The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2018-10583 | An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. | MEDIUM | May 4, 2018 |
| CVE-2018-10581 | In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs in situations where this authenticated user also belongs to multiple teams, where one of the Teams has the VariableEdit permission or VariableView permissions for the Environment. | MEDIUM | May 1, 2018 |
| CVE-2018-10580 | The Latest Posts on Profile plugin 1.1 for MyBB has XSS because there is an added section in a user profile that displays that user's most recent posts without sanitizing the tsubject (aka thread subject) field. | LOW | May 11, 2018 |
| CVE-2018-10578 | An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. Incorrect validation of the old password field in the change password form allows an attacker to bypass validation of this field. | HIGH | May 2, 2018 |
| CVE-2018-10577 | An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root, allowing these files to be executed as root. | HIGH | May 2, 2018 |
| CVE-2018-10576 | An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Improper authentication handling by the native Access Point web UI allows authentication using a local system account (instead of the dedicated web-only user). | MEDIUM | Apr 30, 2018 |
| CVE-2018-10575 | An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false. | HIGH | Apr 30, 2018 |
| CVE-2018-10574 | site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files. | HIGH | Apr 30, 2018 |
| CVE-2018-10573 | interface/fax/fax_dispatch.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the scan parameter. | MEDIUM | Apr 30, 2018 |
| CVE-2018-10572 | interface/patient_file/letter.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the newtemplatename and form_body parameters. | MEDIUM | Apr 30, 2018 |
| CVE-2018-10571 | Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenEMR before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) patient parameter to interface/main/finder/finder_navigation.php; (2) key parameter to interface/billing/get_claim_file.php; (3) formid or (4) formseq parameter to interface/orders/types.php; (5) eraname, (6) paydate, (7) post_to_date, (8) deposit_date, (9) debug, or (10) InsId parameter to interface/billing/sl_eob_process.php; (11) form_source, (12) form_paydate, (13) form_deposit_date, (14) form_amount, (15) form_name, (16) form_pid, (17) form_encounter, (18) form_date, or (19) form_to_date parameter to interface/billing/sl_eob_search.php; (20) codetype or (21) search_term parameter to interface/de_identification_forms/find_code_popup.php; (22) search_term parameter to interface/de_identification_forms/find_drug_popup.php; (23) search_term parameter to interface/de_identification_forms/find_immunization_popup.php; (24) id parameter to interface/forms/CAMOS/view.php; (25) id parameter to interface/forms/reviewofs/view.php; or (26) list_id parameter to library/custom_template/personalize.php. | MEDIUM | Apr 30, 2018 |
| CVE-2018-10570 | Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field. | LOW | Apr 30, 2018 |
| CVE-2018-10569 | An issue was discovered in Edimax EW-7438RPn Mini v2 before version 1.26. There is XSS in an SSID field. | MEDIUM | Aug 13, 2018 |
| CVE-2018-10568 | XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7. | MEDIUM | May 2, 2018 |
| CVE-2018-10567 | XSS exists in Flexense VX Search Enterprise from v10.1.12 to v10.7. | MEDIUM | May 2, 2018 |
| CVE-2018-10566 | XSS exists in Flexense DupScout Enterprise from v10.0.18 to v10.7. | MEDIUM | May 2, 2018 |
| CVE-2018-10565 | XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7. | MEDIUM | May 2, 2018 |
| CVE-2018-10564 | XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7. | MEDIUM | May 2, 2018 |
| CVE-2018-10563 | An XSS in Flexense SyncBreeze affects all versions (tested from SyncBreeze Enterprise from v10.1 to v10.7). | MEDIUM | May 2, 2018 |
| CVE-2018-10562 | An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output. | HIGH | May 5, 2018 |
| CVE-2018-10561 | An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending ?images to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device. | HIGH | May 5, 2018 |
| CVE-2018-10554 | An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) the ajaxhelper.php opts or background parameter; (4) the i[] array parameter to ajax_handler.php; or (5) the deploynotification.php title parameter. | LOW | Apr 29, 2018 |
| CVE-2018-10553 | An issue was discovered in Nagios XI 5.4.13. A registered user is able to use directory traversal to read local files, as demonstrated by URIs beginning with index.php?xiwindow=./ and config/?xiwindow=../ substrings. | MEDIUM | Apr 29, 2018 |
| CVE-2018-10550 | In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to. | MEDIUM | Apr 30, 2018 |
| CVE-2018-10549 | An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final \'\\0\' character. | MEDIUM | Apr 29, 2018 |
| CVE-2018-10548 | An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value. | MEDIUM | Apr 29, 2018 |
| CVE-2018-10547 | An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712. | MEDIUM | Apr 29, 2018 |
| CVE-2018-10546 | An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences. | MEDIUM | Apr 29, 2018 |
| CVE-2018-10545 | An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user\'s PHP applications by running gcore on the PID of the PHP-FPM worker process. | LOW | Apr 29, 2018 |
| CVE-2018-10544 | Meross MSS110 devices through 1.1.24 contain an unauthenticated admin.htm administrative interface. | MEDIUM | May 2, 2018 |
| CVE-2018-10540 | An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation. | MEDIUM | Apr 29, 2018 |
| CVE-2018-10539 | An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation. | MEDIUM | Apr 29, 2018 |
| CVE-2018-10538 | An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation. | MEDIUM | Apr 29, 2018 |
| CVE-2018-10537 | An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks. | MEDIUM | Apr 29, 2018 |
| CVE-2018-10536 | An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks. | MEDIUM | Apr 29, 2018 |
| CVE-2018-10535 | The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a SECTION type that has a 0 value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy. | MEDIUM | Apr 29, 2018 |
| CVE-2018-10534 | The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c. | MEDIUM | Apr 29, 2018 |
| CVE-2018-10532 | An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 devices. Hardcoded root SSH credentials were discovered to be stored within the core_app binary utilised by the EE router for networking services. An attacker with knowledge of the default password (oelinux123) could login to the router via SSH as the root user, which could allow for the loss of confidentiality, integrity, and availability of the system. This would also allow for the bypass of the AP Isolation mode that is supported by the router, as well as the settings for multiple Wireless networks, which a user may use for guest clients. | HIGH | Oct 30, 2018 |
| CVE-2018-10531 | An issue was discovered in the America\'s Army Proving Grounds platform for the Unreal Engine. With a false packet sent via UDP, the application server responds with several bytes, giving the possibility of DoS amplification, even being able to be used in DDoS attacks. | MEDIUM | Jul 17, 2019 |
| CVE-2018-10529 | An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp. | MEDIUM | Apr 28, 2018 |
| CVE-2018-10528 | An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp. | MEDIUM | Apr 28, 2018 |
| CVE-2018-10527 | EasyCMS 1.3 is prone to Stored XSS when posting an article; four fields are affected: title, keyword, abstract, and content, as demonstrated by the /admin/index/index.html#listarticle URI. | LOW | Apr 28, 2018 |
| CVE-2018-10523 | CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileManager/untgz.php. | MEDIUM | Apr 27, 2018 |
| CVE-2018-10522 | In CMS Made Simple (CMSMS) through 2.2.7, the file view operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP file_get_contents function. | MEDIUM | Apr 27, 2018 |
| CVE-2018-10521 | In CMS Made Simple (CMSMS) through 2.2.7, the file move operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory. | MEDIUM | Apr 27, 2018 |
| CVE-2018-10520 | In CMS Made Simple (CMSMS) through 2.2.7, the module remove operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories. | HIGH | Apr 27, 2018 |
| CVE-2018-10519 | CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because files in the tmp/ directory are accessible through HTTP requests. NOTE: this vulnerability exists because of an incorrect fix for CVE-2018-10084. | MEDIUM | Apr 27, 2018 |
| CVE-2018-10518 | In CMS Made Simple (CMSMS) through 2.2.7, the file delete operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories. | HIGH | Apr 27, 2018 |
| CVE-2018-10517 | In CMS Made Simple (CMSMS) through 2.2.7, the module import operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element. | MEDIUM | Apr 27, 2018 |
| CVE-2018-10516 | In CMS Made Simple (CMSMS) through 2.2.7, the file rename operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause DoS by moving config.php to the upload/ directory. | MEDIUM | Apr 27, 2018 |
