The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2018-15882 | An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter. | HIGH | Aug 28, 2018 |
| CVE-2018-15881 | An issue was discovered in Joomla! before 3.8.12. Inadequate checks regarding disabled fields can lead to an ACL violation. | MEDIUM | Aug 28, 2018 |
| CVE-2018-15880 | An issue was discovered in Joomla! before 3.8.12. Inadequate output filtering on the user profile page could lead to a stored XSS attack. | LOW | Aug 28, 2018 |
| CVE-2018-15879 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-6978. Reason: This candidate is a reservation duplicate of CVE-2019-6978. Notes: All CVE users should reference CVE-2019-6978 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 |
| CVE-2018-15878 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-6978. Reason: This candidate is a reservation duplicate of CVE-2019-6978. Notes: All CVE users should reference CVE-2019-6978 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 |
| CVE-2018-15877 | The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request. | HIGH | Aug 26, 2018 |
| CVE-2018-15876 | An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for WordPress. The register form, login form, and password-recovery form require solving a CAPTCHA to perform actions. However, this is required only once per user session, and therefore one could send as many requests as one wished by automation. | MEDIUM | Aug 26, 2018 |
| CVE-2018-15875 | Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request. | MEDIUM | Aug 25, 2018 |
| CVE-2018-15874 | Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the Status -> Active Client Table page via the hostname field in a DHCP request. | MEDIUM | Aug 25, 2018 |
| CVE-2018-15873 | A SQL Injection issue was discovered in Sentrifugo 3.2 via the deptid parameter. | HIGH | Sep 16, 2019 |
| CVE-2018-15871 | An invalid memory address dereference was discovered in decompileSingleArgBuiltInFunctionCall in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | MEDIUM | Aug 25, 2018 |
| CVE-2018-15870 | An invalid memory address dereference was discovered in decompileGETVARIABLE in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | MEDIUM | Aug 25, 2018 |
| CVE-2018-15869 | An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog. | MEDIUM | Aug 24, 2018 |
| CVE-2018-15868 | SQL injection vulnerability in ChronoScan version 1.5.4.3 and earlier allows an unauthenticated attacker to execute arbitrary SQL commands via the wcr_machineid cookie. | HIGH | Jun 24, 2019 |
| CVE-2018-15865 | The Pulse Secure Desktop (macOS) has a Privilege Escalation Vulnerability. | MEDIUM | Sep 6, 2018 |
| CVE-2018-15864 | Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created. | LOW | Aug 25, 2018 |
| CVE-2018-15863 | Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression. | LOW | Aug 25, 2018 |
| CVE-2018-15862 | Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers. | LOW | Aug 25, 2018 |
| CVE-2018-15861 | Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure. | LOW | Aug 25, 2018 |
| CVE-2018-15859 | Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled. | LOW | Aug 25, 2018 |
| CVE-2018-15858 | Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file. | LOW | Aug 25, 2018 |
| CVE-2018-15857 | An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file. | MEDIUM | Aug 25, 2018 |
| CVE-2018-15856 | An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files. | LOW | Aug 25, 2018 |
| CVE-2018-15855 | Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled. | LOW | Aug 25, 2018 |
| CVE-2018-15854 | Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly. | LOW | Aug 25, 2018 |
| CVE-2018-15853 | Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation. | LOW | Aug 25, 2018 |
| CVE-2018-15852 | ** DISPUTED ** Technicolor TC7200.20 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions. | MEDIUM | Aug 25, 2018 |
| CVE-2018-15851 | An issue was discovered in Flexo CMS v0.1.6. There is a CSRF vulnerability that can add an administrator via /admin/user/add. | MEDIUM | Aug 25, 2018 |
| CVE-2018-15850 | An issue was discovered in REDAXO CMS 4.7.2. There is a CSRF vulnerability that can add an administrator account via index.php?page=user. | MEDIUM | Aug 25, 2018 |
| CVE-2018-15849 | An issue was discovered in portfolioCMS 1.0.5. There is CSRF to update the website settings via admin/aboutus.php. | MEDIUM | Aug 25, 2018 |
| CVE-2018-15848 | An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true. | MEDIUM | Aug 25, 2018 |
| CVE-2018-15847 | An issue was discovered in puppyCMS 5.1. There is an XSS vulnerability via menu.php in the Add Page/URL URL link field. | MEDIUM | Aug 25, 2018 |
| CVE-2018-15846 | An issue was discovered in fledrCMS through 2014-02-03. There is a CSRF vulnerability that can change the administrator's password via index.php?p=done&savedata=1. | MEDIUM | Aug 25, 2018 |
| CVE-2018-15845 | There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add. | MEDIUM | Aug 25, 2018 |
| CVE-2018-15844 | An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit. | MEDIUM | Aug 25, 2018 |
| CVE-2018-15843 | GetSimple CMS 3.3.14 has XSS via the admin/edit.php Add New Page field. | LOW | Aug 25, 2018 |
| CVE-2018-15842 | WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter. | LOW | Aug 25, 2018 |
| CVE-2018-15840 | TP-Link TL-WR840N devices allow remote attackers to cause a denial of service (networking outage) via fragmented packets, as demonstrated by an \"nmap -f\" command. | MEDIUM | Apr 2, 2019 |
| CVE-2018-15839 | D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header. | HIGH | Aug 28, 2018 |
| CVE-2018-15836 | In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used. IKEv2 signature verification is affected when RAW RSA keys are used. | MEDIUM | Sep 28, 2018 |
| CVE-2018-15835 | Android 1.0 through 9.0 has Insecure Permissions. The Android bug ID is 77286983. | MEDIUM | Nov 30, 2018 |
| CVE-2018-15834 | In radare2 before 2.9.0, a heap overflow vulnerability exists in the read_module_referenced_functions function in libr/anal/flirt.c via a crafted flirt signature file. | MEDIUM | Sep 12, 2018 |
| CVE-2018-15833 | In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items). | MEDIUM | Aug 26, 2018 |
| CVE-2018-15832 | upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. | MEDIUM | Sep 20, 2018 |
| CVE-2018-15822 | The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure. | MEDIUM | Aug 23, 2018 |
| CVE-2018-15820 | EasyIO EasyIO-30P devices before 2.0.5.27 allow XSS via the dev.htm GDN parameter. | MEDIUM | Mar 4, 2020 |
| CVE-2018-15819 | EasyIO EasyIO-30P devices before 2.0.5.27 have Incorrect Access Control, related to webuser.js. | MEDIUM | Mar 4, 2020 |
| CVE-2018-15818 | An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php. | MEDIUM | Mar 27, 2019 |
| CVE-2018-15817 | FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d63 via a crafted image file. | MEDIUM | Mar 28, 2019 |
| CVE-2018-15816 | FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d7d via a crafted image file. | MEDIUM | Mar 28, 2019 |
