CVE List - 2018 / November
Showing 1 - 100 of 983 CVEs for November 2018 (Page 1 of 10)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-18883 | 2018-11-01 | An issue was discovered in Xen 4.9.x through 4.11.x, on... |
| CVE-2018-18887 | 2018-11-01 | S-CMS PHP 1.0 has SQL injection in member/member_news.php via the... |
| CVE-2018-18888 | 2018-11-01 | An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows... |
| CVE-2018-18890 | 2018-11-01 | MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an... |
| CVE-2018-18891 | 2018-11-01 | MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication... |
| CVE-2018-18892 | 2018-11-01 | MiniCMS 1.10 allows execution of arbitrary PHP code via the... |
| CVE-2016-2120 | 2018-11-01 | An issue has been found in PowerDNS Authoritative Server versions... |
| CVE-2016-2123 | 2018-11-01 | A flaw was found in samba versions 4.0.0 to 4.5.2.... |
| CVE-2018-15454 | 2018-11-01 | Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerability |
| CVE-2018-14660 | 2018-11-01 | A flaw was found in glusterfs server through versions 4.1.4... |
| CVE-2018-7356 | 2018-11-01 | All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product... |
| CVE-2018-3900 | 2018-11-01 | An exploitable code execution vulnerability exists in the QR code... |
| CVE-2018-3910 | 2018-11-01 | An exploitable code execution vulnerability exists in the cloud OTA... |
| CVE-2018-3928 | 2018-11-01 | An exploitable code execution vulnerability exists in the firmware update... |
| CVE-2018-3947 | 2018-11-01 | An exploitable information disclosure vulnerability exists in the phone-to-camera communications... |
| CVE-2018-3977 | 2018-11-01 | An exploitable code execution vulnerability exists in the XCF image... |
| CVE-2018-10586 | 2018-11-01 | NetGain Enterprise Manager (EM) is affected by multiple Stored Cross-Site... |
| CVE-2018-10587 | 2018-11-01 | NetGain Enterprise Manager (EM) is affected by OS Command Injection... |
| CVE-2018-18695 | 2018-11-01 | M2SOFT Report Designer Viewer 5.0 allows a Buffer Overflow with... |
| CVE-2018-18714 | 2018-11-01 | RegFilter.sys in IOBit Malware Fighter 6.2 and earlier is susceptible... |
| CVE-2018-18775 | 2018-11-01 | Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs,... |
| CVE-2018-18776 | 2018-11-01 | Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs,... |
| CVE-2018-18777 | 2018-11-01 | Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb"... |
| CVE-2018-6011 | 2018-11-01 | The time-based one-time-password (TOTP) function in the application logic of... |
| CVE-2018-6012 | 2018-11-01 | The 'Weather Service' feature of the Green Electronics RainMachine Mini-8... |
| CVE-2018-6906 | 2018-11-01 | A persistent Cross Site Scripting (XSS) vulnerability in the Green... |
| CVE-2018-6907 | 2018-11-01 | A Cross Site Request Forgery (CSRF) vulnerability in the Green... |
| CVE-2018-6908 | 2018-11-01 | An authentication bypass vulnerability exists in the Green Electronics RainMachine... |
| CVE-2018-6909 | 2018-11-01 | A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8... |
| CVE-2018-18897 | 2018-11-02 | An issue was discovered in Poppler 0.71.0. There is a... |
| CVE-2018-17914 | 2018-11-02 | InduSoft Web Studio versions prior to 8.1 SP2, and InTouch... |
| CVE-2018-17916 | 2018-11-02 | InduSoft Web Studio versions prior to 8.1 SP2, and InTouch... |
| CVE-2018-17912 | 2018-11-02 | An XXE vulnerability exists in CASE Suite Versions 3.10 and... |
| CVE-2018-17918 | 2018-11-02 | Circontrol CirCarLife all versions prior to 4.3.1, authentication to the... |
| CVE-2018-17922 | 2018-11-02 | Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials... |
| CVE-2017-1609 | 2018-11-02 | IBM Quality Manager (RQM) 5.0 through 5.0.2 and 6.0 through... |
| CVE-2018-1552 | 2018-11-02 | IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0... |
| CVE-2018-1788 | 2018-11-02 | IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly... |
| CVE-2018-1835 | 2018-11-02 | IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable... |
| CVE-2018-1846 | 2018-11-02 | IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0... |
| CVE-2018-1876 | 2018-11-02 | IBM Robotic Process Automation with Automation Anywhere 11 could under... |
| CVE-2018-1877 | 2018-11-02 | IBM Robotic Process Automation with Automation Anywhere 11 could store... |
| CVE-2018-1878 | 2018-11-02 | IBM Robotic Process Automation with Automation Anywhere 11 could disclose... |
| CVE-2018-3890 | 2018-11-02 | An exploitable code execution vulnerability exists in the firmware update... |
| CVE-2018-3891 | 2018-11-02 | An exploitable firmware downgrade vulnerability exists in the firmware update... |
| CVE-2018-3892 | 2018-11-02 | An exploitable firmware downgrade vulnerability exists in the time syncing... |
| CVE-2018-3898 | 2018-11-02 | An exploitable code execution vulnerability exists in the QR code... |
| CVE-2018-3899 | 2018-11-02 | An exploitable code execution vulnerability exists in the QR code... |
| CVE-2018-3920 | 2018-11-02 | An exploitable code execution vulnerability exists in the firmware update... |
| CVE-2018-3934 | 2018-11-02 | An exploitable code execution vulnerability exists in the firmware update... |
| CVE-2018-3935 | 2018-11-02 | An exploitable code execution vulnerability exists in the UDP network... |
| CVE-2018-7798 | 2018-11-02 | A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in... |
| CVE-2018-7799 | 2018-11-02 | A DLL hijacking vulnerability exists in Schneider Electric Software Update... |
| CVE-2018-16849 | 2018-11-02 | A flaw was found in openstack-mistral. By manipulating the SSH... |
| CVE-2018-16847 | 2018-11-02 | An OOB heap buffer r/w access issue was found in... |
| CVE-2018-11062 | 2018-11-02 | Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability |
| CVE-2018-15762 | 2018-11-02 | Pivotal Operations Manager gives all users heightened privileges |
| CVE-2018-18915 | 2018-11-03 | There is an infinite loop in the Exiv2::Image::printIFDStructure function of... |
| CVE-2018-18903 | 2018-11-03 | Vanilla 2.6.x before 2.6.4 allows remote code execution. |
| CVE-2018-18909 | 2018-11-03 | xhEditor 1.2.2 allows XSS via JavaScript code in the SRC... |
| CVE-2018-18919 | 2018-11-04 | The WP Editor.md plugin 10.0.1 for WordPress allows XSS via... |
| CVE-2018-18924 | 2018-11-04 | The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to... |
| CVE-2018-18925 | 2018-11-04 | Gogs 0.11.66 allows remote code execution because it does not... |
| CVE-2018-18926 | 2018-11-04 | Gitea before 1.5.4 allows remote code execution because it does... |
| CVE-2018-18927 | 2018-11-04 | An issue was discovered in PublicCMS V4.0. It allows XSS... |
| CVE-2018-18928 | 2018-11-04 | International Components for Unicode (ICU) for C/C++ 63.1 has an... |
| CVE-2018-18933 | 2018-11-05 | The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit... |
| CVE-2018-18934 | 2018-11-05 | An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable... |
| CVE-2018-18935 | 2018-11-05 | An issue was discovered in PopojiCMS v2.0.1. It has CSRF... |
| CVE-2018-18936 | 2018-11-05 | An issue was discovered in PopojiCMS v2.0.1. admin_library.php allows remote... |
| CVE-2018-18937 | 2018-11-05 | An issue has been found in libIEC61850 v1.3. It is... |
| CVE-2018-18938 | 2018-11-05 | An issue was discovered in WUZHI CMS 4.1.0. There is... |
| CVE-2018-18939 | 2018-11-05 | An issue was discovered in WUZHI CMS 4.1.0. There is... |
| CVE-2018-18942 | 2018-11-05 | In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute... |
| CVE-2018-18943 | 2018-11-05 | An issue was discovered in baserCMS before 4.1.4. In the... |
| CVE-2018-18949 | 2018-11-05 | Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via... |
| CVE-2018-18950 | 2018-11-05 | KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php.... |
| CVE-2018-18952 | 2018-11-05 | JEECMS 9.3 has XSS via an index.do#/content/update?type=update URI. |
| CVE-2018-9208 | 2018-11-05 | Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut <=... |
| CVE-2018-18820 | 2018-11-05 | A buffer overflow was discovered in the URL-authentication backend of... |
| CVE-2018-18956 | 2018-11-05 | The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6... |
| CVE-2018-18957 | 2018-11-05 | An issue has been found in libIEC61850 v1.3. It is... |
| CVE-2018-13396 | 2018-11-05 | There was an argument injection vulnerability in Sourcetree for macOS... |
| CVE-2018-13397 | 2018-11-05 | There was an argument injection vulnerability in Sourcetree for Windows... |
| CVE-2018-17905 | 2018-11-05 | When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and... |
| CVE-2018-17907 | 2018-11-05 | When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and... |
| CVE-2018-17909 | 2018-11-05 | When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and... |
| CVE-2018-17913 | 2018-11-05 | A type confusion vulnerability exists when processing project files in... |
| CVE-2018-16472 | 2018-11-06 | A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an... |
| CVE-2018-18964 | 2018-11-06 | osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in... |
| CVE-2018-18965 | 2018-11-06 | osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in... |
| CVE-2018-18966 | 2018-11-06 | osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in... |
| CVE-2018-18980 | 2018-11-06 | An XML External Entity injection (XXE) vulnerability exists in Zoho... |
| CVE-2018-18963 | 2018-11-06 | Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de E-commerce allows... |
| CVE-2014-10077 | 2018-11-06 | Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for... |
| CVE-2018-16986 | 2018-11-06 | Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices... |
| CVE-2018-1606 | 2018-11-06 | IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0... |
| CVE-2018-1694 | 2018-11-06 | IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through... |
| CVE-2018-9360 | 2018-11-06 | In process_l2cap_cmd of l2c_main.cc, there is a possible out of... |
| CVE-2018-9355 | 2018-11-06 | In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of... |