# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
7201 |
CVE-2018-19892 |
79 |
|
XSS |
2018-12-05 |
2018-12-21 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field. |
7202 |
CVE-2018-19891 |
119 |
|
DoS Overflow |
2018-12-05 |
2018-12-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 10 case. |
7203 |
CVE-2018-19890 |
119 |
|
DoS Overflow |
2018-12-05 |
2018-12-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 2 case. |
7204 |
CVE-2018-19889 |
119 |
|
DoS Overflow |
2018-12-05 |
2018-12-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 6 case. |
7205 |
CVE-2018-19888 |
119 |
|
DoS Overflow |
2018-12-05 |
2018-12-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the HCB_ESC case. |
7206 |
CVE-2018-19887 |
119 |
|
DoS Overflow |
2018-12-05 |
2018-12-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 4 case. |
7207 |
CVE-2018-19886 |
119 |
|
DoS Overflow |
2018-12-05 |
2018-12-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 8 case. |
7208 |
CVE-2018-19882 |
476 |
|
DoS |
2018-12-05 |
2019-05-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl. |
7209 |
CVE-2018-19881 |
400 |
|
DoS |
2018-12-05 |
2019-05-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl. |
7210 |
CVE-2018-19879 |
255 |
|
|
2019-03-28 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimited login attempts with an automated tool. This ability could lead to cracking a targeted user's password. |
7211 |
CVE-2018-19878 |
416 |
|
|
2019-06-19 |
2019-06-21 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
An issue was discovered on Teltonika RTU950 R_31.04.89 devices. The application allows a user to login without limitation. For every successful login request, the application saves a session. A user can re-login without logging out, causing the application to store the session in memory. Exploitation of this vulnerability will increase memory use and consume free space. |
7212 |
CVE-2018-19877 |
79 |
|
XSS |
2018-12-05 |
2018-12-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field. |
7213 |
CVE-2018-19872 |
369 |
|
|
2019-03-21 |
2019-04-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. |
7214 |
CVE-2018-19871 |
400 |
|
|
2018-12-26 |
2019-05-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. |
7215 |
CVE-2018-19870 |
476 |
|
|
2018-12-26 |
2019-06-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. |
7216 |
CVE-2018-19869 |
20 |
|
|
2018-12-26 |
2019-05-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. |
7217 |
CVE-2018-19865 |
532 |
|
|
2018-12-05 |
2019-05-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. |
7218 |
CVE-2018-19860 |
264 |
|
Exec Code |
2019-06-07 |
2019-07-22 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command. |
7219 |
CVE-2018-19859 |
22 |
|
Dir. Trav. |
2018-12-05 |
2019-03-28 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive. |
7220 |
CVE-2018-19857 |
824 |
|
DoS |
2018-12-05 |
2019-07-25 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak. |
7221 |
CVE-2018-19856 |
22 |
|
Dir. Trav. |
2019-03-26 |
2019-03-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API. |
7222 |
CVE-2018-19855 |
20 |
|
|
2019-08-08 |
2019-08-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features. |
7223 |
CVE-2018-19853 |
269 |
|
|
2018-12-04 |
2019-10-02 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
An issue was discovered in hitshop through 2014-07-15. There is an elevation-of-privilege vulnerability (that allows control over the whole web site) via the admin.php/user/add URI because a storekeeper account (which is supposed to have only privileges for commodity management) can add an administrator account. |
7224 |
CVE-2018-19849 |
79 |
|
XSS |
2018-12-04 |
2018-12-31 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
An issue was discovered in YzmCMS 5.2. XSS exists via the admin/content/search.html searinfo parameter. |
7225 |
CVE-2018-19845 |
79 |
|
XSS |
2018-12-31 |
2019-01-10 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325. |
7226 |
CVE-2018-19844 |
79 |
|
XSS |
2018-12-31 |
2019-01-10 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319. |
7227 |
CVE-2018-19843 |
125 |
|
DoS |
2018-12-04 |
2018-12-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
opmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2. |
7228 |
CVE-2018-19842 |
125 |
|
DoS |
2018-12-04 |
2018-12-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (stack-based buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2. |
7229 |
CVE-2018-19841 |
125 |
|
|
2018-12-04 |
2019-04-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack. |
7230 |
CVE-2018-19840 |
835 |
|
|
2018-12-04 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero. |
7231 |
CVE-2018-19839 |
125 |
|
|
2018-12-04 |
2019-07-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file. |
7232 |
CVE-2018-19838 |
400 |
|
|
2018-12-04 |
2019-07-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy(). |
7233 |
CVE-2018-19837 |
400 |
|
|
2018-12-04 |
2019-07-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp. |
7234 |
CVE-2018-19835 |
79 |
|
XSS |
2018-12-03 |
2018-12-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter. |
7235 |
CVE-2018-19828 |
79 |
|
XSS |
2018-12-17 |
2019-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Artica Integria IMS 5.0.83 has XSS via the search_string parameter. |
7236 |
CVE-2018-19827 |
416 |
|
DoS |
2018-12-03 |
2019-07-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact. |
7237 |
CVE-2018-19826 |
835 |
|
DoS |
2018-12-03 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
** DISPUTED ** In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters. NOTE: Upstream comments indicate this issue is closed as "won't fix" and "works as intended" by design. |
7238 |
CVE-2018-19824 |
416 |
|
|
2018-12-03 |
2019-09-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. |
7239 |
CVE-2018-19822 |
79 |
|
XSS |
2018-12-17 |
2019-01-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/SharedCriteria.jsp" has reflected XSS via the ConnPoolName or GroupId parameter. |
7240 |
CVE-2018-19821 |
79 |
|
XSS |
2018-12-17 |
2019-01-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/SecurityPolicies.jsp" has reflected XSS via the ConnPoolName parameter. |
7241 |
CVE-2018-19820 |
79 |
|
XSS |
2018-12-17 |
2019-01-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Roles.jsp" has reflected XSS via the ConnPoolName parameter. |
7242 |
CVE-2018-19819 |
79 |
|
XSS |
2018-12-17 |
2019-01-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Rights.jsp" has reflected XSS via the ConnPoolName parameter. |
7243 |
CVE-2018-19818 |
79 |
|
XSS |
2018-12-17 |
2019-01-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Contacts.jsp" has reflected XSS via the ConnPoolName parameter. |
7244 |
CVE-2018-19817 |
79 |
|
XSS |
2018-12-17 |
2019-01-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/AdminAuthorisationFrame.jsp" has reflected XSS via the ConnPoolName or GroupId parameter. |
7245 |
CVE-2018-19816 |
79 |
|
XSS |
2018-12-17 |
2019-01-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/categorytree/ChooseCategory.jsp" has reflected XSS via the ConnPoolName parameter. |
7246 |
CVE-2018-19815 |
79 |
|
XSS |
2018-12-17 |
2019-01-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/UserPopupAddNewProp.jsp" has reflected XSS via the ConnPoolName parameter. |
7247 |
CVE-2018-19814 |
79 |
|
XSS |
2018-12-17 |
2019-01-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Subscriptions.jsp" has reflected XSS via the ConnPoolName or GroupId parameter. |
7248 |
CVE-2018-19813 |
79 |
|
XSS |
2018-12-17 |
2019-01-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Subscribers.jsp" has reflected XSS via the ConnPoolName or GroupId parameter. |
7249 |
CVE-2018-19812 |
79 |
|
XSS |
2018-12-17 |
2019-01-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/SubFolderPackages.jsp" has reflected XSS via the GroupId parameter. |
7250 |
CVE-2018-19811 |
79 |
|
XSS |
2018-12-17 |
2019-01-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Import.jsp" has reflected XSS via the ConnPoolName parameter. |