The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2018-21065 | An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is an integer underflow in eCryptFS because of a missing size check. The Samsung ID is SVE-2017-11855 (August 2018). | HIGH | Apr 9, 2020 |
| CVE-2018-21064 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is an array overflow in a driver\'s input booster. The Samsung ID is SVE-2017-11816 (August 2018). | HIGH | Apr 9, 2020 |
| CVE-2018-21063 | An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) (Exynos chipsets) software. Keymaster has an architectural problem because tlApi in TEE is not properly protected. The Samsung ID is SVE-2018-11792 (August 2018). | HIGH | Apr 9, 2020 |
| CVE-2018-21062 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. When biometric authentication is disabled, an attacker can view Streams content (e.g., a Gallery slideshow) of a locked Secure Folder via a connection to an external device. The Samsung ID is SVE-2018-11766 (August 2018). | LOW | Apr 9, 2020 |
| CVE-2018-21061 | An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) software. A fake charger can execute critical functions in the locked state. The Samsung ID is SVE-2016-6341 (August 2018). | MEDIUM | Apr 8, 2020 |
| CVE-2018-21060 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is a Keyboard learned words leak in the locked state via the emergency contact picker. The Samsung IDs are SVE-2018-11989, SVE-2018-11990 (September 2018). | MEDIUM | Apr 9, 2020 |
| CVE-2018-21059 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is Clipboard content visibility in the locked state via the emergency contact picker. The Samsung ID is SVE-2018-11806 (September 2018). | MEDIUM | Apr 9, 2020 |
| CVE-2018-21058 | An issue was discovered on Samsung mobile devices with N(7.0), O(8.0) (exynos7420 or Exynos 8890/8996 chipsets) software. Cache attacks can occur against the Keymaster AES-GCM implementation because T-Tables are used; the Cryptography Extension (CE) is not used. The Samsung ID is SVE-2018-12761 (September 2018). | HIGH | Apr 9, 2020 |
| CVE-2018-21057 | An issue was discovered on Samsung mobile devices with N(7.x) O(8.x, and P(9.0) (Exynos chipsets) software. There is a stack-based buffer overflow in the Shannon Baseband. The Samsung ID is SVE-2018-12757 (September 2018). | HIGH | Apr 9, 2020 |
| CVE-2018-21056 | An issue was discovered on Samsung mobile devices with O(8.x) software. The Smartwatch displays Secure Folder Notification content. The Samsung ID is SVE-2018-12458 (September 2018). | LOW | Apr 9, 2020 |
| CVE-2018-21055 | An issue was discovered on Samsung mobile devices with N(7.0) (Qualcomm models using MSM8996 chipsets) software. A device can be rooted with a custom image to execute arbitrary scripts in the INIT context. The Samsung ID is SVE-2018-11940 (September 2018). | HIGH | Apr 9, 2020 |
| CVE-2018-21054 | An issue was discovered on Samsung mobile devices with M(6.0), N(7.x) and O(8.x) except exynos9610/9820 in all Platforms, M(6.0) except MSM8909 SC77xx/9830 exynos3470/5420, N(7.0) except MSM8939, N(7.1) except MSM8996 SDM6xx/M6737T software. There is an integer underflow with a resultant buffer overflow in eCryptFS. The Samsung ID is SVE-2017-11857 (September 2018). | HIGH | Apr 9, 2020 |
| CVE-2018-21053 | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is Clipboard access in the lockscreen state via a physical keyboard. The Samsung ID is SVE-2018-12684 (October 2018). | LOW | Apr 9, 2020 |
| CVE-2018-21052 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is incorrect usage of shared memory in the vaultkeeper Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12855 (October 2018). | HIGH | Apr 9, 2020 |
| CVE-2018-21051 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is an invalid free in the fingerprint Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12853 (October 2018). | HIGH | Apr 9, 2020 |
| CVE-2018-21050 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is a Buffer overflow in the esecomm Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12852 (October 2018). | HIGH | Apr 9, 2020 |
| CVE-2018-21049 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is an arbitrary memory write in a Trustlet because a secure driver allows access to sensitive APIs. The Samsung ID is SVE-2018-12881 (November 2018). | HIGH | Apr 9, 2020 |
| CVE-2018-21048 | An issue was discovered on Samsung mobile devices with O(8.x) software. There is a Notification leak on a locked device in Standalone Dex mode. The Samsung ID is SVE-2018-12925 (November 2018). | LOW | Apr 9, 2020 |
| CVE-2018-21047 | An issue was discovered on Samsung mobile devices with O(8.x) software. There is a Factory Reset Protection (FRP) bypass via the voice assistant because Internet access begins before the Setup Wizard finishes. The Samsung ID is SVE-2018-12894 (November 2018). | MEDIUM | Apr 9, 2020 |
| CVE-2018-21046 | An issue was discovered on Samsung mobile devices with O(8.x) software. There is clipboard Data Exposure via the Emergency Dialer upon connecting a USB device. The Samsung ID is SVE-2018-12911 (November 2018). | LOW | Apr 9, 2020 |
| CVE-2018-21045 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is Clipboard access in the lockscreen state via a copy-and-paste action. The Samsung ID is SVE-2018-13381 (December 2018). | LOW | Apr 9, 2020 |
| CVE-2018-21044 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) software. The sem Trustlet has a buffer overflow that leads to arbitrary TEE code execution. The Samsung IDs are SVE-2018-13230, SVE-2018-13231, SVE-2018-13232, SVE-2018-13233 (December 2018). | HIGH | Apr 9, 2020 |
| CVE-2018-21043 | An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. There is information disclosure about a kernel pointer in the g2d_drv driver because of logging. The Samsung ID is SVE-2018-13035 (December 2018). | LOW | Apr 9, 2020 |
| CVE-2018-21042 | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Dual Messenger allows installation of an arbitrary APK with resultant privileged code execution. The Samsung ID is SVE-2018-13299 (December 2018). | HIGH | Apr 9, 2020 |
| CVE-2018-21041 | An issue was discovered on Samsung mobile devices with O(8.x) software. Access to Gallery in the Secure Folder can occur without authentication. The Samsung ID is SVE-2018-13057 (December 2018). | MEDIUM | Apr 9, 2020 |
| CVE-2018-21040 | An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. There is a race condition with a resultant use-after-free in the g2d driver. The Samsung ID is SVE-2018-12959 (December 2018). | MEDIUM | Apr 9, 2020 |
| CVE-2018-21039 | An issue was discovered on Samsung mobile devices with N(7.0) software. With the Location permission for the compass feature in Quick Tools (aka QuickTools), an attacker can bypass the lockscreen. The Samsung ID is SVE-2018-12053 (December 2018). | MEDIUM | Apr 9, 2020 |
| CVE-2018-21038 | An issue was discovered on Samsung mobile devices with N(7.x) software. The Secure Folder app\'s startup logic allows authentication bypass. The Samsung ID is SVE-2018-11628 (December 2018). | HIGH | Apr 9, 2020 |
| CVE-2018-21037 | Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI. | MEDIUM | Mar 17, 2020 |
| CVE-2018-21036 | Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request. | MEDIUM | Jul 23, 2020 |
| CVE-2018-21035 | In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). | MEDIUM | Feb 28, 2020 |
| CVE-2018-21034 | In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git. | MEDIUM | Apr 9, 2020 |
| CVE-2018-21033 | A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence. Hitachi Command Suite includes Hitachi Device Manager, Hitachi Tiered Storage Manager, Hitachi Replication Manager, Hitachi Tuning Manager, Hitachi Global Link Manager and Hitachi Compute Systems Manager. | MEDIUM | Feb 14, 2020 |
| CVE-2018-21032 | A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi Automation Director prior to 8.5.0-00 allow authenticated remote users to expose technical information through error messages. Hitachi Command Suite includes Hitachi Device Manager and Hitachi Compute Systems Manager. | MEDIUM | Feb 14, 2020 |
| CVE-2018-21031 | Tautulli versions 2.1.38 and below allows remote attackers to bypass intended access control in Plex Media Server because the X-Plex-Token is mishandled and can be retrieved from Tautulli. NOTE: Initially, this id was associated with Plex Media Server 1.18.2.2029-36236cc4c as the affected product and version. Further research indicated that Tautulli is the correct affected product. | MEDIUM | Nov 18, 2019 |
| CVE-2018-21030 | Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document. | MEDIUM | Oct 31, 2019 |
| CVE-2018-21029 | systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname validation does not have anything to do with this issue (i.e. there is no hostname to be sent) | HIGH | Oct 31, 2019 |
| CVE-2018-21028 | Boa through 0.94.14rc21 allows remote attackers to trigger a memory leak because of missing calls to the free function. | MEDIUM | Oct 11, 2019 |
| CVE-2018-21027 | Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-memory (OOM) condition because malloc is mishandled. | HIGH | Oct 11, 2019 |
| CVE-2018-21026 | A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 allows an unauthenticated remote user to read internal information. | MEDIUM | Nov 12, 2019 |
| CVE-2018-21025 | In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files. | HIGH | Oct 11, 2019 |
| CVE-2018-21024 | licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request. | HIGH | Oct 15, 2019 |
| CVE-2018-21023 | getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter. | MEDIUM | Oct 15, 2019 |
| CVE-2018-21022 | makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter. | MEDIUM | Oct 9, 2019 |
| CVE-2018-21021 | img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter. | MEDIUM | Oct 9, 2019 |
| CVE-2018-21020 | In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place. | MEDIUM | Oct 11, 2019 |
| CVE-2018-21019 | Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application\'s error log via components/api.py. | MEDIUM | Sep 23, 2019 |
| CVE-2018-21018 | Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions. | HIGH | Sep 23, 2019 |
| CVE-2018-21017 | GPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_base.c. | MEDIUM | Sep 18, 2019 |
| CVE-2018-21016 | audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | MEDIUM | Sep 18, 2019 |
