# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
9401 |
CVE-2018-18578 |
79 |
|
XSS |
2018-10-22 |
2018-12-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter. |
9402 |
CVE-2018-18573 |
94 |
|
Exec Code |
2019-08-22 |
2019-08-28 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Remote authenticated administrators can upload new '.htaccess' files (e.g., omitting .php) and subsequently achieve arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI. |
9403 |
CVE-2018-18572 |
434 |
|
Exec Code |
2019-08-22 |
2019-08-29 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn't execute in the application. But this filter didn't prevent the '.pht' extension. Thus, remote authenticated administrators can upload '.pht' files for arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI. |
9404 |
CVE-2018-18571 |
287 |
|
|
2019-06-05 |
2019-09-11 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch 3. An attacker can impersonate and take actions on behalf of any Mobile Application Management (MAM) enrolled device. |
9405 |
CVE-2018-18570 |
79 |
|
XSS |
2019-07-29 |
2019-08-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Planon before Live Build 41 has XSS. |
9406 |
CVE-2018-18568 |
295 |
|
+Info |
2018-10-24 |
2018-12-06 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business. |
9407 |
CVE-2018-18567 |
295 |
|
+Info |
2018-10-24 |
2018-12-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business. |
9408 |
CVE-2018-18566 |
200 |
|
+Info |
2018-10-24 |
2018-12-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business. |
9409 |
CVE-2018-18565 |
434 |
|
|
2018-11-20 |
2018-12-28 |
4.1 |
None |
Local Network |
Low |
Single system |
None |
Partial |
Partial |
An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial number below KQ0400000 or KS0400000), and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000). A vulnerability in the software update mechanism allows authenticated attackers in the adjacent network to overwrite arbitrary files on the system through a crafted update package. |
9410 |
CVE-2018-18563 |
434 |
|
Exec Code |
2018-11-20 |
2019-10-02 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial Number below KQ0400000 or KS0400000) and cobas h 232 before 04.00.04 (Serial Number above KQ0400000 or KS0400000). Improper access control to a service command allows attackers in the adjacent network to execute arbitrary code on the system through a crafted Poct1-A message. |
9411 |
CVE-2018-18561 |
287 |
|
Exec Code |
2018-11-20 |
2018-12-28 |
7.7 |
None |
Local Network |
Low |
Single system |
Complete |
Complete |
Complete |
An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Insecure permissions in a service interface may allow authenticated attackers in the adjacent network to execute arbitrary commands on the operating system. |
9412 |
CVE-2018-18559 |
416 |
|
|
2018-10-22 |
2019-05-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control. |
9413 |
CVE-2018-18558 |
20 |
|
Exec Code Bypass |
2019-05-13 |
2019-05-14 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code, by crafting an application binary that overwrites a bootloader code segment in process_segment in components/bootloader_support/src/esp_image_format.c. The attack is effective when the flash encryption feature is not enabled, or if the attacker finds a different vulnerability that allows them to write this binary to flash memory. |
9414 |
CVE-2018-18557 |
787 |
|
|
2018-10-22 |
2019-05-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write. |
9415 |
CVE-2018-18556 |
|
|
|
2018-12-17 |
2019-10-02 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
A privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows operator users to execute the pppd binary with elevated (sudo) permissions. Certain input parameters are not properly validated. A malicious operator user can run the binary with elevated permissions and leverage its improper input validation condition to spawn an attacker-controlled shell with root privileges. |
9416 |
CVE-2018-18555 |
78 |
|
+Priv |
2018-12-17 |
2019-10-02 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
A sandbox escape issue was discovered in VyOS 1.1.8. It provides a restricted management shell for operator users to administer the device. By issuing various shell special characters with certain commands, an authenticated operator user can break out of the management shell and gain access to the underlying Linux shell. The user can then run arbitrary operating system commands with the privileges afforded by their account. |
9417 |
CVE-2018-18553 |
79 |
|
XSS |
2018-10-21 |
2018-12-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes" page. |
9418 |
CVE-2018-18552 |
22 |
|
DoS Dir. Trav. |
2018-10-24 |
2018-12-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service (menu functionality loss) by creating an LNK file that points to a second LNK file, if this second LNK file is associated with a Start menu. Ultimately, this behavior comes from a Directory Traversal bug (via the sensor_details.html id parameter) that allows creating empty files in arbitrary directories. |
9419 |
CVE-2018-18551 |
79 |
|
XSS |
2018-10-24 |
2018-12-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, group_delete.html group parameter, report_save.html query parameter, sensors.html location parameter, or group_delete.html group parameter. |
9420 |
CVE-2018-18550 |
89 |
|
Sql |
2018-10-21 |
2018-12-04 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
ServersCheck Monitoring Software before 14.3.4 allows SQL Injection by an authenticated user. |
9421 |
CVE-2018-18548 |
79 |
|
XSS |
2018-10-24 |
2018-12-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager. |
9422 |
CVE-2018-18547 |
79 |
|
XSS |
2018-10-24 |
2018-12-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filename to the list/directory/ URI. |
9423 |
CVE-2018-18546 |
89 |
|
Sql |
2018-10-20 |
2018-12-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable. |
9424 |
CVE-2018-18545 |
79 |
|
XSS |
2018-10-20 |
2018-12-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name parameter. |
9425 |
CVE-2018-18544 |
772 |
|
|
2018-10-20 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. |
9426 |
CVE-2018-18541 |
20 |
|
|
2018-10-20 |
2019-07-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets. |
9427 |
CVE-2018-18540 |
79 |
|
XSS |
2018-10-20 |
2018-12-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL. |
9428 |
CVE-2018-18536 |
668 |
|
|
2018-12-26 |
2019-10-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges. |
9429 |
CVE-2018-18535 |
668 |
|
Exec Code |
2018-12-26 |
2019-10-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code. |
9430 |
CVE-2018-18530 |
89 |
|
Sql |
2018-10-19 |
2018-12-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI. |
9431 |
CVE-2018-18529 |
89 |
|
Sql |
2018-10-19 |
2018-12-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI. |
9432 |
CVE-2018-18527 |
89 |
|
Sql |
2018-10-19 |
2018-12-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter. |
9433 |
CVE-2018-18524 |
79 |
|
Exec Code XSS |
2019-05-13 |
2019-05-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can use this XSS issue to inject Node.js code under Present mode. After a victim opens an affected note under Present mode, the attacker can read the victim's files and achieve remote execution command on the victim's computer. |
9434 |
CVE-2018-18521 |
369 |
|
DoS |
2018-10-19 |
2019-06-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. |
9435 |
CVE-2018-18520 |
119 |
|
DoS Overflow |
2018-10-19 |
2019-06-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file. |
9436 |
CVE-2018-18519 |
426 |
|
+Priv |
2018-11-19 |
2019-06-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
BestXsoftware Best Free Keylogger before 6.0.0 allows local users to gain privileges via a Trojan horse "%PROGRAMFILES%\BFK 5.2.9\syscrb.exe" file because of insecure permissions for the BUILTIN\Users group. |
9437 |
CVE-2018-18513 |
20 |
|
|
2019-04-26 |
2019-04-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted signature. This can be used as a denial-of-service (DOS) attack because Thunderbird reopens the last seen message on restart, triggering the crash again. This vulnerability affects Thunderbird < 60.5. |
9438 |
CVE-2018-18512 |
416 |
|
|
2019-04-26 |
2019-04-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
A use-after-free vulnerability can occur while playing a sound notification in Thunderbird. The memory storing the sound data is immediately freed, although the sound is still being played asynchronously, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5. |
9439 |
CVE-2018-18511 |
200 |
|
+Info |
2019-04-26 |
2019-06-10 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1. |
9440 |
CVE-2018-18510 |
20 |
|
DoS |
2019-04-26 |
2019-04-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The about:crashcontent and about:crashparent pages can be triggered by web content. These pages are used to crash the loaded page or the browser for test purposes. This issue allows for a non-persistent denial of service (DOS) attack by a malicious site which links to these pages. This vulnerability affects Firefox < 64. |
9441 |
CVE-2018-18509 |
347 |
|
|
2019-04-26 |
2019-06-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with arbitrary content. This vulnerability affects Thunderbird < 60.5.1. |
9442 |
CVE-2018-18506 |
254 |
|
|
2019-02-05 |
2019-05-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65. |
9443 |
CVE-2018-18505 |
287 |
|
|
2019-02-05 |
2019-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. |
9444 |
CVE-2018-18501 |
119 |
|
Overflow Mem. Corr. |
2019-02-05 |
2019-04-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. |
9445 |
CVE-2018-18500 |
416 |
|
|
2019-02-05 |
2019-04-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. |
9446 |
CVE-2018-18489 |
20 |
|
DoS |
2019-04-16 |
2019-04-17 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
The ping feature in the Diagnostic functionality on TP-LINK WR840N v2 Firmware 3.16.9 Build 150701 Rel.51516n devices allows remote attackers to cause a denial of service (HTTP service termination) by modifying the packet size to be higher than the UI limit of 1472. |
9447 |
CVE-2018-18488 |
89 |
|
Sql |
2018-10-18 |
2018-11-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids[] parameter. |
9448 |
CVE-2018-18487 |
200 |
|
+Info |
2018-10-18 |
2018-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database backup filename generation uses mt_rand() unsafely, resulting in predictable database backup file locations. |
9449 |
CVE-2018-18486 |
89 |
|
Sql |
2018-10-18 |
2018-12-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in PHPSHE 1.7. SQL injection exists via the admin.php?mod=user&act=del user_id[] parameter. |
9450 |
CVE-2018-18485 |
22 |
|
Dir. Trav. |
2018-10-18 |
2019-01-08 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
An issue was discovered in PHPSHE 1.7. admin.php?mod=db&act=del allows remote attackers to delete arbitrary files via directory traversal sequences in the dbname parameter. This can be leveraged to reload the product by deleting install.lock. |