CVE List - 2018 / April
Showing 701 - 800 of 1667 CVEs for April 2018 (Page 8 of 17)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2014-8422 | 2018-04-12 | The web-based management (WBM) interface in Unify (former Siemens) OpenStage... |
| CVE-2014-8888 | 2018-04-12 | The remote administration interface in D-Link DIR-815 devices with firmware... |
| CVE-2014-9563 | 2018-04-12 | CRLF injection vulnerability in the web-based management (WBM) interface in... |
| CVE-2015-0150 | 2018-04-12 | The remote administration UI in D-Link DIR-815 devices with firmware... |
| CVE-2015-0151 | 2018-04-12 | Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 devices with... |
| CVE-2015-0152 | 2018-04-12 | D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers... |
| CVE-2015-0153 | 2018-04-12 | D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers... |
| CVE-2018-5254 | 2018-04-12 | Arista EOS before 4.20.2F allows remote BGP peers to cause... |
| CVE-2018-6870 | 2018-04-12 | Reflected XSS exists in PHP Scripts Mall Website Seller Script... |
| CVE-2018-6879 | 2018-04-12 | PHP Scripts Mall Website Seller Script 2.0.3 uses the client... |
| CVE-2018-6900 | 2018-04-12 | PHP Scripts Mall Website Broker Script 3.0.6 has XSS via... |
| CVE-2018-6902 | 2018-04-12 | PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via... |
| CVE-2018-6903 | 2018-04-12 | PHP Scripts Mall Hot Scripts Clone Script Classified v3.1 uses... |
| CVE-2018-6904 | 2018-04-12 | PHP Scripts Mall Car Rental Script 2.0.8 has XSS via... |
| CVE-2018-6934 | 2018-04-12 | CSRF exists in student/personal-info in PHP Scripts Mall Online Tutoring... |
| CVE-2018-6935 | 2018-04-12 | PHP Scripts Mall Student Profile Management System Script v2.0.6 has... |
| CVE-2018-10080 | 2018-04-13 | Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52_es_FRI01 allow... |
| CVE-2018-10081 | 2018-04-13 | CMS Made Simple (CMSMS) through 2.2.6 contains an admin password... |
| CVE-2018-10082 | 2018-04-13 | CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage... |
| CVE-2018-10083 | 2018-04-13 | CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file... |
| CVE-2018-10084 | 2018-04-13 | CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation... |
| CVE-2018-10085 | 2018-04-13 | CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection... |
| CVE-2018-10086 | 2018-04-13 | CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code... |
| CVE-2018-10066 | 2018-04-13 | An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN... |
| CVE-2018-10087 | 2018-04-13 | The kernel_wait4 function in kernel/exit.c in the Linux kernel before... |
| CVE-2017-6143 | 2018-04-13 | X509 certificate verification was not correctly implemented in the IP... |
| CVE-2017-6148 | 2018-04-13 | Responses to SOCKS proxy requests made through F5 BIG-IP version... |
| CVE-2017-6155 | 2018-04-13 | On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.5, or 11.2.1, malformed... |
| CVE-2017-6156 | 2018-04-13 | When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system... |
| CVE-2017-6158 | 2018-04-13 | In F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 there is... |
| CVE-2018-5506 | 2018-04-13 | In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the... |
| CVE-2018-5507 | 2018-04-13 | On F5 BIG-IP versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5, vCMP... |
| CVE-2018-5508 | 2018-04-13 | On F5 BIG-IP PEM versions 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.5.1-11.5.5, or... |
| CVE-2018-5510 | 2018-04-13 | On F5 BIG-IP 11.5.4 HF4-11.5.5, the Traffic Management Microkernel (TMM)... |
| CVE-2018-5511 | 2018-04-13 | On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users... |
| CVE-2018-6958 | 2018-04-13 | VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability... |
| CVE-2018-6959 | 2018-04-13 | VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability... |
| CVE-2016-9646 | 2018-04-13 | Commit metadata forgery via CGI::FormBuilder context-dependent APIs |
| CVE-2017-0356 | 2018-04-13 | Authentication bypass via repeated parameters |
| CVE-2017-0357 | 2018-04-13 | iucode-tool: heap buffer overflow on -tr loader |
| CVE-2017-0358 | 2018-04-13 | ntfs-3g: Modprobe influence vulnerability via environment variables |
| CVE-2018-6546 | 2018-04-13 | plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in... |
| CVE-2018-6547 | 2018-04-13 | plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in... |
| CVE-2017-0359 | 2018-04-13 | diffoscope writes to arbitrary locations on disk based on the contents of an untrusted archive |
| CVE-2017-0361 | 2018-04-13 | api.log contains passwords in plaintext |
| CVE-2017-0362 | 2018-04-13 | "Mark all pages visited" on the watchlist does not require a CSRF token |
| CVE-2017-0363 | 2018-04-13 | Special:UserLogin?returnto=interwiki:foo will redirect to external sites |
| CVE-2017-0364 | 2018-04-13 | Special:Search allows redirects to any interwiki link |
| CVE-2017-0365 | 2018-04-13 | XSS in SearchHighlighter::highlightText() [requires non-default config] |
| CVE-2017-0366 | 2018-04-13 | SVG filter evasion using default attribute values in DTD declaration |
| CVE-2017-0367 | 2018-04-13 | Having LocalisationCache directory default to system tmp directory is insecure |
| CVE-2017-0368 | 2018-04-13 | Make rawHTML mode not apply to system messages |
| CVE-2017-0369 | 2018-04-13 | Sysops can undelete pages, although the page is protected against it |
| CVE-2017-0370 | 2018-04-13 | Spam blacklist ineffective on encoded URLs inside file inclusion syntax's link parameter |
| CVE-2017-0372 | 2018-04-13 | Parameters injection in SyntaxHighlight results in multiple vulnerabilities |
| CVE-2018-10096 | 2018-04-13 | joyplus-cms 1.6.0 has XSS via the device_name parameter in a... |
| CVE-2018-4173 | 2018-04-13 | An issue was discovered in certain Apple products. iOS before... |
| CVE-2014-1686 | 2018-04-13 | MediaWiki 1.18.0 allows remote attackers to obtain the installation path... |
| CVE-2014-2069 | 2018-04-13 | Absolute path traversal vulnerability in Eshtery CMS allows remote attackers... |
| CVE-2018-1000169 | 2018-04-13 | An exposure of sensitive information vulnerability exists in Jenkins 2.115... |
| CVE-2018-1000170 | 2018-04-13 | A cross-site scripting vulnerability exists in Jenkins 2.115 and older,... |
| CVE-2018-10097 | 2018-04-13 | XSS exists in Domain Trader 2.5.3 via the recoverlogin.php email_address... |
| CVE-2018-10100 | 2018-04-14 | Before WordPress 4.9.5, the redirection URL for the login page... |
| CVE-2018-10101 | 2018-04-14 | Before WordPress 4.9.5, the URL validator assumed URLs with the... |
| CVE-2018-10102 | 2018-04-14 | Before WordPress 4.9.5, the version string was not escaped in... |
| CVE-2018-10109 | 2018-04-14 | Monstra CMS 3.0.4 has a stored XSS vulnerability when an... |
| CVE-2018-10111 | 2018-04-14 | An issue was discovered in GEGL through 0.3.32. The render_rectangle... |
| CVE-2018-10112 | 2018-04-14 | An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed... |
| CVE-2018-10113 | 2018-04-14 | An issue was discovered in GEGL through 0.3.32. The process... |
| CVE-2018-10114 | 2018-04-14 | An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple... |
| CVE-2018-10117 | 2018-04-15 | An issue was discovered in idreamsoft iCMS V7.0.7. There is... |
| CVE-2018-10118 | 2018-04-15 | Monstra CMS 3.0.4 has Stored XSS via the Name field... |
| CVE-2018-9153 | 2018-04-15 | The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers... |
| CVE-2018-9169 | 2018-04-15 | Z-BlogPHP 1.5.1 has XSS via the zb_users/plugin/AppCentre/plugin_edit.php app_id parameter. The... |
| CVE-2018-10119 | 2018-04-15 | sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses... |
| CVE-2018-10120 | 2018-04-15 | The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and... |
| CVE-2018-10121 | 2018-04-15 | plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a stored XSS vulnerability... |
| CVE-2018-10122 | 2018-04-16 | QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka chanzhieps)... |
| CVE-2018-10106 | 2018-04-16 | D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have... |
| CVE-2018-10107 | 2018-04-16 | D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have... |
| CVE-2018-10108 | 2018-04-16 | D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have... |
| CVE-2018-0530 | 2018-04-16 | SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6... |
| CVE-2018-0531 | 2018-04-16 | Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to... |
| CVE-2018-0532 | 2018-04-16 | Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to... |
| CVE-2018-0533 | 2018-04-16 | Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to... |
| CVE-2018-0548 | 2018-04-16 | Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to... |
| CVE-2018-0549 | 2018-04-16 | Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 allows... |
| CVE-2018-0550 | 2018-04-16 | Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to... |
| CVE-2018-0551 | 2018-04-16 | Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows... |
| CVE-2018-0560 | 2018-04-16 | Hatena Bookmark App for iOS Version 3.0 to 3.70 allows... |
| CVE-2018-0561 | 2018-04-16 | Untrusted search path vulnerability in The installer of PhishWall Client... |
| CVE-2018-0562 | 2018-04-16 | Untrusted search path vulnerability in Installer of SoundEngine Free ver.5.21... |
| CVE-2018-10124 | 2018-04-16 | The kill_something_info function in kernel/signal.c in the Linux kernel before... |
| CVE-2018-5382 | 2018-04-16 | Bouncy Castle BKS-V1 keystore files vulnerable to trivial hash collisions |
| CVE-2016-9592 | 2018-04-16 | openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a... |
| CVE-2016-9593 | 2018-04-16 | foreman-debug before version 1.15.0 is vulnerable to a flaw in... |
| CVE-2018-10127 | 2018-04-16 | An issue was discovered in XYHCMS 3.5. It has CSRF... |
| CVE-2018-10128 | 2018-04-16 | An issue was discovered in XYHCMS 3.5. It has XSS... |
| CVE-2018-10132 | 2018-04-16 | PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in... |
| CVE-2018-10133 | 2018-04-16 | PbootCMS v0.9.8 allows PHP code injection via an IF label... |