| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-1000866 |
|
|
Exec Code Bypass |
2018-12-10 |
2018-12-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure permission, or unauthorized attackers with SCM commit privileges and corresponding pipelines based on Jenkinsfiles set up in Jenkins, to execute arbitrary code on the Jenkins master JVM |
|
2 |
CVE-2018-1000865 |
|
|
Exec Code Bypass |
2018-12-10 |
2018-12-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy sandbox are installed. |
|
3 |
CVE-2018-1000665 |
79 |
|
XSS Bypass |
2018-09-06 |
2018-11-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. This vulnerability appears to have been fixed in 1.14. |
|
4 |
CVE-2018-1000551 |
19 |
|
Bypass |
2018-06-26 |
2018-08-17 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Trovebox version <= 4.0.0-rc6 contains a PHP Type juggling vulnerability in album view component that can result in Authentication bypass. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit 742b8edbe. |
|
5 |
CVE-2018-1000205 |
20 |
|
Bypass |
2018-06-26 |
2018-08-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality. |
|
6 |
CVE-2018-1000194 |
22 |
|
Dir. Trav. Bypass |
2018-06-05 |
2018-07-27 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection. |
|
7 |
CVE-2018-1000118 |
78 |
|
Exec Code Bypass |
2018-03-07 |
2018-04-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to have been fixed in Electron 1.8.2-beta.5. This issue is due to an incomplete fix for CVE-2018-1000006, specifically the black list used was not case insensitive allowing an attacker to potentially bypass it. |
|
8 |
CVE-2018-1000061 |
20 |
|
Bypass |
2018-02-09 |
2018-03-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ARM mbedTLS version development branch, 2.7.0 and earlier contains a CWE-670, Incorrect condition control flow leading to incorrect return, leading to data loss vulnerability in ssl_write_real(), library/ssl_tls.c:7142 that can result in Leads to data loss, can be escalated to DoS and authorization bypass in application protocols. This attack appear to be exploitable via network connectivity. |
|
9 |
CVE-2018-20155 |
|
|
Bypass |
2018-12-14 |
2018-12-14 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings. |
|
10 |
CVE-2018-20152 |
|
|
Bypass |
2018-12-14 |
2018-12-14 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In WordPress versions before 5.0.1, authors could bypass intended restrictions on post types via crafted input. |
|
11 |
CVE-2018-20149 |
|
|
XSS Bypass |
2018-12-14 |
2018-12-14 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In WordPress versions before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS. |
|
12 |
CVE-2018-20147 |
|
|
Bypass |
2018-12-14 |
2018-12-14 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In WordPress versions before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files. |
|
13 |
CVE-2018-20145 |
|
|
Bypass |
2018-12-13 |
2018-12-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored. |
|
14 |
CVE-2018-19991 |
|
|
Bypass |
2018-12-09 |
2018-12-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args or get_post_args) to block the API misuse described in CVE-2018-9230. |
|
15 |
CVE-2018-19836 |
|
|
XSS Bypass |
2018-12-03 |
2018-12-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.inc.php allows registering variables from the $_COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such as the Chrome XSS filter. |
|
16 |
CVE-2018-19754 |
|
|
Bypass |
2018-12-05 |
2018-12-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Tarantella Enterprise before 3.11 allows bypassing Access Control. |
|
17 |
CVE-2018-19477 |
|
|
Bypass |
2018-11-23 |
2018-12-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. |
|
18 |
CVE-2018-19476 |
|
|
Bypass |
2018-11-23 |
2018-12-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. |
|
19 |
CVE-2018-19475 |
|
|
Bypass |
2018-11-23 |
2018-12-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. |
|
20 |
CVE-2018-19277 |
91 |
|
Bypass |
2018-11-14 |
2018-12-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file |
|
21 |
CVE-2018-19196 |
94 |
|
Exec Code Bypass |
2018-11-12 |
2018-12-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in XiaoCms 20141229. It allows remote attackers to execute arbitrary code by using the type parameter to bypass the standard admin\controller\uploadfile.php restrictions on uploaded file types (jpg, jpeg, bmp, png, gif), as demonstrated by an admin/index.php?c=uploadfile&a=uploadify_upload&type=php URI. |
|
22 |
CVE-2018-19110 |
|
|
Bypass |
2018-11-08 |
2018-11-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/user/skin/list directly because controller\usercontroller.java maps a /skin/list request to the function skinList, and lacks an authorization check. |
|
23 |
CVE-2018-19109 |
|
|
Bypass |
2018-11-08 |
2018-11-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list directly to read the column list page or edit a column. |
|
24 |
CVE-2018-18955 |
|
|
Bypass |
2018-11-16 |
2018-12-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction. |
|
25 |
CVE-2018-18777 |
22 |
|
Dir. Trav. Bypass |
2018-11-01 |
2018-12-12 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product. |
|
26 |
CVE-2018-18703 |
22 |
|
Dir. Trav. Bypass |
2018-10-29 |
2018-12-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
PhpTpoint Mailing Server Using File Handling 1.0 suffers from multiple Arbitrary File Read vulnerabilities in different sections that allow an attacker to read sensitive files on the system via directory traversal, bypassing the login page, as demonstrated by the Mailserver_filesystem/home.php coninb, consent, contrsh, condrft, or conspam parameter. |
|
27 |
CVE-2018-18653 |
|
|
Exec Code Bypass |
2018-10-25 |
2018-12-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. This occurs because a modified kernel/module.c, in conjunction with certain configuration options, leads to mishandling of the result of signature verification. |
|
28 |
CVE-2018-18531 |
|
|
Bypass |
2018-10-19 |
2018-10-19 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random (rather than SecureRandom) function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force approach. |
|
29 |
CVE-2018-18362 |
|
|
XSS Bypass |
2018-12-06 |
2018-12-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. |
|
30 |
CVE-2018-18352 |
|
|
Bypass |
2018-12-11 |
2018-12-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page. |
|
31 |
CVE-2018-18351 |
|
|
Bypass |
2018-12-11 |
2018-12-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page. |
|
32 |
CVE-2018-18350 |
|
|
Bypass |
2018-12-11 |
2018-12-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
|
33 |
CVE-2018-18345 |
|
|
Bypass |
2018-12-11 |
2018-12-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page. |
|
34 |
CVE-2018-18284 |
254 |
|
Bypass |
2018-10-19 |
2018-12-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. |
|
35 |
CVE-2018-18073 |
200 |
|
Bypass +Info |
2018-10-15 |
2018-12-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. |
|
36 |
CVE-2018-17961 |
284 |
|
Bypass |
2018-10-15 |
2018-12-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. |
|
37 |
CVE-2018-17918 |
287 |
|
Bypass |
2018-11-02 |
2018-12-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page. |
|
38 |
CVE-2018-17886 |
79 |
|
XSS Bypass |
2018-10-02 |
2018-11-16 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a <svg/onLoad=confirm substring. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-12429. |
|
39 |
CVE-2018-17877 |
338 |
|
Bypass |
2018-10-23 |
2018-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. The developer used the extcodesize() function to prevent a malicious contract from being called, but the attacker can bypass it by writing the core code in the constructor of their exploit code. Therefore, it allows attackers to always win and get rewards. |
|
40 |
CVE-2018-17552 |
89 |
|
Sql Bypass |
2018-10-03 |
2018-11-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie. |
|
41 |
CVE-2018-17341 |
287 |
|
Bypass |
2018-09-23 |
2018-11-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a ..\ substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/..\ URI. |
|
42 |
CVE-2018-17153 |
|
|
+Priv Bypass |
2018-09-18 |
2018-09-22 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called "cgi_get_ipv6" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter "flag" with the value "1" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie. |
|
43 |
CVE-2018-17137 |
254 |
|
Bypass |
2018-09-17 |
2018-12-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Prezi Next 1.3.101.11 has a documented purpose of creating HTML5 presentations but has SE_DEBUG_PRIVILEGE on Windows, which might allow attackers to bypass intended access restrictions. |
|
44 |
CVE-2018-17077 |
79 |
|
XSS Bypass |
2018-09-15 |
2018-11-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in yiqicms through 2016-11-20. There is stored XSS in comment.php because a length limit can be bypassed. |
|
45 |
CVE-2018-16984 |
|
|
Bypass |
2018-10-02 |
2018-10-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the "view" permission (new in Django 2.1), resulting in display of the entire password hash to those users. This may result in a vulnerability for sites with legacy user accounts using insecure hashes. |
|
46 |
CVE-2018-16983 |
254 |
|
Bypass |
2018-09-13 |
2018-11-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking via the text/html;/json Content-Type value. |
|
47 |
CVE-2018-16974 |
434 |
|
Exec Code Bypass |
2018-09-12 |
2018-11-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file, and then using a filename that ends in .php followed by space characters (for bypassing the blacklist). |
|
48 |
CVE-2018-16863 |
|
|
Exec Code Bypass |
2018-12-03 |
2018-12-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7. |
|
49 |
CVE-2018-16831 |
22 |
|
Dir. Trav. Bypass |
2018-09-11 |
2018-11-16 |
7.1 |
None |
Remote |
Medium |
Not required |
Complete |
None |
None |
|
Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement. |
|
50 |
CVE-2018-16550 |
255 |
|
Bypass |
2018-09-05 |
2018-11-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
TeamViewer 10.x through 13.x allows remote attackers to bypass the brute-force authentication protection mechanism by skipping the "Cancel" step, which makes it easier to determine the correct value of the default 4-digit PIN. |
