The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2018-11212 | An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. | MEDIUM | May 16, 2018 |
| CVE-2018-11210 | ** DISPUTED ** TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2. | HIGH | May 16, 2018 |
| CVE-2018-11209 | ** DISPUTED ** An issue was discovered in Z-BlogPHP 2.0.0. zb_system/cmd.php?act=verify relies on MD5 for the password parameter, which might make it easier for attackers to bypass intended access restrictions via a dictionary or rainbow-table attack. NOTE: the vendor declined to accept this as a valid issue. | MEDIUM | Oct 3, 2019 |
| CVE-2018-11208 | ** DISPUTED ** An issue was discovered in Z-BlogPHP 2.0.0. There is a persistent XSS that allows remote attackers to inject arbitrary web script or HTML into background web site settings via the copyright information office field. NOTE: the vendor indicates that the product was not intended to block this type of XSS by a user with the admin privilege. | LOW | Apr 16, 2019 |
| CVE-2018-11207 | A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. | MEDIUM | May 16, 2018 |
| CVE-2018-11206 | An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack. | MEDIUM | May 16, 2018 |
| CVE-2018-11205 | A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack. | MEDIUM | May 16, 2018 |
| CVE-2018-11204 | A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. | MEDIUM | May 16, 2018 |
| CVE-2018-11203 | A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. | MEDIUM | May 16, 2018 |
| CVE-2018-11202 | A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. | MEDIUM | May 16, 2018 |
| CVE-2018-11200 | An issue was discovered in Mautic 2.13.1. It has Stored XSS via the company name field. | MEDIUM | Sep 23, 2019 |
| CVE-2018-11198 | An issue was discovered in Mautic 2.13.1. There is Stored XSS via the authorUrl field in config.json. | MEDIUM | Sep 9, 2019 |
| CVE-2018-11196 | Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 can be used as medium to transmit viruses by placing infected files into a Leap2A archive and uploading that to Mahara. In contrast to other ZIP files that are uploaded, ClamAV (when activated) does not check Leap2A archives for viruses, allowing malicious files to be available for download. While files cannot be executed on Mahara itself, Mahara can be used to transfer such files to user computers. | MEDIUM | Jun 1, 2018 |
| CVE-2018-11195 | Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser back and refresh attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara credentials. | LOW | Jun 1, 2018 |
| CVE-2018-11194 | Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6). | High | Jun 8, 2018 |
| CVE-2018-11193 | Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6). | High | Jun 8, 2018 |
| CVE-2018-11192 | Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6). | High | Jun 8, 2018 |
| CVE-2018-11191 | Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6). | High | Jun 8, 2018 |
| CVE-2018-11190 | Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6). | High | Jun 8, 2018 |
| CVE-2018-11189 | Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of 6). | High | Jun 8, 2018 |
| CVE-2018-11188 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 46 of 46). | Medium | Jun 8, 2018 |
| CVE-2018-11187 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 45 of 46). | Medium | Jun 8, 2018 |
| CVE-2018-11186 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 44 of 46). | Medium | Jun 8, 2018 |
| CVE-2018-11185 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 43 of 46). | Medium | Jun 8, 2018 |
| CVE-2018-11184 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 42 of 46). | Medium | Jun 8, 2018 |
| CVE-2018-11183 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 41 of 46). | Medium | Jun 8, 2018 |
| CVE-2018-11182 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 40 of 46). | Medium | Jun 8, 2018 |
| CVE-2018-11181 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 39 of 46). | Medium | Jun 8, 2018 |
| CVE-2018-11180 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 38 of 46). | Medium | Jun 8, 2018 |
| CVE-2018-11179 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 37 of 46). | Medium | Jun 8, 2018 |
| CVE-2018-11178 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 36 of 46). | Medium | Jun 8, 2018 |
| CVE-2018-11177 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 35 of 46). | Medium | Jun 8, 2018 |
| CVE-2018-11176 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 34 of 46). | Medium | Jun 8, 2018 |
| CVE-2018-11175 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 33 of 46). | Medium | Jun 8, 2018 |
| CVE-2018-11174 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 32 of 46). | Medium | Jun 8, 2018 |
| CVE-2018-11173 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 31 of 46). | Medium | Jun 8, 2018 |
| CVE-2018-11172 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 30 of 46). | Medium | Jun 8, 2018 |
| CVE-2018-11171 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 29 of 46). | Medium | Jun 8, 2018 |
| CVE-2018-11170 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 28 of 46). | Medium | Jun 8, 2018 |
| CVE-2018-11169 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 27 of 46). | Medium | Jun 8, 2018 |
| CVE-2018-11168 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 26 of 46). | Medium | Jun 8, 2018 |
| CVE-2018-11167 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 25 of 46). | Medium | Jun 8, 2018 |
| CVE-2018-11166 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 24 of 46). | Medium | Jun 8, 2018 |
| CVE-2018-11165 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 23 of 46). | Medium | Jun 8, 2018 |
| CVE-2018-11164 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 22 of 46). | Medium | Jun 8, 2018 |
| CVE-2018-11163 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 21 of 46). | Medium | Jun 8, 2018 |
| CVE-2018-11162 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 20 of 46). | Medium | Jun 8, 2018 |
| CVE-2018-11161 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 19 of 46). | Medium | Jun 8, 2018 |
| CVE-2018-11160 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 18 of 46). | Medium | Jun 8, 2018 |
| CVE-2018-11159 | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 17 of 46). | Medium | Jun 8, 2018 |
