| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2018-9000 | In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to c... | E | |
| CVE-2018-9001 | In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users... | E | |
| CVE-2018-9002 | In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users... | E | |
| CVE-2018-9003 | In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to c... | E | |
| CVE-2018-9004 | In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to c... | E | |
| CVE-2018-9005 | In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users... | E | |
| CVE-2018-9006 | In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users... | E | |
| CVE-2018-9007 | In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to c... | E | |
| CVE-2018-9009 | In libming 0.4.8, there is a use-after-free in the decompileJUMP function of the decompile.c file.... | E | |
| CVE-2018-9010 | Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read a... | E | |
| CVE-2018-9014 | dsmall v20180320 allows physical path leakage via a public/index.php/home/predeposit/index.html?pdr_... | | |
| CVE-2018-9015 | dsmall v20180320 allows XSS via the public/index.php/home/predeposit/index.html pdr_sn parameter (ak... | E | |
| CVE-2018-9016 | dsmall v20180320 allows XSS via the main page search box at the public/index.php/home URI.... | E | |
| CVE-2018-9017 | dsmall v20180320 allows XSS via the member search box at the public/index.php/home/membersnsfriend/f... | E | |
| CVE-2018-9018 | In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Re... | E | |
| CVE-2018-9019 | SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbi... | S | |
| CVE-2018-9020 | The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle... | E | |
| CVE-2018-9021 | An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remo... | E | |
| CVE-2018-9022 | An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remo... | E | |
| CVE-2018-9023 | An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to e... | | |
| CVE-2018-9024 | An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spo... | | |
| CVE-2018-9025 | An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poi... | | |
| CVE-2018-9026 | A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hija... | | |
| CVE-2018-9027 | A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote att... | | |
| CVE-2018-9028 | Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for ... | | |
| CVE-2018-9029 | An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attacke... | | |
| CVE-2018-9031 | The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by re... | E | |
| CVE-2018-9032 | An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Ro... | E | |
| CVE-2018-9034 | Cross-site scripting (XSS) vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for Wor... | E | |
| CVE-2018-9035 | CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugi... | E | |
| CVE-2018-9036 | CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Disclaimer, allowing attacks by l... | | |
| CVE-2018-9037 | Monstra CMS 3.0.4 allows remote code execution via an upload_file request for a .zip file, which is ... | E | |
| CVE-2018-9038 | Monstra CMS 3.0.4 allows remote attackers to delete files via an admin/index.php?id=filesmanager&del... | E | |
| CVE-2018-9039 | In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissio... | E | |
| CVE-2018-9040 | In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local user... | E | |
| CVE-2018-9041 | In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local user... | E | |
| CVE-2018-9042 | In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local user... | E | |
| CVE-2018-9043 | In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local user... | E | |
| CVE-2018-9044 | In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local user... | E | |
| CVE-2018-9045 | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS)... | E | |
| CVE-2018-9046 | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS)... | E | |
| CVE-2018-9047 | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS)... | E | |
| CVE-2018-9048 | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS)... | E | |
| CVE-2018-9049 | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS)... | E | |
| CVE-2018-9050 | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS)... | E | |
| CVE-2018-9051 | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS)... | E | |
| CVE-2018-9052 | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS)... | E | |
| CVE-2018-9053 | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS)... | E | |
| CVE-2018-9054 | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS)... | E | |
| CVE-2018-9055 | JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in lib... | E | |
| CVE-2018-9056 | Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of in... | E | |
| CVE-2018-9057 | aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) prov... | S | |
| CVE-2018-9058 | In Long Range Zip (aka lrzip) 0.631, there is an infinite loop in the runzip_fd function of runzip.c... | E | |
| CVE-2018-9059 | Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to exe... | E | |
| CVE-2018-9060 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2018-9062 | BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack | S | |
| CVE-2018-9063 | MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier t... | | |
| CVE-2018-9064 | In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a... | M | |
| CVE-2018-9065 | In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the u... | | |
| CVE-2018-9066 | In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under ... | | |
| CVE-2018-9067 | The Lenovo Help Android app versions earlier than 6.1.2.0327 had insufficient access control for som... | M | |
| CVE-2018-9068 | The IMM2 First Failure Data Capture function collects management module logs and diagnostic informat... | | |
| CVE-2018-9069 | BIOS Write Protection Race Condition | | |
| CVE-2018-9070 | For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical ... | M | |
| CVE-2018-9071 | CMM Security Vulnerability | S | |
| CVE-2018-9072 | LXCI for VMware | S | |
| CVE-2018-9073 | CMM Security Vulnerability | S | |
| CVE-2018-9074 | Iomega and LenovoEMC NAS Web UI Vulnerabilities | | |
| CVE-2018-9075 | Iomega and LenovoEMC NAS Web UI Vulnerabilities | | |
| CVE-2018-9076 | Iomega and LenovoEMC NAS Web UI Vulnerabilities | | |
| CVE-2018-9077 | Iomega and LenovoEMC NAS Web UI Vulnerabilities | | |
| CVE-2018-9078 | Iomega and LenovoEMC NAS Web UI Vulnerabilities | | |
| CVE-2018-9079 | Iomega and LenovoEMC NAS Web UI Vulnerabilities | | |
| CVE-2018-9080 | Iomega and LenovoEMC NAS Web UI Vulnerabilities | | |
| CVE-2018-9081 | Iomega and LenovoEMC NAS Web UI Vulnerabilities | | |
| CVE-2018-9082 | Iomega and LenovoEMC NAS Web UI Vulnerabilities | | |
| CVE-2018-9083 | System Management Module Vulnerabilities | S | |
| CVE-2018-9084 | System Management Module Vulnerabilities | S | |
| CVE-2018-9085 | Missing System x Flash Memory Write Protection Lock Bit | S | |
| CVE-2018-9086 | Legacy Server BMC Remote Command Injection | S | |
| CVE-2018-9090 | CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Grafana web application using de... | | |
| CVE-2018-9091 | A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and ... | S | |
| CVE-2018-9092 | There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator... | E | |
| CVE-2018-9101 | A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.... | | |
| CVE-2018-9102 | A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.... | | |
| CVE-2018-9103 | A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.... | | |
| CVE-2018-9104 | A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.... | | |
| CVE-2018-9105 | NordVPN 3.3.10 for macOS suffers from a root privilege escalation vulnerability. The vulnerability s... | | |
| CVE-2018-9106 | CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the A... | E | |
| CVE-2018-9107 | CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the A... | E | |
| CVE-2018-9108 | CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 allows an unauthorized remote attacker to... | | |
| CVE-2018-9109 | Studio 42 elFinder before 2.1.36 has a directory traversal vulnerability in elFinder.class.php with ... | S | |
| CVE-2018-9110 | Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with ... | S | |
| CVE-2018-9111 | Cross Site Scripting (XSS) exists on the Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE Build... | E | |
| CVE-2018-9112 | A low privileged admin account with a weak default password of admin exists on the Foxconn FEMTO AP-... | E | |
| CVE-2018-9113 | Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 allows remote attackers to execute ar... | E | |
| CVE-2018-9115 | Systematic SitaWare 6.4 SP2 does not validate input from other sources sufficiently. e.g., informati... | E | |
| CVE-2018-9116 | An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to acces... | | |
| CVE-2018-9117 | WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to acc... | | |
| CVE-2018-9118 | exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for ... | E | |
| CVE-2018-9119 | An attacker with physical access to a BrilliantTS FUZE card (MCU firmware 0.1.73, BLE firmware 0.7.4... | | |
| CVE-2018-9120 | In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post.... | E | |
| CVE-2018-9121 | In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post comment.... | E | |
| CVE-2018-9122 | In Crea8social 2018.2, there is Reflected Cross-Site Scripting via the term parameter to the /search... | E | |
| CVE-2018-9123 | In Crea8social 2018.2, there is Stored Cross-Site Scripting via a User Profile.... | E | |
| CVE-2018-9126 | The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.confi... | E | |
| CVE-2018-9127 | Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certa... | | |
| CVE-2018-9128 | DVD X Player Standard 5.5.3.9 has a Buffer Overflow via a crafted .plf file, a related issue to CVE-... | E | |
| CVE-2018-9129 | ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (... | S | |
| CVE-2018-9130 | IBOS 4.4.3 has XSS via a company full name.... | | |
| CVE-2018-9131 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2018-9132 | libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote ... | E | |
| CVE-2018-9133 | ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions ... | E | |
| CVE-2018-9134 | file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renamin... | | |
| CVE-2018-9135 | In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders... | E | |
| CVE-2018-9136 | windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service... | E | |
| CVE-2018-9137 | Open-AudIT before 2.2 has CSV Injection.... | E | |
| CVE-2018-9138 | An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.3... | | |
| CVE-2018-9139 | On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code ... | | |
| CVE-2018-9140 | On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attrib... | | |
| CVE-2018-9141 | On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, Gallery allows remote attackers ... | | |
| CVE-2018-9142 | On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure... | | |
| CVE-2018-9143 | On Samsung mobile devices with M(6.0) and N(7.x) software, a heap overflow in the sensorhub binder s... | | |
| CVE-2018-9144 | In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. It co... | E S | |
| CVE-2018-9145 | In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor wi... | E | |
| CVE-2018-9146 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-17724. Reason: This candid... | R | |
| CVE-2018-9147 | Cross-site scripting (XSS) vulnerabilities in version 7.5.7 of Gespage software allow remote attacke... | | |
| CVE-2018-9148 | Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenam... | E | |
| CVE-2018-9149 | The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a suitable mechanism to protect t... | E | |
| CVE-2018-9151 | A NULL pointer dereference bug in the function ObReferenceObjectByHandle in the Kingsoft Internet Se... | | |
| CVE-2018-9153 | The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code... | | |
| CVE-2018-9154 | There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer ... | E | |
| CVE-2018-9155 | Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to... | E | |
| CVE-2018-9156 | An issue was discovered on AXIS P1354 (IP camera) Firmware version 5.90.1.1 devices. The upload web ... | E | |
| CVE-2018-9157 | An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. The upload we... | | |
| CVE-2018-9158 | An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. They don't em... | E | |
| CVE-2018-9159 | In Spark before 2.7.2, a remote attacker can read unintended static files via various representation... | S | |
| CVE-2018-9160 | SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses.... | E S | |
| CVE-2018-9161 | Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded pri... | E | |
| CVE-2018-9162 | Contec Smart Home 4.15 devices do not require authentication for new_user.php, edit_user.php, delete... | E | |
| CVE-2018-9163 | A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before ... | E | |
| CVE-2018-9165 | The pushdup function in util/decompile.c in libming through 0.4.8 does not recognize the need for Ac... | S | |
| CVE-2018-9169 | Z-BlogPHP 1.5.1 has XSS via the zb_users/plugin/AppCentre/plugin_edit.php app_id parameter. The comp... | | |
| CVE-2018-9172 | The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes.... | E | |
| CVE-2018-9173 | Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple C... | E | |
| CVE-2018-9174 | sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the refile... | | |
| CVE-2018-9175 | DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to upload... | | |
| CVE-2018-9177 | Twonky Server before 8.5.1 has XSS via a folder name on the Shared Folders screen.... | E | |
| CVE-2018-9182 | Twonky Server before 8.5.1 has XSS via a modified "language" parameter in the Language section.... | E | |
| CVE-2018-9183 | The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has XSS.... | E | |
| CVE-2018-9185 | An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's ... | M | |
| CVE-2018-9186 | A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to befor... | | |
| CVE-2018-9190 | A null pointer dereference vulnerability in Fortinet FortiClientWindows 6.0.2 and earlier allows att... | | |
| CVE-2018-9191 | A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers ... | | |
| CVE-2018-9192 | A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 ... | | |
| CVE-2018-9193 | A researcher has disclosed several vulnerabilities against FortiClient for Windows version 6.0.5 and... | S | |
| CVE-2018-9194 | A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 ... | | |
| CVE-2018-9195 | Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a M... | | |
| CVE-2018-9196 | Rejected reason: Not used... | R | |
| CVE-2018-9197 | Rejected reason: Not used... | R | |
| CVE-2018-9198 | Rejected reason: Not used... | R | |
| CVE-2018-9199 | Rejected reason: Not used... | R | |
| CVE-2018-9200 | Rejected reason: Not used... | R | |
| CVE-2018-9201 | Rejected reason: Not used... | R | |
| CVE-2018-9202 | Rejected reason: Not used... | R | |
| CVE-2018-9203 | Rejected reason: Not used... | R | |
| CVE-2018-9204 | Rejected reason: Not used... | R | |
| CVE-2018-9205 | Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanit... | E | |
| CVE-2018-9206 | Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0... | E S | |
| CVE-2018-9207 | Arbitrary file upload in jQuery Upload File <= 4.0.2... | E | |
| CVE-2018-9208 | Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut <= v1.1Beta... | E | |
| CVE-2018-9209 | Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server <= v1.2.2... | E | |
| CVE-2018-9230 | In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.get_uri_args and ngx.re... | E | |
| CVE-2018-9232 | Due to the lack of firmware authentication in the upgrade process of T&W WIFI Repeater BE126 devices... | E | |
| CVE-2018-9233 | Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\So... | E | |
| CVE-2018-9234 | GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offlin... | | |
| CVE-2018-9235 | iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php.... | E | |
| CVE-2018-9236 | iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site title" field.... | E | |
| CVE-2018-9237 | iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site Description" field.... | E | |
| CVE-2018-9238 | proberv.php in Yahei-PHP Proberv 0.4.7 has XSS via the funName parameter.... | E | |
| CVE-2018-9240 | ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a user uses the chat screen and a... | | |
| CVE-2018-9242 | The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PA... | | |
| CVE-2018-9243 | GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack... | E | |
| CVE-2018-9244 | GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack... | E | |
| CVE-2018-9245 | The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulnerability in the User ID and pa... | E | |
| CVE-2018-9246 | The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insu... | | |
| CVE-2018-9247 | The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remot... | E | |
| CVE-2018-9248 | FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass via a "Cookie: Name=0admin" head... | E | |
| CVE-2018-9249 | FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass by ignoring the parent.location=... | | |
| CVE-2018-9250 | interface\super\edit_list.php in OpenEMR before v5_0_1_1 allows remote authenticated users to execut... | S | |
| CVE-2018-9251 | The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers ... | E | |
| CVE-2018-9252 | JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsiz... | E | |
| CVE-2018-9256 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed... | E | |
| CVE-2018-9257 | In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in... | E | |
| CVE-2018-9258 | In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/pa... | E | |
| CVE-2018-9259 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed i... | E | |
| CVE-2018-9260 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was a... | E | |
| CVE-2018-9261 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop th... | E | |
| CVE-2018-9262 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed ... | E | |
| CVE-2018-9263 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addres... | E | |
| CVE-2018-9264 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buf... | E | |
| CVE-2018-9265 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak.... | E | |
| CVE-2018-9266 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak.... | E | |
| CVE-2018-9267 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak.... | E | |
| CVE-2018-9268 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak.... | E | |
| CVE-2018-9269 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak.... | E | |
| CVE-2018-9270 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak.... | E | |
| CVE-2018-9271 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory lea... | E | |
| CVE-2018-9272 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-h223.c has a memory leak.... | E | |
| CVE-2018-9273 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak.... | E | |
| CVE-2018-9274 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak.... | E | |
| CVE-2018-9275 | In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successfu... | S | |
| CVE-2018-9276 | An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PR... | KEV E M | |
| CVE-2018-9279 | An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the user's passwor... | | |
| CVE-2018-9280 | An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the SNMP version 3... | | |
| CVE-2018-9281 | An issue was discovered on Eaton UPS 9PX 8000 SP devices. The administration panel is vulnerable to ... | | |
| CVE-2018-9282 | An XSS issue was discovered in Subsonic Media Server 6.1.1. The podcast subscription form is affecte... | E | |
| CVE-2018-9283 | An XSS issue was discovered in CremeCRM 1.6.12. It is affected by 10 stored Cross-Site Scripting (XS... | E | |
| CVE-2018-9284 | authentication.cgi on D-Link DIR-868L devices with Singapore StarHub firmware before v1.21SHCb03 all... | S | |
| CVE-2018-9285 | Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, R... | | |
| CVE-2018-9302 | SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows r... | E | |
| CVE-2018-9303 | In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abor... | E | |
| CVE-2018-9304 | In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp could result in denial... | E S | |
| CVE-2018-9305 | In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash o... | E S | |
| CVE-2018-9306 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-17724. Reason: This candid... | R | |
| CVE-2018-9307 | dsmall v20180320 allows XSS via the pdr_sn parameter to public/index.php/home/predeposit/index.html.... | E | |
| CVE-2018-9309 | An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in a dl/dl_sendsm... | E | |
| CVE-2018-9310 | An issue was discovered in MagniComp SysInfo before 10-H82 if setuid root (the default). This vulner... | | |
| CVE-2018-9311 | The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles p... | E | |
| CVE-2018-9312 | The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5... | E | |
| CVE-2018-9313 | The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5... | E | |
| CVE-2018-9314 | The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5... | E | |
| CVE-2018-9315 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-9314. Reason: This candida... | R | |
| CVE-2018-9316 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-9312. Reason: This candida... | R | |
| CVE-2018-9317 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-9313. Reason: This candida... | R | |
| CVE-2018-9318 | The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles p... | E | |
| CVE-2018-9319 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-9318. Reason: This candida... | R | |
| CVE-2018-9320 | The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5... | E | |
| CVE-2018-9321 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-9320. Reason: This candida... | R | |
| CVE-2018-9322 | The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5... | E | |
| CVE-2018-9323 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-9322. Reason: This candida... | R | |
| CVE-2018-9324 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-9311. Reason: This candida... | R | |
| CVE-2018-9325 | Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an insta... | | |
| CVE-2018-9326 | Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary code.... | | |
| CVE-2018-9327 | Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. Th... | | |
| CVE-2018-9328 | PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the ter_from or tag parameter to results.php.... | E | |
| CVE-2018-9329 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2018-9330 | register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by the third form field to a URI u... | E | |
| CVE-2018-9331 | An issue was discovered in zzcms 8.2. user/adv.php allows remote attackers to delete arbitrary files... | E | |
| CVE-2018-9332 | K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Incorrect Access Control. The im... | | |
| CVE-2018-9333 | K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Buffer Overflow. The impact is: ex... | | |
| CVE-2018-9334 | The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PA... | | |
| CVE-2018-9335 | The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and... | | |
| CVE-2018-9336 | openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local at... | E S | |
| CVE-2018-9337 | The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier... | | |
| CVE-2018-9338 | In ResStringPool::setTo of ResourceTypes.cpp, there is a possible out of bounds write due to a missi... | | |
| CVE-2018-9339 | In writeTypedArrayList and readTypedArrayList of Parcel.java, there is a possible escalation of priv... | S | |
| CVE-2018-9340 | In ResStringPool::setTo of ResourceTypes.cpp, it's possible for an attacker to control the value of ... | S | |
| CVE-2018-9341 | In impeg2d_mc_fullx_fully of impeg2d_mc.c there is a possible out of bound write due to missing boun... | S | |
| CVE-2018-9344 | In several functions of DescramblerImpl.cpp, there is a possible use after free due to improper lock... | S | |
| CVE-2018-9345 | In BnAudioPolicyService::onTransact of AudioPolicyService.cpp, there is a possible information discl... | S | |
| CVE-2018-9346 | In BnAudioPolicyService::onTransact of AudioPolicyService.cpp, there is a possible information discl... | S | |
| CVE-2018-9347 | In function SMF_ParseMetaEvent of file eas_smf.c there is incorrect input validation causing an infi... | S | |
| CVE-2018-9348 | In SMF_ParseMetaEvent of eas_smf.c, there is a possible integer overflow. This could lead to remote ... | | |
| CVE-2018-9349 | In mv_err_cost of mcomp.c there is a possible out of bounds read due to missing bounds check. This c... | S | |
| CVE-2018-9350 | In ih264d_assign_pic_num of ih264d_utils.c there is a possible out of bound read due to missing boun... | S | |
| CVE-2018-9351 | In ih264e_fmt_conv_420p_to_420sp of ih264e_fmt_conv.c there is a possible out of bound read due to m... | S | |
| CVE-2018-9352 | In ihevcd_allocate_dynamic_bufs of ihevcd_api.c there is a possible resource exhaustion due to integ... | S | |
| CVE-2018-9353 | In ihevcd_parse_slice_data of ihevcd_parse_slice.c there is a possible heap buffer out of bound read... | S | |
| CVE-2018-9354 | In VideoFrameScheduler.cpp of VideoFrameScheduler::PLL::fit, there is a possible remote denial of se... | S | |
| CVE-2018-9355 | In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of bounds stack write due to a missin... | | |
| CVE-2018-9356 | In bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. Thi... | S | |
| CVE-2018-9357 | In BNEP_Write of bnep_api.cc, there is a possible out of bounds write due to an incorrect bounds che... | S | |
| CVE-2018-9358 | In gatts_process_attribute_req of gatt_sc.cc, there is a possible read of uninitialized data due to ... | S | |
| CVE-2018-9359 | In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds ... | S | |
| CVE-2018-9360 | In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds ... | S | |
| CVE-2018-9361 | In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds ... | S | |
| CVE-2018-9362 | In processMessagePart of InboundSmsHandler.java, there is a possible remote denial of service due to... | S | |
| CVE-2018-9363 | In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of ... | | |
| CVE-2018-9364 | In the LG LAF component, there is a special command that allowed modification of certain partitions.... | | |
| CVE-2018-9365 | In smp_data_received of smp_l2c.cc, there is a possible out of bounds read followed by code executio... | S | |
| CVE-2018-9366 | In IMSA_Recv_Thread and VT_IMCB_Thread of ImsaClient.cpp and VideoTelephony.c, there is a possible o... | | |
| CVE-2018-9367 | In FT_ACDK_CCT_V2_OP_ISP_SET_TUNING_PARAS of Meta_CCAP_Para.cpp, there is a possible out of bounds w... | | |
| CVE-2018-9368 | In mtkscoaudio debugfs there is a possible arbitrary kernel memory write due to missing bounds check... | | |
| CVE-2018-9369 | In bootloader there is fastboot command allowing user specified kernel command line arguments. This ... | | |
| CVE-2018-9370 | In download.c there is a special mode allowing user to download data into memory and causing possibl... | | |
| CVE-2018-9371 | In the Mediatek Preloader, there are out of bounds reads and writes due to an exposed interface that... | | |
| CVE-2018-9372 | In cmd_flash_mmc_sparse_img of dl_commands.c, there is a possible out of bounds write due to a missi... | | |
| CVE-2018-9373 | In TdlsexRxFrameHandle of the MTK WLAN driver, there is a possible out of bounds write due to a miss... | | |
| CVE-2018-9374 | In installPackageLI of PackageManagerService.java, there is a possible permissions bypass. This coul... | S | |
| CVE-2018-9375 | In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete word... | | |
| CVE-2018-9376 | In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possib... | S | |
| CVE-2018-9377 | In getIntentForIntentSender of ActivityManagerService.java, there is a possible way to access user m... | | |
| CVE-2018-9378 | In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disc... | | |
| CVE-2018-9379 | In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of delet... | | |
| CVE-2018-9380 | In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to improper input val... | S | |
| CVE-2018-9381 | In gatts_process_read_by_type_req of gatt_sr.c, there is a possible information disclosure due to un... | S | |
| CVE-2018-9382 | In multiple functions of WifiServiceImpl.java, there is a possible way to activate Wi-Fi hotspot fro... | | |
| CVE-2018-9383 | In asn1_ber_decoder of asn1_decoder.c, there is a possible out of bounds read due to a missing bound... | | |
| CVE-2018-9384 | In multiple locations, there is a possible way to bypass KASLR due to an unusual root cause. This co... | | |
| CVE-2018-9385 | In driver_override_store of bus.c, there is a possible out of bounds write due to an incorrect bound... | S | |
| CVE-2018-9386 | In reboot_block_command of htc reboot_block driver, there is a possible stack buffer overflow du... | | |
| CVE-2018-9387 | In multiple functions of mnh-sm.c, there is a possible way to trigger a heap overflow due to an inte... | | |
| CVE-2018-9388 | In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc.c, there are out of bound w... | | |
| CVE-2018-9389 | In ip6_append_data of ip6_output.c, there is a possible way to achieve code execution due to a heap ... | | |
| CVE-2018-9390 | In procfile_write of gl_proc.c, there is a possible out of bounds read of a function pointer du... | | |
| CVE-2018-9391 | In update_gps_sv and output_vzw_debug of vendor/mediatek/proprietary/hardware/connectivity/gps/g... | | |
| CVE-2018-9392 | In get_binary of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/data_coder.c, the... | | |
| CVE-2018-9393 | In procfile_write of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_proc.c, there is a pos... | | |
| CVE-2018-9394 | In mtk_p2p_wext_set_key of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_p2p.c, there is ... | | |
| CVE-2018-9395 | In mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor_set_config of drivers/misc/me... | | |
| CVE-2018-9396 | In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possib... | | |
| CVE-2018-9397 | In WMT_unlocked_ioctl of MTK WMT device driver, there is a possible OOB write due to a missing b... | | |
| CVE-2018-9398 | In fm_set_stat of mediatek FM radio driver, there is a possible OOB write due to improper input ... | | |
| CVE-2018-9399 | In /proc/driver/wmt_dbg driver, there are several possible out of bounds writes. These could lea... | | |
| CVE-2018-9400 | In gt1x_debug_write_proc and gt1x_tool_write of drivers/input/touchscreen/mediatek/GT1151/gt1x_g... | | |
| CVE-2018-9401 | In many locations, there is a possible way to access kernel memory in user space due to an incorrect... | | |
| CVE-2018-9402 | In multiple functions of gl_proc.c, there is a buffer overwrite due to a missing bounds check. This ... | | |
| CVE-2018-9403 | In the MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF handler of flp2hal_- interface.c, there is a possibl... | | |
| CVE-2018-9404 | In oemCallback of ril.cpp, there is a possible out of bounds write due to an integer overflow. T... | | |
| CVE-2018-9405 | In BnDmAgent::onTransact of dm_agent.cpp, there is a possible out of bounds write due to a missing b... | | |
| CVE-2018-9406 | In NlpService, there is a possible way to obtain location information due to a missing permission ch... | | |
| CVE-2018-9407 | In emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information Disclosure due to a Missing Bounds Check.... | | |
| CVE-2018-9408 | In m3326_gps_write and m3326_gps_read of gps.s, there is a possible Out Of Bounds Read due to a ... | | |
| CVE-2018-9409 | In HWCSession::SetColorModeById of hwc_session.cpp, there is a possible out of bounds write due to a... | | |
| CVE-2018-9410 | In analyzeAxes of FontUtils.cpp, there is a possible out of bounds read due to a missing bounds chec... | S | |
| CVE-2018-9411 | In decrypt of ClearKeyCasPlugin.cpp there is a possible out-of-bounds write due to a missing bounds ... | S | |
| CVE-2018-9412 | In removeUnsynchronization of ID3.cpp there is a possible resource exhaustion due to improper input ... | S | |
| CVE-2018-9413 | In handle_notification_response of btif_rc.cc, there is a possible out of bounds write due to a miss... | S | |
| CVE-2018-9414 | In gattServerSendResponseNative of com_android_bluetooth_gatt.cpp, there is a possible out of bounds... | S | |
| CVE-2018-9415 | In driver_override_store and driver_override_show of bus.c, there is a possible double free due to i... | S | |
| CVE-2018-9416 | In sg_remove_scat of scsi/sg.c, there is a possible memory corruption due to an unusual root cau... | | |
| CVE-2018-9417 | In f_hidg_read and hidg_disable of f_hid.c, there is a possible use-after-free due to improper locki... | S | |
| CVE-2018-9418 | In handle_app_cur_val_response of dtif_rc.cc, there is a possible stack buffer overflow due to a mis... | S | |
| CVE-2018-9419 | In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bou... | S | |
| CVE-2018-9420 | In BnCameraService::onTransact of CameraService.cpp, there is a possible information disclosure due ... | S | |
| CVE-2018-9421 | In writeInplace of Parcel.cpp, there is a possible information leak across processes, using Binder, ... | S | |
| CVE-2018-9422 | In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to l... | S | |
| CVE-2018-9423 | In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c there is a possible out of bound read du... | S | |
| CVE-2018-9424 | In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missi... | | |
| CVE-2018-9425 | In Platform, there is a possible bypass of user interaction requirements due to missing permission c... | | |
| CVE-2018-9426 | In RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementat... | S | |
| CVE-2018-9427 | In CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds write due to an incorrect boun... | S | |
| CVE-2018-9428 | In startDevice of AAudioServiceStreamBase.cpp there is a possible out of bounds write due to a use a... | | |
| CVE-2018-9429 | In buildImageItemsIfPossible of ItemTable.cpp there is a possible out of bound read due to uninitial... | S | |
| CVE-2018-9430 | In prop2cfg of btif_storage.cc, there is a possible out of bounds write due to an incorrect bounds c... | S | |
| CVE-2018-9431 | In OSUInfo of OSUInfo.java, there is a possible escalation of privilege due to improper input valida... | S | |
| CVE-2018-9432 | In createPhonebookDialogView and createMapDialogView of BluetoothPermissionActivity.java, there is a... | | |
| CVE-2018-9433 | In ArrayConcatVisitor of builtins-array.cc, there is a possible type confusion due to improper input... | | |
| CVE-2018-9434 | In multiple functions of Parcel.cpp, there is a possible way to bypass address space layout randomiz... | | |
| CVE-2018-9435 | In gatt_process_error_rsp of gatt_cl.cc, there is a possible out of bound read due to a missing boun... | S | |
| CVE-2018-9436 | In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds che... | S | |
| CVE-2018-9437 | In getstring of ID3.cpp there is a possible out-of-bounds read due to a missing bounds check. This c... | S | |
| CVE-2018-9438 | When a device connects only over WiFi VPN, the device may not receive security updates due to some i... | S | |
| CVE-2018-9439 | In __unregister_prot_hook and packet_release of af_packet.c, there is a possible use-after-free ... | | |
| CVE-2018-9440 | In parse of M3UParser.cpp there is a possible resource exhaustion due to improper input validation. ... | | |
| CVE-2018-9441 | In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds read due to an incorrect... | S | |
| CVE-2018-9444 | In ih264d_video_decode of ih264d_api.c there is a possible resource exhaustion due to an infinite lo... | | |
| CVE-2018-9445 | In readMetadata of Utils.cpp, there is a possible path traversal bug due to a confused deputy. This ... | E S | |
| CVE-2018-9446 | In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memo... | S | |
| CVE-2018-9447 | In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible way to crash the emergency ... | | |
| CVE-2018-9448 | In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out of bounds read due to a missing boun... | S | |
| CVE-2018-9449 | In process_service_search_attr_rsp of sdp_discovery.cc, there is a possible out of bound read due to... | S | |
| CVE-2018-9450 | In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of bounds write due to a missing... | S | |
| CVE-2018-9451 | In DynamicRefTable::load of ResourceTypes.cpp, there is a possible out of bounds read due to a missi... | S | |
| CVE-2018-9452 | In getOffsetForHorizontal of Layout.java, there is a possible application hang due to a slow width c... | S | |
| CVE-2018-9453 | In avdt_msg_prs_cfg of avdt_msg.cc, there is a possible out of bounds read due to a missing bounds c... | S | |
| CVE-2018-9454 | In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds che... | | |
| CVE-2018-9455 | In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect... | S | |
| CVE-2018-9456 | In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect... | | |
| CVE-2018-9457 | In onCheckedChanged of BluetoothPairingController.java, there is a possible way to retrieve contact ... | S | |
| CVE-2018-9458 | In computeFocusedWindow of RootWindowContainer.java, and related functions, there is possible interc... | | |
| CVE-2018-9459 | In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible ... | | |
| CVE-2018-9461 | In onAttachFragment of ShareIntentActivity.java, there is a possible way for an app to read files in... | | |
| CVE-2018-9462 | In store_cmd of ftm4_pdc.c, there is a possible out of bounds write due to an incorrect bounds c... | | |
| CVE-2018-9463 | In sw49408_irq_runtime_engine_debug of touch_sw49408.c, there is a possible out of bounds write ... | | |
| CVE-2018-9464 | In multiple locations, there is a possible way to read protected files due to a missing permission c... | | |
| CVE-2018-9465 | In task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after fr... | S | |
| CVE-2018-9466 | In the xmlSnprintfElementContent function of valid.c, there is a possible out of bounds write. This ... | | |
| CVE-2018-9467 | In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determin... | | |
| CVE-2018-9468 | In query of DownloadManager.java, there is a possible read/write of arbitrary files due to a permiss... | S | |
| CVE-2018-9469 | In multiple functions of ShortcutService.java, there is a possible creation of a spoofed shortcut du... | S | |
| CVE-2018-9470 | In bff_Scanner_addOutPos of Scanner.c, there is a possible out-of-bounds write due to an incorrect b... | S | |
| CVE-2018-9471 | In the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to ty... | S | |
| CVE-2018-9472 | In xmlMemStrdupLoc of xmlmemory.c, there is a possible out-of-bounds write due to an integer overflo... | S | |
| CVE-2018-9473 | In ihevcd_parse_sei_payload of ihevcd_parse_headers.c, there is a possible out-of-bounds write due t... | S | |
| CVE-2018-9474 | In writeToParcel of MediaPlayer.java, there is a possible serialization/deserialization mismatch due... | S | |
| CVE-2018-9475 | In HeadsetInterface::ClccResponse of btif_hf.cc, there is a possible out of bounds stack write due t... | S | |
| CVE-2018-9476 | In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible use-after-free due to improper loc... | S | |
| CVE-2018-9477 | In the development options section of the Settings app, there is a possible authentication bypass du... | S | |
| CVE-2018-9478 | In process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out of... | S | |
| CVE-2018-9479 | In process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out of... | S | |
| CVE-2018-9480 | In bta_hd_get_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to improper in... | S | |
| CVE-2018-9481 | In bta_hd_set_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to an integer ... | | |
| CVE-2018-9482 | In intr_data_copy_cb of btif_hd.cc, there is a possible out of bounds read due to an integer overflo... | S | |
| CVE-2018-9483 | In bta_dm_remove_sec_dev_entry of bta_dm_act.cc, there is a possible out of bounds read due to a use... | S | |
| CVE-2018-9484 | In l2cu_send_peer_config_rej of l2c_utils.cc, there is a possible out of bounds read due to a missin... | S | |
| CVE-2018-9485 | In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bou... | S | |
| CVE-2018-9486 | In hidh_l2cif_data_ind of hidh_conn.cc, there is a possible out of bounds read due to a missing boun... | S | |
| CVE-2018-9487 | In setVpnForcedLocked of Vpn.java, there is a possible blocking of internet traffic through vpn due ... | S | |
| CVE-2018-9488 | In the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing restrict... | E S | |
| CVE-2018-9489 | When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine.java broadcasts ... | M | |
| CVE-2018-9490 | In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type co... | S | |
| CVE-2018-9491 | In AMediaCodecCryptoInfo_new of NdkMediaCodec.cpp, there is a possible out-of-bounds write due to an... | S | |
| CVE-2018-9492 | In checkGrantUriPermissionLocked of ActivityManagerService.java, there is a possible permissions byp... | S | |
| CVE-2018-9493 | In the content provider of the download manager, there is a possible SQL injection due to improper i... | S | |
| CVE-2018-9496 | In ixheaacd_real_synth_fft_p3 of ixheaacd_esbr_fft.c there is a possible out of bounds write due to ... | S | |
| CVE-2018-9497 | In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv_av8 of impeg2_format_conv.s there is a possible out of bou... | S | |
| CVE-2018-9498 | In SkSampler::Fill of SkSampler.cpp, there is a possible out of bounds write due to an integer overf... | S | |
| CVE-2018-9499 | In readVector of iCrypto.cpp, there is a possible invalid read due to uninitialized data. This could... | E S | |
| CVE-2018-9501 | In the SetupWizard, there is a possible Factory Reset Protection bypass due to a permissions bypass.... | S | |
| CVE-2018-9502 | In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out-of-bounds read due to a missi... | S | |
| CVE-2018-9503 | In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out of bounds read due to a missi... | S | |
| CVE-2018-9504 | In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds write due to an incorrec... | S | |
| CVE-2018-9505 | In mca_ccb_hdl_req of mca_cact.cc, there is a possible out of bounds read due to a missing bounds ch... | S | |
| CVE-2018-9506 | In avrc_msg_cback of avrc_api.cc, there is a possible out-of-bound read due to a missing bounds chec... | S | |
| CVE-2018-9507 | In bta_av_proc_meta_cmd of bta_av_act.cc, there is a possible out of bounds read due to an incorrect... | S | |
| CVE-2018-9508 | In smp_process_keypress_notification of smp_act.cc, there is a possible out of bounds read due to an... | S | |
| CVE-2018-9509 | In smp_proc_master_id of smp_act.cc, there is a possible out of bounds read due to a missing bounds ... | S | |
| CVE-2018-9510 | In smp_proc_enc_info of smp_act.cc, there is a possible out of bounds read due to a missing bounds c... | S | |
| CVE-2018-9511 | In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible failure to initialize a secur... | S | |
| CVE-2018-9513 | In copy_process of fork.c, there is possible memory corruption due to a double free. This could lead... | | |
| CVE-2018-9514 | In sdcardfs_open of file.c, there is a possible Use After Free due to an unusual root cause. This co... | | |
| CVE-2018-9515 | In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible memory corruption due to impro... | E | |
| CVE-2018-9516 | In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to ... | S | |
| CVE-2018-9517 | In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to... | S | |
| CVE-2018-9518 | In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a mis... | S | |
| CVE-2018-9519 | In easelcomm_hw_build_scatterlist, there is a possible out of bounds write due to a race condition. ... | | |
| CVE-2018-9521 | In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an inco... | S | |
| CVE-2018-9522 | In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write... | S | |
| CVE-2018-9523 | In Parcel.writeMapInternal of Parcel.java, there is a possible parcel serialization/deserialization ... | S | |
| CVE-2018-9524 | In functionality implemented in System UI, there are insufficient protections implemented around ove... | S | |
| CVE-2018-9525 | In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings... | S | |
| CVE-2018-9526 | In device configuration data, there is an improperly configured setting. This could lead to remote d... | S | |
| CVE-2018-9527 | In vorbis_book_decodev_set of codebook.c there is a possible out of bounds write due to missing boun... | S | |
| CVE-2018-9528 | In ixheaacd_over_lap_add1_armv8 of ixheaacd_overlap_add1.s there is a possible out of bounds write d... | | |
| CVE-2018-9529 | In ixheaacd_individual_ch_stream of ixheaacd_channel.c there is a possible out of bounds write due t... | | |
| CVE-2018-9530 | In ixheaacd_tns_ar_filter_dec of ixheaacd_aac_tns.c there is a possible out of bounds write due to a... | | |
| CVE-2018-9531 | In AudioSpecificConfig_Parse of tpdec_asc.cpp, there is a possible out-of-bounds write due to a miss... | | |
| CVE-2018-9532 | In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a possible out of bounds write due... | | |
| CVE-2018-9533 | In ixheaacd_dec_data_init of ixheaacd_create.c there is a possible out of write read due to a missin... | | |
| CVE-2018-9534 | In ixheaacd_mps_getstridemap of ixheaacd_mps_parse.c there is a possible out of bounds write due to ... | | |
| CVE-2018-9535 | In ixheaacd_reset_acelp_data_fix of ixheaacd_lpc.c there is a possible out of bounds write due to a ... | | |
| CVE-2018-9536 | In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds che... | | |
| CVE-2018-9537 | In CAacDecoder_DecodeFrame of aacdecode.cpp, there is a possible out-of-bounds write due to a missin... | S | |
| CVE-2018-9538 | In V4L2SliceVideoDecodeAccelerator::Dequeue of v4l2_slice_video_decode_accelerator.cc, there is a po... | S | |
| CVE-2018-9539 | In the ClearKey CAS descrambler, there is a possible use after free due to a race condition. This co... | S | |
| CVE-2018-9540 | In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.c, there is a possible out of bounds read due to a miss... | S | |
| CVE-2018-9541 | In avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of-bounds read due to a missing ... | S | |
| CVE-2018-9542 | In avrc_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing ... | S | |
| CVE-2018-9543 | In trim_device of f2fs_format_utils.c, it is possible that the data partition is not wiped during a ... | S | |
| CVE-2018-9544 | In register_app of btif_hd.cc, there is a possible out-of-bounds read due to a missing bounds check.... | S | |
| CVE-2018-9545 | In BTA_HdRegisterApp of bta_hd_api.cc, there is a possible out-of-bound write due to a missing bound... | S | |
| CVE-2018-9547 | In unflatten of GraphicBuffer.cpp, there is a possible bad fd close due to improper input validation... | S | |
| CVE-2018-9548 | In multiple functions of ContentProvider.java, there is a possible permission bypass due to a missin... | S | |
| CVE-2018-9549 | In lppTransposer of lpp_tran.cpp there is a possible out of bounds write due to missing bounds check... | S | |
| CVE-2018-9550 | In CAacDecoder_Init of aacdecoder.cpp, there is a possible out of bounds write due to a missing boun... | S | |
| CVE-2018-9551 | In CAacDecoder_Init of aacdecoder.cpp, there is a possible out-of-bound write due to a missing bound... | S | |
| CVE-2018-9552 | In ihevcd_sao_shift_ctb of ihevcd_sao.c there is a possible out of bounds write due to missing bound... | S | |
| CVE-2018-9553 | In MasteringMetadata::Parse of mkvparser.cc there is a possible double free due to an insecure defau... | S | |
| CVE-2018-9554 | In dumpExtractors of IMediaExtractor.cp, there is a possible disclosure of recently accessed media f... | | |
| CVE-2018-9555 | In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds c... | S | |
| CVE-2018-9556 | In ParsePayloadHeader of payload_metadata.cc, there is a possible out of bounds write due to an inte... | S | |
| CVE-2018-9557 | In really_install_package of install.cpp, there is a possible free of arbitrary memory due to uninit... | | |
| CVE-2018-9558 | In rw_t2t_handle_tlv_detect of rw_t2t_ndef.cc, there is a possible out-of-bounds write due to a miss... | | |
| CVE-2018-9559 | In persist_set_key and other functions of cryptfs.cpp, there is a possible out-of-bounds write due t... | | |
| CVE-2018-9560 | In HID_DevAddRecord of hidd_api.cc, there is a possible out-of-bounds write due to a missing bounds ... | | |
| CVE-2018-9561 | In llcp_util_parse_connect of llcp_util.cc, there is a possible out-of-bound read due to a missing b... | | |
| CVE-2018-9562 | In bta_ag_do_disc of bta_ag_sdp.cc, there is a possible out-of-bound read due to an incorrect parame... | | |
| CVE-2018-9563 | In llcp_util_parse_cc of llcp_util.cc, there is a possible out-of-bound read due to a missing bounds... | | |
| CVE-2018-9564 | In llcp_util_parse_link_params of llcp_util.cc, there is a possible out-of-bound read due to a missi... | | |
| CVE-2018-9565 | In readBytes of xltdecwbxml.c, there is a possible out of bounds read due to an integer overflow. Th... | | |
| CVE-2018-9566 | In process_service_search_rsp of sdp_discovery.c, there is a possible out of bounds read due to a mi... | | |
| CVE-2018-9567 | On Pixel devices there is a bug causing verified boot to show the same certificate fingerprint despi... | | |
| CVE-2018-9568 | In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could ... | S | |
| CVE-2018-9569 | In impd_init_drc_decode_post_config of impd_drc_gain_decoder.c there is a possible out-of-bound writ... | | |
| CVE-2018-9570 | In impd_parse_drc_ext_v1 of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to... | | |
| CVE-2018-9571 | In impd_parse_loud_eq_instructions of impd_drc_dynamic_payload.c there is a possible out-of-bound wr... | | |
| CVE-2018-9572 | In impd_drc_parse_coeff of impd_drc_static_payload.c there is a possible out of bounds write due to ... | | |
| CVE-2018-9573 | In impd_parse_filt_block of impd_drc_dynamic_payload.c there is a possible out of bounds write due t... | | |
| CVE-2018-9574 | In impd_parse_split_drc_characteristic of impd_drc_static_payload.c there is a possible out of bound... | | |
| CVE-2018-9575 | In impd_parse_dwnmix_instructions of impd_drc_static_payload.c there is a possible out of bounds wri... | | |
| CVE-2018-9576 | In impd_parse_parametric_drc_instructions of impd_drc_static_payload.c there is a possible out of bo... | | |
| CVE-2018-9577 | In impd_parametric_drc_parse_gain_set_params of impd_drc_static_payload.c there is a possible out of... | | |
| CVE-2018-9578 | In ixheaacd_adts_crc_start_reg of ixheaacd_adts_crc_check.c, there is a possible out of bounds write... | | |
| CVE-2018-9580 | A Elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android ke... | | |
| CVE-2018-9581 | In WiFi, the RSSI value and SSID information is broadcast as part of android.net.wifi.RSSI_CHANGE an... | | |
| CVE-2018-9582 | In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the un... | | |
| CVE-2018-9583 | In bta_ag_parse_cmer of bta_ag_cmd.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, And... | | |
| CVE-2018-9584 | In nfc_ncif_set_config_status of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8... | | |
| CVE-2018-9585 | In nfc_ncif_proc_get_routing of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.... | S | |
| CVE-2018-9586 | In run of InstallPackageTask.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android... | S | |
| CVE-2018-9587 | In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2, And... | | |
| CVE-2018-9588 | In avdt_scb_hdl_report of avdt_scb_act.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0,... | | |
| CVE-2018-9589 | In ieee802_11_rx_wnmsleep_req of wnm_ap.c in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0,... | S | |
| CVE-2018-9590 | In add_attr of sdp_discovery.c in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.... | S | |
| CVE-2018-9591 | In bta_hh_ctrl_dat_act of bta_hh_act.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, A... | | |
| CVE-2018-9592 | In mca_ccb_hdl_rsp of mca_cact.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android... | | |
| CVE-2018-9593 | In llcp_dlc_proc_i_pdu of llcp_dlc.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, And... | | |
| CVE-2018-9594 | In llcp_link_proc_agf_pdu of llcp_link.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0,... | | |
| CVE-2018-9838 | The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has a... | | |
| CVE-2018-9839 | An issue was discovered in MantisBT through 1.3.14, and 2.0.0. Using a crafted request on bug_report... | E S | |
| CVE-2018-9840 | The Open Whisper Signal app before 2.23.2 for iOS allows physically proximate attackers to bypass th... | S | |
| CVE-2018-9841 | The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to... | | |
| CVE-2018-9842 | CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from proc... | E | |
| CVE-2018-9843 | The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote a... | E | |
| CVE-2018-9844 | The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, ... | E | |
| CVE-2018-9845 | Etherpad Lite before 1.6.4 is exploitable for admin access.... | S | |
| CVE-2018-9846 | In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's poss... | S | |
| CVE-2018-9847 | In Gxlcms QY v1.0.0713, the update function in Lib\Lib\Action\Admin\TplAction.class.php allows remot... | E | |
| CVE-2018-9848 | In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows re... | E | |
| CVE-2018-9849 | Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 d... | | |
| CVE-2018-9850 | In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete ... | E | |
| CVE-2018-9851 | In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any... | E | |
| CVE-2018-9852 | In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read dat... | E | |
| CVE-2018-9853 | Insecure access control in freeSSHd version 1.3.1 allows attackers to obtain the privileges of the f... | | |
| CVE-2018-9856 | Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrate... | E | |
| CVE-2018-9857 | PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php (aka the "V... | E | |
| CVE-2018-9859 | The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can... | | |
| CVE-2018-9860 | An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processi... | | |
| CVE-2018-9861 | Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in ... | | |
| CVE-2018-9862 | util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root... | S | |
| CVE-2018-9864 | The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field.... | E | |
| CVE-2018-9866 | A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall... | E | |
| CVE-2018-9867 | In SonicWall SonicOS, administrators without full permissions can download imported certificates. Oc... | | |
| CVE-2018-9918 | libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name objec... | E S | |
| CVE-2018-9919 | A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows ... | E M | |
| CVE-2018-9920 | Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified... | | |
| CVE-2018-9921 | In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence o... | | |
| CVE-2018-9922 | An issue was discovered in idreamsoft iCMS through 7.0.7. Physical path leakage exists via an invali... | E S | |
| CVE-2018-9923 | An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists in admincp.php, as demonstrate... | E S | |
| CVE-2018-9924 | An issue was discovered in idreamsoft iCMS through 7.0.7. SQL injection exists via the pid array par... | E S | |
| CVE-2018-9925 | An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an ad... | E S | |
| CVE-2018-9926 | An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add an admin acco... | E | |
| CVE-2018-9927 | An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a user accoun... | E | |
| CVE-2018-9928 | Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to injec... | | |
| CVE-2018-9934 | The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via ... | E | |
| CVE-2018-9935 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | | |
| CVE-2018-9936 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9937 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9938 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9939 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9940 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9941 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9942 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9943 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9944 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9945 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9946 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2018-9947 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9948 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | E S | |
| CVE-2018-9949 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9950 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2018-9951 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9952 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9953 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9954 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9955 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9956 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9957 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9958 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | E S | |
| CVE-2018-9959 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9960 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9961 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9962 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9963 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2018-9964 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9965 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9966 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9967 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9968 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9969 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9970 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | | |
| CVE-2018-9971 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | | |
| CVE-2018-9972 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2018-9973 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2018-9974 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9975 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9976 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2018-9977 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9978 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2018-9979 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2018-9980 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2018-9981 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9982 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... | S | |
| CVE-2018-9983 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2018-9984 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat... | S | |
| CVE-2018-9985 | The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator.... | E | |
| CVE-2018-9986 | In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor.... | | |
| CVE-2018-9987 | In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x before 1.7.2, there was an XSS issue with muting no... | | |
| CVE-2018-9988 | ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_serve... | S | |
| CVE-2018-9989 | ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_serve... | S | |
| CVE-2018-9990 | In Zulip Server versions before 1.7.2, there was an XSS issue with stream names in topic typeahead.... | | |
| CVE-2018-9991 | Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter.... | E | |
| CVE-2018-9992 | Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_... | E | |
| CVE-2018-9993 | YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcontent/cid/## page (aka a news c... | E | |
| CVE-2018-9994 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2018-9995 | TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night O... | E | |
| CVE-2018-9996 | An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack ... | E | |
| CVE-2018-9997 | Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-r... | | |
| CVE-2018-9998 | Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, an... | | |
| CVE-2018-9999 | In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LO... | |