| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
14801 |
CVE-2018-9270 |
772 |
|
|
2018-04-04 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak. |
|
14802 |
CVE-2018-9269 |
772 |
|
|
2018-04-04 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak. |
|
14803 |
CVE-2018-9268 |
772 |
|
|
2018-04-04 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak. |
|
14804 |
CVE-2018-9267 |
772 |
|
|
2018-04-04 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak. |
|
14805 |
CVE-2018-9266 |
772 |
|
|
2018-04-04 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak. |
|
14806 |
CVE-2018-9265 |
772 |
|
|
2018-04-04 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak. |
|
14807 |
CVE-2018-9264 |
119 |
|
Overflow |
2018-04-04 |
2018-06-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency. |
|
14808 |
CVE-2018-9263 |
|
|
|
2018-04-04 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length. |
|
14809 |
CVE-2018-9262 |
20 |
|
|
2018-04-04 |
2019-01-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth. |
|
14810 |
CVE-2018-9261 |
834 |
|
Overflow |
2018-04-04 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs. |
|
14811 |
CVE-2018-9260 |
20 |
|
|
2018-04-04 |
2019-01-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs. |
|
14812 |
CVE-2018-9259 |
20 |
|
|
2018-04-04 |
2019-01-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth. |
|
14813 |
CVE-2018-9258 |
20 |
|
|
2018-04-04 |
2018-05-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources. |
|
14814 |
CVE-2018-9257 |
835 |
|
|
2018-04-04 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns. |
|
14815 |
CVE-2018-9256 |
20 |
|
|
2018-04-04 |
2019-01-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth. |
|
14816 |
CVE-2018-9252 |
617 |
|
DoS |
2018-04-03 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c. |
|
14817 |
CVE-2018-9250 |
89 |
|
Exec Code Sql |
2018-05-18 |
2018-06-20 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
interface\super\edit_list.php in OpenEMR before v5_0_1_1 allows remote authenticated users to execute arbitrary SQL commands via the newlistname parameter. |
|
14818 |
CVE-2018-9249 |
287 |
|
Bypass |
2018-04-04 |
2018-05-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass by ignoring the parent.location='login.html' JavaScript code in the response to an unauthenticated request. |
|
14819 |
CVE-2018-9248 |
287 |
|
Bypass |
2018-04-04 |
2018-05-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass via a "Cookie: Name=0admin" header. |
|
14820 |
CVE-2018-9247 |
89 |
|
Exec Code Sql |
2018-04-03 |
2018-05-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a <?php substring, and then using INTO OUTFILE with a .php filename. |
|
14821 |
CVE-2018-9246 |
116 |
|
Exec Code |
2018-06-07 |
2018-08-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application. |
|
14822 |
CVE-2018-9245 |
89 |
|
Exec Code Sql Bypass |
2018-04-22 |
2018-05-25 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulnerability in the User ID and password fields that allows users to bypass the login page and execute remote code on the operating system. |
|
14823 |
CVE-2018-9244 |
79 |
|
XSS |
2018-04-05 |
2018-05-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically, data-milestone-id in the milestone dropdown feature). This is fixed in 10.6.3, 10.5.7, and 10.4.7. |
|
14824 |
CVE-2018-9243 |
79 |
|
XSS |
2018-04-05 |
2018-05-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and 10.4.7. |
|
14825 |
CVE-2018-9242 |
20 |
|
|
2018-07-03 |
2018-09-04 |
6.6 |
None |
Local |
Low |
Not required |
None |
Complete |
Complete |
|
The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request parameters. |
|
14826 |
CVE-2018-9240 |
476 |
|
DoS |
2018-04-03 |
2018-05-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a user uses the chat screen and another client sends a long chat message, a crash and denial of service could occur. |
|
14827 |
CVE-2018-9238 |
79 |
|
XSS |
2018-04-04 |
2018-05-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
proberv.php in Yahei-PHP Proberv 0.4.7 has XSS via the funName parameter. |
|
14828 |
CVE-2018-9235 |
79 |
|
XSS |
2018-04-04 |
2018-05-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php. |
|
14829 |
CVE-2018-9234 |
320 |
|
|
2018-04-03 |
2018-06-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. |
|
14830 |
CVE-2018-9232 |
287 |
|
|
2018-05-01 |
2018-06-13 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Due to the lack of firmware authentication in the upgrade process of T&W WIFI Repeater BE126 devices, an attacker can craft a malicious firmware and use it as an update. |
|
14831 |
CVE-2018-9230 |
89 |
|
Sql Bypass |
2018-04-02 |
2018-05-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.get_uri_args and ngx.req.get_post_args functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall (ngx_lua_waf or X-WAF) products. NOTE: the vendor has reported that 100 parameters is an intentional default setting, but is adjustable within the API. The vendor's position is that a security-relevant misuse of the API by a WAF product is a vulnerability in the WAF product, not a vulnerability in OpenResty. |
|
14832 |
CVE-2018-9209 |
434 |
|
|
2018-11-19 |
2018-12-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server <= v1.2.2 |
|
14833 |
CVE-2018-9208 |
434 |
|
|
2018-11-05 |
2018-12-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut <= v1.1Beta |
|
14834 |
CVE-2018-9207 |
434 |
|
|
2018-11-19 |
2018-12-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Arbitrary file upload in jQuery Upload File <= 4.0.2 |
|
14835 |
CVE-2018-9206 |
434 |
|
|
2018-10-11 |
2019-09-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0 |
|
14836 |
CVE-2018-9205 |
22 |
|
Dir. Trav. |
2018-04-04 |
2018-05-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path. |
|
14837 |
CVE-2018-9194 |
203 |
|
|
2018-09-05 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under VIP SSL feature when CPx being used. |
|
14838 |
CVE-2018-9193 |
264 |
|
Exec Code |
2019-05-30 |
2019-05-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the parsing of the file. |
|
14839 |
CVE-2018-9192 |
203 |
|
|
2018-09-05 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx being used. |
|
14840 |
CVE-2018-9191 |
264 |
|
Exec Code |
2019-05-30 |
2019-05-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates. |
|
14841 |
CVE-2018-9190 |
476 |
|
DoS |
2019-02-08 |
2019-06-03 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
A null pointer dereference vulnerability in Fortinet FortiClientWindows 6.0.2 and earlier allows attacker to cause a denial of service via the NDIS miniport driver. |
|
14842 |
CVE-2018-9186 |
79 |
|
Exec Code XSS CSRF |
2018-05-31 |
2019-04-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header. |
|
14843 |
CVE-2018-9185 |
200 |
|
+Info |
2018-07-05 |
2018-08-27 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature. |
|
14844 |
CVE-2018-9182 |
79 |
|
XSS |
2018-06-07 |
2018-07-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Twonky Server before 8.5.1 has XSS via a modified "language" parameter in the Language section. |
|
14845 |
CVE-2018-9177 |
79 |
|
XSS |
2018-06-07 |
2018-07-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Twonky Server before 8.5.1 has XSS via a folder name on the Shared Folders screen. |
|
14846 |
CVE-2018-9175 |
94 |
|
Exec Code |
2018-04-01 |
2018-05-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselect_main.php because code within the database is accessible to uploads/dede/sys_cache_up.php. |
|
14847 |
CVE-2018-9174 |
94 |
|
Exec Code |
2018-04-01 |
2018-05-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the refiles array parameter, because the contents of modifytmp.inc are under an attacker's control. |
|
14848 |
CVE-2018-9173 |
79 |
|
XSS |
2018-04-01 |
2018-05-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter. |
|
14849 |
CVE-2018-9165 |
476 |
|
DoS |
2018-04-01 |
2018-05-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The pushdup function in util/decompile.c in libming through 0.4.8 does not recognize the need for ActionPushDuplicate to perform a deep copy when a String is at the top of the stack, making the library vulnerable to a util/decompile.c getName NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted SWF file. |
|
14850 |
CVE-2018-9162 |
306 |
|
|
2018-03-31 |
2018-05-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Contec Smart Home 4.15 devices do not require authentication for new_user.php, edit_user.php, delete_user.php, and user.php, as demonstrated by changing the admin password and then obtaining control over doors. |
