| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
101 |
CVE-2018-19436 |
89 |
|
Sql |
2018-11-22 |
2018-12-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter. |
|
102 |
CVE-2018-19435 |
89 |
|
Sql |
2018-11-22 |
2018-12-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter. |
|
103 |
CVE-2018-19434 |
89 |
|
Sql |
2018-11-22 |
2018-12-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear_ parameter. |
|
104 |
CVE-2018-19433 |
79 |
|
XSS |
2018-11-22 |
2018-12-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value. |
|
105 |
CVE-2018-19432 |
476 |
|
DoS |
2018-11-22 |
2019-06-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. |
|
106 |
CVE-2018-19424 |
434 |
|
|
2018-11-21 |
2018-12-27 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files. |
|
107 |
CVE-2018-19423 |
434 |
|
Exec Code |
2018-11-21 |
2022-02-19 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file. |
|
108 |
CVE-2018-19422 |
434 |
|
Exec Code |
2018-11-21 |
2021-05-26 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these. |
|
109 |
CVE-2018-19421 |
434 |
|
|
2018-11-21 |
2018-12-28 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. |
|
110 |
CVE-2018-19420 |
434 |
|
|
2018-11-21 |
2018-12-28 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. |
|
111 |
CVE-2018-19417 |
119 |
|
Exec Code Overflow |
2018-11-21 |
2019-02-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH (default 64) bytes, and a length check is missing. This could lead to Remote Code Execution via a stack-smashing attack (overwriting the function return address). Contiki-NG does not separate the MQTT server from other servers and the OS modules, so access to all memory regions is possible. |
|
112 |
CVE-2018-19416 |
125 |
|
|
2018-11-21 |
2018-12-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memmove call, as demonstrated by sadf. |
|
113 |
CVE-2018-19411 |
269 |
|
|
2018-11-21 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including administrator) via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights. |
|
114 |
CVE-2018-19410 |
|
|
File Inclusion |
2018-11-21 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local File Inclusion attack, by including /api/addusers and executing it. By providing the 'id' and 'users' parameters, an unauthenticated attacker can create a user with read-write privileges (including administrator). |
|
115 |
CVE-2018-19409 |
|
|
|
2018-11-21 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. |
|
116 |
CVE-2018-19407 |
476 |
|
DoS |
2018-11-21 |
2019-03-21 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized. |
|
117 |
CVE-2018-19406 |
476 |
|
DoS |
2018-11-21 |
2018-12-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where the apic map is uninitialized. |
|
118 |
CVE-2018-19404 |
94 |
|
Exec Code |
2018-11-21 |
2018-12-19 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url= followed by that URL. This is related to the onlineinstall and import functions. |
|
119 |
CVE-2018-19396 |
502 |
|
DoS |
2018-11-20 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class. |
|
120 |
CVE-2018-19395 |
476 |
|
DoS |
2018-11-20 |
2018-12-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM("WScript.Shell"). |
|
121 |
CVE-2018-19390 |
125 |
|
DoS |
2018-11-20 |
2018-12-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via TIFF data because of a ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification issue. |
|
122 |
CVE-2018-19389 |
125 |
|
DoS |
2018-11-20 |
2018-12-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via BMP data because of a ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification issue. |
|
123 |
CVE-2018-19388 |
125 |
|
DoS |
2018-11-20 |
2018-12-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read, access violation, and application crash) via TIFF data because of a ConvertToPDF_x86!ReleaseFXURLToHtml issue. |
|
124 |
CVE-2018-19387 |
|
|
DoS |
2018-11-20 |
2018-11-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
format_cb_pane_tabs in format.c in tmux 2.7 through 2.8 might allow attackers to cause a denial of service (NULL Pointer Dereference and application crash) by arranging for a malloc failure. |
|
125 |
CVE-2018-19376 |
352 |
|
CSRF |
2018-11-20 |
2018-12-18 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to delete a log file via the index.php?m=admin&c=data&a=clear URI. |
|
126 |
CVE-2018-19370 |
362 |
|
Exec Code |
2018-11-28 |
2019-01-31 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php in the Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allows an SEO Manager to perform command execution on the Operating System via a ZIP import. |
|
127 |
CVE-2018-19367 |
|
|
|
2018-11-20 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case. |
|
128 |
CVE-2018-19358 |
|
|
|
2018-11-18 |
2020-08-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used. |
|
129 |
CVE-2018-19355 |
434 |
|
Exec Code |
2018-11-19 |
2020-06-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfiles), order (for upload destinations under modules/files), or cart (for upload destinations under modules/cartfiles). |
|
130 |
CVE-2018-19353 |
125 |
|
DoS |
2018-11-18 |
2018-12-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The ansilove_ansi function in loaders/ansi.c in libansilove 1.0.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. |
|
131 |
CVE-2018-19352 |
79 |
|
XSS |
2018-11-18 |
2018-12-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely. |
|
132 |
CVE-2018-19351 |
79 |
|
XSS |
2018-11-18 |
2020-11-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py, NbconvertFileHandler and NbconvertPostHandler do not set a Content Security Policy to prevent this. |
|
133 |
CVE-2018-19350 |
79 |
|
XSS |
2018-11-17 |
2018-12-17 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element. |
|
134 |
CVE-2018-19349 |
89 |
|
Sql |
2018-11-17 |
2018-12-17 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php. |
|
135 |
CVE-2018-19348 |
125 |
|
DoS +Info |
2018-11-17 |
2018-12-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x000000000012dff5" issue. |
|
136 |
CVE-2018-19347 |
125 |
|
DoS +Info |
2018-11-17 |
2018-12-27 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x00000000000d11bb" issue. |
|
137 |
CVE-2018-19346 |
125 |
|
DoS +Info |
2018-11-17 |
2018-12-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x00000000000d11ea" issue. |
|
138 |
CVE-2018-19345 |
125 |
|
DoS +Info |
2018-11-17 |
2018-12-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at U3DBrowser!PlugInMain+0x0000000000053f8b" issue. |
|
139 |
CVE-2018-19344 |
125 |
|
DoS +Info |
2018-11-17 |
2018-12-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address may be used as a return value starting at U3DBrowser!PlugInMain+0x0000000000031a75" issue. |
|
140 |
CVE-2018-19343 |
125 |
|
DoS +Info |
2018-11-17 |
2018-12-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read), obtain sensitive information, or possibly have unspecified other impact via a U3D sample because of a "Data from Faulting Address controls Code Flow starting at U3DBrowser!PlugInMain+0x00000000000f43ff" issue. |
|
141 |
CVE-2018-19342 |
125 |
|
DoS +Info |
2018-11-17 |
2018-12-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation starting at U3DBrowser+0x000000000000347a" issue. |
|
142 |
CVE-2018-19341 |
125 |
|
DoS +Info |
2018-11-17 |
2018-12-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader!std::basic_ostream >::operator<<+0x0000000000087906" issue. |
|
143 |
CVE-2018-19340 |
79 |
|
XSS |
2018-11-17 |
2018-12-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Guriddo Form PHP 5.3 has XSS via the demos/jqform/defaultnodb/default.php OrderID, ShipName, ShipAddress, ShipCity, ShipPostalCode, ShipCountry, Freight, or details parameter. |
|
144 |
CVE-2018-19335 |
352 |
|
+Info CSRF |
2018-11-20 |
2020-08-24 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports. |
|
145 |
CVE-2018-19334 |
352 |
|
+Info CSRF |
2018-11-20 |
2018-12-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports. |
|
146 |
CVE-2018-19333 |
|
|
|
2018-11-17 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows attackers to overwrite memory locations in processes running as root (but not escape the sandbox) via vectors involving IPC_RMID shmctl calls, because reference counting is mishandled. |
|
147 |
CVE-2018-19332 |
352 |
|
CSRF |
2018-11-17 |
2018-12-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI. |
|
148 |
CVE-2018-19331 |
89 |
|
Sql |
2018-11-17 |
2018-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter. |
|
149 |
CVE-2018-19329 |
22 |
|
Dir. Trav. |
2018-11-17 |
2020-08-24 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
GreenCMS v2.3.0603 allows remote authenticated administrators to delete arbitrary files by modifying a base64-encoded pathname in an m=admin&c=media&a=delfilehandle&id= call, related to the m=admin&c=media&a=restorefile delete button. |
|
150 |
CVE-2018-19328 |
22 |
|
Dir. Trav. |
2018-11-17 |
2020-05-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal. |
