# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
851 |
CVE-2018-19349 |
89 |
|
Sql |
2018-11-17 |
2018-12-17 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php. |
852 |
CVE-2018-19350 |
79 |
|
XSS |
2018-11-17 |
2018-12-17 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element. |
853 |
CVE-2018-19351 |
79 |
|
XSS |
2018-11-18 |
2020-11-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py, NbconvertFileHandler and NbconvertPostHandler do not set a Content Security Policy to prevent this. |
854 |
CVE-2018-19352 |
79 |
|
XSS |
2018-11-18 |
2018-12-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely. |
855 |
CVE-2018-19353 |
125 |
|
DoS |
2018-11-18 |
2018-12-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The ansilove_ansi function in loaders/ansi.c in libansilove 1.0.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. |
856 |
CVE-2018-19355 |
434 |
|
Exec Code |
2018-11-19 |
2020-06-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfiles), order (for upload destinations under modules/files), or cart (for upload destinations under modules/cartfiles). |
857 |
CVE-2018-19358 |
|
|
|
2018-11-18 |
2020-08-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used. |
858 |
CVE-2018-19367 |
|
|
|
2018-11-20 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case. |
859 |
CVE-2018-19370 |
362 |
|
Exec Code |
2018-11-28 |
2019-01-31 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php in the Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allows an SEO Manager to perform command execution on the Operating System via a ZIP import. |
860 |
CVE-2018-19376 |
352 |
|
CSRF |
2018-11-20 |
2018-12-18 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to delete a log file via the index.php?m=admin&c=data&a=clear URI. |
861 |
CVE-2018-19387 |
|
|
DoS |
2018-11-20 |
2018-11-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
format_cb_pane_tabs in format.c in tmux 2.7 through 2.8 might allow attackers to cause a denial of service (NULL Pointer Dereference and application crash) by arranging for a malloc failure. |
862 |
CVE-2018-19388 |
125 |
|
DoS |
2018-11-20 |
2018-12-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read, access violation, and application crash) via TIFF data because of a ConvertToPDF_x86!ReleaseFXURLToHtml issue. |
863 |
CVE-2018-19389 |
125 |
|
DoS |
2018-11-20 |
2018-12-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via BMP data because of a ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification issue. |
864 |
CVE-2018-19390 |
125 |
|
DoS |
2018-11-20 |
2018-12-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via TIFF data because of a ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification issue. |
865 |
CVE-2018-19395 |
476 |
|
DoS |
2018-11-20 |
2018-12-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM("WScript.Shell"). |
866 |
CVE-2018-19396 |
502 |
|
DoS |
2018-11-20 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class. |
867 |
CVE-2018-19404 |
94 |
|
Exec Code |
2018-11-21 |
2018-12-19 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url= followed by that URL. This is related to the onlineinstall and import functions. |
868 |
CVE-2018-19406 |
476 |
|
DoS |
2018-11-21 |
2018-12-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where the apic map is uninitialized. |
869 |
CVE-2018-19407 |
476 |
|
DoS |
2018-11-21 |
2019-03-21 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized. |
870 |
CVE-2018-19409 |
|
|
|
2018-11-21 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. |
871 |
CVE-2018-19410 |
|
|
File Inclusion |
2018-11-21 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local File Inclusion attack, by including /api/addusers and executing it. By providing the 'id' and 'users' parameters, an unauthenticated attacker can create a user with read-write privileges (including administrator). |
872 |
CVE-2018-19411 |
269 |
|
|
2018-11-21 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including administrator) via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights. |
873 |
CVE-2018-19416 |
125 |
|
|
2018-11-21 |
2018-12-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memmove call, as demonstrated by sadf. |
874 |
CVE-2018-19417 |
119 |
|
Exec Code Overflow |
2018-11-21 |
2019-02-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH (default 64) bytes, and a length check is missing. This could lead to Remote Code Execution via a stack-smashing attack (overwriting the function return address). Contiki-NG does not separate the MQTT server from other servers and the OS modules, so access to all memory regions is possible. |
875 |
CVE-2018-19420 |
434 |
|
|
2018-11-21 |
2018-12-28 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. |
876 |
CVE-2018-19421 |
434 |
|
|
2018-11-21 |
2018-12-28 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. |
877 |
CVE-2018-19422 |
434 |
|
Exec Code |
2018-11-21 |
2021-05-26 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these. |
878 |
CVE-2018-19423 |
434 |
|
Exec Code |
2018-11-21 |
2022-02-19 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file. |
879 |
CVE-2018-19424 |
434 |
|
|
2018-11-21 |
2018-12-27 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files. |
880 |
CVE-2018-19432 |
476 |
|
DoS |
2018-11-22 |
2019-06-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. |
881 |
CVE-2018-19433 |
79 |
|
XSS |
2018-11-22 |
2018-12-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value. |
882 |
CVE-2018-19434 |
89 |
|
Sql |
2018-11-22 |
2018-12-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear_ parameter. |
883 |
CVE-2018-19435 |
89 |
|
Sql |
2018-11-22 |
2018-12-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter. |
884 |
CVE-2018-19436 |
89 |
|
Sql |
2018-11-22 |
2018-12-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter. |
885 |
CVE-2018-19437 |
|
|
|
2018-11-22 |
2019-10-03 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash] is used for arbitrary cookie values that are set and not empty. |
886 |
CVE-2018-19443 |
384 |
|
|
2018-11-22 |
2018-12-20 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. This connection attempt fails, but it contains in the header the current session of the user. This session could then be stolen by a man-in-the-middle. |
887 |
CVE-2018-19457 |
434 |
|
Exec Code |
2018-11-22 |
2018-12-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file. |
888 |
CVE-2018-19458 |
287 |
|
|
2018-11-22 |
2018-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246. |
889 |
CVE-2018-19459 |
119 |
|
Overflow |
2018-11-22 |
2018-12-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List file. |
890 |
CVE-2018-19463 |
94 |
|
Exec Code |
2018-11-22 |
2019-03-06 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
** DISPUTED ** zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI. NOTE: The vendor's position is "We have no dynamic including. No one can run PHP by uploading an image in current version." It also requires authentication. |
891 |
CVE-2018-19464 |
79 |
|
XSS |
2018-11-22 |
2020-01-17 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code. |
892 |
CVE-2018-19468 |
89 |
|
Sql |
2018-11-23 |
2018-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI. |
893 |
CVE-2018-19469 |
79 |
|
XSS |
2018-11-23 |
2018-12-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
ArticleCMS through 2017-02-19 has XSS via the /update_personal_infomation realname or email parameter. |
894 |
CVE-2018-19475 |
|
|
Bypass |
2018-11-23 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. |
895 |
CVE-2018-19476 |
704 |
|
Bypass |
2018-11-23 |
2019-04-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. |
896 |
CVE-2018-19477 |
704 |
|
Bypass |
2018-11-23 |
2019-04-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. |
897 |
CVE-2018-19486 |
426 |
|
Exec Code |
2018-11-23 |
2019-04-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017. |
898 |
CVE-2018-19490 |
787 |
|
Overflow |
2018-11-23 |
2020-09-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function. |
899 |
CVE-2018-19491 |
119 |
|
Overflow |
2018-11-23 |
2020-09-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot postscript terminal is used as a backend. |
900 |
CVE-2018-19492 |
119 |
|
Overflow |
2018-11-23 |
2020-09-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend. |