| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
651 |
CVE-2018-18909 |
79 |
|
XSS |
2018-11-03 |
2018-12-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view. |
|
652 |
CVE-2018-18915 |
835 |
|
DoS |
2018-11-03 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack. |
|
653 |
CVE-2018-18919 |
79 |
|
XSS |
2018-11-04 |
2018-12-11 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
The WP Editor.md plugin 10.0.1 for WordPress allows XSS via the comment area. |
|
654 |
CVE-2018-18920 |
119 |
|
Exec Code Overflow |
2018-11-12 |
2019-02-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation._stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed indefinitely without gas being paid." |
|
655 |
CVE-2018-18924 |
459 |
|
Exec Code |
2018-11-04 |
2020-08-24 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message. |
|
656 |
CVE-2018-18925 |
384 |
|
Exec Code |
2018-11-04 |
2019-01-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron. |
|
657 |
CVE-2018-18926 |
384 |
|
Exec Code |
2018-11-04 |
2019-01-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron. |
|
658 |
CVE-2018-18927 |
79 |
|
XSS |
2018-11-04 |
2018-12-11 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement. |
|
659 |
CVE-2018-18928 |
190 |
|
Overflow |
2018-11-04 |
2019-01-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp. |
|
660 |
CVE-2018-18933 |
125 |
|
DoS +Info |
2018-11-05 |
2019-01-30 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader!safe_vsnprintf+0x00000000002c4330" issue. |
|
661 |
CVE-2018-18934 |
352 |
|
Exec Code CSRF |
2018-11-05 |
2018-12-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code (that is extracted and can be executed). This can also be exploited via CSRF. |
|
662 |
CVE-2018-18935 |
352 |
|
CSRF |
2018-11-05 |
2018-12-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=component&act=addnew URI, as demonstrated by adding a level=1 account. |
|
663 |
CVE-2018-18936 |
22 |
|
Dir. Trav. |
2018-11-05 |
2018-12-11 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
An issue was discovered in PopojiCMS v2.0.1. admin_library.php allows remote attackers to delete arbitrary files via directory traversal in the po-admin/route.php?mod=library&act=delete id parameter. |
|
664 |
CVE-2018-18937 |
476 |
|
|
2018-11-05 |
2018-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in ClientDataSet_getValues in client/ied_connection.c. |
|
665 |
CVE-2018-18938 |
79 |
|
XSS |
2018-11-05 |
2018-11-16 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field. |
|
666 |
CVE-2018-18939 |
79 |
|
XSS |
2018-11-05 |
2018-11-15 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field. |
|
667 |
CVE-2018-18942 |
434 |
|
Exec Code |
2018-11-05 |
2020-08-24 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter. |
|
668 |
CVE-2018-18943 |
79 |
|
XSS |
2018-11-05 |
2018-12-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the data[UploaderCategory][name] parameter to an admin/uploader/uploader_categories/edit URI. |
|
669 |
CVE-2018-18949 |
89 |
|
Sql |
2018-11-05 |
2021-05-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings. |
|
670 |
CVE-2018-18950 |
22 |
|
Dir. Trav. |
2018-11-05 |
2018-12-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication. |
|
671 |
CVE-2018-18952 |
79 |
|
XSS |
2018-11-05 |
2018-12-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
JEECMS 9.3 has XSS via an index.do#/content/update?type=update URI. |
|
672 |
CVE-2018-18954 |
125 |
|
|
2018-11-15 |
2019-05-31 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory. |
|
673 |
CVE-2018-18955 |
863 |
|
Bypass |
2018-11-16 |
2020-08-24 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction. |
|
674 |
CVE-2018-18956 |
119 |
|
DoS Overflow |
2018-11-05 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service (segfault and daemon crash) via crafted input to the SMTP parser, as exploited in the wild in November 2018. |
|
675 |
CVE-2018-18957 |
787 |
|
Overflow |
2018-11-05 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c. |
|
676 |
CVE-2018-18963 |
89 |
|
Sql |
2018-11-06 |
2018-12-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de E-commerce allows SQL Injection via the busca/ URI. |
|
677 |
CVE-2018-18964 |
|
|
|
2018-11-06 |
2020-08-24 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several extensions in which contained HTML can be executed, such as the svg extension. |
|
678 |
CVE-2018-18965 |
|
|
|
2018-11-06 |
2020-08-24 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename). |
|
679 |
CVE-2018-18966 |
|
|
|
2018-11-06 |
2020-08-24 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but Internet Explorer render HTML elements in a .eml file. |
|
680 |
CVE-2018-18980 |
611 |
|
|
2018-11-06 |
2019-01-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local files to an arbitrary remote FTP server. |
|
681 |
CVE-2018-18982 |
89 |
|
Exec Code Sql |
2018-11-27 |
2019-10-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution. |
|
682 |
CVE-2018-18983 |
119 |
|
Exec Code Overflow |
2018-11-30 |
2018-12-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
VT-Designer Version 2.1.7.31 is vulnerable by the program reading the contents of a file (which is already in memory) into another heap-based buffer, which may cause the program to crash or allow remote code execution. |
|
683 |
CVE-2018-18987 |
502 |
|
Exec Code |
2018-11-30 |
2018-12-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied input via a file without first checking for validity, allowing attacker supplied input to be written to known memory locations. This may cause the program to crash or allow remote code execution. |
|
684 |
CVE-2018-19044 |
59 |
|
|
2018-11-08 |
2019-08-06 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd. |
|
685 |
CVE-2018-19045 |
200 |
|
+Info |
2018-11-08 |
2019-03-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information. |
|
686 |
CVE-2018-19046 |
200 |
|
+Info |
2018-11-08 |
2019-03-13 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information. |
|
687 |
CVE-2018-19047 |
918 |
|
|
2018-11-07 |
2019-02-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '<img src="http://192.168' substring that triggers a call to getImage in Image/ImageProcessor.php. NOTE: the software maintainer disputes this, stating "If you allow users to pass HTML without sanitising it, you're asking for trouble." |
|
688 |
CVE-2018-19050 |
79 |
|
XSS |
2018-11-07 |
2018-12-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter. |
|
689 |
CVE-2018-19051 |
79 |
|
XSS |
2018-11-07 |
2018-12-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter. |
|
690 |
CVE-2018-19052 |
22 |
|
Dir. Trav. |
2018-11-07 |
2022-03-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character. |
|
691 |
CVE-2018-19053 |
94 |
|
Exec Code |
2018-11-07 |
2018-12-12 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL general_log_file" statement, followed by a SELECT statement containing this PHP code. |
|
692 |
CVE-2018-19056 |
79 |
|
XSS |
2018-11-07 |
2018-12-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
pandao Editor.md 1.5.0 has DOM XSS via input starting with a "<<" substring, which is mishandled during construction of an A element. |
|
693 |
CVE-2018-19057 |
79 |
|
XSS |
2018-11-07 |
2018-12-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with [ and ( characters, which is mishandled during construction of an A element. |
|
694 |
CVE-2018-19058 |
670 |
|
DoS |
2018-11-07 |
2020-11-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file. |
|
695 |
CVE-2018-19059 |
125 |
|
DoS |
2018-11-07 |
2019-08-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts. |
|
696 |
CVE-2018-19060 |
476 |
|
DoS |
2018-11-07 |
2019-08-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path. |
|
697 |
CVE-2018-19061 |
89 |
|
Sql |
2018-11-07 |
2018-12-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter. |
|
698 |
CVE-2018-19063 |
798 |
|
|
2018-11-07 |
2018-12-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The admin account has a blank password. |
|
699 |
CVE-2018-19064 |
521 |
|
|
2018-11-07 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ftpuser1 account has a blank password, which cannot be changed. |
|
700 |
CVE-2018-19065 |
798 |
|
|
2018-11-07 |
2018-12-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The exported device configuration is encrypted with the hardcoded BpP+2R9*Q password in some cases. |
