The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2018-12421 | LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a string. | MEDIUM | Jun 14, 2018 |
CVE-2018-12422 | ** DISPUTED ** addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because the code had computed the required string length first, and then allocated a large-enough buffer on the heap. | HIGH | Aug 9, 2018 |
CVE-2018-12423 | In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force. | MEDIUM | Jun 14, 2018 |
CVE-2018-12426 | The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jpeg content type. | HIGH | Jul 2, 2018 |
CVE-2018-12429 | JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie. | LOW | Jul 18, 2018 |
CVE-2018-12430 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-12429. Reason: This candidate is a reservation duplicate of CVE-2018-12429. Notes: All CVE users should reference CVE-2018-12429 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 |
CVE-2018-12431 | SeaCMS V6.61 has XSS via the site name parameter on an adm1n/admin_config.php page (aka a system management page). | LOW | Jun 14, 2018 |
CVE-2018-12432 | JavaMelody through 1.60.0 has XSS via the counter parameter in a clear_counter action to the /monitoring URI. | MEDIUM | Jun 14, 2018 |
CVE-2018-12433 | ** DISPUTED ** cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. NOTE: the vendor does not include side-channel attacks within its threat model. | LOW | Aug 9, 2018 |
CVE-2018-12434 | LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | LOW | Jun 14, 2018 |
CVE-2018-12435 | Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | LOW | Jun 14, 2018 |
CVE-2018-12436 | wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | LOW | Jun 14, 2018 |
CVE-2018-12437 | LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | LOW | Jun 14, 2018 |
CVE-2018-12438 | The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | LOW | Jun 14, 2018 |
CVE-2018-12439 | MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | LOW | Jun 14, 2018 |
CVE-2018-12440 | BoringSSL through 2018-06-14 allows a memory-cache side-channel attack on DSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a DSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | LOW | Jun 14, 2018 |
CVE-2018-12441 | The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the CorsairService BINARY_PATH_NAME, leading to complete control of the affected system. The issue exists due to the Windows Everyone group being granted SERVICE_ALL_ACCESS permissions to the CorsairService Service. | HIGH | Oct 11, 2018 |
CVE-2018-12445 | ** DISPUTED ** An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded with null, because the fingerprint API in conjunction with the Android keyGenerator class is not implemented. In other words, an attacker could authenticate with an arbitrary fingerprint. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred. | LOW | Aug 23, 2018 |
CVE-2018-12446 | ** DISPUTED ** An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method\'s return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred. | LOW | Aug 23, 2018 |
CVE-2018-12447 | The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.8 and other products, has an integer overflow that leads to a heap-based buffer overflow and remote code execution. | MEDIUM | Jun 15, 2018 |
CVE-2018-12448 | Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name. | MEDIUM | Aug 2, 2018 |
CVE-2018-12449 | The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking. | MEDIUM | Oct 11, 2018 |
CVE-2018-12453 | Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream. | MEDIUM | Jun 16, 2018 |
CVE-2018-12454 | The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block information and a private variable (which can be read with a getStorageAt call). Therefore, it allows attackers to always win and get rewards. | MEDIUM | Jun 17, 2018 |
CVE-2018-12455 | Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using admin: as the name of a cookie. | HIGH | Oct 10, 2018 |
CVE-2018-12456 | Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access. | MEDIUM | Oct 10, 2018 |
CVE-2018-12457 | expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header. | MEDIUM | Jun 15, 2018 |
CVE-2018-12458 | An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. | MEDIUM | Jun 15, 2018 |
CVE-2018-12459 | An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. | MEDIUM | Jun 15, 2018 |
CVE-2018-12460 | libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the studio profile is incorrectly detected while converting a crafted AVI file to MPEG4, leading to a denial of service, related to idctdsp.c and mpegvideo.c. | MEDIUM | Jun 15, 2018 |
CVE-2018-12461 | Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation. | MEDIUM | Jul 10, 2018 |
CVE-2018-12462 | NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities. | MEDIUM | Jul 10, 2018 |
CVE-2018-12463 | An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | HIGH | Jul 12, 2018 |
CVE-2018-12464 | A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5). | HIGH | Jun 29, 2018 |
CVE-2018-12465 | An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5). | HIGH | Jun 29, 2018 |
CVE-2018-12466 | openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links. | MEDIUM | Aug 4, 2018 |
CVE-2018-12467 | Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689. | MEDIUM | Aug 1, 2018 |
CVE-2018-12468 | A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code execution. | MEDIUM | Aug 1, 2018 |
CVE-2018-12469 | Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination. | MEDIUM | Oct 12, 2018 |
CVE-2018-12470 | A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37. | HIGH | Oct 4, 2018 |
CVE-2018-12471 | A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37. | MEDIUM | Oct 4, 2018 |
CVE-2018-12472 | A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to 3.0.37. | MEDIUM | Oct 4, 2018 |
CVE-2018-12473 | A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build Service: versions prior to 70d1aa4cc4d7b940180553a63805c22fc62e2cf0. | MEDIUM | Oct 2, 2018 |
CVE-2018-12474 | Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected releases are openSUSE Open Build Service: versions prior to 51a17c553b6ae2598820b7a90fd0c11502a49106. | HIGH | Oct 9, 2018 |
CVE-2018-12475 | A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request against internal networks and potentially downloading data that is exposed there. This issue affects: openSUSE Open Build Service . | MEDIUM | Sep 1, 2020 |
CVE-2018-12476 | Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:. openSUSE Factory obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74. | MEDIUM | Feb 5, 2020 |
CVE-2018-12477 | A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5367767efc989446fe4b5e4609cce. | MEDIUM | Oct 9, 2018 |
CVE-2018-12478 | A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Affected releases are openSUSE Open Build Service: status of is unknown. | MEDIUM | Oct 9, 2018 |
CVE-2018-12479 | A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df. | MEDIUM | Oct 9, 2018 |
CVE-2018-12480 | Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3. | MEDIUM | Nov 15, 2018 |