# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
9201 |
CVE-2018-18915 |
835 |
|
DoS |
2018-11-03 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack. |
9202 |
CVE-2018-18913 |
426 |
|
|
2019-03-21 |
2019-09-27 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target. Once the document is opened, it may allow the attacker to take full control of the system from any location within the system. The issue lies in the loading of the shcore.dll and dcomp.dll files: these files are being searched for by the program in the same system-wide directory where the HTML file is executed. |
9203 |
CVE-2018-18912 |
119 |
|
Exec Code Overflow |
2019-05-13 |
2019-05-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in Easy File Sharing (EFS) Web Server 7.2. A stack-based buffer overflow vulnerability occurs when a malicious POST request has been made to forum.ghp upon creating a new topic in the forums, which allows remote attackers to execute arbitrary code. |
9204 |
CVE-2018-18909 |
79 |
|
XSS |
2018-11-03 |
2018-12-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view. |
9205 |
CVE-2018-18908 |
319 |
|
+Info |
2019-01-20 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over cleartext HTTP. This makes the data submitted in these requests prone to Man in The Middle (MiTM) attacks, whereby an attacker would be able to obtain the data sent in these requests. Some of the requests contain potentially sensitive information that could be useful to an attacker, such as the victim's Sky username. |
9206 |
CVE-2018-18903 |
94 |
|
Exec Code |
2018-11-03 |
2018-12-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Vanilla 2.6.x before 2.6.4 allows remote code execution. |
9207 |
CVE-2018-18898 |
20 |
|
DoS |
2019-03-21 |
2019-07-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing. |
9208 |
CVE-2018-18897 |
772 |
|
|
2018-11-02 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. |
9209 |
CVE-2018-18893 |
|
|
|
2019-01-02 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Jinjava before 2.4.6 does not block the getClass method, related to com/hubspot/jinjava/el/ext/JinjavaBeanELResolver.java. |
9210 |
CVE-2018-18892 |
94 |
|
Exec Code |
2018-10-31 |
2018-12-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php. |
9211 |
CVE-2018-18891 |
287 |
|
|
2018-10-31 |
2018-12-03 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late. |
9212 |
CVE-2018-18890 |
22 |
|
Dir. Trav. |
2018-10-31 |
2018-12-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename. |
9213 |
CVE-2018-18887 |
89 |
|
Sql |
2018-10-31 |
2018-12-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field). |
9214 |
CVE-2018-18886 |
79 |
|
XSS |
2019-06-18 |
2019-06-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Helpy v2.1.0 has Stored XSS via the Ticket title. |
9215 |
CVE-2018-18883 |
476 |
|
DoS |
2018-10-31 |
2019-01-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is not properly restricted. |
9216 |
CVE-2018-18881 |
254 |
|
DoS |
2019-03-21 |
2019-04-03 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
A Denial of Service (DOS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can configure invalid network settings, stopping TCP based communications to the device. A physical factory reset is required to restore the device to an operational state. |
9217 |
CVE-2018-18879 |
94 |
|
|
2019-06-18 |
2019-06-18 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php. |
9218 |
CVE-2018-18878 |
20 |
|
|
2019-06-18 |
2019-06-18 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable. |
9219 |
CVE-2018-18877 |
287 |
|
|
2019-06-18 |
2019-06-18 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page config_main.php that allows manipulation of the device. |
9220 |
CVE-2018-18876 |
22 |
|
Dir. Trav. |
2019-06-18 |
2019-06-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a readouts_rd.php directory traversal issue makes it possible to read any file present on the underlying operating system. |
9221 |
CVE-2018-18874 |
434 |
|
Exec Code |
2018-10-31 |
2018-12-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=file_manager_upload URI. |
9222 |
CVE-2018-18873 |
476 |
|
|
2018-10-31 |
2019-08-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c. |
9223 |
CVE-2018-18869 |
22 |
|
Exec Code Dir. Trav. |
2018-10-31 |
2018-12-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter. |
9224 |
CVE-2018-18868 |
79 |
|
XSS |
2018-10-31 |
2018-12-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
No-CMS 1.1.3 is prone to Persistent XSS via a contact_us name parameter, as demonstrated by the VG48Z5PqVWname parameter. |
9225 |
CVE-2018-18867 |
918 |
|
|
2018-10-31 |
2018-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495. |
9226 |
CVE-2018-18864 |
79 |
|
XSS |
2018-11-20 |
2018-12-31 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed. |
9227 |
CVE-2018-18863 |
22 |
|
Dir. Trav. File Inclusion |
2019-06-19 |
2019-06-19 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
NGA ResourceLink 20.0.2.1 allows local file inclusion. |
9228 |
CVE-2018-18862 |
425 |
|
|
2019-03-21 |
2019-10-02 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/Default+Admin+View/. |
9229 |
CVE-2018-18861 |
119 |
|
Exec Code Overflow |
2018-11-20 |
2018-12-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command. |
9230 |
CVE-2018-18860 |
|
|
|
2018-11-30 |
2019-10-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
A local privilege escalation vulnerability has been identified in the SwitchVPN client 2.1012.03 for macOS. Due to over-permissive configuration settings and a SUID binary, an attacker is able to execute arbitrary binaries as root. |
9231 |
CVE-2018-18859 |
78 |
|
Exec Code |
2018-11-20 |
2018-12-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the value of the "tun_path" or "tap_path" pathname in a kextload() call. |
9232 |
CVE-2018-18858 |
78 |
|
Exec Code |
2018-11-20 |
2018-12-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "tun_path" or "tap_path" pathname within a shell command. |
9233 |
CVE-2018-18857 |
78 |
|
Exec Code |
2018-11-20 |
2018-12-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "command_line" parameter as a shell command. |
9234 |
CVE-2018-18856 |
78 |
|
Exec Code |
2018-11-20 |
2018-12-27 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "openvpncmd" parameter as a shell command. |
9235 |
CVE-2018-18854 |
400 |
|
DoS |
2018-10-31 |
2018-12-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of many JSON object fields (with keys that have the same hash code). |
9236 |
CVE-2018-18853 |
400 |
|
DoS |
2018-10-31 |
2018-12-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of a field composed of many decimal digits. |
9237 |
CVE-2018-18852 |
78 |
|
Exec Code |
2019-06-18 |
2019-06-18 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018. |
9238 |
CVE-2018-18850 |
20 |
|
Exec Code |
2018-10-30 |
2018-12-31 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes could upload a maliciously crafted YAML configuration, potentially allowing for remote execution of arbitrary code, running in the same context as the Octopus Server (for self-hosted installations by default, SYSTEM). |
9239 |
CVE-2018-18842 |
352 |
|
Exec Code CSRF |
2018-10-30 |
2019-01-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code. |
9240 |
CVE-2018-18839 |
200 |
|
+Info |
2019-06-18 |
2019-06-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
** DISPUTED ** An issue was discovered in Netdata 1.10.0. Full Path Disclosure (FPD) exists via api/v1/alarms. NOTE: the vendor says "is intentional." |
9241 |
CVE-2018-18838 |
74 |
|
|
2019-06-18 |
2019-06-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
An issue was discovered in Netdata 1.10.0. Log Injection (or Log Forgery) exists via a %0a sequence in the url parameter to api/v1/registry. |
9242 |
CVE-2018-18837 |
113 |
|
|
2019-06-18 |
2019-06-19 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c. |
9243 |
CVE-2018-18836 |
74 |
|
|
2019-06-18 |
2019-06-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c. |
9244 |
CVE-2018-18835 |
94 |
|
Exec Code |
2018-10-30 |
2018-12-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file. |
9245 |
CVE-2018-18834 |
119 |
|
Overflow |
2018-10-30 |
2018-12-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. |
9246 |
CVE-2018-18832 |
89 |
|
Sql |
2018-10-30 |
2018-12-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
admin/check.asp in DKCMS 9.4 allows SQL Injection via an ASPSESSIONID cookie to admin/admin.asp. |
9247 |
CVE-2018-18831 |
22 |
|
Dir. Trav. |
2018-10-30 |
2018-12-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5. An attacker can write a .jsp file (in the position parameter) to an arbitrary directory via a ../ Directory Traversal in the url parameter. |
9248 |
CVE-2018-18830 |
434 |
|
Exec Code |
2018-10-30 |
2018-12-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercept the data packet. In the name parameter, change the suffix to jsp. In the response, the server returns the storage path of the file, which can be accessed to execute arbitrary JSP code. |
9249 |
CVE-2018-18829 |
476 |
|
|
2018-10-30 |
2018-12-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
There exists a NULL pointer dereference in ff_vc1_parse_frame_header_adv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafted aac file. |
9250 |
CVE-2018-18828 |
119 |
|
Overflow |
2018-10-30 |
2018-12-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
There exists a heap-based buffer overflow in vc1_decode_i_block_adv in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file. |