| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
7101 |
CVE-2018-20126 |
772 |
|
|
2018-12-20 |
2019-10-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled. |
|
7102 |
CVE-2018-20125 |
476 |
|
DoS |
2018-12-20 |
2019-01-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings. |
|
7103 |
CVE-2018-20124 |
125 |
|
|
2018-12-20 |
2019-01-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value. |
|
7104 |
CVE-2018-20123 |
772 |
|
|
2018-12-17 |
2019-10-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error. |
|
7105 |
CVE-2018-20103 |
835 |
|
|
2018-12-12 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion. |
|
7106 |
CVE-2018-20102 |
125 |
|
|
2018-12-12 |
2019-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing anything that was left on the stack, or even past the end of the 8193-byte buffer, depending on the value of accepted_payload_size. |
|
7107 |
CVE-2018-20101 |
79 |
|
XSS |
2018-12-12 |
2019-01-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell. |
|
7108 |
CVE-2018-20100 |
311 |
|
|
2019-01-02 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on August Connect devices. Insecure data transfer between the August app and August Connect during configuration allows attackers to discover home Wi-Fi credentials. This data transfer uses an unencrypted access point for these credentials, and passes them in an HTTP POST, using the AugustWifiDevice class, with data encrypted with a fixed key found obfuscated in the app. |
|
7109 |
CVE-2018-20099 |
835 |
|
DoS |
2018-12-12 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. |
|
7110 |
CVE-2018-20098 |
125 |
|
DoS |
2018-12-12 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. |
|
7111 |
CVE-2018-20097 |
119 |
|
DoS Overflow |
2018-12-12 |
2019-04-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. |
|
7112 |
CVE-2018-20096 |
125 |
|
DoS |
2018-12-12 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. |
|
7113 |
CVE-2018-20095 |
770 |
|
|
2018-12-12 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls. |
|
7114 |
CVE-2018-20094 |
22 |
|
Dir. Trav. |
2018-12-12 |
2019-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in XXL-CONF 1.6.0. There is a path traversal vulnerability via ../ in the keys parameter that can download any configuration file, related to ConfController.java and PropUtil.java. |
|
7115 |
CVE-2018-20092 |
22 |
|
Dir. Trav. |
2018-12-17 |
2019-06-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory traversal attack on ZIP files via a POST request. |
|
7116 |
CVE-2018-20091 |
89 |
|
Sql |
2019-06-07 |
2019-06-10 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encrypted CDSW passwords (in the case of local authentication), API keys, and stored Kerberos keytabs. |
|
7117 |
CVE-2018-20073 |
200 |
|
+Info |
2019-06-27 |
2019-07-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attacker to read download URLs via the filesystem. |
|
7118 |
CVE-2018-20070 |
20 |
|
|
2019-01-09 |
2019-01-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. |
|
7119 |
CVE-2018-20069 |
254 |
|
|
2019-01-09 |
2019-01-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. |
|
7120 |
CVE-2018-20068 |
20 |
|
|
2019-01-09 |
2019-01-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Incorrect handling of 304 status codes in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. |
|
7121 |
CVE-2018-20067 |
254 |
|
|
2019-01-09 |
2019-01-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A renderer initiated back navigation was incorrectly allowed to cancel a browser initiated one in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. |
|
7122 |
CVE-2018-20066 |
416 |
|
|
2019-01-09 |
2019-01-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Incorrect object lifecycle in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
7123 |
CVE-2018-20065 |
20 |
|
|
2019-01-09 |
2019-01-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to initiate potentially unsafe navigations without a user gesture via a crafted PDF file. |
|
7124 |
CVE-2018-20064 |
22 |
|
Dir. Trav. |
2018-12-11 |
2018-12-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
doorGets 7.0 allows remote attackers to write to arbitrary files via directory traversal, as demonstrated by a dg-user/?controller=theme&action=edit&name=doorgets&file=../../1.txt%00 URI with content in the theme_content_nofi parameter. |
|
7125 |
CVE-2018-20061 |
89 |
|
Sql |
2018-12-11 |
2019-01-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A SQL injection issue was discovered in ERPNext 10.x and 11.x through 11.0.3-beta.29. This attack is only available to a logged-in user; however, many ERPNext sites allow account creation via the web. No special privileges are needed to conduct the attack. By calling a JavaScript function that calls a server-side Python function with carefully chosen arguments, a SQL attack can be carried out which allows SQL queries to be constructed to return any columns from any tables in the database. This is related to /api/resource/Item?fields= URIs, frappe.get_list, and frappe.call. |
|
7126 |
CVE-2018-20060 |
|
|
|
2018-12-11 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. |
|
7127 |
CVE-2018-20034 |
20 |
|
DoS |
2019-03-21 |
2019-07-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. |
|
7128 |
CVE-2018-20032 |
20 |
|
DoS |
2019-03-21 |
2019-07-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. |
|
7129 |
CVE-2018-20031 |
20 |
|
DoS |
2019-03-21 |
2019-07-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. |
|
7130 |
CVE-2018-20029 |
119 |
|
DoS Overflow |
2018-12-10 |
2019-01-07 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read. |
|
7131 |
CVE-2018-20028 |
425 |
|
|
2019-04-17 |
2019-10-02 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control. |
|
7132 |
CVE-2018-20026 |
254 |
|
|
2019-02-19 |
2019-04-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0. |
|
7133 |
CVE-2018-20025 |
330 |
|
|
2019-02-19 |
2019-04-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0. |
|
7134 |
CVE-2018-20024 |
476 |
|
|
2018-12-19 |
2019-08-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS. |
|
7135 |
CVE-2018-20023 |
200 |
|
Bypass +Info |
2018-12-19 |
2019-08-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR |
|
7136 |
CVE-2018-20022 |
200 |
|
Bypass +Info |
2018-12-19 |
2019-08-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR |
|
7137 |
CVE-2018-20018 |
89 |
|
Sql |
2018-12-10 |
2018-12-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI. |
|
7138 |
CVE-2018-20017 |
79 |
|
XSS |
2018-12-10 |
2018-12-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
SEMCMS 3.5 has XSS via the first text box to the SEMCMS_Main.php URI. |
|
7139 |
CVE-2018-20015 |
352 |
|
CSRF |
2018-12-10 |
2019-01-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
YzmCMS v5.2 has admin/role/add.html CSRF. |
|
7140 |
CVE-2018-20014 |
476 |
|
|
2019-06-07 |
2019-06-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::GetFileHashAndMetadata NULL pointer dereference, leading to shutting down the client application. |
|
7141 |
CVE-2018-20013 |
20 |
|
|
2019-06-18 |
2019-06-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::ProcessPacket metadata_id!=0 assertion, leading to shutting down the client application. |
|
7142 |
CVE-2018-20012 |
79 |
|
XSS |
2018-12-10 |
2018-12-31 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI. |
|
7143 |
CVE-2018-20011 |
79 |
|
XSS |
2018-12-10 |
2018-12-21 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field. |
|
7144 |
CVE-2018-20010 |
79 |
|
XSS |
2018-12-10 |
2018-12-21 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field. |
|
7145 |
CVE-2018-20009 |
79 |
|
XSS |
2018-12-10 |
2018-12-21 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field. |
|
7146 |
CVE-2018-20008 |
255 |
|
|
2019-05-28 |
2019-05-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials (plain text) and the web-console password (base64) via the debugging console. |
|
7147 |
CVE-2018-20006 |
79 |
|
XSS |
2018-12-10 |
2019-01-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title parameter to api.php?c=post&f=save (reachable via the index.php?id=book URI). |
|
7148 |
CVE-2018-20005 |
416 |
|
|
2018-12-10 |
2019-04-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc. |
|
7149 |
CVE-2018-20004 |
119 |
|
Overflow |
2018-12-10 |
2019-04-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<order type="real">' substring, as demonstrated by testmxml. |
|
7150 |
CVE-2018-20002 |
772 |
|
DoS |
2018-12-09 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm. |
