CVE List - 2018 / December
Showing 901 - 1000 of 1163 CVEs for December 2018 (Page 10 of 12)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-20401 | 2018-12-23 | Zoom 5352 v5.5.8.6Y devices allow remote attackers to discover credentials... |
| CVE-2018-20402 | 2018-12-23 | Safe Software FME Server through 2018.1 creates and enables three... |
| CVE-2018-20405 | 2018-12-23 | BigTree 4.3 allows full path disclosure via authenticated admin/news/ input... |
| CVE-2018-20406 | 2018-12-23 | Modules/_pickle.c in Python before 3.7.1 has an integer overflow via... |
| CVE-2018-20407 | 2018-12-23 | An issue was discovered in Bento4 1.5.1-627. There is a... |
| CVE-2018-20408 | 2018-12-23 | An issue was discovered in Bento4 1.5.1-627. There is a... |
| CVE-2018-20409 | 2018-12-23 | An issue was discovered in Bento4 1.5.1-627. There is a... |
| CVE-2018-20410 | 2018-12-24 | WellinTech KingSCADA before 3.7.0.0.1 contains a stack-based buffer overflow. The... |
| CVE-2018-20419 | 2018-12-24 | DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator... |
| CVE-2018-20420 | 2018-12-24 | In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access Control, leading to... |
| CVE-2018-20421 | 2018-12-24 | Go Ethereum (aka geth) 1.8.19 allows attackers to cause a... |
| CVE-2018-20418 | 2018-12-24 | index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a... |
| CVE-2018-20422 | 2018-12-24 | Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote... |
| CVE-2018-20423 | 2018-12-24 | Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote... |
| CVE-2018-20424 | 2018-12-24 | Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote... |
| CVE-2018-20425 | 2018-12-24 | libming 0.4.8 has a NULL pointer dereference in the pushdup... |
| CVE-2018-20426 | 2018-12-24 | libming 0.4.8 has a NULL pointer dereference in the newVar3... |
| CVE-2018-20427 | 2018-12-24 | libming 0.4.8 has a NULL pointer dereference in the getInt... |
| CVE-2018-20428 | 2018-12-24 | libming 0.4.8 has a NULL pointer dereference in the strlenext... |
| CVE-2018-20429 | 2018-12-24 | libming 0.4.8 has a NULL pointer dereference in the getName... |
| CVE-2018-20430 | 2018-12-24 | GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in... |
| CVE-2018-20431 | 2018-12-24 | GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability... |
| CVE-2018-19357 | 2018-12-24 | XMPlay 3.8.3 allows remote attackers to execute arbitrary code or... |
| CVE-2018-20433 | 2018-12-24 | c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization. |
| CVE-2018-17197 | 2018-12-24 | A carefully crafted or corrupt sqlite file can cause an... |
| CVE-2018-15465 | 2018-12-24 | Cisco Adaptive Security Appliance Software Privilege Escalation Vulnerability |
| CVE-2018-8917 | 2018-12-24 | Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager... |
| CVE-2018-8918 | 2018-12-24 | Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager... |
| CVE-2018-8919 | 2018-12-24 | Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM)... |
| CVE-2018-8920 | 2018-12-24 | Improper neutralization of escape vulnerability in Log Exporter in Synology... |
| CVE-2018-7793 | 2018-12-24 | A Credential Management vulnerability exists in FoxView HMI SCADA (All... |
| CVE-2018-7796 | 2018-12-24 | A Buffer Error vulnerability exists in PowerSuite 2, all released... |
| CVE-2018-7800 | 2018-12-24 | A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and... |
| CVE-2018-7801 | 2018-12-24 | A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and... |
| CVE-2018-7802 | 2018-12-24 | A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and... |
| CVE-2018-7832 | 2018-12-24 | An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX... |
| CVE-2018-7835 | 2018-12-24 | An Improper Limitation of a Pathname to a Restricted Directory... |
| CVE-2018-7836 | 2018-12-24 | An unrestricted Upload of File with Dangerous Type vulnerability exists... |
| CVE-2018-7837 | 2018-12-24 | An Improper Restriction of XML External Entity Reference ('XXE') vulnerability... |
| CVE-2018-18698 | 2018-12-24 | An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices.... |
| CVE-2018-18959 | 2018-12-24 | An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3,... |
| CVE-2018-18960 | 2018-12-24 | An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3,... |
| CVE-2018-19232 | 2018-12-24 | The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861... |
| CVE-2018-19248 | 2018-12-24 | The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861... |
| CVE-2018-20247 | 2018-12-24 | In Foxit Quick PDF Library (all versions prior to 16.12),... |
| CVE-2018-20248 | 2018-12-24 | In Foxit Quick PDF Library (all versions prior to 16.12),... |
| CVE-2018-20249 | 2018-12-24 | In Foxit Quick PDF Library (all versions prior to 16.12),... |
| CVE-2018-20436 | 2018-12-24 | The "secret chat" feature in Telegram 4.9.1 for Android has... |
| CVE-2018-20437 | 2018-12-25 | An issue was discovered in the fileDownload function in the... |
| CVE-2018-20438 | 2018-12-25 | Technicolor TC7110.AR STD3.38.03 devices allow remote attackers to discover Wi-Fi... |
| CVE-2018-20439 | 2018-12-25 | Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a devices allow remote attackers to discover Wi-Fi... |
| CVE-2018-20440 | 2018-12-25 | Technicolor CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC devices allow remote attackers to discover Wi-Fi... |
| CVE-2018-20441 | 2018-12-25 | Technicolor TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover Wi-Fi... |
| CVE-2018-20442 | 2018-12-25 | Technicolor TC7110.B STC8.62.02 devices allow remote attackers to discover Wi-Fi... |
| CVE-2018-20443 | 2018-12-25 | Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT devices allow remote attackers to discover Wi-Fi... |
| CVE-2018-20444 | 2018-12-25 | Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU devices allow remote attackers to discover Wi-Fi... |
| CVE-2018-20445 | 2018-12-25 | D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers... |
| CVE-2018-20448 | 2018-12-25 | Frog CMS 0.9.5 has XSS via the Database name field... |
| CVE-2018-20450 | 2018-12-25 | The read_MSAT function in ole.c in libxls 1.4.0 has a... |
| CVE-2018-20452 | 2018-12-25 | The read_MSAT_body function in ole.c in libxls 1.4.0 has an... |
| CVE-2018-20451 | 2018-12-25 | The process_file function in reader.c in libdoc through 2017-10-23 has... |
| CVE-2018-20453 | 2018-12-25 | The getlong function in numutils.c in libdoc through 2017-10-23 has... |
| CVE-2018-20454 | 2018-12-25 | An issue was discovered in 74cms v4.2.111. upload/index.php?c=resume&a=resume_list has XSS... |
| CVE-2018-20457 | 2018-12-25 | In radare2 through 3.1.3, the assemble function inside libr/asm/p/asm_arm_cs.c allows... |
| CVE-2018-20458 | 2018-12-25 | In radare2 prior to 3.1.1, r_bin_dyldcache_extract in libr/bin/format/mach0/dyldcache.c may allow... |
| CVE-2018-20459 | 2018-12-25 | In radare2 through 3.1.3, the armass_assemble function in libr/asm/arch/arm/armass.c allows... |
| CVE-2018-20455 | 2018-12-25 | In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c... |
| CVE-2018-20456 | 2018-12-25 | In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c... |
| CVE-2018-20460 | 2018-12-25 | In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c... |
| CVE-2018-20461 | 2018-12-25 | In radare2 prior to 3.1.1, core_anal_bytes in libr/core/cmd_anal.c allows attackers... |
| CVE-2018-20462 | 2018-12-25 | An issue was discovered in the JSmol2WP plugin 1.07 for... |
| CVE-2018-20463 | 2018-12-25 | An issue was discovered in the JSmol2WP plugin 1.07 for... |
| CVE-2018-20464 | 2018-12-25 | There is a reflected XSS vulnerability in the CMS Made... |
| CVE-2018-20465 | 2018-12-25 | Craft CMS through 3.0.34 allows remote authenticated administrators to read... |
| CVE-2018-20467 | 2018-12-26 | In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can... |
| CVE-2018-20476 | 2018-12-26 | An issue was discovered in S-CMS 3.0. It allows XSS... |
| CVE-2018-20477 | 2018-12-26 | An issue was discovered in S-CMS 3.0. It allows SQL... |
| CVE-2018-20478 | 2018-12-26 | An issue was discovered in S-CMS 1.0. It allows reading... |
| CVE-2018-20479 | 2018-12-26 | An issue was discovered in S-CMS 1.0. It allows SQL... |
| CVE-2018-20480 | 2018-12-26 | An issue was discovered in S-CMS 1.0. It allows SQL... |
| CVE-2018-20481 | 2018-12-26 | XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries,... |
| CVE-2018-17957 | 2018-12-26 | yast2-rmt leaks database passwords in process list |
| CVE-2018-0723 | 2018-12-26 | Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and... |
| CVE-2018-0724 | 2018-12-26 | Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and... |
| CVE-2018-20482 | 2018-12-26 | GNU Tar through 1.30, when --sparse is used, mishandles file... |
| CVE-2018-20483 | 2018-12-26 | set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a... |
| CVE-2018-20484 | 2018-12-26 | Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS... |
| CVE-2018-20485 | 2018-12-26 | Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS... |
| CVE-2018-20486 | 2018-12-26 | MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php url_array[]... |
| CVE-2018-11741 | 2018-12-26 | NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs... |
| CVE-2018-11742 | 2018-12-26 | NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage... |
| CVE-2018-15518 | 2018-12-26 | QXmlStream in Qt 5.x before 5.11.3 has a double-free or... |
| CVE-2018-17987 | 2018-12-26 | The determineWinner function of a smart contract implementation for HashHeroes... |
| CVE-2018-18535 | 2018-12-26 | The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and... |
| CVE-2018-18536 | 2018-12-26 | The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync... |
| CVE-2018-18537 | 2018-12-26 | The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and... |
| CVE-2018-19182 | 2018-12-26 | Engelsystem before commit hash 2e28336 allows CSRF. |
| CVE-2018-19615 | 2018-12-26 | Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A remote attacker... |
| CVE-2018-19616 | 2018-12-26 | An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000.... |
| CVE-2018-19799 | 2018-12-26 | Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS. |