The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2018-20066 | Incorrect object lifecycle in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | MEDIUM | Jan 9, 2019 | n/a |
CVE-2018-20065 | Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to initiate potentially unsafe navigations without a user gesture via a crafted PDF file. | MEDIUM | Jan 9, 2019 | n/a |
CVE-2018-20064 | doorGets 7.0 allows remote attackers to write to arbitrary files via directory traversal, as demonstrated by a dg-user/?controller=theme&action=edit&name=doorgets&file=../../1.txt%00 URI with content in the theme_content_nofi parameter. | MEDIUM | Dec 11, 2018 | n/a |
CVE-2018-20063 | An issue was discovered in Gurock TestRail 5.6.0.3853. An \"Unrestricted Upload of File\" vulnerability exists in the image-upload form (available in the description editor), allowing remote authenticated users to execute arbitrary code by uploading an image file with an executable extension but a safe Content-Type value, and then accessing it via a direct request to the file in the file-upload directory (if it\'s accessible according to the server configuration). | MEDIUM | Mar 20, 2019 | n/a |
CVE-2018-20062 | An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\\think\\Request/input&filter=phpinfo&data=1 query string. | HIGH | Dec 11, 2018 | n/a |
CVE-2018-20061 | A SQL injection issue was discovered in ERPNext 10.x and 11.x through 11.0.3-beta.29. This attack is only available to a logged-in user; however, many ERPNext sites allow account creation via the web. No special privileges are needed to conduct the attack. By calling a JavaScript function that calls a server-side Python function with carefully chosen arguments, a SQL attack can be carried out which allows SQL queries to be constructed to return any columns from any tables in the database. This is related to /api/resource/Item?fields= URIs, frappe.get_list, and frappe.call. | MEDIUM | Dec 11, 2018 | n/a |
CVE-2018-20060 | urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. | MEDIUM | Dec 11, 2018 | n/a |
CVE-2018-20059 | jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE. | HIGH | Dec 11, 2018 | n/a |
CVE-2018-20058 | In Evernote before 7.6 on macOS, there is a local file path traversal issue in attachment previewing, aka MACOSNOTE-28634. | MEDIUM | Dec 11, 2018 | n/a |
CVE-2018-20057 | An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. goform/formSysCmd allows remote authenticated users to execute arbitrary OS commands via the sysCmd POST parameter. | HIGH | Dec 11, 2018 | n/a |
CVE-2018-20056 | An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. There is a stack-based buffer overflow allowing remote attackers to execute arbitrary code without authentication via the goform/formLanguageChange currTime parameter. | HIGH | Dec 11, 2018 | n/a |
CVE-2018-20053 | An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The hostname, timezone, and NTP server configurations on the CCE device are vulnerable to command injection by sending a crafted configuration file over the network. | HIGH | Apr 29, 2019 | n/a |
CVE-2018-20052 | An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The user running the main CCE firmware has NOPASSWD sudo privileges to several utilities that could be used to escalate privileges to root. One example is the \"sudo ln -s /tmp/script /etc/cron.hourly/script\" command. | HIGH | Apr 29, 2019 | n/a |
CVE-2018-20051 | Mishandling of \'>\' on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via certain ONVIF methods such as CreateUsers, SetImagingSettings, GetStreamUri, and so on. | HIGH | Dec 10, 2018 | n/a |
CVE-2018-20050 | Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via the ONVIF GetStreamUri method and GetVideoEncoderConfigurationOptions method. | HIGH | Dec 10, 2018 | n/a |
CVE-2018-20034 | A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. | MEDIUM | Mar 27, 2019 | n/a |
CVE-2018-20033 | A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated. | HIGH | Mar 20, 2019 | n/a |
CVE-2018-20032 | A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. | MEDIUM | Mar 27, 2019 | n/a |
CVE-2018-20031 | A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. | MEDIUM | Mar 27, 2019 | n/a |
CVE-2018-20030 | An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources. | High | Feb 21, 2019 | 10.18.44.6 (Wind River Linux LTS 18) |
CVE-2018-20029 | The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read. | MEDIUM | Dec 10, 2018 | n/a |
CVE-2018-20028 | Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control. | MEDIUM | Apr 18, 2019 | n/a |
CVE-2018-20027 | The yaml_parse.load method in Pylearn2 allows code injection. | HIGH | Dec 17, 2018 | n/a |
CVE-2018-20026 | Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0. | MEDIUM | Mar 20, 2019 | n/a |
CVE-2018-20025 | Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0. | MEDIUM | Mar 20, 2019 | n/a |
CVE-2018-20024 | LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS. | MEDIUM | Dec 27, 2018 | n/a |
CVE-2018-20023 | LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR | MEDIUM | Dec 27, 2018 | n/a |
CVE-2018-20022 | LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR | MEDIUM | Dec 27, 2018 | n/a |
CVE-2018-20021 | LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM | HIGH | Dec 27, 2018 | n/a |
CVE-2018-20020 | LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution | HIGH | Dec 27, 2018 | n/a |
CVE-2018-20019 | LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution | HIGH | Dec 27, 2018 | n/a |
CVE-2018-20018 | S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI. | MEDIUM | Dec 10, 2018 | n/a |
CVE-2018-20017 | SEMCMS 3.5 has XSS via the first text box to the SEMCMS_Main.php URI. | LOW | Dec 10, 2018 | n/a |
CVE-2018-20015 | YzmCMS v5.2 has admin/role/add.html CSRF. | MEDIUM | Dec 10, 2018 | n/a |
CVE-2018-20014 | In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::GetFileHashAndMetadata NULL pointer dereference, leading to shutting down the client application. | MEDIUM | Jun 10, 2019 | n/a |
CVE-2018-20013 | In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::ProcessPacket metadata_id!=0 assertion, leading to shutting down the client application. | MEDIUM | Jun 19, 2019 | n/a |
CVE-2018-20012 | PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI. | LOW | Dec 10, 2018 | n/a |
CVE-2018-20011 | DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field. | LOW | Dec 10, 2018 | n/a |
CVE-2018-20010 | DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field. | LOW | Dec 10, 2018 | n/a |
CVE-2018-20009 | DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field. | LOW | Dec 10, 2018 | n/a |
CVE-2018-20008 | iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials (plain text) and the web-console password (base64) via the debugging console. | LOW | May 29, 2019 | n/a |
CVE-2018-20007 | Yeelight Smart AI Speaker 3.3.10_0074 devices have improper access control over the UART interface, allowing physical attackers to obtain a root shell. The attacker can then exfiltrate the audio data, read cleartext Wi-Fi credentials in a log file, or access other sensitive device and user information. | HIGH | May 20, 2019 | n/a |
CVE-2018-20006 | An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title parameter to api.php?c=post&f=save (reachable via the index.php?id=book URI). | MEDIUM | Dec 10, 2018 | n/a |
CVE-2018-20005 | An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc. | MEDIUM | Dec 10, 2018 | n/a |
CVE-2018-20004 | An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the \'<order type=real>\' substring, as demonstrated by testmxml. | MEDIUM | Dec 10, 2018 | n/a |
CVE-2018-20002 | The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm. | MEDIUM | Dec 10, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
CVE-2018-20001 | In Libav 12.3, there is a floating point exception in the range_decode_culshift function (called from range_decode_bits) in libavcodec/apedec.c that will lead to remote denial of service via crafted input. | MEDIUM | Dec 9, 2018 | n/a |
CVE-2018-20000 | Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java. | MEDIUM | Dec 9, 2018 | n/a |
CVE-2018-19999 | The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation. To exploit this vulnerability, an attacker must have local access the the host running Serv-U, and a Serv-U administrator have an active management console session. | HIGH | Jun 10, 2019 | n/a |
CVE-2018-19998 | SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter. | Medium | Jan 11, 2019 | n/a |