# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
11451 |
CVE-2018-20125 |
476 |
|
DoS |
2018-12-20 |
2020-05-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings. |
11452 |
CVE-2018-20103 |
835 |
|
|
2018-12-12 |
2022-06-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion. |
11453 |
CVE-2018-20102 |
125 |
|
|
2018-12-12 |
2022-06-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing anything that was left on the stack, or even past the end of the 8193-byte buffer, depending on the value of accepted_payload_size. |
11454 |
CVE-2018-20100 |
311 |
|
|
2019-01-02 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered on August Connect devices. Insecure data transfer between the August app and August Connect during configuration allows attackers to discover home Wi-Fi credentials. This data transfer uses an unencrypted access point for these credentials, and passes them in an HTTP POST, using the AugustWifiDevice class, with data encrypted with a fixed key found obfuscated in the app. |
11455 |
CVE-2018-20094 |
22 |
|
Dir. Trav. |
2018-12-12 |
2019-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in XXL-CONF 1.6.0. There is a path traversal vulnerability via ../ in the keys parameter that can download any configuration file, related to ConfController.java and PropUtil.java. |
11456 |
CVE-2018-20092 |
22 |
|
Dir. Trav. |
2018-12-17 |
2019-06-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory traversal attack on ZIP files via a POST request. |
11457 |
CVE-2018-20064 |
22 |
|
Dir. Trav. |
2018-12-11 |
2018-12-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
doorGets 7.0 allows remote attackers to write to arbitrary files via directory traversal, as demonstrated by a dg-user/?controller=theme&action=edit&name=doorgets&file=../../1.txt%00 URI with content in the theme_content_nofi parameter. |
11458 |
CVE-2018-20061 |
89 |
|
Sql |
2018-12-11 |
2019-01-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
A SQL injection issue was discovered in ERPNext 10.x and 11.x through 11.0.3-beta.29. This attack is only available to a logged-in user; however, many ERPNext sites allow account creation via the web. No special privileges are needed to conduct the attack. By calling a JavaScript function that calls a server-side Python function with carefully chosen arguments, a SQL attack can be carried out which allows SQL queries to be constructed to return any columns from any tables in the database. This is related to /api/resource/Item?fields= URIs, frappe.get_list, and frappe.call. |
11459 |
CVE-2018-20060 |
|
|
|
2018-12-11 |
2021-06-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. |
11460 |
CVE-2018-20058 |
22 |
|
Dir. Trav. |
2018-12-11 |
2020-05-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In Evernote before 7.6 on macOS, there is a local file path traversal issue in attachment previewing, aka MACOSNOTE-28634. |
11461 |
CVE-2018-20034 |
|
|
DoS |
2019-03-21 |
2022-04-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. |
11462 |
CVE-2018-20032 |
|
|
DoS |
2019-03-21 |
2022-04-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. |
11463 |
CVE-2018-20031 |
|
|
DoS |
2019-03-21 |
2022-04-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. |
11464 |
CVE-2018-20026 |
|
|
|
2019-02-19 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0. |
11465 |
CVE-2018-20025 |
330 |
|
|
2019-02-19 |
2019-04-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0. |
11466 |
CVE-2018-20024 |
476 |
|
|
2018-12-19 |
2020-10-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS. |
11467 |
CVE-2018-20023 |
665 |
|
Bypass +Info |
2018-12-19 |
2020-10-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR |
11468 |
CVE-2018-20022 |
665 |
|
Bypass +Info |
2018-12-19 |
2020-10-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR |
11469 |
CVE-2018-20018 |
89 |
|
Sql |
2018-12-10 |
2018-12-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI. |
11470 |
CVE-2018-20014 |
476 |
|
|
2019-06-07 |
2019-06-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::GetFileHashAndMetadata NULL pointer dereference, leading to shutting down the client application. |
11471 |
CVE-2018-20013 |
20 |
|
|
2019-06-18 |
2019-06-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::ProcessPacket metadata_id!=0 assertion, leading to shutting down the client application. |
11472 |
CVE-2018-20000 |
611 |
|
|
2018-12-10 |
2019-01-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java. |
11473 |
CVE-2018-19952 |
89 |
|
Sql +Info |
2020-11-02 |
2020-11-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. |
11474 |
CVE-2018-19944 |
319 |
|
|
2020-12-31 |
2021-01-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices. If exploited, this vulnerability allows a remote attacker to gain access to sensitive information. QNAP have already fixed this vulnerability in the following versions: QTS 4.4.3.1354 build 20200702 (and later) |
11475 |
CVE-2018-19941 |
312 |
|
|
2020-12-31 |
2021-01-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.2.1379 build 20200730 (and later) |
11476 |
CVE-2018-19939 |
476 |
|
|
2018-12-07 |
2019-05-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss and daisy-p-oss as used in Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in kfree after a kmalloc failure in gtp_read_Color in drivers/input/touchscreen/gt917d/gt9xx.c. |
11477 |
CVE-2018-19936 |
20 |
|
|
2018-12-17 |
2019-01-04 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion. |
11478 |
CVE-2018-19935 |
476 |
|
DoS |
2018-12-07 |
2019-06-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function. |
11479 |
CVE-2018-19879 |
307 |
|
|
2019-03-28 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimited login attempts with an automated tool. This ability could lead to cracking a targeted user's password. |
11480 |
CVE-2018-19865 |
532 |
|
|
2018-12-05 |
2019-05-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. |
11481 |
CVE-2018-19860 |
732 |
|
Exec Code |
2019-06-07 |
2020-08-24 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command. |
11482 |
CVE-2018-19858 |
611 |
|
|
2019-01-30 |
2019-02-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file (e.g., in an IFRAME element), PrinceXML will fetch the XML and parse it, thus giving an attacker file-read access and full-fledged SSRF. |
11483 |
CVE-2018-19856 |
22 |
|
Dir. Trav. |
2019-03-26 |
2019-03-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API. |
11484 |
CVE-2018-19834 |
287 |
|
|
2019-12-31 |
2020-01-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The quaker function of a smart contract implementation for BOMBBA (BOMB), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity. |
11485 |
CVE-2018-19833 |
287 |
|
|
2019-12-31 |
2020-01-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The owned function of a smart contract implementation for DDQ, an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity. |
11486 |
CVE-2018-19832 |
287 |
|
|
2019-12-31 |
2020-01-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The NETM() function of a smart contract implementation for NewIntelTechMedia (NETM), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity. |
11487 |
CVE-2018-19831 |
287 |
|
|
2019-12-31 |
2020-01-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The ToOwner() function of a smart contract implementation for Cryptbond Network (CBN), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity. |
11488 |
CVE-2018-19830 |
862 |
|
|
2019-12-31 |
2020-01-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The UBSexToken() function of a smart contract implementation for Business Alliance Financial Circle (BAFC), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function is public (by default) and does not check the caller's identity. |
11489 |
CVE-2018-19829 |
352 |
|
CSRF |
2018-12-18 |
2019-01-30 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known. |
11490 |
CVE-2018-19802 |
476 |
|
|
2019-06-07 |
2019-07-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference. |
11491 |
CVE-2018-19801 |
476 |
|
|
2019-06-07 |
2019-07-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters. |
11492 |
CVE-2018-19796 |
601 |
|
|
2018-12-03 |
2020-03-03 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter. |
11493 |
CVE-2018-19790 |
601 |
|
|
2018-12-18 |
2019-05-10 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login. |
11494 |
CVE-2018-19789 |
434 |
|
Exec Code File Inclusion |
2018-12-18 |
2019-05-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint `string` in a setter method (e.g. `setName(string $name)`) of a class that's the `data_class` of a form, and when a file upload is submitted to the corresponding field instead of a normal text input, then `UploadedFile::__toString()` is called which will then return and disclose the path of the uploaded file. If combined with a local file inclusion issue in certain circumstances this could escalate it to a Remote Code Execution. |
11495 |
CVE-2018-19784 |
326 |
|
File Inclusion |
2018-12-01 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion. |
11496 |
CVE-2018-19753 |
22 |
|
Dir. Trav. |
2018-12-05 |
2018-12-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Tarantella Enterprise before 3.11 allows Directory Traversal. |
11497 |
CVE-2018-19748 |
22 |
|
Dir. Trav. |
2018-11-29 |
2018-12-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded (note that base64 encoding, instead of URL encoding, is very rare in a directory traversal attack vector). |
11498 |
CVE-2018-19723 |
125 |
|
|
2019-01-28 |
2019-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Note: A different vulnerability than CVE-2018-19721. |
11499 |
CVE-2018-19722 |
125 |
|
|
2019-01-18 |
2019-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
11500 |
CVE-2018-19718 |
200 |
|
+Info |
2019-01-18 |
2019-01-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Connect versions 9.8.1 and earlier have a session token exposure vulnerability. Successful exploitation could lead to exposure of the privileges granted to a session. |