CVE List - 2018 / January
Showing 1 - 100 of 1273 CVEs for January 2018 (Page 1 of 13)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2017-18006 | 2018-01-01 | netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind... |
| CVE-2018-3810 | 2018-01-01 | Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter... |
| CVE-2018-3811 | 2018-01-01 | SQL Injection vulnerability in the Oturia Smart Google Code Inserter... |
| CVE-2017-18008 | 2018-01-01 | In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in... |
| CVE-2017-18009 | 2018-01-01 | In OpenCV 3.3.1, a heap-based buffer over-read exists in the... |
| CVE-2017-18010 | 2018-01-01 | The E-goi Smart Marketing SMS and Newsletters Forms plugin before... |
| CVE-2017-18011 | 2018-01-01 | The MyCBGenie Affiliate Ads for Clickbank Products plugin through 1.6... |
| CVE-2017-18012 | 2018-01-01 | The Z-URL Preview plugin 1.6.1 for WordPress has XSS via... |
| CVE-2017-18013 | 2018-01-01 | In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the... |
| CVE-2018-3813 | 2018-01-01 | getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect... |
| CVE-2018-3814 | 2018-01-01 | Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP... |
| CVE-2017-18015 | 2018-01-02 | The ILLID Share This Image plugin before 1.04 for WordPress... |
| CVE-2017-9964 | 2018-01-02 | A Path Traversal issue was discovered in Schneider Electric Pelco... |
| CVE-2017-9965 | 2018-01-02 | An exposure of sensitive information vulnerability exists in Schneider Electric's... |
| CVE-2017-9966 | 2018-01-02 | A privilege escalation vulnerability exists in Schneider Electric's Pelco VideoXpert... |
| CVE-2017-1000442 | 2018-01-02 | Passbolt API version 1.6.4 and older are vulnerable to a... |
| CVE-2017-1000443 | 2018-01-02 | Eleix Openhacker version 0.1.47 is vulnerable to a XSS vulnerability... |
| CVE-2017-1000445 | 2018-01-02 | ImageMagick 7.0.7-1 and older version are vulnerable to null pointer... |
| CVE-2017-17097 | 2018-01-02 | gps-server.net GPS Tracking Software (self hosted) 2.x has a password... |
| CVE-2017-17098 | 2018-01-02 | The writeLog function in fn_common.php in gps-server.net GPS Tracking Software... |
| CVE-2017-1000444 | 2018-01-02 | Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection... |
| CVE-2017-1000450 | 2018-01-02 | In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the... |
| CVE-2017-1000451 | 2018-01-02 | fs-git is a file system like api for git repository.... |
| CVE-2017-1000412 | 2018-01-02 | Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and... |
| CVE-2017-1000413 | 2018-01-02 | Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and... |
| CVE-2017-1000448 | 2018-01-02 | Structured Data Linter versions 2.4.1 and older are vulnerable to... |
| CVE-2017-1000452 | 2018-01-02 | An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and... |
| CVE-2017-1000453 | 2018-01-02 | CMS Made Simple version 2.1.6 and 2.2 are vulnerable to... |
| CVE-2017-1000454 | 2018-01-02 | CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty... |
| CVE-2017-1000455 | 2018-01-02 | GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links... |
| CVE-2017-1557 | 2018-01-02 | IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated... |
| CVE-2017-1000456 | 2018-01-02 | freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading... |
| CVE-2017-1000418 | 2018-01-02 | The WildMidi_Open function in WildMIDI since commit d8a466829c67cacbb1700beded25c448d99514e5 allows remote... |
| CVE-2017-1000457 | 2018-01-02 | Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal version 2.5.0.0... |
| CVE-2017-1000458 | 2018-01-02 | Bro before Bro v2.5.2 is vulnerable to an out of... |
| CVE-2017-1000421 | 2018-01-02 | Gifsicle gifview 1.89 and older is vulnerable to a use-after-free... |
| CVE-2017-1000419 | 2018-01-02 | phpBB version 3.2.0 is vulnerable to SSRF in the Remote... |
| CVE-2017-1000420 | 2018-01-02 | Syncthing version 0.14.33 and older is vulnerable to symlink traversal... |
| CVE-2017-1000422 | 2018-01-02 | Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer... |
| CVE-2017-1000423 | 2018-01-02 | b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation... |
| CVE-2017-1000424 | 2018-01-02 | Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5... |
| CVE-2017-1000430 | 2018-01-02 | rust-base64 version <= 0.5.1 is vulnerable to a buffer overflow... |
| CVE-2017-1000431 | 2018-01-02 | eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12... |
| CVE-2017-1000426 | 2018-01-02 | MapProxy version 1.10.3 and older is vulnerable to a Cross... |
| CVE-2017-1000425 | 2018-01-02 | Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay... |
| CVE-2017-1000427 | 2018-01-02 | marked version 0.3.6 and earlier is vulnerable to an XSS... |
| CVE-2017-1000432 | 2018-01-02 | Vanilla Forums below 2.1.5 are affected by CSRF leading to... |
| CVE-2017-1000433 | 2018-01-02 | pysaml2 version 4.4.0 and older accept any password when run... |
| CVE-2017-1000434 | 2018-01-02 | Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open... |
| CVE-2017-1000437 | 2018-01-02 | Creolabs Gravity 1.0 contains a stack based buffer overflow in... |
| CVE-2017-1000438 | 2018-01-02 | In OMERO 5.3.3 or earlier a user could create an... |
| CVE-2017-1000459 | 2018-01-03 | Leanote version <= 2.5 is vulnerable to XSS due to... |
| CVE-2017-1000463 | 2018-01-03 | Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripting vulnerability,... |
| CVE-2017-1000493 | 2018-01-03 | Rocket.Chat Server version 0.59 and prior is vulnerable to a... |
| CVE-2017-1000466 | 2018-01-03 | Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting... |
| CVE-2017-1000491 | 2018-01-03 | Shiba markdown live preview app version 1.1.0 is vulnerable to... |
| CVE-2017-1000492 | 2018-01-03 | Leanote-desktop version v2.5 is vulnerable to a XSS which leads... |
| CVE-2017-18017 | 2018-01-03 | The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before... |
| CVE-2018-4862 | 2018-01-03 | In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6),... |
| CVE-2018-4868 | 2018-01-03 | The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote... |
| CVE-2017-1000494 | 2018-01-03 | Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd <... |
| CVE-2017-1000499 | 2018-01-03 | phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a... |
| CVE-2017-1000495 | 2018-01-03 | QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting... |
| CVE-2017-1000496 | 2018-01-03 | Commsy version 9.0.0 is vulnerable to XXE attacks in the... |
| CVE-2017-1000497 | 2018-01-03 | Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the... |
| CVE-2017-1000498 | 2018-01-03 | AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the... |
| CVE-2017-1000501 | 2018-01-03 | Awstats version 7.6 and earlier is vulnerable to a path... |
| CVE-2017-1000467 | 2018-01-03 | LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability,... |
| CVE-2017-1000488 | 2018-01-03 | Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline... |
| CVE-2017-1000489 | 2018-01-03 | Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed... |
| CVE-2017-1000490 | 2018-01-03 | Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any... |
| CVE-2017-1000476 | 2018-01-03 | ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in... |
| CVE-2017-1000479 | 2018-01-03 | pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks... |
| CVE-2017-1000480 | 2018-01-03 | Smarty 3 before 3.1.32 is vulnerable to a PHP code... |
| CVE-2017-1000477 | 2018-01-03 | XMLBundle version 0.1.7 is vulnerable to XXE attacks which can... |
| CVE-2017-1000478 | 2018-01-03 | ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in... |
| CVE-2017-1000481 | 2018-01-03 | When you visit a page where you need to login,... |
| CVE-2017-1000482 | 2018-01-03 | A member of the Plone 2.5-5.1rc1 site could set javascript... |
| CVE-2017-1000483 | 2018-01-03 | Accessing private content via str.format in through-the-web templates and scripts... |
| CVE-2017-1000460 | 2018-01-03 | In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13,... |
| CVE-2017-1000472 | 2018-01-03 | The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before... |
| CVE-2017-1000487 | 2018-01-03 | Plexus-utils before 3.0.16 is vulnerable to command injection because it... |
| CVE-2017-1000486 | 2018-01-03 | Primetek Primefaces 5.x is vulnerable to a weak encryption flaw... |
| CVE-2017-1000461 | 2018-01-03 | Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable... |
| CVE-2017-1000462 | 2018-01-03 | BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within... |
| CVE-2017-1000469 | 2018-01-03 | Cobbler version up to 2.8.2 is vulnerable to a command... |
| CVE-2017-1000470 | 2018-01-03 | EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to... |
| CVE-2017-1000471 | 2018-01-03 | EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL... |
| CVE-2017-1000473 | 2018-01-03 | Linux Dash up to version v2 is vulnerable to multiple... |
| CVE-2017-1000484 | 2018-01-03 | By linking to a specific url in Plone 2.5-5.1rc1 with... |
| CVE-2017-1000485 | 2018-01-03 | Nylas Mail Lives 2.2.2 uses 0755 permissions for $HOME/.nylas-mail, which... |
| CVE-2018-5072 | 2018-01-03 | Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter. |
| CVE-2018-5073 | 2018-01-03 | Online Ticket Booking has CSRF via admin/movieedit.php. |
| CVE-2018-5074 | 2018-01-03 | Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter. |
| CVE-2018-5075 | 2018-01-03 | Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter. |
| CVE-2018-5076 | 2018-01-03 | Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter. |
| CVE-2018-5077 | 2018-01-03 | Online Ticket Booking has XSS via the admin/movieedit.php moviename parameter. |
| CVE-2018-5078 | 2018-01-03 | Online Ticket Booking has XSS via the admin/eventlist.php cast parameter. |
| CVE-2018-5079 | 2018-01-03 | In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local... |
| CVE-2018-5080 | 2018-01-03 | In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local... |