| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-19777 |
835 |
|
|
2018-11-30 |
2019-11-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool. |
|
2 |
CVE-2018-19763 |
125 |
|
DoS |
2018-11-30 |
2018-12-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is a heap-based buffer over-read at writer.c (function: write_png_to_file) in libsixel 1.8.2 that will cause a denial of service. |
|
3 |
CVE-2018-19762 |
787 |
|
DoS Overflow |
2018-11-30 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
There is a heap-based buffer overflow at fromsixel.c (function: image_buffer_resize) in libsixel 1.8.2 that will cause a denial of service or possibly unspecified other impact. |
|
4 |
CVE-2018-19761 |
125 |
|
DoS |
2018-11-30 |
2018-12-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is an illegal address access at fromsixel.c (function: sixel_decode_raw_impl) in libsixel 1.8.2 that will cause a denial of service. |
|
5 |
CVE-2018-19760 |
772 |
|
|
2018-11-30 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak. |
|
6 |
CVE-2018-19759 |
125 |
|
DoS |
2018-11-30 |
2018-12-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is a heap-based buffer over-read at stb_image_write.h (function: stbi_write_png_to_mem) in libsixel 1.8.2 that will cause a denial of service. |
|
7 |
CVE-2018-19758 |
125 |
|
DoS |
2018-11-30 |
2020-10-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. |
|
8 |
CVE-2018-19757 |
476 |
|
DoS |
2018-11-30 |
2018-12-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service. |
|
9 |
CVE-2018-19756 |
125 |
|
DoS |
2018-11-30 |
2018-12-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service. |
|
10 |
CVE-2018-19755 |
20 |
|
DoS |
2018-11-30 |
2018-12-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer. |
|
11 |
CVE-2018-19748 |
22 |
|
Dir. Trav. |
2018-11-29 |
2018-12-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded (note that base64 encoding, instead of URL encoding, is very rare in a directory traversal attack vector). |
|
12 |
CVE-2018-19693 |
79 |
|
XSS |
2018-11-29 |
2018-12-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the title parameter. |
|
13 |
CVE-2018-19692 |
434 |
|
Exec Code |
2018-11-29 |
2018-12-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in tp5cms through 2017-05-25. admin.php/upload/picture.html allows remote attackers to execute arbitrary PHP code by uploading a .php file with the image/jpeg content type. |
|
14 |
CVE-2018-19666 |
22 |
|
Dir. Trav. |
2018-11-29 |
2019-01-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server. |
|
15 |
CVE-2018-19664 |
125 |
|
|
2018-11-29 |
2019-11-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg. |
|
16 |
CVE-2018-19662 |
125 |
|
DoS |
2018-11-29 |
2020-10-29 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service. |
|
17 |
CVE-2018-19661 |
125 |
|
DoS |
2018-11-29 |
2020-10-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service. |
|
18 |
CVE-2018-19655 |
787 |
|
Overflow |
2018-11-29 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file. |
|
19 |
CVE-2018-19654 |
20 |
|
|
2018-11-29 |
2020-06-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new account with a duplicate username, as demonstrated by use of the test%c2 string when a test account already exists. |
|
20 |
CVE-2018-19651 |
918 |
|
|
2018-11-28 |
2018-12-20 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL. |
|
21 |
CVE-2018-19646 |
78 |
|
Exec Code |
2018-11-28 |
2019-02-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled. |
|
22 |
CVE-2018-19630 |
79 |
|
XSS |
2018-11-28 |
2018-12-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI. |
|
23 |
CVE-2018-19628 |
369 |
|
|
2018-11-29 |
2020-03-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error. |
|
24 |
CVE-2018-19627 |
125 |
|
|
2018-11-29 |
2020-03-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary. |
|
25 |
CVE-2018-19626 |
125 |
|
|
2018-11-29 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination. |
|
26 |
CVE-2018-19625 |
125 |
|
|
2018-11-29 |
2020-03-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read. |
|
27 |
CVE-2018-19624 |
476 |
|
|
2018-11-29 |
2020-03-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference. |
|
28 |
CVE-2018-19623 |
787 |
|
|
2018-11-29 |
2020-03-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negative values. |
|
29 |
CVE-2018-19622 |
835 |
|
Overflow |
2018-11-29 |
2020-03-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows. |
|
30 |
CVE-2018-19621 |
352 |
|
CSRF |
2018-11-28 |
2018-12-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team. |
|
31 |
CVE-2018-19620 |
425 |
|
|
2018-11-28 |
2019-10-03 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id. |
|
32 |
CVE-2018-19609 |
200 |
|
+Info |
2018-11-27 |
2018-12-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL. |
|
33 |
CVE-2018-19607 |
476 |
|
DoS |
2018-11-27 |
2019-08-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. |
|
34 |
CVE-2018-19595 |
94 |
|
Exec Code |
2018-11-27 |
2019-04-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel protection mechanism. |
|
35 |
CVE-2018-19587 |
119 |
|
Overflow |
2018-11-27 |
2019-01-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_add_session() function. |
|
36 |
CVE-2018-19568 |
119 |
|
Overflow |
2018-11-26 |
2018-12-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. |
|
37 |
CVE-2018-19567 |
119 |
|
Overflow |
2018-11-26 |
2018-12-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. |
|
38 |
CVE-2018-19566 |
125 |
|
+Info |
2018-11-26 |
2018-12-19 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. |
|
39 |
CVE-2018-19565 |
125 |
|
+Info |
2018-11-26 |
2018-12-19 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. |
|
40 |
CVE-2018-19564 |
79 |
|
XSS |
2018-11-26 |
2018-12-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress. Three wp-admin/post.php parameters (_ikcf_client and _ikcf_position and _ikcf_other) have Cross-Site Scripting. |
|
41 |
CVE-2018-19562 |
434 |
|
Exec Code |
2018-11-26 |
2018-12-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive. |
|
42 |
CVE-2018-19561 |
352 |
|
CSRF |
2018-11-26 |
2018-12-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
sikcms 1.1 has CSRF via admin.php?m=Admin&c=Users&a=userAdd to add an administrator account. |
|
43 |
CVE-2018-19560 |
352 |
|
CSRF |
2018-11-26 |
2018-12-31 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account. |
|
44 |
CVE-2018-19559 |
89 |
|
Sql |
2018-11-26 |
2018-12-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter. |
|
45 |
CVE-2018-19558 |
89 |
|
Sql |
2018-11-26 |
2018-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php. |
|
46 |
CVE-2018-19557 |
89 |
|
Sql |
2018-11-26 |
2018-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in arcms through 2018-03-19. No authentication is required for index/main, user/useradd, or img/images. |
|
47 |
CVE-2018-19556 |
20 |
|
|
2018-11-26 |
2019-04-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
** DISPUTED ** zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing. NOTE: the software maintainer disputes that this is a vulnerability. |
|
48 |
CVE-2018-19555 |
352 |
|
CSRF |
2018-11-26 |
2018-12-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password. |
|
49 |
CVE-2018-19553 |
89 |
|
Sql |
2018-11-26 |
2018-12-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Interspire Email Marketer through 6.1.6 has SQL Injection via an updateblock sortorder request to Dynamiccontenttags.php |
|
50 |
CVE-2018-19552 |
89 |
|
Sql |
2018-11-26 |
2018-12-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Interspire Email Marketer through 6.1.6 has SQL Injection via a deleteblock blockid[] request to Dynamiccontenttags.php. |
