# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1451 |
CVE-2018-6235 |
787 |
|
Exec Code |
2018-05-25 |
2018-06-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
1452 |
CVE-2018-6233 |
119 |
|
Exec Code Overflow |
2018-05-25 |
2018-06-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222060 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
1453 |
CVE-2018-6232 |
119 |
|
Exec Code Overflow |
2018-05-25 |
2018-06-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x22205C by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
1454 |
CVE-2018-6231 |
77 |
|
Bypass |
2018-03-15 |
2018-04-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations. |
1455 |
CVE-2018-6222 |
264 |
|
Exec Code |
2018-03-15 |
2018-04-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command execution on a vulnerable system. |
1456 |
CVE-2018-6220 |
74 |
|
Exec Code |
2018-03-15 |
2018-04-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems. |
1457 |
CVE-2018-6024 |
89 |
|
Sql |
2018-02-18 |
2018-03-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter. |
1458 |
CVE-2018-6006 |
89 |
|
Sql |
2018-02-17 |
2018-03-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter. |
1459 |
CVE-2018-6005 |
89 |
|
Sql |
2018-02-17 |
2018-03-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter. |
1460 |
CVE-2018-6004 |
89 |
|
Sql |
2018-02-17 |
2018-03-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter. |
1461 |
CVE-2018-5994 |
89 |
|
Sql |
2018-02-17 |
2018-03-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request. |
1462 |
CVE-2018-5993 |
89 |
|
Sql |
2018-02-17 |
2018-03-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request. |
1463 |
CVE-2018-5992 |
89 |
|
Sql |
2018-02-17 |
2018-03-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name parameter in a view=staff request. |
1464 |
CVE-2018-5991 |
89 |
|
Sql |
2018-02-17 |
2018-03-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798. |
1465 |
CVE-2018-5990 |
89 |
|
Sql |
2018-02-17 |
2018-03-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter. |
1466 |
CVE-2018-5989 |
89 |
|
Sql |
2018-02-17 |
2018-03-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099. |
1467 |
CVE-2018-5988 |
89 |
|
Sql |
2018-01-24 |
2018-02-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php. |
1468 |
CVE-2018-5987 |
89 |
|
Sql |
2018-02-17 |
2018-03-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid parameter in a view=pindisplay action, the searchVal parameter in a view=search action, or the uid parameter in a view=likes action. |
1469 |
CVE-2018-5986 |
89 |
|
Sql |
2018-01-24 |
2018-02-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in Easy Car Script 2014 via the s_order or s_row parameter to site_search.php. |
1470 |
CVE-2018-5985 |
89 |
|
Sql |
2018-01-24 |
2018-02-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for Joomla! via an r=site/login&company_id= request. |
1471 |
CVE-2018-5984 |
89 |
|
Sql |
2018-01-24 |
2018-02-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 component for Joomla! via the PATH_INFO to the category/ URI. |
1472 |
CVE-2018-5983 |
89 |
|
Sql |
2018-02-17 |
2018-03-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request. |
1473 |
CVE-2018-5982 |
89 |
|
Sql |
2018-02-17 |
2018-03-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in the Advertisement Board 3.1.0 component for Joomla! via a task=show_rss_categories&catname= request. |
1474 |
CVE-2018-5981 |
89 |
|
Sql |
2018-02-17 |
2018-03-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter. |
1475 |
CVE-2018-5980 |
89 |
|
Sql |
2018-02-17 |
2018-03-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action. |
1476 |
CVE-2018-5979 |
89 |
|
Sql |
2018-01-24 |
2018-02-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 via the login.php User field. |
1477 |
CVE-2018-5978 |
89 |
|
Sql |
2018-01-24 |
2018-02-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the login.php User field. |
1478 |
CVE-2018-5977 |
89 |
|
Sql |
2018-01-24 |
2018-02-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in Affiligator Affiliate Webshop Management System 2.1.0 via a search/?q=&price_type=range&price= request. |
1479 |
CVE-2018-5975 |
89 |
|
Sql |
2018-02-17 |
2018-03-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter to the archive URI. |
1480 |
CVE-2018-5974 |
89 |
|
Sql |
2018-02-17 |
2018-03-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter. |
1481 |
CVE-2018-5973 |
89 |
|
Sql |
2018-01-25 |
2018-02-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php IndustryID parameter, or the suppliers.php IndustryID or CategoryID parameter. |
1482 |
CVE-2018-5972 |
89 |
|
Sql |
2018-01-24 |
2018-02-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat parameter to the listing URI. |
1483 |
CVE-2018-5971 |
89 |
|
Sql |
2018-02-17 |
2018-03-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter. |
1484 |
CVE-2018-5970 |
89 |
|
Sql |
2018-02-17 |
2018-03-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter. |
1485 |
CVE-2018-5955 |
20 |
|
|
2018-01-21 |
2018-03-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI. |
1486 |
CVE-2018-5924 |
119 |
|
Exec Code Overflow |
2018-08-13 |
2018-10-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack buffer overflow, which could allow remote code execution. |
1487 |
CVE-2018-5917 |
119 |
|
Overflow |
2018-11-28 |
2018-12-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Possible buffer overflow in OEM crypto function due to improper input validation in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130. |
1488 |
CVE-2018-5914 |
129 |
|
|
2018-10-26 |
2019-01-23 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Improper input validation in TZ led to array out of bound in TZ function while accessing the peripheral details using the incoming data in Snapdragon Mobile, Snapdragon Wear version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660. |
1489 |
CVE-2018-5912 |
119 |
|
Overflow |
2018-11-28 |
2018-12-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Potential buffer overflow in Video due to lack of input validation in input and output values in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660. |
1490 |
CVE-2018-5885 |
119 |
|
Overflow |
2018-07-06 |
2018-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
While loading dynamic fonts, a buffer overflow may occur if the number of segments in the font file is out of range in Snapdragon Mobile and Snapdragon Wear. |
1491 |
CVE-2018-5882 |
119 |
|
Overflow |
2018-07-06 |
2018-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
While parsing a Flac file with a corrupted comment block, a buffer over-read can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. |
1492 |
CVE-2018-5880 |
119 |
|
Overflow |
2019-01-18 |
2019-01-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Improper data length check while processing an event report indication can lead to a buffer overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660 |
1493 |
CVE-2018-5878 |
119 |
|
Overflow |
2018-07-06 |
2018-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. |
1494 |
CVE-2018-5877 |
119 |
|
Overflow |
2018-11-28 |
2018-12-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In the device programmer target-side code for firehose, a string may not be properly NULL terminated can lead to a incorrect buffer size in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20. |
1495 |
CVE-2018-5870 |
119 |
|
Overflow |
2018-11-28 |
2018-12-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
While loading a service image, an untrusted pointer dereference can occur in Snapdragon Mobile in versions SD 835, SDA660, SDX24. |
1496 |
CVE-2018-5869 |
20 |
|
|
2019-01-18 |
2019-01-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Improper input validation in the QTEE keymaster app can lead to invalid memory access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 800, SD 810 |
1497 |
CVE-2018-5868 |
119 |
|
Overflow |
2019-01-18 |
2019-01-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Lack of checking input size can lead to buffer overflow In WideVine in snapdragon automobile and snapdragon mobile in versions MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX24, SXR1130 |
1498 |
CVE-2018-5867 |
119 |
|
Overflow |
2019-01-18 |
2019-01-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Lack of checking input size can lead to buffer overflow In WideVine in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016, SXR1130 |
1499 |
CVE-2018-5866 |
119 |
|
Overflow |
2018-10-26 |
2019-01-23 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
While processing logs, data is copied into a buffer pointed to by an untrusted pointer in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660. |
1500 |
CVE-2018-5845 |
416 |
|
|
2018-06-06 |
2018-07-17 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
A race condition in drm_atomic_nonblocking_commit() in the display driver can potentially lead to a Use After Free scenario in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. |