The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2018-14984 | The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed app with a package name of com.android.messaging (versionCode=1000110, versionName=1.0.001, (android.20170630.092853-0)) with an exported broadcast receiver app component named com.android.messaging.trackersender.TrackerSender. Any app co-located on the device, even one with no permissions, can send a broadcast intent with certain embedded data to the exported broadcast receiver application component that will result in the programmatic sending of a text message where the phone number and body of the text message is controlled by the attacker. | MEDIUM | Dec 28, 2018 |
| CVE-2018-14983 | The Sony Xperia L1 Android device with a build fingerprint of Sony/G3313/G3313:7.0/43.0.A.6.49/2867558199:user/release-keys contains the android framework (i.e., system_server) with a package name of android (versionCode=24, versionName=7.0) that has been modified by Sony or another entity in the supply chain. The system_server process in the core android package has an exported broadcast receiver that allows any app co-located on the device to programmatically initiate the taking of a screenshot and have the resulting screenshot be written to external storage. The taking of a screenshot is not transparent to the user; the device has a screen animation as the screenshot is taken and there is a notification indicating that a screenshot occurred. If the attacking app also requests the EXPAND_STATUS_BAR permission, it can wake the device up using certain techniques and expand the status bar to take a screenshot of the user\'s notifications even if the device has an active screen lock. The notifications may contain sensitive data such as text messages used in two-factor authentication. The system_server process that provides this capability cannot be disabled, as it is part of the Android framework. The notification can be removed by a local Denial of Service (DoS) attack to reboot the device. | LOW | May 2, 2019 |
| CVE-2018-14982 | Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004. | HIGH | Aug 17, 2018 |
| CVE-2018-14981 | Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. The LG ID is LVE-SMP-180005. | HIGH | Aug 17, 2018 |
| CVE-2018-14980 | The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains the android framework (i.e., system_server) with a package name of android (versionCode=24, versionName=7.0) that has been modified by ASUS or another entity in the supply chain. The system_server process in the core android package has an exported broadcast receiver that allows any app co-located on the device to programmatically initiate the taking of a screenshot and have the resulting screenshot be written to external storage (i.e., sdcard). The taking of a screenshot is not transparent to the user; the device has a screen animation as the screenshot is taken and there is a notification indicating that a screenshot occurred. If the attacking app also requests the EXPAND_STATUS_BAR permission, it can wake the device up using certain techniques and expand the status bar to take a screenshot of the user\'s notifications even if the device has an active screen lock. The notifications may contain sensitive data such as text messages used in two-factor authentication. The system_server process that provides this capability cannot be disabled, as it is part of the Android framework. The notification can be removed by a local Denial of Service (DoS) attack to reboot the device. | LOW | May 2, 2019 |
| CVE-2018-14979 | The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed app with a package name of com.asus.loguploader (versionCode=1570000275, versionName=7.0.0.55_170515). This app contains an exported service app component named com.asus.loguploader.LogUploaderService that, when accessed with a particular action string, will write a bugreport (kernel log, logcat log, and the state of system services including the text of active notifications), Wi-Fi Passwords, and other system data to external storage (sdcard). Any app with the READ_EXTERNAL_STORAGE permission on this device can read this data from the sdcard after it has been dumped there by the com.asus.loguploader. Third-party apps are not allowed to directly create a bugreport or access the user\'s stored wireless network credentials. | LOW | Dec 28, 2018 |
| CVE-2018-14978 | An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/user/admin/add.html URI. | MEDIUM | Aug 6, 2018 |
| CVE-2018-14977 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/guest.php has XSS, as demonstrated by the name parameter, a different vulnerability than CVE-2018-8070. | MEDIUM | Aug 6, 2018 |
| CVE-2018-14976 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/category.php has XSS. | LOW | Aug 6, 2018 |
| CVE-2018-14975 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/album.php has XSS. | LOW | Aug 6, 2018 |
| CVE-2018-14974 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/news.php has XSS. | LOW | Aug 6, 2018 |
| CVE-2018-14973 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/product.php has XSS. | LOW | Aug 6, 2018 |
| CVE-2018-14972 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/down.php has XSS. | LOW | Aug 6, 2018 |
| CVE-2018-14971 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/user.php has XSS. | LOW | Aug 6, 2018 |
| CVE-2018-14970 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/slideshow.php has XSS. | LOW | Aug 6, 2018 |
| CVE-2018-14969 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/system.php has XSS. | LOW | Aug 6, 2018 |
| CVE-2018-14968 | An issue was discovered in EMLsoft 5.4.5. uploademlactionaction.address.php has SQL Injection via the numPerPage parameter. | HIGH | Aug 6, 2018 |
| CVE-2018-14967 | An issue was discovered in EMLsoft 5.4.5. uploademlactionaction.user.php has SQL Injection via the numPerPage parameter. | MEDIUM | Aug 6, 2018 |
| CVE-2018-14966 | An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=user&do=add page allows CSRF. | MEDIUM | Aug 6, 2018 |
| CVE-2018-14965 | An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=address&do=add page allows CSRF. | MEDIUM | Aug 6, 2018 |
| CVE-2018-14964 | An issue was discovered in EMLsoft 5.4.5. XSS exists via the eml/upload/eml/?action=address&do=edit page. | LOW | Aug 6, 2018 |
| CVE-2018-14963 | zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI. | MEDIUM | Aug 6, 2018 |
| CVE-2018-14962 | zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php. | LOW | Aug 6, 2018 |
| CVE-2018-14961 | dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql parameter. | MEDIUM | Aug 6, 2018 |
| CVE-2018-14960 | Xiao5uCompany 1.7 has CSRF via admin/Admin.asp. | MEDIUM | Aug 6, 2018 |
| CVE-2018-14959 | An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages via an index.php?b=pages&a=new URI. | MEDIUM | Aug 5, 2018 |
| CVE-2018-14958 | An issue was discovered in WeaselCMS v0.3.5. CSRF can update the website settings (such as the theme, title, and description) via index.php. | MEDIUM | Aug 5, 2018 |
| CVE-2018-14957 | CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggetto_documenti/../.././inc/config.php (one can take the control of the application because credentials are present in that config.php file). | HIGH | Sep 27, 2018 |
| CVE-2018-14956 | CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information. | HIGH | Sep 27, 2018 |
| CVE-2018-14955 | The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute). | MEDIUM | Aug 5, 2018 |
| CVE-2018-14954 | The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute. | MEDIUM | Aug 5, 2018 |
| CVE-2018-14953 | The mail message display page in SquirrelMail through 1.4.22 has XSS via a <math xlink:href= attack. | MEDIUM | Aug 5, 2018 |
| CVE-2018-14952 | The mail message display page in SquirrelMail through 1.4.22 has XSS via a <math><maction xlink:href= attack. | MEDIUM | Aug 5, 2018 |
| CVE-2018-14951 | The mail message display page in SquirrelMail through 1.4.22 has XSS via a <form action='data:text attack. | MEDIUM | Aug 5, 2018 |
| CVE-2018-14950 | The mail message display page in SquirrelMail through 1.4.22 has XSS via a <svg><a xlink:href= attack. | MEDIUM | Aug 5, 2018 |
| CVE-2018-14948 | An issue has been found in dilawar sound through 2017-11-27. The end of openWavFile in wav-file.cc has Mismatched Memory Management Routines (operator new [] versus operator delete). | MEDIUM | Aug 5, 2018 |
| CVE-2018-14947 | An issue has been found in PDF2JSON 0.69. XmlFontAccu::CSStyle in XmlFonts.cc has Mismatched Memory Management Routines (operator new [] versus operator delete). | MEDIUM | Aug 5, 2018 |
| CVE-2018-14946 | An issue has been found in PDF2JSON 0.69. The HtmlString class in ImgOutputDev.cc has Mismatched Memory Management Routines (malloc versus operator delete). | MEDIUM | Aug 5, 2018 |
| CVE-2018-14945 | An issue has been found in jpeg_encoder through 2015-11-27. It is a heap-based buffer overflow in the function readFromBMP in jpeg_encoder.cpp. | MEDIUM | Aug 5, 2018 |
| CVE-2018-14944 | An issue has been found in jpeg_encoder through 2015-11-27. It is a SEGV in the function readFromBMP in jpeg_encoder.cpp. The signal is caused by an out-of-bounds write. | MEDIUM | Aug 5, 2018 |
| CVE-2018-14943 | Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account. | HIGH | Aug 5, 2018 |
| CVE-2018-14942 | Harmonic NSG 9000 devices allow remote authenticated users to conduct directory traversal attacks, as demonstrated by POST /PY/EMULATION_GET_FILE or POST /PY/EMULATION_EXPORT with FileName=../../../passwd in the POST data. | MEDIUM | Aug 5, 2018 |
| CVE-2018-14941 | Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI. | MEDIUM | Aug 5, 2018 |
| CVE-2018-14940 | PHPCMS 9 allows remote attackers to cause a denial of service (resource consumption) via large font_size, height, and width parameters in an api.php?op=checkcode request. | MEDIUM | Aug 5, 2018 |
| CVE-2018-14939 | The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site. | HIGH | Aug 5, 2018 |
| CVE-2018-14938 | An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds read and may allow access to sensitive memory (or a denial of service). | MEDIUM | Aug 4, 2018 |
| CVE-2018-14937 | The Add page option in my little forum 2.4.12 allows XSS via the Menu Link field. | LOW | Aug 4, 2018 |
| CVE-2018-14936 | The Add page option in my little forum 2.4.12 allows XSS via the Title field. | LOW | Aug 4, 2018 |
| CVE-2018-14935 | The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS. | MEDIUM | Nov 15, 2018 |
| CVE-2018-14934 | The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone. | LOW | Nov 15, 2018 |
