| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
301 |
CVE-2018-19044 |
59 |
|
|
2018-11-08 |
2019-08-06 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd. |
|
302 |
CVE-2018-18987 |
502 |
|
Exec Code |
2018-11-30 |
2018-12-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied input via a file without first checking for validity, allowing attacker supplied input to be written to known memory locations. This may cause the program to crash or allow remote code execution. |
|
303 |
CVE-2018-18983 |
119 |
|
Exec Code Overflow |
2018-11-30 |
2018-12-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
VT-Designer Version 2.1.7.31 is vulnerable by the program reading the contents of a file (which is already in memory) into another heap-based buffer, which may cause the program to crash or allow remote code execution. |
|
304 |
CVE-2018-18982 |
89 |
|
Exec Code Sql |
2018-11-27 |
2019-10-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution. |
|
305 |
CVE-2018-18980 |
611 |
|
|
2018-11-06 |
2019-01-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local files to an arbitrary remote FTP server. |
|
306 |
CVE-2018-18966 |
|
|
|
2018-11-06 |
2020-08-24 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but Internet Explorer render HTML elements in a .eml file. |
|
307 |
CVE-2018-18965 |
|
|
|
2018-11-06 |
2020-08-24 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename). |
|
308 |
CVE-2018-18964 |
|
|
|
2018-11-06 |
2020-08-24 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several extensions in which contained HTML can be executed, such as the svg extension. |
|
309 |
CVE-2018-18963 |
89 |
|
Sql |
2018-11-06 |
2018-12-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de E-commerce allows SQL Injection via the busca/ URI. |
|
310 |
CVE-2018-18957 |
787 |
|
Overflow |
2018-11-05 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c. |
|
311 |
CVE-2018-18956 |
119 |
|
DoS Overflow |
2018-11-05 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service (segfault and daemon crash) via crafted input to the SMTP parser, as exploited in the wild in November 2018. |
|
312 |
CVE-2018-18955 |
863 |
|
Bypass |
2018-11-16 |
2020-08-24 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction. |
|
313 |
CVE-2018-18954 |
125 |
|
|
2018-11-15 |
2019-05-31 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory. |
|
314 |
CVE-2018-18952 |
79 |
|
XSS |
2018-11-05 |
2018-12-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
JEECMS 9.3 has XSS via an index.do#/content/update?type=update URI. |
|
315 |
CVE-2018-18950 |
22 |
|
Dir. Trav. |
2018-11-05 |
2018-12-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication. |
|
316 |
CVE-2018-18949 |
89 |
|
Sql |
2018-11-05 |
2021-05-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings. |
|
317 |
CVE-2018-18943 |
79 |
|
XSS |
2018-11-05 |
2018-12-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the data[UploaderCategory][name] parameter to an admin/uploader/uploader_categories/edit URI. |
|
318 |
CVE-2018-18942 |
434 |
|
Exec Code |
2018-11-05 |
2020-08-24 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter. |
|
319 |
CVE-2018-18939 |
79 |
|
XSS |
2018-11-05 |
2018-11-15 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field. |
|
320 |
CVE-2018-18938 |
79 |
|
XSS |
2018-11-05 |
2018-11-16 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field. |
|
321 |
CVE-2018-18937 |
476 |
|
|
2018-11-05 |
2018-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in ClientDataSet_getValues in client/ied_connection.c. |
|
322 |
CVE-2018-18936 |
22 |
|
Dir. Trav. |
2018-11-05 |
2018-12-11 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
An issue was discovered in PopojiCMS v2.0.1. admin_library.php allows remote attackers to delete arbitrary files via directory traversal in the po-admin/route.php?mod=library&act=delete id parameter. |
|
323 |
CVE-2018-18935 |
352 |
|
CSRF |
2018-11-05 |
2018-12-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=component&act=addnew URI, as demonstrated by adding a level=1 account. |
|
324 |
CVE-2018-18934 |
352 |
|
Exec Code CSRF |
2018-11-05 |
2018-12-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code (that is extracted and can be executed). This can also be exploited via CSRF. |
|
325 |
CVE-2018-18933 |
125 |
|
DoS +Info |
2018-11-05 |
2019-01-30 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader!safe_vsnprintf+0x00000000002c4330" issue. |
|
326 |
CVE-2018-18928 |
190 |
|
Overflow |
2018-11-04 |
2019-01-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp. |
|
327 |
CVE-2018-18927 |
79 |
|
XSS |
2018-11-04 |
2018-12-11 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement. |
|
328 |
CVE-2018-18926 |
384 |
|
Exec Code |
2018-11-04 |
2019-01-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron. |
|
329 |
CVE-2018-18925 |
384 |
|
Exec Code |
2018-11-04 |
2019-01-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron. |
|
330 |
CVE-2018-18924 |
459 |
|
Exec Code |
2018-11-04 |
2020-08-24 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message. |
|
331 |
CVE-2018-18920 |
119 |
|
Exec Code Overflow |
2018-11-12 |
2019-02-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation._stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed indefinitely without gas being paid." |
|
332 |
CVE-2018-18919 |
79 |
|
XSS |
2018-11-04 |
2018-12-11 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
The WP Editor.md plugin 10.0.1 for WordPress allows XSS via the comment area. |
|
333 |
CVE-2018-18915 |
835 |
|
DoS |
2018-11-03 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack. |
|
334 |
CVE-2018-18909 |
79 |
|
XSS |
2018-11-03 |
2018-12-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view. |
|
335 |
CVE-2018-18903 |
94 |
|
Exec Code |
2018-11-03 |
2018-12-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vanilla 2.6.x before 2.6.4 allows remote code execution. |
|
336 |
CVE-2018-18897 |
772 |
|
|
2018-11-02 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. |
|
337 |
CVE-2018-18892 |
94 |
|
Exec Code |
2018-11-01 |
2018-12-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php. |
|
338 |
CVE-2018-18891 |
287 |
|
|
2018-11-01 |
2018-12-03 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late. |
|
339 |
CVE-2018-18890 |
22 |
|
Dir. Trav. |
2018-11-01 |
2018-12-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename. |
|
340 |
CVE-2018-18888 |
434 |
|
|
2018-11-01 |
2019-01-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed. |
|
341 |
CVE-2018-18887 |
89 |
|
Sql |
2018-11-01 |
2018-12-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field). |
|
342 |
CVE-2018-18883 |
476 |
|
DoS |
2018-11-01 |
2019-01-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is not properly restricted. |
|
343 |
CVE-2018-18865 |
200 |
|
+Info |
2018-11-20 |
2021-09-08 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure. |
|
344 |
CVE-2018-18864 |
79 |
|
XSS |
2018-11-20 |
2018-12-31 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed. |
|
345 |
CVE-2018-18861 |
119 |
|
Exec Code Overflow |
2018-11-20 |
2018-12-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command. |
|
346 |
CVE-2018-18860 |
|
|
|
2018-11-30 |
2020-05-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A local privilege escalation vulnerability has been identified in the SwitchVPN client 2.1012.03 for macOS. Due to over-permissive configuration settings and a SUID binary, an attacker is able to execute arbitrary binaries as root. |
|
347 |
CVE-2018-18859 |
78 |
|
Exec Code |
2018-11-20 |
2020-05-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the value of the "tun_path" or "tap_path" pathname in a kextload() call. |
|
348 |
CVE-2018-18858 |
78 |
|
Exec Code |
2018-11-20 |
2020-05-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "tun_path" or "tap_path" pathname within a shell command. |
|
349 |
CVE-2018-18857 |
78 |
|
Exec Code |
2018-11-20 |
2020-05-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "command_line" parameter as a shell command. |
|
350 |
CVE-2018-18856 |
78 |
|
Exec Code |
2018-11-20 |
2020-05-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "openvpncmd" parameter as a shell command. |
