The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2018-17292 | An issue was discovered in WAVM before 2018-09-16. The loadModule function in Include/Inline/CLI.h lacks checking of the file length before a file magic comparison, allowing attackers to cause a Denial of Service (application crash caused by out-of-bounds read) by crafting a file that has fewer than 4 bytes. | MEDIUM | Sep 21, 2018 | n/a |
| CVE-2018-17289 | An XML external entity (XXE) vulnerability in Kofax Front Office Server Administration Console version 4.1.1.11.0.5212 allows remote authenticated users to read arbitrary files via crafted XML inside an imported package configuration (.ZIP file) within the Kofax/KFS/Admin/PackageService/package/upload file parameter. | MEDIUM | Apr 19, 2019 | n/a |
| CVE-2018-17288 | Kofax Front Office Server version 4.1.1.11.0.5212 (both Thin Client and Administration Console) suffers from multiple authenticated stored XSS vulnerabilities via the (1) \"Filename\" field in /Kofax/KFS/ThinClient/document/upload/ - (Thin Client) or (2) \"DeviceName\" field in /Kofax/KFS/Admin/DeviceService/device/ - (Administration Console). | LOW | Apr 19, 2019 | n/a |
| CVE-2018-17287 | In Kofax Front Office Server Administration Console 4.1.1.11.0.5212, some fields, such as passwords, are obfuscated in the front-end, but the cleartext value can be exfiltrated by using the back-end \"download\" feature, as demonstrated by an mfp.password downloadsettingvalue operation. | MEDIUM | Apr 24, 2019 | n/a |
| CVE-2018-17283 | Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter. | MEDIUM | Sep 20, 2018 | n/a |
| CVE-2018-17282 | An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference. | MEDIUM | Sep 20, 2018 | n/a |
| CVE-2018-17281 | There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket. | MEDIUM | Sep 28, 2018 | n/a |
| CVE-2018-17280 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17279 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17278 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17277 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17276 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17275 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17274 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17273 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17272 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17271 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17270 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17269 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17268 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17267 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17266 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17265 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17264 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17263 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17262 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17261 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17260 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17259 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17258 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17257 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17256 | Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.). The vulnerability is exploited when updating or removing public access of a content. | LOW | Nov 27, 2018 | n/a |
| CVE-2018-17255 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-14014. Reason: This candidate is a reservation duplicate of CVE-2020-14014. Notes: All CVE users should reference CVE-2020-14014 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | MEDIUM | Sep 26, 2018 | n/a |
| CVE-2018-17254 | The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter. | HIGH | Sep 20, 2018 | n/a |
| CVE-2018-17253 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17252 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17251 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17250 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17249 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17248 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2018-17247 | Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning\'s find_file_structure API. If a policy allowing external network access has been added to Elasticsearch\'s Java Security Manager then an attacker could send a specially crafted request capable of leaking content of local files on the Elasticsearch node. This could allow a user to access information that they should not have access to. | MEDIUM | Dec 25, 2018 | n/a |
| CVE-2018-17246 | Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. | HIGH | Dec 25, 2018 | n/a |
| CVE-2018-17245 | Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource provider. | MEDIUM | Dec 20, 2018 | n/a |
| CVE-2018-17244 | Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same username is being authenticated concurrently; when used with run as, this can result in the request running as the incorrect user. This could allow a user to access information that they should not have access to. | MEDIUM | Dec 27, 2018 | n/a |
| CVE-2018-17243 | Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection. | HIGH | Sep 20, 2018 | n/a |
| CVE-2018-17240 | There is a memory dump vulnerability on Netwave IP camera devices at //proc/kcore that allows an unauthenticated attacker to exfiltrate sensitive information from the network configuration (e.g., username and password). | MEDIUM | Jun 10, 2022 | n/a |
| CVE-2018-17237 | A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207. | MEDIUM | Sep 20, 2018 | n/a |
| CVE-2018-17236 | The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0 internally calls free() on a invalid pointer, raising a SIGABRT signal. | MEDIUM | Sep 20, 2018 | n/a |
| CVE-2018-17235 | The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp in libmp4v2 2.1.0 mishandles compatibleBrand while processing a crafted mp4 file, which leads to a heap-based buffer over-read, causing denial of service. | MEDIUM | Sep 20, 2018 | n/a |
| CVE-2018-17234 | Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file. | MEDIUM | Sep 20, 2018 | n/a |
