CVE List - 2018 / December
Showing 301 - 400 of 1163 CVEs for December 2018 (Page 4 of 12)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-9575 | 2018-12-07 | In impd_parse_dwnmix_instructions of impd_drc_static_payload.c there is a possible out of... |
| CVE-2018-9576 | 2018-12-07 | In impd_parse_parametric_drc_instructions of impd_drc_static_payload.c there is a possible out of... |
| CVE-2018-9577 | 2018-12-07 | In impd_parametric_drc_parse_gain_set_params of impd_drc_static_payload.c there is a possible out of... |
| CVE-2018-9578 | 2018-12-07 | In ixheaacd_adts_crc_start_reg of ixheaacd_adts_crc_check.c, there is a possible out of... |
| CVE-2018-19961 | 2018-12-08 | An issue was discovered in Xen through 4.11.x on AMD... |
| CVE-2018-19962 | 2018-12-08 | An issue was discovered in Xen through 4.11.x on AMD... |
| CVE-2018-19963 | 2018-12-08 | An issue was discovered in Xen 4.11 allowing HVM guest... |
| CVE-2018-19964 | 2018-12-08 | An issue was discovered in Xen 4.11.x allowing x86 guest... |
| CVE-2018-19965 | 2018-12-08 | An issue was discovered in Xen through 4.11.x allowing 64-bit... |
| CVE-2018-19966 | 2018-12-08 | An issue was discovered in Xen through 4.11.x allowing x86... |
| CVE-2018-19967 | 2018-12-08 | An issue was discovered in Xen through 4.11.x on Intel... |
| CVE-2018-19980 | 2018-12-08 | Anker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow attackers to cause... |
| CVE-2018-19653 | 2018-12-09 | HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC... |
| CVE-2018-19982 | 2018-12-09 | An issue was discovered on KT MC01507L Z-Wave S0 devices.... |
| CVE-2018-19983 | 2018-12-09 | An issue was discovered on Sigma Design Z-Wave S0 through... |
| CVE-2018-19991 | 2018-12-10 | VeryNginx 0.3.3 allows remote attackers to bypass the Web Application... |
| CVE-2018-20002 | 2018-12-10 | The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor... |
| CVE-2018-20000 | 2018-12-10 | Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated... |
| CVE-2018-20001 | 2018-12-10 | In Libav 12.3, there is a floating point exception in... |
| CVE-2018-20004 | 2018-12-10 | An issue has been found in Mini-XML (aka mxml) 2.12.... |
| CVE-2018-20005 | 2018-12-10 | An issue has been found in Mini-XML (aka mxml) 2.12.... |
| CVE-2018-20006 | 2018-12-10 | An issue was discovered in PHPok v5.0.055. There is a... |
| CVE-2018-20009 | 2018-12-10 | DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name... |
| CVE-2018-20010 | 2018-12-10 | DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field. |
| CVE-2018-20011 | 2018-12-10 | DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or... |
| CVE-2018-20012 | 2018-12-10 | PHPCMF 4.1.3 has XSS via the first input field to... |
| CVE-2018-20015 | 2018-12-10 | YzmCMS v5.2 has admin/role/add.html CSRF. |
| CVE-2018-20017 | 2018-12-10 | SEMCMS 3.5 has XSS via the first text box to... |
| CVE-2018-20018 | 2018-12-10 | S-CMS V3.0 has SQL injection via the S_id parameter, as... |
| CVE-2018-1000862 | 2018-12-10 | An information exposure vulnerability exists in Jenkins 2.153 and earlier,... |
| CVE-2018-1000863 | 2018-12-10 | A data modification vulnerability exists in Jenkins 2.153 and earlier,... |
| CVE-2018-1000864 | 2018-12-10 | A denial of service vulnerability exists in Jenkins 2.153 and... |
| CVE-2018-1000865 | 2018-12-10 | A sandbox bypass vulnerability exists in Script Security Plugin 1.47... |
| CVE-2018-1000866 | 2018-12-10 | A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59... |
| CVE-2018-1671 | 2018-12-10 | IBM Curam Social Program Management 7.0.3 is vulnerable to HTML... |
| CVE-2018-1000861 | 2018-12-10 | A code execution vulnerability exists in the Stapler web framework... |
| CVE-2018-1957 | 2018-12-10 | IBM WebSphere Application Server 9 could allow sensitive information to... |
| CVE-2016-10502 | 2018-12-10 | While generating trusted application id, An integer overflow can occur... |
| CVE-2018-3988 | 2018-12-10 | Signal Messenger for Android 4.24.8 may expose private information when... |
| CVE-2018-15805 | 2018-12-10 | Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML... |
| CVE-2018-16635 | 2018-12-10 | Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title... |
| CVE-2018-16636 | 2018-12-10 | Nucleus CMS 3.70 allows HTML Injection via the index.php body... |
| CVE-2018-1279 | 2018-12-10 | RabbitMQ cluster compromise due to deterministically generated cookie |
| CVE-2018-15800 | 2018-12-10 | Timing attack allows extraction of signing key in Bits Service |
| CVE-2018-20029 | 2018-12-10 | The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine... |
| CVE-2018-20050 | 2018-12-10 | Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi... |
| CVE-2018-20051 | 2018-12-10 | Mishandling of '>' on the Jooan JA-Q1H Wi-Fi camera with... |
| CVE-2018-20056 | 2018-12-11 | An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B... |
| CVE-2018-20057 | 2018-12-11 | An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B... |
| CVE-2018-20058 | 2018-12-11 | In Evernote before 7.6 on macOS, there is a local... |
| CVE-2018-20059 | 2018-12-11 | jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE. |
| CVE-2018-17481 | 2018-12-11 | Incorrect object lifecycle handling in PDFium in Google Chrome prior... |
| CVE-2018-18335 | 2018-12-11 | Heap buffer overflow in Skia in Google Chrome prior to... |
| CVE-2018-18336 | 2018-12-11 | Incorrect object lifecycle in PDFium in Google Chrome prior to... |
| CVE-2018-18337 | 2018-12-11 | Incorrect handling of stylesheets leading to a use after free... |
| CVE-2018-18338 | 2018-12-11 | Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome... |
| CVE-2018-18339 | 2018-12-11 | Incorrect object lifecycle in WebAudio in Google Chrome prior to... |
| CVE-2018-18340 | 2018-12-11 | Incorrect object lifecycle in MediaRecorder in Google Chrome prior to... |
| CVE-2018-18341 | 2018-12-11 | An integer overflow leading to a heap buffer overflow in... |
| CVE-2018-18342 | 2018-12-11 | Execution of user supplied Javascript during object deserialization can update... |
| CVE-2018-18343 | 2018-12-11 | Incorrect handing of paths leading to a use after free... |
| CVE-2018-18344 | 2018-12-11 | Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions... |
| CVE-2018-18345 | 2018-12-11 | Incorrect handling of blob URLS in Site Isolation in Google... |
| CVE-2018-18346 | 2018-12-11 | Incorrect handling of alert box display in Blink in Google... |
| CVE-2018-18347 | 2018-12-11 | Incorrect handling of failed navigations with invalid URLs in Navigation... |
| CVE-2018-18348 | 2018-12-11 | Incorrect handling of bidirectional domain names with RTL characters in... |
| CVE-2018-18349 | 2018-12-11 | Remote frame navigations was incorrectly permitted to local resources in... |
| CVE-2018-18350 | 2018-12-11 | Incorrect handling of CSP enforcement during navigations in Blink in... |
| CVE-2018-18351 | 2018-12-11 | Lack of proper validation of ancestor frames site when sending... |
| CVE-2018-18352 | 2018-12-11 | Service works could inappropriately gain access to cross origin audio... |
| CVE-2018-18353 | 2018-12-11 | Failure to dismiss http auth dialogs on navigation in Network... |
| CVE-2018-18354 | 2018-12-11 | Insufficient validate of external protocols in Shell Integration in Google... |
| CVE-2018-18355 | 2018-12-11 | Incorrect handling of confusable characters in URL Formatter in Google... |
| CVE-2018-18356 | 2018-12-11 | An integer overflow in path handling lead to a use... |
| CVE-2018-18357 | 2018-12-11 | Incorrect handling of confusable characters in URL Formatter in Google... |
| CVE-2018-18358 | 2018-12-11 | Lack of special casing of localhost in WPAD files in... |
| CVE-2018-18359 | 2018-12-11 | Incorrect handling of Reflect.construct in V8 in Google Chrome prior... |
| CVE-2018-17480 | 2018-12-11 | Execution of user supplied Javascript during array deserialization leading to... |
| CVE-2018-1652 | 2018-12-11 | IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0... |
| CVE-2018-1654 | 2018-12-11 | IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and... |
| CVE-2018-1900 | 2018-12-11 | IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and... |
| CVE-2018-1904 | 2018-12-11 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could... |
| CVE-2018-19968 | 2018-12-11 | An attacker can exploit phpMyAdmin before 4.8.4 to leak the... |
| CVE-2018-19969 | 2018-12-11 | phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected... |
| CVE-2018-19970 | 2018-12-11 | In phpMyAdmin before 4.8.4, an XSS vulnerability was found in... |
| CVE-2018-20060 | 2018-12-11 | urllib3 before version 1.23 does not remove the Authorization HTTP... |
| CVE-2018-20061 | 2018-12-11 | A SQL injection issue was discovered in ERPNext 10.x and... |
| CVE-2018-20062 | 2018-12-11 | An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote... |
| CVE-2018-20064 | 2018-12-11 | doorGets 7.0 allows remote attackers to write to arbitrary files... |
| CVE-2018-18810 | 2018-12-11 | TIBCO Managed File Transfer Credentials Disclosure |
| CVE-2018-2486 | 2018-12-11 | SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 1.14)) does... |
| CVE-2018-2492 | 2018-12-11 | SAML 2.0 functionality in SAP NetWeaver AS Java, does not... |
| CVE-2018-2494 | 2018-12-11 | Necessary authorization checks for an authenticated user, resulting in escalation... |
| CVE-2018-2497 | 2018-12-11 | The security audit log of SAP HANA, versions 1.0 and... |
| CVE-2018-2500 | 2018-12-11 | Under certain conditions SAP Mobile Secure Android client (before version... |
| CVE-2018-2502 | 2018-12-11 | TRACE method is enabled in SAP Business One Service Layer... |
| CVE-2018-2503 | 2018-12-11 | By default, the SAP NetWeaver AS Java keystore service does... |
| CVE-2018-2504 | 2018-12-11 | SAP NetWeaver AS Java Web Container service does not validate... |
| CVE-2018-2505 | 2018-12-11 | SAP Commerce does not sufficiently validate user-controlled inputs, resulting in... |
| CVE-2018-6703 | 2018-12-11 | Remote Logging functionality had a use after free vulnerability in McAfee Agent |