The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2018-20718 | In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0:{} syntax to store a preference. An attacker either needs a public link of a file, or access to any unprivileged user account for creation of such a link. | High | Jan 28, 2019 |
| CVE-2018-20717 | In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a target store with a user role with the rights of at least a Salesman or higher privileges. The attacker can then inject arbitrary PHP objects into the process and abuse an object chain in order to gain Remote Code Execution. This occurs because protection against serialized objects looks for a 0: followed by an integer, but does not consider 0:+ followed by an integer. | Medium | Feb 4, 2019 |
| CVE-2018-20716 | CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the I forgot my Password! feature. | High | Jan 23, 2019 |
| CVE-2018-20715 | The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php. | High | Jan 23, 2019 |
| CVE-2018-20714 | The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate privileges to admin. | Medium | Feb 1, 2019 |
| CVE-2018-20713 | Shopware before 5.4.3 allows SQL Injection by remote authenticated users, aka SW-21404. | Medium | Jan 18, 2019 |
| CVE-2018-20712 | A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt. | MEDIUM | Jan 14, 2019 |
| CVE-2018-20710 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-6285. Reason: This candidate is a duplicate of CVE-2019-6285. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2019-6285 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | Medium | Mar 8, 2019 |
| CVE-2018-20703 | CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string. | LOW | Jan 13, 2019 |
| CVE-2018-20699 | Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. | MEDIUM | Jan 11, 2019 |
| CVE-2018-20698 | The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set. | MEDIUM | Apr 11, 2019 |
| CVE-2018-20687 | An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | HIGH | Nov 21, 2019 |
| CVE-2018-20686 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-20685 | In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. | LOW | Jan 12, 2019 |
| CVE-2018-20684 | In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp. | MEDIUM | Jan 12, 2019 |
| CVE-2018-20683 | commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a bad impact by triggering use of an option other than -v, -n, -q, or -P. | MEDIUM | Jan 9, 2019 |
| CVE-2018-20682 | Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka Admin ids input in the Facebook section). | LOW | Jan 9, 2019 |
| CVE-2018-20681 | mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically proximate attackers to view screen content and possibly control applications. By unplugging and re-plugging or power-cycling external output devices (such as additionally attached graphical outputs via HDMI, VGA, DVI, etc.) the content of a screensaver-locked session can be revealed. In some scenarios, the attacker can execute applications, such as by clicking with a mouse. | LOW | Jan 9, 2019 |
| CVE-2018-20680 | Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field. | Low | Jan 11, 2019 |
| CVE-2018-20679 | An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes. | MEDIUM | Jan 9, 2019 |
| CVE-2018-20678 | LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search. | MEDIUM | Mar 28, 2019 |
| CVE-2018-20677 | In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property. | Medium | Jan 11, 2019 |
| CVE-2018-20676 | In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. | Medium | Jan 11, 2019 |
| CVE-2018-20675 | D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass. | HIGH | Jan 8, 2019 |
| CVE-2018-20674 | D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution. | MEDIUM | Jan 8, 2019 |
| CVE-2018-20673 | The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for Create an array for saving the template argument values) that can trigger a heap-based buffer overflow, as demonstrated by nm. | MEDIUM | Jan 8, 2019 |
| CVE-2018-20671 | load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size. | Medium | Jan 14, 2019 |
| CVE-2018-20669 | An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation. | High | Mar 27, 2019 |
| CVE-2018-20664 | Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license. | High | Jan 10, 2019 |
| CVE-2018-20663 | The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Platform through 6.10.x has Persistent XSS via the Reports > Reports name field. | LOW | Jan 3, 2019 |
| CVE-2018-20662 | In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. | Medium | Jan 11, 2019 |
| CVE-2018-20659 | An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom class in Core/Ap4StcoAtom.cpp has an attempted excessive memory allocation when called from AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp, as demonstrated by mp42hls. | MEDIUM | Jan 2, 2019 |
| CVE-2018-20658 | The server in Core FTP 2.0 build 653 on 32-bit platforms allows remote attackers to cause a denial of service (daemon crash) via a crafted XRMD command. | MEDIUM | Jan 2, 2019 |
| CVE-2018-20657 | The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698. | MEDIUM | Jan 4, 2019 |
| CVE-2018-20655 | When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for iOS prior to v2.18.90.24 and WhatsApp Business for iOS prior to v2.18.90.24. | HIGH | Jun 18, 2019 |
| CVE-2018-20652 | An attempted excessive memory allocation was discovered in the function tinyexr::AllocateImage in tinyexr.h in tinyexr v0.9.5. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted input, which leads to an out-of-memory exception. | MEDIUM | Jan 1, 2019 |
| CVE-2018-20651 | A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld. | MEDIUM | Jan 1, 2019 |
| CVE-2018-20650 | A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. | MEDIUM | Jan 1, 2019 |
| CVE-2018-20648 | PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via accountedit.php. | MEDIUM | Mar 27, 2019 |
| CVE-2018-20647 | PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a direct request for a listing of an image directory such as an images/ directory. | MEDIUM | Mar 27, 2019 |
| CVE-2018-20646 | PHP Scripts Mall Basic B2B Script 2.0.9 has has directory traversal via a direct request for a listing of an image directory such as an uploads/ directory. | MEDIUM | Mar 27, 2019 |
| CVE-2018-20645 | PHP Scripts Mall Basic B2B Script 2.0.9 has HTML injection via the First Name or Last Name field. | LOW | Mar 27, 2019 |
| CVE-2018-20644 | PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery (CSRF) via the Edit profile feature. | MEDIUM | Mar 27, 2019 |
| CVE-2018-20643 | PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory. | MEDIUM | Mar 27, 2019 |
| CVE-2018-20642 | PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 allows remote attackers to cause a denial of service (outage of profile editing) via crafted JavaScript code in the KeySkills field. | MEDIUM | Mar 28, 2019 |
| CVE-2018-20641 | PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. | MEDIUM | Mar 27, 2019 |
| CVE-2018-20640 | PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has stored Cross-Site Scripting (XSS) via the Full Name field. | LOW | Mar 27, 2019 |
| CVE-2018-20639 | PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has HTML injection via the Search Bar. | MEDIUM | Mar 27, 2019 |
| CVE-2018-20638 | PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory. | MEDIUM | Mar 27, 2019 |
| CVE-2018-20637 | PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 allows remote attackers to cause a denial of service (unrecoverable blank profile) via crafted JavaScript code in the First Name and Last Name field. | MEDIUM | Mar 27, 2019 |
