The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2018-11017 | The newVar_N function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact. | MEDIUM | May 13, 2018 | n/a |
CVE-2018-11013 | Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header. | HIGH | May 13, 2018 | n/a |
CVE-2018-11012 | ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java. | MEDIUM | May 12, 2018 | n/a |
CVE-2018-11011 | ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java. | MEDIUM | May 12, 2018 | n/a |
CVE-2018-11010 | A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. | MEDIUM | Jan 12, 2021 | n/a |
CVE-2018-11009 | A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. | MEDIUM | Jan 13, 2021 | n/a |
CVE-2018-11008 | An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. | MEDIUM | Jan 12, 2021 | n/a |
CVE-2018-11007 | A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. | MEDIUM | Jan 12, 2021 | n/a |
CVE-2018-11006 | An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. | HIGH | Jan 12, 2021 | n/a |
CVE-2018-11005 | A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. | MEDIUM | Jan 12, 2021 | n/a |
CVE-2018-11004 | An issue was discovered in SDcms v1.5. Cross-site request forgery (CSRF) vulnerability in /WWW//app/admin/controller/admincontroller.php allows remote attackers to add administrator accounts via m=admin&c=admin&a=add. | MEDIUM | May 12, 2018 | n/a |
CVE-2018-11003 | An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CSRF) vulnerability in protected/apps/admin/controller/adminController.php allows remote attackers to delete administrator accounts via index.php?r=admin/admin/admindel. | MEDIUM | May 12, 2018 | n/a |
CVE-2018-11002 | Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions. | MEDIUM | Dec 3, 2018 | n/a |
CVE-2018-10999 | An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read. | MEDIUM | May 12, 2018 | n/a |
CVE-2018-10998 | An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. | MEDIUM | May 12, 2018 | n/a |
CVE-2018-10997 | Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL injection in the POST parameters txUserName and txPassword. | HIGH | Jun 17, 2018 | n/a |
CVE-2018-10996 | The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout request involving a long REMOTE_ADDR environment variable. | HIGH | May 12, 2018 | n/a |
CVE-2018-10995 | SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields). | MEDIUM | May 30, 2018 | n/a |
CVE-2018-10994 | js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL. | MEDIUM | May 14, 2018 | n/a |
CVE-2018-10992 | lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU Guile code uses the system Scheme procedure instead of the system* Scheme procedure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-17523. | HIGH | May 11, 2018 | n/a |
CVE-2018-10991 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-10990. Reason: This candidate is a reservation duplicate of CVE-2018-10990. Notes: All CVE users should reference CVE-2018-10990 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 | n/a |
CVE-2018-10990 | On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the credential cookie, which might make it easier for attackers to obtain access at a later time (e.g., at least for a few minutes). NOTE: there is no documentation stating that the web UI's logout feature was supposed to do anything beyond removing the cookie from one instance of a web browser; a client-side logout action is often not intended to address cases where a person has made a copy of a cookie outside of a browser. | HIGH | May 14, 2018 | n/a |
CVE-2018-10989 | Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a default password of password for the admin account that is used over an unencrypted http://192.168.0.1 connection, which might allow remote attackers to bypass intended access restrictions by leveraging access to the local network. NOTE: one or more user's guides distributed by ISPs state At a minimum, you should set a login password. | LOW | May 14, 2018 | n/a |
CVE-2018-10988 | An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card. It executes code, without a digital signature, as root from the /mnt/sdcard/$PRO_NAME/upgrade.sh or /sdcard/upgrage_360/upgrade.sh pathname. | HIGH | Jul 5, 2018 | n/a |
CVE-2018-10987 | An issue was discovered on Dongguan Diqee Diqee360 devices. The affected vacuum cleaner suffers from an authenticated remote code execution vulnerability. An authenticated attacker can send a specially crafted UDP packet, and execute commands on the vacuum cleaner as root. The bug is in the function REQUEST_SET_WIFIPASSWD (UDP command 153). A crafted UDP packet runs /mnt/skyeye/mode_switch.sh %s with an attacker controlling the %s variable. In some cases, authentication can be achieved with the default password of 888888 for the admin account. | HIGH | Jul 5, 2018 | n/a |
CVE-2018-10986 | OX Guard 2.8.0 has CSRF. | MEDIUM | Jul 5, 2019 | n/a |
CVE-2018-10982 | An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection. | HIGH | May 10, 2018 | n/a |
CVE-2018-10981 | An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request. | MEDIUM | May 10, 2018 | n/a |
CVE-2018-10977 | In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x002220E4. | MEDIUM | May 10, 2018 | n/a |
CVE-2018-10976 | In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222050. | MEDIUM | May 10, 2018 | n/a |
CVE-2018-10975 | In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222104. | MEDIUM | May 10, 2018 | n/a |
CVE-2018-10974 | In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222100. | MEDIUM | May 10, 2018 | n/a |
CVE-2018-10973 | An integer overflow in the transferMulti function of a smart contract implementation for KoreaShow, an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _value parameters. | MEDIUM | May 10, 2018 | n/a |
CVE-2018-10972 | An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The TransformPaletteC::process function in transform/palette_C.hpp allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted file. | MEDIUM | May 10, 2018 | n/a |
CVE-2018-10971 | An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The Plane function in image/image.hpp allows remote attackers to cause a denial of service (attempted excessive memory allocation) via a crafted file. | MEDIUM | May 10, 2018 | n/a |
CVE-2018-10969 | SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid. | HIGH | Jun 18, 2018 | n/a |
CVE-2018-10968 | On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access vulnerability. | HIGH | May 18, 2018 | n/a |
CVE-2018-10967 | On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code execution. | HIGH | May 18, 2018 | n/a |
CVE-2018-10966 | An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02_passport.js. An attacker can edit the Passport.js contents of the session cookie to contain the ID number of the account they wish to take over, and re-sign it using the hard coded secret. | HIGH | Jun 5, 2018 | n/a |
CVE-2018-10963 | The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. | MEDIUM | May 9, 2018 | n/a |
CVE-2018-10962 | An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because mouse_event is not properly considered. | LOW | May 9, 2018 | n/a |
CVE-2018-10959 | Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an attacker\'s process launch. | MEDIUM | Apr 24, 2019 | n/a |
CVE-2018-10958 | In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call. | MEDIUM | May 9, 2018 | n/a |
CVE-2018-10957 | CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the affected components. | MEDIUM | May 9, 2018 | n/a |
CVE-2018-10956 | IPConfigure Orchid Core VMS 2.0.5 allows Directory Traversal. | MEDIUM | Jun 25, 2018 | n/a |
CVE-2018-10955 | In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222548. | MEDIUM | May 9, 2018 | n/a |
CVE-2018-10954 | In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222550. | MEDIUM | May 9, 2018 | n/a |
CVE-2018-10953 | In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x0022204C. | MEDIUM | May 9, 2018 | n/a |
CVE-2018-10952 | In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222088. | MEDIUM | May 9, 2018 | n/a |
CVE-2018-10951 | mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API. | MEDIUM | May 9, 2018 | n/a |