The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2018-14374 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | -- | Jul 17, 2018 | n/a |
| CVE-2018-14373 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | -- | Jul 17, 2018 | n/a |
| CVE-2018-14375 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | -- | Jul 17, 2018 | n/a |
| CVE-2018-1471 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | -- | Apr 27, 2018 | n/a |
| CVE-2018-9060 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | -- | Apr 24, 2018 | n/a |
| CVE-2018-9131 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | -- | Apr 24, 2018 | n/a |
| CVE-2018-8086 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | -- | Mar 12, 2018 | n/a |
| CVE-2018-6620 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | -- | Feb 4, 2018 | n/a |
| CVE-2018-1000128 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7752. Reason: This candidate is a reservation duplicate of CVE-2018-7752. Notes: All CVE users should reference CVE-2018-7752 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | -- | Mar 13, 2018 | n/a |
| CVE-2018-3736 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-3739. Reason: This candidate is a duplicate of CVE-2018-3739. Notes: All CVE users should reference CVE-2018-3739 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | MEDIUM | Jun 6, 2018 | n/a |
| CVE-2018-3617 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-3691. Reason: This candidate is a reservation duplicate of CVE-2018-3691. Notes: All CVE users should reference CVE-2018-3691 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | -- | May 10, 2018 | n/a |
| CVE-2018-15672 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-11207. Reason: This candidate is a reservation duplicate of CVE-2018-11207. Notes: All CVE users should reference CVE-2018-11207 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | -- | Aug 21, 2018 | n/a |
| CVE-2018-14032 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-11206. Reason: This candidate is a reservation duplicate of CVE-2018-11206. Notes: All CVE users should reference CVE-2018-11206 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | -- | Jul 12, 2018 | n/a |
| CVE-2018-12938 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-17833. Reason: This candidate is a duplicate of CVE-2017-17833. Notes: All CVE users should reference CVE-2017-17833 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | -- | Jun 28, 2018 | n/a |
| CVE-2018-9306 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-17724. Reason: This candidate is a reservation duplicate of CVE-2017-17724. Notes: All CVE users should reference CVE-2017-17724 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | -- | Apr 4, 2018 | n/a |
| CVE-2018-9146 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-17724. Reason: This candidate is a reservation duplicate of CVE-2017-17724. Notes: All CVE users should reference CVE-2017-17724 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | -- | Mar 30, 2018 | n/a |
| CVE-2018-1000016 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-17383. Reason: This candidate is a reservation duplicate of CVE-2017-17383. Notes: All CVE users should reference CVE-2017-17383 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | -- | Jan 23, 2018 | n/a |
| CVE-2017-1000500 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-12161. Reason: This candidate is a reservation duplicate of CVE-2017-12161. Notes: All CVE users should reference CVE-2017-12161 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | MEDIUM | Jan 3, 2018 | n/a |
| CVE-2018-5191 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-1000479. Reason: This candidate is a reservation duplicate of CVE-2017-1000479. Notes: All CVE users should reference CVE-2017-1000479 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | -- | Jan 3, 2018 | n/a |
| CVE-2016-5320 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | -- | Mar 13, 2017 | n/a |
| CVE-2016-5875 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | -- | Mar 13, 2017 | n/a |
| CVE-2017-16012 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-9251. Reason: This candidate is a duplicate of CVE-2015-9251. Notes: All CVE users should reference CVE-2015-9251 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | -- | Jun 4, 2018 | n/a |
| CVE-2017-7516 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-1197. Reason: This candidate is a duplicate of CVE-2015-1197. Notes: All CVE users should reference CVE-2015-1197 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | -- | Jan 29, 2018 | n/a |
| CVE-2017-16011 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6708. Reason: This candidate is a duplicate of CVE-2012-6708. Notes: All CVE users should reference CVE-2012-6708 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | -- | Jun 4, 2018 | n/a |
| CVE-2018-1000845 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultID: CVE-2017-6519. Reason: This candidate is a duplicate of CVE-2017-6519. Notes: All CVE users should reference CVE-2017-6519 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | -- | Dec 20, 2018 | n/a |
| CVE-2020-9315 | ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE: a related support policy can be found in the www.oracle.com references attached to this CVE. | MEDIUM | May 10, 2020 | n/a |
| CVE-2020-9314 | ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. NOTE: a related support policy can be found in the www.oracle.com references attached to this CVE. | MEDIUM | May 10, 2020 | n/a |
| CVE-2020-23355 | ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, 0e123, another hash value 0e234 something can successfully authenticate. | MEDIUM | Jan 27, 2021 | n/a |
| CVE-2020-14044 | ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This could potentially result in remote code execution. NOTE: the vendor states Codiad is no longer under active maintenance by core contributors. | MEDIUM | Aug 24, 2020 | n/a |
| CVE-2020-14042 | ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder\'s name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states Codiad is no longer under active maintenance by core contributors. | MEDIUM | Aug 28, 2020 | n/a |
| CVE-2020-14043 | ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. The request to download a plugin from the marketplace is only available to admin users and it isn\'t CSRF protected in components/market/controller.php. This might cause admins to make a vulnerable request without them knowing and result in remote code execution. NOTE: the vendor states Codiad is no longer under active maintenance by core contributors. | MEDIUM | Aug 24, 2020 | n/a |
| CVE-2018-18013 | ** DISPUTED *** Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability. NOTE: the vendor disputes that this is a vulnerability, stating it is already mitigated by the internal firewall that limits access to configuration services to localhost. | HIGH | Jan 28, 2019 | n/a |
| CVE-2018-18014 | ** DISPUTED *** Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is already mitigated by the internal firewall that limits access to configuration services to localhost. | HIGH | Oct 3, 2019 | n/a |
| CVE-2018-19463 | ** DISPUTED ** zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI. NOTE: The vendor\'s position is We have no dynamic including. No one can run PHP by uploading an image in current version. It also requires authentication. | HIGH | Nov 22, 2018 | n/a |
| CVE-2018-19556 | ** DISPUTED ** zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing. NOTE: the software maintainer disputes that this is a vulnerability. | MEDIUM | Nov 26, 2018 | n/a |
| CVE-2018-10680 | ** DISPUTED ** Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to Web site settings --> Basic setting --> Website title and enters an XSS payload via the zb_system/cmd.php ZC_BLOG_NAME parameter. NOTE: the vendor disputes the security relevance, noting it is just a functional bug. | MEDIUM | Apr 17, 2019 | n/a |
| CVE-2018-12909 | ** DISPUTED ** Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI. NOTE: the vendor indicates that the product is not intended for a publicly accessible environment. | HIGH | Aug 24, 2018 | n/a |
| CVE-2016-10031 | ** DISPUTED ** WampServer 3.0.6 installs two services called \'wampapache\' and \'wampmysqld\' with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called mysqld.exe or httpd.exe and replace the original files. The next time the service starts, the malicious file will get executed as SYSTEM. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which \'someone\' (an attacker) is able to replace files on a PC is not the fault of WampServer. | MEDIUM | Dec 31, 2016 | n/a |
| CVE-2016-10072 | ** DISPUTED ** WampServer 3.0.6 has two files called \'wampmanager.exe\' and \'unins000.exe\' with a weak ACL for Modify. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called wampmanager.exe or unins000.exe and replace the original files. The next time one of these programs is launched by a more privileged user, malicious code chosen by the local attacker will run. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which \'someone\' (an attacker) is able to replace files on a PC is not the fault of WampServer. | MEDIUM | Dec 28, 2016 | n/a |
| CVE-2018-13818 | ** DISPUTED ** Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it. | HIGH | Jul 10, 2018 | n/a |
| CVE-2017-17520 | ** DISPUTED ** tools/url_handler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has reported that this is intentional behavior, because the documentation states url_handler.pl was designed to work together with tin which only issues shell escaped absolute URLs. | MEDIUM | Dec 28, 2017 | n/a |
| CVE-2018-11210 | ** DISPUTED ** TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2. | HIGH | May 16, 2018 | n/a |
| CVE-2018-11555 | ** DISPUTED ** tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the lcms2 library, lcms2 does not depends on LIBTIFF other than to build sample programs, and the issue cannot be reproduced on the lcms2 library.”. | MEDIUM | May 30, 2018 | n/a |
| CVE-2018-11556 | ** DISPUTED ** tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the lcms2 library, lcms2 does not depends on LIBTIFF other than to build sample programs, and the issue cannot be reproduced on the lcms2 library.”. | MEDIUM | May 30, 2018 | n/a |
| CVE-2022-40160 | ** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid. | -- | Oct 7, 2022 | n/a |
| CVE-2022-40159 | ** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid. | -- | Oct 7, 2022 | n/a |
| CVE-2018-20534 | ** DISPUTED ** There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application. | MEDIUM | Dec 28, 2018 | n/a |
| CVE-2017-6441 | ** DISPUTED ** The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of declare(ticks= in a PHP script. NOTE: the vendor disputes the classification of this as a vulnerability, stating Please do not request CVEs for ordinary bugs. CVEs are relevant for security issues only. | MEDIUM | Apr 10, 2017 | n/a |
| CVE-2017-18207 | ** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications need to be prepared to handle a wide variety of exceptions. | MEDIUM | Mar 23, 2018 | n/a |
| CVE-2018-7713 | ** DISPUTED ** The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.width <= (1<<20)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters.” | MEDIUM | Mar 5, 2018 | n/a |
