The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2018-8736 | A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability escalating to root. | HIGH | Apr 17, 2018 |
| CVE-2018-8735 | Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection. | HIGH | Apr 17, 2018 |
| CVE-2018-8734 | SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter. | HIGH | Apr 17, 2018 |
| CVE-2018-8733 | Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability. | MEDIUM | Apr 17, 2018 |
| CVE-2018-8732 | Cross-site scripting (XSS) vulnerability in WampServer 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the virtual_del parameter. | LOW | Mar 19, 2018 |
| CVE-2018-8729 | Multiple cross-site scripting (XSS) vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped. | MEDIUM | Mar 15, 2018 |
| CVE-2018-8728 | server/app/views/static/code.html in Kontena before 1.5.0 allows XSS in kontena master login --remote code display, as demonstrated by /code#code= in a URI. | MEDIUM | Mar 15, 2018 |
| CVE-2018-8727 | Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earlier allows an attacker to traverse the file system to access files or directories via the Web Client webserver. | MEDIUM | Jun 19, 2018 |
| CVE-2018-8726 | K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). The component is: K7TSMngr.exe. | MEDIUM | Jan 13, 2021 |
| CVE-2018-8725 | K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). The component is: K7TSMngr.exe. | MEDIUM | Jan 13, 2021 |
| CVE-2018-8724 | K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: gain privileges (local). The component is: K7TSMngr.exe. | MEDIUM | Jan 13, 2021 |
| CVE-2018-8722 | Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed in build 92026. | MEDIUM | Mar 15, 2018 |
| CVE-2018-8721 | Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored XSS related to the index2.do?url=editAlertForm&tab=alert&alert=profile URI and the Edit Alert Profile screen | MEDIUM | Mar 15, 2018 |
| CVE-2018-8720 | ServiceNow ITSM 2016-06-02 has XSS via the First Name or Last Name field of My Profile (aka navpage.do), or the Search bar of My Portal (aka search_results.do). | LOW | Mar 15, 2018 |
| CVE-2018-8719 | An issue was discovered in the WP Security Audit Log plugin 3.1.1 for WordPress. Access to wp-content/uploads/wp-security-audit-log/* files is not restricted. For example, these files are indexed by Google and allows for attackers to possibly find sensitive information. | MEDIUM | Apr 4, 2018 |
| CVE-2018-8718 | Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request. | MEDIUM | Mar 27, 2018 |
| CVE-2018-8717 | joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator account via a manager/admin_ajax.php?action=save&tab={pre}manager request. | MEDIUM | Mar 14, 2018 |
| CVE-2018-8716 | WSO2 Identity Server before 5.5.0 has XSS via the dashboard, allowing attacks by low-privileged attackers. | LOW | Apr 25, 2018 |
| CVE-2018-8715 | The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types. | MEDIUM | Mar 14, 2018 |
| CVE-2018-8714 | Honeywell MatrikonOPC OPC Controller before 5.1.0.0 allows local users to transfer arbitrary files from a host computer and consequently obtain sensitive information via vectors related to MSXML libraries. | LOW | May 17, 2018 |
| CVE-2018-8712 | An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of Can view any file as a log file is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data from the local system (using Local File Include) such as the '/etc/shadow' file via a GET /syslog/save_log.cgi?view=1&file=/etc/shadow request. | MEDIUM | Mar 14, 2018 |
| CVE-2018-8711 | A local file inclusion issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The vulnerability is due to the lack of args/input validation on render_html before allowing it to be called by extract(), a PHP built-in function. Because of this, the supplied args/input can be used to overwrite the $pagepath variable, which then could lead to a local file inclusion attack. | HIGH | Mar 14, 2018 |
| CVE-2018-8710 | A remote code execution issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication. WordPress shortcode markup in the shortcode parameters would be evaluated. Normally unauthenticated users can't evaluate shortcodes as they are often sensitive. | HIGH | Mar 14, 2018 |
| CVE-2018-8661 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none. | -- | Nov 7, 2023 |
| CVE-2018-8654 | An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Server, aka \'Microsoft Dynamics 365 Elevation of Privilege Vulnerability\'. | MEDIUM | Jan 27, 2020 |
| CVE-2018-8653 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka Scripting Engine Memory Corruption Vulnerability. This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8643. | HIGH | Dec 21, 2018 |
| CVE-2018-8652 | A Cross-site Scripting (XSS) vulnerability exists when Windows Azure Pack does not properly sanitize user-provided input, aka Windows Azure Pack Cross Site Scripting Vulnerability. This affects Windows Azure Pack Rollup 13.1. | LOW | Dec 12, 2018 |
| CVE-2018-8651 | A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dynamics NAV server, aka Microsoft Dynamics NAV Cross Site Scripting Vulnerability. This affects Microsoft Dynamics NAV. | LOW | Dec 12, 2018 |
| CVE-2018-8650 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka Microsoft Office SharePoint XSS Vulnerability. This affects Microsoft SharePoint. | LOW | Dec 13, 2018 |
| CVE-2018-8649 | A denial of service vulnerability exists when Windows improperly handles objects in memory, aka Windows Denial of Service Vulnerability. This affects Windows 10, Windows Server 2019. | MEDIUM | Dec 12, 2018 |
| CVE-2018-8643 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka Scripting Engine Memory Corruption Vulnerability. This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. | HIGH | Dec 12, 2018 |
| CVE-2018-8641 | An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka Win32k Elevation of Privilege Vulnerability. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8639. | High | Dec 14, 2018 |
| CVE-2018-8639 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka Win32k Elevation of Privilege Vulnerability. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8641. | High | Dec 17, 2018 |
| CVE-2018-8638 | An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka DirectX Information Disclosure Vulnerability. This affects Windows 10, Windows Server 2019. | LOW | Dec 12, 2018 |
| CVE-2018-8637 | An information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass, aka Win32k Information Disclosure Vulnerability. This affects Windows 10 Servers, Windows 10, Windows Server 2019. | LOW | Dec 12, 2018 |
| CVE-2018-8636 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka Microsoft Excel Remote Code Execution Vulnerability. This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8597. | HIGH | Dec 12, 2018 |
| CVE-2018-8635 | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka Microsoft SharePoint Server Elevation of Privilege Vulnerability. This affects Microsoft SharePoint Server, Microsoft SharePoint. | MEDIUM | Dec 12, 2018 |
| CVE-2018-8634 | A remote code execution vulnerability exists in Windows where Microsoft text-to-speech fails to properly handle objects in the memory, aka Microsoft Text-To-Speech Remote Code Execution Vulnerability. This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | HIGH | Dec 12, 2018 |
| CVE-2018-8631 | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka Internet Explorer Memory Corruption Vulnerability. This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. | HIGH | Dec 12, 2018 |
| CVE-2018-8629 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka Chakra Scripting Engine Memory Corruption Vulnerability. This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8617, CVE-2018-8618, CVE-2018-8624. | HIGH | Dec 12, 2018 |
| CVE-2018-8628 | A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka Microsoft PowerPoint Remote Code Execution Vulnerability. This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft SharePoint Server. | HIGH | Dec 12, 2018 |
| CVE-2018-8627 | An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka Microsoft Excel Information Disclosure Vulnerability. This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598. | MEDIUM | Dec 12, 2018 |
| CVE-2018-8626 | A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests, aka Windows DNS Server Heap Overflow Vulnerability. This affects Windows Server 2012 R2, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers. | HIGH | Dec 12, 2018 |
| CVE-2018-8625 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka Windows VBScript Engine Remote Code Execution Vulnerability. This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. | HIGH | Dec 12, 2018 |
| CVE-2018-8624 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka Chakra Scripting Engine Memory Corruption Vulnerability. This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8617, CVE-2018-8618, CVE-2018-8629. | HIGH | Dec 12, 2018 |
| CVE-2018-8622 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka Windows Kernel Information Disclosure Vulnerability. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8477, CVE-2018-8621. | Low | Dec 14, 2018 |
| CVE-2018-8621 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka Windows Kernel Information Disclosure Vulnerability. This affects Windows Server 2012, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8477, CVE-2018-8622. | Low | Dec 14, 2018 |
| CVE-2018-8619 | A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, aka Internet Explorer Remote Code Execution Vulnerability. This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. | HIGH | Dec 12, 2018 |
| CVE-2018-8618 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka Chakra Scripting Engine Memory Corruption Vulnerability. This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8617, CVE-2018-8624, CVE-2018-8629. | HIGH | Dec 12, 2018 |
| CVE-2018-8617 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka Chakra Scripting Engine Memory Corruption Vulnerability. This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8618, CVE-2018-8624, CVE-2018-8629. | HIGH | Dec 12, 2018 |
