerability in the SO Connect SO WIFI hotspot web interface, prior to version 140, a... | | |
| CVE-2018-7474 | An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in t... | E | |
| CVE-2018-7475 | Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allow... | E | |
| CVE-2018-7476 | controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting (XSS) via the id or l... | S | |
| CVE-2018-7477 | SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4 via the Username and Passwor... | E | |
| CVE-2018-7479 | YzmCMS 3.6 allows remote attackers to discover the full path via a direct request to application/ins... | E | |
| CVE-2018-7480 | The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local use... | S | |
| CVE-2018-7482 | The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing a... | E | |
| CVE-2018-7484 | An issue was discovered in PureVPN through 5.19.4.0 on Windows. The client installation grants the E... | | |
| CVE-2018-7485 | The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments i... | S | |
| CVE-2018-7486 | Blue River Mura CMS before v7.0.7029 supports inline function calls with an [m] tag and [/m] end tag... | E | |
| CVE-2018-7487 | There is a heap-based buffer overflow in the LoadPCX function of in_pcx.cpp in sam2p 0.49.4. A Craft... | E | |
| CVE-2018-7489 | FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unaut... | S | |
| CVE-2018-7490 | uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowin... | E | |
| CVE-2018-7491 | In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking vulnerability was found that might lead ... | | |
| CVE-2018-7492 | A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux ke... | E S | |
| CVE-2018-7493 | CactusVPN through 6.0 for macOS suffers from a root privilege escalation vulnerability in its privil... | | |
| CVE-2018-7494 | WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length stack buffer where a ... | | |
| CVE-2018-7495 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc... | | |
| CVE-2018-7496 | An Information Exposure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The serve... | M | |
| CVE-2018-7497 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc... | | |
| CVE-2018-7498 | In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the ... | | |
| CVE-2018-7499 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc... | | |
| CVE-2018-7500 | A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2... | M | |
| CVE-2018-7501 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc... | | |
| CVE-2018-7502 | Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack prop... | M | |
| CVE-2018-7503 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc... | | |
| CVE-2018-7504 | A Protection Mechanism Failure issue was discovered in OSIsoft PI Vision versions 2017 and prior. Th... | | |
| CVE-2018-7505 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc... | | |
| CVE-2018-7506 | The private key of the web server in Moxa MXview versions 2.8 and prior is able to be read and acces... | | |
| CVE-2018-7507 | WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length heap buffer where a v... | | |
| CVE-2018-7508 | A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-... | | |
| CVE-2018-7509 | WPLSoft in Delta Electronics versions 2.45.0 and prior writes data from a file outside the bounds of... | | |
| CVE-2018-7510 | In the web application in BeaconMedaes TotalAlert Scroll Medical Air Systems running software versio... | | |
| CVE-2018-7511 | In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases where specially crafted files ... | | |
| CVE-2018-7512 | A cross-site scripting vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0... | M | |
| CVE-2018-7513 | In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a stack-ba... | M | |
| CVE-2018-7514 | Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following app... | | |
| CVE-2018-7515 | In Omron CX-Supervisor Versions 3.30 and prior, access of uninitialized pointer vulnerabilities can ... | M | |
| CVE-2018-7516 | A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version... | M | |
| CVE-2018-7517 | In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause an out of ... | M | |
| CVE-2018-7518 | In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, an... | M | |
| CVE-2018-7519 | In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a heap-bas... | M | |
| CVE-2018-7520 | An improper access control vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.... | M | |
| CVE-2018-7521 | In Omron CX-Supervisor Versions 3.30 and prior, use after free vulnerabilities can be exploited when... | M | |
| CVE-2018-7522 | In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call ... | | |
| CVE-2018-7523 | In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a double f... | M | |
| CVE-2018-7524 | A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version ... | M | |
| CVE-2018-7525 | In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executabl... | M | |
| CVE-2018-7526 | In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by... | M | |
| CVE-2018-7527 | A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU ... | | |
| CVE-2018-7528 | An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and... | M | |
| CVE-2018-7529 | A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017 an... | | |
| CVE-2018-7530 | Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following app... | | |
| CVE-2018-7531 | An Improper Input Validation issue was discovered in OSIsoft PI Data Archive versions 2017 and prior... | | |
| CVE-2018-7532 | Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 ... | E M | |
| CVE-2018-7533 | An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and p... | | |
| CVE-2018-7534 | In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth Solution, an encryption key may b... | | |
| CVE-2018-7535 | An issue was discovered in TotalAV v4.1.7. An unprivileged user could modify or overwrite all of the... | | |
| CVE-2018-7536 | An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The ... | | |
| CVE-2018-7537 | An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If d... | | |
| CVE-2018-7538 | A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering pl... | E S | |
| CVE-2018-7539 | On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is possible to read OS files with ... | E M | |
| CVE-2018-7540 | An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of se... | | |
| CVE-2018-7541 | An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (... | | |
| CVE-2018-7542 | An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denia... | | |
| CVE-2018-7543 | Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicat... | E | |
| CVE-2018-7544 | A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5... | E | |
| CVE-2018-7546 | wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 allows remote attackers to cause... | | |
| CVE-2018-7547 | lyadmin 1.x has XSS via the config[WEB_SITE_TITLE] parameter to the /admin.php?s=/admin/config/group... | E | |
| CVE-2018-7548 | In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an emp... | S | |
| CVE-2018-7549 | In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstr... | S | |
| CVE-2018-7550 | The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest O... | S | |
| CVE-2018-7551 | There is an invalid free in MiniPS::delete0 in minips.cpp that leads to a Segmentation fault in sam2... | E | |
| CVE-2018-7552 | There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp that leads to a Segmentation f... | E | |
| CVE-2018-7553 | There is a heap-based buffer overflow in the pcxLoadRaster function of in_pcx.cpp in sam2p 0.49.4. A... | E | |
| CVE-2018-7554 | There is an invalid free in ReadImage in input-bmp.ci that leads to a Segmentation fault in sam2p 0.... | E | |
| CVE-2018-7556 | LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/con... | | |
| CVE-2018-7557 | The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attack... | S | |
| CVE-2018-7559 | An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-1... | S | |
| CVE-2018-7560 | index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package before 0.1.2 has a Regular Ex... | | |
| CVE-2018-7561 | Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to... | E | |
| CVE-2018-7562 | A remote code execution issue was discovered in GLPI through 9.2.1. There is a race condition that a... | | |
| CVE-2018-7563 | An issue was discovered in GLPI through 9.2.1. The application is affected by XSS in the query strin... | | |
| CVE-2018-7564 | Stored XSS exists on Polycom QDX 6000 devices.... | M | |
| CVE-2018-7565 | CSRF exists on Polycom QDX 6000 devices.... | M | |
| CVE-2018-7566 | The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write opera... | S | |
| CVE-2018-7567 | In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 thr... | E | |
| CVE-2018-7568 | The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as dist... | E S | |
| CVE-2018-7569 | dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.... | E S | |
| CVE-2018-7570 | The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD... | S | |
| CVE-2018-7572 | Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during W... | | |
| CVE-2018-7573 | An issue was discovered in FTPShell Client 6.7. A remote FTP server can send 400 characters of 'F' i... | E | |
| CVE-2018-7574 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7576, CVE-2018-21233. Reason... | R | |
| CVE-2018-7575 | Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of expl... | S | |
| CVE-2018-7576 | Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. The type of exploitati... | S | |
| CVE-2018-7577 | Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, ... | | |
| CVE-2018-7579 | \application\admin\controller\update_urls.class.php in YzmCMS 3.6 has SQL Injection via the catids a... | E | |
| CVE-2018-7580 | Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will fre... | E | |
| CVE-2018-7581 | \ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expert Web Server Enterprise 9.4 has we... | E | |
| CVE-2018-7582 | WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Service (daemon crash) via a long HT... | E | |
| CVE-2018-7583 | Proxy.exe in DualDesk 20 allows Remote Denial Of Service (daemon crash) via a long string to TCP por... | E | |
| CVE-2018-7584 | In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is ... | E S | |
| CVE-2018-7586 | In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured.... | | |
| CVE-2018-7587 | An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an ... | E | |
| CVE-2018-7588 | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs wh... | E | |
| CVE-2018-7589 | An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a cra... | E | |
| CVE-2018-7590 | CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation.... | | |
| CVE-2018-7600 | Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attac... | KEV E S | |
| CVE-2018-7602 | Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004 | KEV E S | |
| CVE-2018-7603 | Search Autocomplete | S | |
| CVE-2018-7631 | Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to execute code remotely via a speci... | E | |
| CVE-2018-7632 | Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to cause a denial of service attack ... | E | |
| CVE-2018-7633 | Code injection in the /ui/login form Language parameter in Epicentro E_7.3.2+ allows attackers to ex... | E | |
| CVE-2018-7634 | An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-m... | E S | |
| CVE-2018-7635 | Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the brow... | | |
| CVE-2018-7636 | The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to injec... | | |
| CVE-2018-7637 | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs wh... | E | |
| CVE-2018-7638 | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs wh... | E | |
| CVE-2018-7639 | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs wh... | E | |
| CVE-2018-7640 | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs wh... | E | |
| CVE-2018-7641 | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs wh... | E | |
| CVE-2018-7642 | The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), ... | | |
| CVE-2018-7643 | The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a... | | |
| CVE-2018-7644 | The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verif... | | |
| CVE-2018-7648 | An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checke... | S | |
| CVE-2018-7649 | Monitorix before 3.10.1 allows XSS via CGI variables.... | | |
| CVE-2018-7650 | PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Application is vulnerable to stored... | E | |
| CVE-2018-7651 | index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of serv... | S | |
| CVE-2018-7652 | lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 has XSS.... | S | |
| CVE-2018-7653 | In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter.... | E | |
| CVE-2018-7654 | On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" ... | | |
| CVE-2018-7658 | NTSServerSvc.exe in the server in Softros Network Time System 2.3.4 allows remote attackers to cause... | E | |
| CVE-2018-7659 | In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Stored Cross-Site Scripting Vulnerability co... | E | |
| CVE-2018-7660 | In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Reflected Cross-Site Scripting Vulnerability... | E | |
| CVE-2018-7661 | Papenmeier WiFi Baby Monitor Free & Lite before 2.02.2 allows remote attackers to obtain audio data ... | E | |
| CVE-2018-7662 | Couch through 2.0 allows remote attackers to discover the full path via a direct request to includes... | E | |
| CVE-2018-7663 | An issue was discovered in resources/views/layouts/app.blade.php in Voten.co before 2017-08-25. An u... | E S | |
| CVE-2018-7664 | An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any OS commands can be injected via... | E | |
| CVE-2018-7665 | An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded vi... | E | |
| CVE-2018-7666 | An issue was discovered in ClipBucket before 4.0.0 Release 4902. SQL injection vulnerabilities exist... | E | |
| CVE-2018-7667 | Adminer through 4.3.1 has SSRF via the server parameter.... | E | |
| CVE-2018-7668 | TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID fiel... | E S | |
| CVE-2018-7669 | An issue was discovered in Sitecore Sitecore.NET 8.1 rev. 151207 Hotfix 141178-1 and above. The 'Log... | E | |
| CVE-2018-7673 | NetIQ Identity Manager DoS Attack | S | |
| CVE-2018-7674 | IDM URL Redirection attack | S | |
| CVE-2018-7675 | Potential Information Disclosure in Sentinel | | |
| CVE-2018-7676 | IDM Information Leakage | S | |
| CVE-2018-7677 | CSRF in NetIQ Access Manager (NAM) Identity Server component | S | |
| CVE-2018-7678 | XSS vulnerability in NetIQ Access Manager (NAM) Admin Console component | S | |
| CVE-2018-7679 | Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execut... | | |
| CVE-2018-7680 | Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values.... | | |
| CVE-2018-7681 | Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in UR... | | |
| CVE-2018-7682 | Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful se... | | |
| CVE-2018-7683 | Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive informa... | | |
| CVE-2018-7685 | libzypp does not reevaluate malicious rpms once downloaded | | |
| CVE-2018-7686 | Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.... | | |
| CVE-2018-7687 | Client for OES Elevation of Privilege via Buffer Overflow | | |
| CVE-2018-7688 | Open Build Service accepts arbitrary reviews | | |
| CVE-2018-7689 | Open Build Service arbitrary package modification | | |
| CVE-2018-7690 | MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access | E | |
| CVE-2018-7691 | MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access | E | |
| CVE-2018-7692 | Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1.... | | |
| CVE-2018-7698 | An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L 1.05.04 and DCS-934L 1.05.04... | | |
| CVE-2018-7700 | DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a... | E | |
| CVE-2018-7701 | Multiple cross-site request forgery (CSRF) vulnerabilities in SecurEnvoy SecurMail before 9.2.501 al... | E | |
| CVE-2018-7702 | SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mai... | E | |
| CVE-2018-7703 | Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attack... | E | |
| CVE-2018-7704 | SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messa... | E | |
| CVE-2018-7705 | Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated... | E | |
| CVE-2018-7706 | Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated... | E | |
| CVE-2018-7707 | Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attack... | E | |
| CVE-2018-7711 | HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of retur... | S | |
| CVE-2018-7712 | The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows rem... | | |
| CVE-2018-7713 | The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows rem... | | |
| CVE-2018-7714 | The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows rem... | | |
| CVE-2018-7715 | PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.priv... | | |
| CVE-2018-7716 | PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.priv... | | |
| CVE-2018-7717 | The htmlImageAddTitleAttribute function in sige.php in the Kubik-Rubik Simple Image Gallery Extended... | E | |
| CVE-2018-7718 | An issue was discovered in Telexy QPath 5.4.462. A low privileged authenticated user supplying a spe... | | |
| CVE-2018-7719 | Acrolinx Server before 5.2.5 on Windows allows Directory Traversal.... | E | |
| CVE-2018-7720 | A cross-site request forgery (CSRF) vulnerability exists in Western Bridge Cobub Razor 0.7.2 via /in... | E | |
| CVE-2018-7721 | Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedba... | E | |
| CVE-2018-7722 | The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json ... | E | |
| CVE-2018-7723 | The management panel in Piwigo 2.9.3 has stored XSS via the virtual_name parameter in a /admin.php?p... | E | |
| CVE-2018-7724 | The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=phot... | E | |
| CVE-2018-7725 | An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in ... | E | |
| CVE-2018-7726 | An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_dir... | E | |
| CVE-2018-7727 | An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_me... | E | |
| CVE-2018-7728 | An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp misha... | E S | |
| CVE-2018-7729 | An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the Post... | E S | |
| CVE-2018-7730 | An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled... | E S | |
| CVE-2018-7731 | An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBP_Support.cpp does... | E S | |
| CVE-2018-7732 | An issue was discovered in YxtCMF 3.1. SQL Injection exists in ShitiController.class.php via the ids... | E | |
| CVE-2018-7733 | An issue was discovered in YxtCMF 3.1. RbacController.class.php has CSRF, as demonstrated by modifyi... | E | |
| CVE-2018-7734 | Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in ... | E | |
| CVE-2018-7735 | Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in ... | E | |
| CVE-2018-7736 | In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZC_BLOG_SUBNAME parameter or ZC_UPLOAD_FILETYPE par... | E | |
| CVE-2018-7737 | In Z-BlogPHP 1.5.1.1740, there is Web Site physical path leakage, as demonstrated by admin_footer.ph... | E | |
| CVE-2018-7738 | In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embed... | S | |
| CVE-2018-7739 | antsle antman before 0.9.1a allows remote attackers to bypass authentication via invalid characters ... | E | |
| CVE-2018-7740 | The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users ... | E | |
| CVE-2018-7741 | Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the created parameter to the /crons URI.... | E | |
| CVE-2018-7745 | An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /ind... | E | |
| CVE-2018-7746 | An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /ind... | E | |
| CVE-2018-7747 | Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 fo... | E | |
| CVE-2018-7748 | report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execut... | E | |
| CVE-2018-7749 | The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authenticati... | | |
| CVE-2018-7750 | transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x... | E S | |
| CVE-2018-7751 | The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to c... | S | |
| CVE-2018-7752 | GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_par... | S | |
| CVE-2018-7753 | An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't proper... | S | |
| CVE-2018-7754 | The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc... | | |
| CVE-2018-7755 | An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kerne... | E | |
| CVE-2018-7756 | RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices does not require authentication... | E | |
| CVE-2018-7757 | Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linu... | S | |
| CVE-2018-7758 | A denial of service vulnerability exists in Schneider Electric's MiCOM Px4x (P540 range excluded) wi... | | |
| CVE-2018-7759 | A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modico... | | |
| CVE-2018-7760 | An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, ... | | |
| CVE-2018-7761 | A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Prem... | | |
| CVE-2018-7762 | A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon ... | | |
| CVE-2018-7763 | The vulnerability exists within css.inc.php in Schneider Electric U.motion Builder software versions... | | |
| CVE-2018-7764 | The vulnerability exists within runscript.php applet in Schneider Electric U.motion Builder software... | | |
| CVE-2018-7765 | The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion... | | |
| CVE-2018-7766 | The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Build... | | |
| CVE-2018-7767 | The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder ... | | |
| CVE-2018-7768 | The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builde... | | |
| CVE-2018-7769 | The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder s... | | |
| CVE-2018-7770 | The vulnerability exists within processing of sendmail.php in Schneider Electric U.motion Builder so... | | |
| CVE-2018-7771 | The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder ... | | |
| CVE-2018-7772 | The vulnerability exists within processing of applets which are exposed on the web service in Schnei... | | |
| CVE-2018-7773 | The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder s... | | |
| CVE-2018-7774 | The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder so... | | |
| CVE-2018-7775 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-9960. Reason: This candida... | R | |
| CVE-2018-7776 | The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions p... | | |
| CVE-2018-7777 | The vulnerability is due to insufficient handling of update_file request parameter on update_module.... | | |
| CVE-2018-7778 | In Schneider Electric Evlink Charging Station versions prior to v3.2.0-12_v1, the Web Interface has ... | | |
| CVE-2018-7779 | In Schneider Electric Wiser for KNX V2.1.0 and prior, homeLYnk V2.0.1 and prior; and spaceLYnk V2.1.... | | |
| CVE-2018-7780 | In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior t... | | |
| CVE-2018-7781 | In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior t... | | |
| CVE-2018-7782 | In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior t... | | |
| CVE-2018-7783 | Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulne... | | |
| CVE-2018-7784 | In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when t... | | |
| CVE-2018-7785 | In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection... | | |
| CVE-2018-7786 | In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XS... | | |
| CVE-2018-7787 | In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due ... | | |
| CVE-2018-7788 | A CWE-255 Credentials Management vulnerability exists in Modicon Quantum with firmware versions prio... | S | |
| CVE-2018-7789 | An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's... | M | |
| CVE-2018-7790 | An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (a... | M | |
| CVE-2018-7791 | A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M... | M | |
| CVE-2018-7792 | A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M... | M | |
| CVE-2018-7793 | A Credential Management vulnerability exists in FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and... | | |
| CVE-2018-7794 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580... | | |
| CVE-2018-7795 | A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to ... | M | |
| CVE-2018-7796 | A Buffer Error vulnerability exists in PowerSuite 2, all released versions (VW3A8104 & Patches), whi... | | |
| CVE-2018-7797 | A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Man... | | |
| CVE-2018-7798 | A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221,... | M | |
| CVE-2018-7799 | A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prio... | | |
| CVE-2018-7800 | A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which cou... | S | |
| CVE-2018-7801 | A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enabl... | E S | |
| CVE-2018-7802 | A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give a... | S | |
| CVE-2018-7803 | A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriS... | | |
| CVE-2018-7804 | A URL Redirection to Untrusted Site vulnerability exists in the embedded web servers in all Modicon ... | | |
| CVE-2018-7806 | Data Center Operation allows for the upload of a zip file from its user interface to the server. A c... | | |
| CVE-2018-7807 | Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user in... | | |
| CVE-2018-7809 | An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, ... | E | |
| CVE-2018-7810 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilit... | E | |
| CVE-2018-7811 | An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, ... | E | |
| CVE-2018-7812 | An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all ... | | |
| CVE-2018-7813 | A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold... | | |
| CVE-2018-7814 | A Stack-based Buffer Overflow (CWE-121) vulnerability exists in Eurotherm by Schneider Electric GUIc... | | |
| CVE-2018-7815 | A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold... | | |
| CVE-2018-7816 | A Permissions, Privileges, and Access Control vulnerability exists in the web-based GUI of the 1st G... | S | |
| CVE-2018-7817 | A Use After Free (CWE-416) vulnerability exists in Zelio Soft 2 v5.1 and prior versions which could ... | | |
| CVE-2018-7820 | A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v... | | |
| CVE-2018-7821 | An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all r... | | |
| CVE-2018-7822 | An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions, an... | | |
| CVE-2018-7823 | A Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all re... | | |
| CVE-2018-7824 | An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electri... | S | |
| CVE-2018-7825 | A Command Injection vulnerability exists in the web-based GUI of the 1st Gen PelcoSarix Enhanced Cam... | | |
| CVE-2018-7826 | A Command Injection vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Ca... | | |
| CVE-2018-7827 | A Cross-Site Scripting (XSS) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Sp... | | |
| CVE-2018-7828 | A Cross-Site Request Forgery (CSRF) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera... | | |
| CVE-2018-7829 | An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco S... | M | |
| CVE-2018-7830 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability ... | E | |
| CVE-2018-7831 | An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exist... | E | |
| CVE-2018-7832 | An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions ... | | |
| CVE-2018-7833 | An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web ser... | | |
| CVE-2018-7834 | A CWE-79 Cross-Site Scripting vulnerability exists in all versions of the TSXETG100 allowing an atta... | | |
| CVE-2018-7835 | An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exis... | | |
| CVE-2018-7836 | An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the I... | | |
| CVE-2018-7837 | An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous me... | | |
| CVE-2018-7838 | A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V... | | |
| CVE-2018-7839 | A Cryptographic Issue (CWE-310) vulnerability exists in IIoT Monitor 3.1.38 which could allow inform... | | |
| CVE-2018-7840 | A Uncontrolled Search Path Element (CWE-427) vulnerability exists in VideoXpert OpsCenter versions p... | | |
| CVE-2018-7841 | A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could... | KEV E | |
| CVE-2018-7842 | A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M58... | E | |
| CVE-2018-7843 | A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340... | E | |
| CVE-2018-7844 | A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M3... | E M | |
| CVE-2018-7845 | A CWE-125: Out-of-bounds Read vulnerability exists in all versions of the Modicon M580, Modicon M340... | E | |
| CVE-2018-7846 | A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all vers... | E | |
| CVE-2018-7847 | A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon... | E | |
| CVE-2018-7848 | A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M3... | E | |
| CVE-2018-7849 | A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340... | E | |
| CVE-2018-7850 | A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions ... | | |
| CVE-2018-7851 | CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M3... | | |
| CVE-2018-7852 | A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340... | E | |
| CVE-2018-7853 | A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340... | E M | |
| CVE-2018-7854 | A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340,... | E M | |
| CVE-2018-7855 | A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340,... | E M | |
| CVE-2018-7856 | A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340... | E M | |
| CVE-2018-7857 | A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340... | E M | |
| CVE-2018-7858 | Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local g... | S | |
| CVE-2018-7859 | A security vulnerability in D-Link DGS-1510-series switches with firmware 1.20.011, 1.30.007, 1.31.B... | | |
| CVE-2018-7861 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-7862 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-7863 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-7864 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-7865 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-7866 | A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8. The vulne... | E | |
| CVE-2018-7867 | There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8... | E | |
| CVE-2018-7868 | There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 ... | E | |
| CVE-2018-7869 | There is a memory leak triggered in the function dcinit of util/decompile.c in libming 0.4.8, which ... | E | |
| CVE-2018-7870 | An invalid memory address dereference was discovered in getString in util/decompile.c in libming 0.4... | E | |
| CVE-2018-7871 | There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 ... | E | |
| CVE-2018-7872 | An invalid memory address dereference was discovered in the function getName in libming 0.4.8 for CO... | E | |
| CVE-2018-7873 | There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8... | E | |
| CVE-2018-7874 | An invalid memory address dereference was discovered in strlenext in util/decompile.c in libming 0.4... | E | |
| CVE-2018-7875 | There is a heap-based buffer over-read in the getString function of util/decompile.c in libming 0.4.... | E | |
| CVE-2018-7876 | In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWF_ACTIONRECORD ... | E | |
| CVE-2018-7877 | There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8... | E | |
| CVE-2018-7884 | An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956. When the drivers ... | | |
| CVE-2018-7886 | An issue was discovered in CloudMe 1.11.0. An unauthenticated local attacker that can connect to the... | E | |
| CVE-2018-7889 | gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which a... | E S | |
| CVE-2018-7890 | A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (... | E | |
| CVE-2018-7891 | The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essent... | M | |
| CVE-2018-7893 | CMS Made Simple (CMSMS) 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter... | E | |
| CVE-2018-7894 | Eramba e1.0.6.033 has Reflected XSS in reviews/filterIndex/ThirdPartyRiskReview via the advanced_fil... | E | |
| CVE-2018-7899 | The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones with software Berkeley-AL20 8.0... | | |
| CVE-2018-7900 | There is an information leak vulnerability in some Huawei HG products. An attacker may obtain inform... | | |
| CVE-2018-7901 | RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B... | | |
| CVE-2018-7902 | Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An aut... | | |
| CVE-2018-7903 | Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An aut... | | |
| CVE-2018-7904 | Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An aut... | | |
| CVE-2018-7905 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7906 | Some Huawei smart phones with software of Leland-AL00 8.0.0.114(C636), Leland-AL00A 8.0.0.171(C00) h... | | |
| CVE-2018-7907 | Some Huawei products Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C170B253CUSTC170D001, AGS-L09C19... | | |
| CVE-2018-7908 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7909 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7910 | Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C... | | |
| CVE-2018-7911 | Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(S... | | |
| CVE-2018-7912 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7913 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7914 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7915 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7916 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7920 | Huawei AR1200 V200R006C10SPC300, AR160 V200R006C10SPC300, AR200 V200R006C10SPC300, AR2200 V200R006C1... | | |
| CVE-2018-7921 | Huawei B315s-22 products with software of 21.318.01.00.26 have an information leak vulnerability. Un... | E | |
| CVE-2018-7922 | Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient ... | | |
| CVE-2018-7923 | Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient ... | | |
| CVE-2018-7924 | Anne-AL00 Huawei phones with versions earlier than 8.0.0.151(C00) have an information leak vulnerabi... | | |
| CVE-2018-7925 | The radio module of some Huawei smartphones Emily-AL00A The versions before 8.1.0.171(C00) have a lo... | | |
| CVE-2018-7926 | Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have an improper authorization vuln... | | |
| CVE-2018-7927 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7928 | There is a security vulnerability which could lead to Factory Reset Protection (FRP) bypass in the M... | | |
| CVE-2018-7929 | Huawei Mate RS smartphones with the versions before NEO-AL00D 8.1.0.167(C786) have a lock-screen byp... | | |
| CVE-2018-7930 | The Near Field Communication (NFC) module in Mate 9 Huawei mobile phones with the versions before MH... | | |
| CVE-2018-7931 | Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism bypass vulnerability. An attac... | | |
| CVE-2018-7932 | Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An at... | | |
| CVE-2018-7933 | Huawei home gateway products HiRouter-CD20 and WS5200 with the versions before HiRouter-CD20-10 1.9.... | | |
| CVE-2018-7934 | Some Huawei mobile phone with the versions before BLA-L29 8.0.0.145(C432) have a denial of service (... | | |
| CVE-2018-7935 | There is a vulnerability in 21.328.01.00.00 version of the E5573Cs-322. Remote attackers could expl... | | |
| CVE-2018-7936 | Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Rese... | | |
| CVE-2018-7937 | In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9... | | |
| CVE-2018-7938 | P10 Huawei smartphones with the versions before Victoria-AL00AC00B217 have an information leak vulne... | | |
| CVE-2018-7939 | Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with the versions before VNS-L53C605B120CUS... | | |
| CVE-2018-7940 | Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 8.0.0.129(SP2C00) and earlier... | | |
| CVE-2018-7941 | Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low priv... | | |
| CVE-2018-7942 | The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication... | | |
| CVE-2018-7943 | There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low p... | | |
| CVE-2018-7944 | Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and 8.1.0.107(SP5C00) have a Factory... | | |
| CVE-2018-7945 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7946 | There is an information leak vulnerability in some Huawei smartphones. An attacker may do some speci... | | |
| CVE-2018-7947 | Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication ... | | |
| CVE-2018-7948 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7949 | The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escal... | | |
| CVE-2018-7950 | The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection ... | | |
| CVE-2018-7951 | The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection ... | | |
| CVE-2018-7955 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7956 | Huawei VIP App is a mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate ... | | |
| CVE-2018-7957 | Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an information leakage vulnerabi... | | |
| CVE-2018-7958 | There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthe... | | |
| CVE-2018-7959 | There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker lau... | | |
| CVE-2018-7960 | There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote atta... | | |
| CVE-2018-7961 | There is a smart SMS verification code vulnerability in some Huawei smart phones. An attacker should... | | |
| CVE-2018-7963 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7964 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7965 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7966 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7967 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7968 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7969 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7970 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7971 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7972 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7973 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7974 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7975 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7976 | There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and ... | | |
| CVE-2018-7977 | There is an information leakage vulnerability on several Huawei products. Due to insufficient commun... | | |
| CVE-2018-7978 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7979 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7980 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7981 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7982 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7983 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7984 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7985 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7986 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2018-7987 | There is an out-of-bounds write vulnerability on Huawei P20 smartphones with versions before 8.1.0.1... | | |
| CVE-2018-7988 | There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system do... | | |
| CVE-2018-7989 | Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1.0.326(C00) have an improper au... | | |
| CVE-2018-7990 | Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerabili... | | |
| CVE-2018-7991 | Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset... | | |
| CVE-2018-7992 | Mdapt Driver of Huawei MediaPad M3 BTV-W09C128B353CUSTC128D001; Mate 9 Pro versions earlier than 8.0... | | |
| CVE-2018-7993 | HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 8.1.0.311 have a use after free vulne... | | |
| CVE-2018-7994 | Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; V500R002C10; NIP6300 V500R001C... | | |
| CVE-2018-7995 | Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the L... | S | |
| CVE-2018-7996 | Eramba e1.0.6.033 has Stored XSS on the tooltip box via the /programScopes description parameter.... | E | |
| CVE-2018-7997 | Eramba e1.0.6.033 has Reflected XSS on the Error page of the CSV file inclusion tab of the /importTo... | E | |
| CVE-2018-7998 | In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_reg... | E S | |
| CVE-2018-7999 | In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.c... | E S |