| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
14951 |
CVE-2018-9031 |
522 |
|
|
2018-03-29 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an "if(pwd ==" line in the HTML source code. This means, in effect, that authentication occurs only on the client side. |
|
14952 |
CVE-2018-9029 |
89 |
|
Sql |
2018-06-18 |
2018-08-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks. |
|
14953 |
CVE-2018-9028 |
326 |
|
|
2018-06-18 |
2018-08-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking. |
|
14954 |
CVE-2018-9027 |
79 |
|
XSS |
2018-06-18 |
2018-08-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link. |
|
14955 |
CVE-2018-9026 |
384 |
|
|
2018-06-18 |
2018-08-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request. |
|
14956 |
CVE-2018-9025 |
20 |
|
|
2018-06-18 |
2018-08-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input. |
|
14957 |
CVE-2018-9024 |
287 |
|
|
2018-06-18 |
2018-08-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file. |
|
14958 |
CVE-2018-9023 |
20 |
|
Exec Code Bypass |
2018-06-18 |
2018-08-09 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script. |
|
14959 |
CVE-2018-9022 |
269 |
|
Exec Code Bypass |
2018-06-18 |
2019-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file. |
|
14960 |
CVE-2018-9021 |
269 |
|
Exec Code Bypass |
2018-06-18 |
2019-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests. |
|
14961 |
CVE-2018-9019 |
89 |
|
Exec Code Sql |
2018-05-22 |
2018-06-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php. |
|
14962 |
CVE-2018-9018 |
369 |
|
DoS |
2018-03-25 |
2018-10-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. |
|
14963 |
CVE-2018-9016 |
79 |
|
XSS |
2018-03-25 |
2018-04-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
dsmall v20180320 allows XSS via the main page search box at the public/index.php/home URI. |
|
14964 |
CVE-2018-9014 |
200 |
|
+Info |
2018-03-25 |
2018-04-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
dsmall v20180320 allows physical path leakage via a public/index.php/home/predeposit/index.html?pdr_sn= request. |
|
14965 |
CVE-2018-9010 |
22 |
|
Dir. Trav. |
2018-03-25 |
2018-04-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default admin password. |
|
14966 |
CVE-2018-9009 |
416 |
|
|
2018-03-24 |
2019-10-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In libming 0.4.8, there is a use-after-free in the decompileJUMP function of the decompile.c file. |
|
14967 |
CVE-2018-9007 |
20 |
|
DoS |
2018-03-24 |
2018-03-30 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4. |
|
14968 |
CVE-2018-9006 |
20 |
|
DoS |
2018-03-24 |
2018-03-30 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004. |
|
14969 |
CVE-2018-9005 |
20 |
|
DoS |
2018-03-24 |
2018-03-30 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0. |
|
14970 |
CVE-2018-9004 |
20 |
|
DoS |
2018-03-24 |
2018-03-30 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0. |
|
14971 |
CVE-2018-9003 |
20 |
|
DoS |
2018-03-24 |
2018-03-30 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000. |
|
14972 |
CVE-2018-9002 |
20 |
|
DoS |
2018-03-24 |
2018-03-30 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc. |
|
14973 |
CVE-2018-9001 |
20 |
|
DoS |
2018-03-24 |
2018-03-30 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000. |
|
14974 |
CVE-2018-9000 |
20 |
|
DoS |
2018-03-24 |
2018-03-30 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004. |
|
14975 |
CVE-2018-8999 |
20 |
|
DoS |
2018-03-24 |
2018-03-30 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4. |
|
14976 |
CVE-2018-8998 |
20 |
|
DoS |
2018-03-24 |
2018-03-30 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc. |
|
14977 |
CVE-2018-8997 |
20 |
|
DoS |
2018-03-24 |
2018-03-30 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002004. |
|
14978 |
CVE-2018-8996 |
20 |
|
DoS |
2018-03-24 |
2018-03-30 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002007. |
|
14979 |
CVE-2018-8995 |
20 |
|
DoS |
2018-03-24 |
2018-03-30 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002002. |
|
14980 |
CVE-2018-8994 |
20 |
|
DoS |
2018-03-24 |
2018-03-30 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002003. |
|
14981 |
CVE-2018-8993 |
20 |
|
DoS |
2018-03-24 |
2018-03-30 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002001. |
|
14982 |
CVE-2018-8992 |
20 |
|
DoS |
2018-03-24 |
2018-03-30 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002005. |
|
14983 |
CVE-2018-8991 |
20 |
|
DoS |
2018-03-24 |
2018-03-30 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002009. |
|
14984 |
CVE-2018-8990 |
20 |
|
DoS |
2018-03-24 |
2018-03-30 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002010. |
|
14985 |
CVE-2018-8989 |
20 |
|
DoS |
2018-03-24 |
2018-03-30 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002006. |
|
14986 |
CVE-2018-8988 |
20 |
|
DoS |
2018-03-24 |
2018-03-30 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002008. |
|
14987 |
CVE-2018-8979 |
352 |
|
XSS CSRF |
2018-03-25 |
2018-04-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI. |
|
14988 |
CVE-2018-8977 |
119 |
|
DoS Overflow |
2018-03-24 |
2019-08-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file. |
|
14989 |
CVE-2018-8976 |
125 |
|
DoS |
2018-03-24 |
2019-08-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file. |
|
14990 |
CVE-2018-8975 |
125 |
|
DoS |
2018-03-24 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The pm_mallocarray2 function in lib/util/mallocvar.c in Netpbm through 10.81.03 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, as demonstrated by pbmmask. |
|
14991 |
CVE-2018-8974 |
94 |
|
Exec Code |
2018-04-26 |
2018-06-04 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Centers for Disease Control and Prevention MicrobeTRACE 0.1.11 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial 'Source<script type="text/javascript" src=' line. |
|
14992 |
CVE-2018-8973 |
79 |
|
XSS |
2018-03-24 |
2018-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
OTCMS 3.20 allows XSS by adding a keyword or link to an article, as demonstrated by an admin/keyWord_deal.php?mudi=add request. |
|
14993 |
CVE-2018-8972 |
352 |
|
CSRF |
2018-03-24 |
2018-04-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters. |
|
14994 |
CVE-2018-8971 |
20 |
|
|
2018-03-24 |
2018-05-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users. |
|
14995 |
CVE-2018-8970 |
295 |
|
+Info |
2018-03-24 |
2018-04-24 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: the LibreSSL documentation indicates that this special case is supported, but the BoringSSL documentation does not. |
|
14996 |
CVE-2018-8969 |
22 |
|
Dir. Trav. |
2018-03-24 |
2018-04-17 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
An issue was discovered in zzcms 8.2. user/licence_save.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. |
|
14997 |
CVE-2018-8968 |
22 |
|
Dir. Trav. |
2018-03-24 |
2018-04-17 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. |
|
14998 |
CVE-2018-8967 |
89 |
|
Sql |
2018-03-24 |
2018-04-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request. |
|
14999 |
CVE-2018-8966 |
94 |
|
|
2018-03-24 |
2018-04-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php. |
|
15000 |
CVE-2018-8965 |
22 |
|
Dir. Trav. |
2018-03-24 |
2018-04-17 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. |
