| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
8851 |
CVE-2018-19567 |
119 |
|
Overflow |
2018-11-26 |
2018-12-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. |
|
8852 |
CVE-2018-19566 |
125 |
|
+Info |
2018-11-26 |
2018-12-19 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. |
|
8853 |
CVE-2018-19565 |
125 |
|
+Info |
2018-11-26 |
2018-12-19 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. |
|
8854 |
CVE-2018-19564 |
79 |
|
XSS |
2018-11-26 |
2018-12-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress. Three wp-admin/post.php parameters (_ikcf_client and _ikcf_position and _ikcf_other) have Cross-Site Scripting. |
|
8855 |
CVE-2018-19562 |
434 |
|
Exec Code |
2018-11-26 |
2018-12-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive. |
|
8856 |
CVE-2018-19561 |
352 |
|
CSRF |
2018-11-26 |
2018-12-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
sikcms 1.1 has CSRF via admin.php?m=Admin&c=Users&a=userAdd to add an administrator account. |
|
8857 |
CVE-2018-19560 |
352 |
|
CSRF |
2018-11-26 |
2018-12-31 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account. |
|
8858 |
CVE-2018-19559 |
89 |
|
Sql |
2018-11-26 |
2018-12-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter. |
|
8859 |
CVE-2018-19558 |
89 |
|
Sql |
2018-11-26 |
2018-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php. |
|
8860 |
CVE-2018-19557 |
89 |
|
Sql |
2018-11-26 |
2018-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in arcms through 2018-03-19. No authentication is required for index/main, user/useradd, or img/images. |
|
8861 |
CVE-2018-19556 |
20 |
|
|
2018-11-26 |
2019-04-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
** DISPUTED ** zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing. NOTE: the software maintainer disputes that this is a vulnerability. |
|
8862 |
CVE-2018-19555 |
352 |
|
CSRF |
2018-11-26 |
2018-12-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password. |
|
8863 |
CVE-2018-19554 |
79 |
|
XSS |
2018-11-26 |
2018-12-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in Dotcms through 5.0.3. Attackers may perform XSS attacks via the inode, identifier, or fieldName parameter in html/js/dotcms/dijit/image/image_tool.jsp. |
|
8864 |
CVE-2018-19553 |
89 |
|
Sql |
2018-11-26 |
2018-12-18 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Interspire Email Marketer through 6.1.6 has SQL Injection via an updateblock sortorder request to Dynamiccontenttags.php |
|
8865 |
CVE-2018-19552 |
89 |
|
Sql |
2018-11-26 |
2018-12-18 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Interspire Email Marketer through 6.1.6 has SQL Injection via a deleteblock blockid[] request to Dynamiccontenttags.php. |
|
8866 |
CVE-2018-19551 |
89 |
|
Sql |
2018-11-26 |
2018-12-18 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Interspire Email Marketer through 6.1.6 has SQL Injection via a checkduplicatetags tagname request to Dynamiccontenttags.php. |
|
8867 |
CVE-2018-19550 |
434 |
|
|
2018-11-26 |
2019-05-23 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI. |
|
8868 |
CVE-2018-19549 |
89 |
|
Sql |
2018-11-26 |
2018-12-18 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Interspire Email Marketer through 6.1.6 has SQL Injection via a tagids Delete action to Dynamiccontenttags.php. |
|
8869 |
CVE-2018-19547 |
79 |
|
XSS |
2018-11-26 |
2018-12-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
JTBC(PHP) 3.0.1.7 has XSS via the console/xml/manage.php?type=action&action=edit content parameter. |
|
8870 |
CVE-2018-19546 |
352 |
|
XSS CSRF |
2018-11-26 |
2018-12-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter. |
|
8871 |
CVE-2018-19545 |
352 |
|
CSRF |
2018-11-26 |
2018-12-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user. |
|
8872 |
CVE-2018-19544 |
352 |
|
CSRF |
2018-11-26 |
2018-12-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news. |
|
8873 |
CVE-2018-19543 |
125 |
|
|
2018-11-25 |
2019-10-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c. |
|
8874 |
CVE-2018-19542 |
476 |
|
DoS |
2018-11-25 |
2019-05-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service. |
|
8875 |
CVE-2018-19541 |
125 |
|
|
2018-11-25 |
2019-10-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c. |
|
8876 |
CVE-2018-19540 |
119 |
|
Overflow |
2018-11-25 |
2019-10-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c. |
|
8877 |
CVE-2018-19539 |
|
|
DoS |
2018-11-25 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service. |
|
8878 |
CVE-2018-19537 |
434 |
|
Exec Code |
2018-11-25 |
2018-12-28 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin may be used in some cases. |
|
8879 |
CVE-2018-19535 |
125 |
|
DoS |
2018-11-25 |
2019-07-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file. |
|
8880 |
CVE-2018-19532 |
476 |
|
DoS |
2018-11-25 |
2018-12-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service. |
|
8881 |
CVE-2018-19531 |
20 |
|
Exec Code |
2018-11-25 |
2018-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting. |
|
8882 |
CVE-2018-19530 |
20 |
|
Exec Code |
2018-11-25 |
2018-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting. |
|
8883 |
CVE-2018-19528 |
119 |
|
DoS Overflow |
2018-11-25 |
2018-12-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to cause a denial of service (Tlb Load Exception) via crafted DNS packets to port 53/udp. |
|
8884 |
CVE-2018-19527 |
79 |
|
XSS |
2018-11-29 |
2018-12-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
i4 assistant 7.85 allows XSS via a crafted machine name field within iOS settings. |
|
8885 |
CVE-2018-19525 |
352 |
|
XSS CSRF |
2019-03-21 |
2019-05-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. There is CSRF via /ui/?g=obj_keywords_add and /ui/?g=obj_keywords_addsave with resultant XSS because of a lack of csrf token validation. |
|
8886 |
CVE-2018-19524 |
20 |
|
DoS Exec Code |
2019-03-21 |
2019-05-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or achieve unauthenticated remote code execution because of control of registers S0 through S4 and T4 through T7. |
|
8887 |
CVE-2018-19519 |
125 |
|
|
2018-11-25 |
2018-12-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization. |
|
8888 |
CVE-2018-19517 |
125 |
|
|
2018-11-24 |
2018-12-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memset call, as demonstrated by sadf. |
|
8889 |
CVE-2018-19515 |
863 |
|
|
2019-03-21 |
2019-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the administrator. However, by using one of the bgsend, atment_sddd1xGz, or xls_bgimport query parameters, most of these methods become available to unauthenticated users. |
|
8890 |
CVE-2018-19504 |
125 |
|
|
2018-11-23 |
2019-09-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There is a NULL pointer dereference in ifilter_bank() in libfaad/filtbank.c. |
|
8891 |
CVE-2018-19503 |
119 |
|
Overflow |
2018-11-23 |
2019-09-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a stack-based buffer overflow in the function calculate_gain() in libfaad/sbr_hfadj.c. |
|
8892 |
CVE-2018-19502 |
119 |
|
Overflow |
2018-11-23 |
2019-08-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a heap-based buffer overflow in the function excluded_channels() in libfaad/syntax.c. |
|
8893 |
CVE-2018-19499 |
502 |
|
Exec Code |
2018-11-23 |
2019-10-02 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class. |
|
8894 |
CVE-2018-19498 |
79 |
|
XSS |
2019-03-21 |
2019-04-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Simplenia Pages plugin 2.6.0 for Atlassian Bitbucket Server has XSS. |
|
8895 |
CVE-2018-19497 |
125 |
|
DoS |
2018-11-29 |
2019-06-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 call in hfs_dir_open_meta_cb in tsk/fs/hfs_dent.c). |
|
8896 |
CVE-2018-19496 |
284 |
|
|
2019-07-10 |
2019-07-11 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access control vulnerability that permits a user with insufficient privileges to promote a project milestone to a group milestone. |
|
8897 |
CVE-2018-19495 |
918 |
|
|
2019-07-10 |
2019-07-11 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration. |
|
8898 |
CVE-2018-19494 |
284 |
|
|
2019-07-10 |
2019-07-11 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names. |
|
8899 |
CVE-2018-19493 |
79 |
|
XSS |
2019-07-10 |
2019-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding. |
|
8900 |
CVE-2018-19492 |
119 |
|
Overflow |
2018-11-23 |
2019-04-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend. |
