| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-1000014 |
352 |
|
CSRF |
2018-01-23 |
2018-02-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator. |
|
2 |
CVE-2018-1000013 |
352 |
|
CSRF |
2018-01-23 |
2018-02-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds. |
|
3 |
CVE-2018-1000012 |
611 |
|
|
2018-01-23 |
2018-02-07 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. |
|
4 |
CVE-2018-1000011 |
611 |
|
|
2018-01-23 |
2018-02-07 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. |
|
5 |
CVE-2018-1000010 |
611 |
|
|
2018-01-23 |
2018-02-07 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. |
|
6 |
CVE-2018-1000009 |
611 |
|
|
2018-01-23 |
2018-02-07 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. |
|
7 |
CVE-2018-1000008 |
611 |
|
|
2018-01-23 |
2018-02-07 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. |
|
8 |
CVE-2018-1000007 |
|
|
+Info |
2018-01-24 |
2022-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request. |
|
9 |
CVE-2018-1000006 |
78 |
|
Exec Code |
2018-01-24 |
2018-04-01 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16. |
|
10 |
CVE-2018-1000005 |
125 |
|
|
2018-01-24 |
2019-06-18 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something. |
|
11 |
CVE-2018-1000004 |
362 |
|
DoS |
2018-01-16 |
2020-07-15 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. |
|
12 |
CVE-2018-1000001 |
787 |
|
Exec Code |
2018-01-31 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. |
|
13 |
CVE-2018-6480 |
704 |
|
|
2018-01-31 |
2018-02-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A type confusion issue was discovered in CCN-lite 2, leading to a memory access violation and a failure of the nonce feature (which, for example, helped with loop prevention). ccnl_fwd_handleInterest assumes that the union member s is of type ccnl_pktdetail_ndntlv_s. However, if the type is in fact struct ccnl_pktdetail_ccntlv_s or struct ccnl_pktdetail_iottlv_s, the memory at that point is either uninitialised or points to data that is not a nonce, which renders the code using the local variable nonce pointless. A later nonce check is insufficient. |
|
14 |
CVE-2018-6479 |
|
|
|
2018-01-31 |
2021-09-13 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered on Netwave IP Camera devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to the / URI. |
|
15 |
CVE-2018-6476 |
20 |
|
|
2018-01-31 |
2018-02-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating input values from IOCtl 0x9C402114 or 0x9C402124 or 0x9C40207c. |
|
16 |
CVE-2018-6475 |
426 |
|
|
2018-01-31 |
2018-02-13 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe allows DLL hijacking, leading to Escalation of Privileges. |
|
17 |
CVE-2018-6474 |
20 |
|
DoS |
2018-01-31 |
2018-02-13 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402148. |
|
18 |
CVE-2018-6473 |
20 |
|
DoS |
2018-01-31 |
2018-02-13 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402080. |
|
19 |
CVE-2018-6472 |
20 |
|
DoS |
2018-01-31 |
2018-02-13 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40204c. |
|
20 |
CVE-2018-6471 |
20 |
|
DoS |
2018-01-31 |
2018-02-13 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402078. |
|
21 |
CVE-2018-6462 |
787 |
|
Exec Code |
2018-01-31 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document. |
|
22 |
CVE-2018-6460 |
200 |
|
+Info |
2018-01-31 |
2018-02-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. The web server uses JSONP and hosts sensitive information including configuration. User controlled input is not sufficiently filtered: an unauthenticated attacker can send a POST request to /status.js with the parameter func=$_APPLOG.Rfunc and extract sensitive information about the machine, including whether the user is connected to a VPN, to which VPN he/she is connected, and what is their real IP address. |
|
23 |
CVE-2018-6412 |
200 |
|
+Info |
2018-01-31 |
2019-03-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands. |
|
24 |
CVE-2018-6408 |
352 |
|
CSRF |
2018-01-30 |
2018-02-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. CSRF exists in hy-cgi/user.cgi, as demonstrated by changing an administrator password or adding a new administrator account. |
|
25 |
CVE-2018-6407 |
20 |
|
|
2018-01-30 |
2018-02-27 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to /hy-cgi/devices.cgi?cmd=searchlandevice. The crash completely freezes the device. |
|
26 |
CVE-2018-6406 |
125 |
|
DoS +Info |
2018-01-30 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service (heap-based buffer over-read and later out-of-bounds write), or possibly have unspecified other impact. |
|
27 |
CVE-2018-6398 |
89 |
|
Sql |
2018-01-30 |
2018-02-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a task=load action. |
|
28 |
CVE-2018-6397 |
22 |
|
Dir. Trav. |
2018-01-30 |
2018-02-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla! via the list.php folder parameter. |
|
29 |
CVE-2018-6395 |
89 |
|
Sql |
2018-01-30 |
2018-02-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! via the id parameter in a view=load action. |
|
30 |
CVE-2018-6393 |
89 |
|
Sql |
2018-01-29 |
2019-12-10 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
** DISPUTED ** FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... [or] run shell scripts ... once ... logged in to the administration interface; there is no need to try to find input validation errors." |
|
31 |
CVE-2018-6391 |
352 |
|
CSRF |
2018-01-29 |
2018-02-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings. |
|
32 |
CVE-2018-6388 |
78 |
|
Exec Code |
2018-01-29 |
2018-02-15 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping test arguments on the Diagnostics page. |
|
33 |
CVE-2018-6387 |
798 |
|
|
2018-01-29 |
2018-02-15 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded password of admin for the admin account, a hardcoded password of support for the support account, and a hardcoded password of user for the user account. |
|
34 |
CVE-2018-6384 |
428 |
|
Exec Code |
2018-01-31 |
2019-03-06 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unquoted Windows search path vulnerability in NSClient++ before 0.4.1.73 allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe executable in the %SYSTEMDRIVE% folder. |
|
35 |
CVE-2018-6383 |
184 |
|
Exec Code |
2018-01-29 |
2022-02-10 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048. |
|
36 |
CVE-2018-6376 |
89 |
|
Sql |
2018-01-30 |
2018-02-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message. |
|
37 |
CVE-2018-6374 |
295 |
|
|
2018-01-31 |
2018-02-24 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. This can lead to the manipulation of the Pulse Connection set. |
|
38 |
CVE-2018-6367 |
89 |
|
Sql |
2018-01-29 |
2018-02-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter. |
|
39 |
CVE-2018-6365 |
89 |
|
Sql |
2018-01-29 |
2018-02-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site.php, /pagelist.php, or /page_new.php. |
|
40 |
CVE-2018-6364 |
89 |
|
Sql |
2018-01-29 |
2018-02-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter. |
|
41 |
CVE-2018-6363 |
89 |
|
Sql |
2018-01-29 |
2020-03-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter. |
|
42 |
CVE-2018-6360 |
20 |
|
Exec Code |
2018-01-28 |
2019-03-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdl_hook.lua. For example, an av://lavfi:ladspa=file= URL signifies that the product should call dlopen on a shared object file located at an arbitrary local pathname. The issue exists because the product does not consider that youtube-dl can provide a potentially unsafe URL. |
|
43 |
CVE-2018-6359 |
416 |
|
DoS |
2018-01-27 |
2019-04-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The decompileIF function (util/decompile.c) in libming through 0.4.8 is vulnerable to a use-after-free, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file. |
|
44 |
CVE-2018-6358 |
787 |
|
DoS Overflow |
2018-01-27 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file. |
|
45 |
CVE-2018-6357 |
352 |
|
XSS CSRF |
2018-01-27 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant social_widget_icon_array_order XSS. |
|
46 |
CVE-2018-6353 |
78 |
|
|
2018-01-27 |
2018-02-15 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attacker at an unattended workstation, which makes it easier for attackers to steal Bitcoin via hook code that runs at a later time when the wallet password has been entered, a different vulnerability than CVE-2018-1000022. |
|
47 |
CVE-2018-6323 |
190 |
|
DoS Overflow |
2018-01-26 |
2019-10-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. |
|
48 |
CVE-2018-6315 |
125 |
|
DoS Overflow |
2018-01-25 |
2019-04-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The outputSWF_TEXT_RECORD function (util/outputscript.c) in libming through 0.4.8 is vulnerable to an integer overflow and resultant out-of-bounds read, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file. |
|
49 |
CVE-2018-6308 |
89 |
|
Sql |
2018-01-25 |
2018-02-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter to modules\Campaigns\Tracker.php and modules\Campaigns\utils.php, the default_currency_name parameter to modules\Configurator\controller.php and modules\Currencies\Currency.php, the duplicate parameter to modules\Contacts\ShowDuplicates.php, the mergecur parameter to modules\Currencies\index.php and modules\Opportunities\Opportunity.php, and the load_signed_id parameter to modules\Documents\Document.php. |
|
50 |
CVE-2018-6209 |
20 |
|
DoS |
2018-01-25 |
2018-02-07 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxCryptMon.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220019. |
