• Home(current)
  • About us
  • Vunerability
    • CVE-AI Assist
    • CWE List
    • CVE List
  • Publications
    • Posters
    • Videos
    • Research Articles
    • Bulletin
  • Log In

Common Vulnerability and Exposures

Common Vulnerabilities and Exposures (CVE) is a critical tool for maintaining software security, providing a standardized way to track and manage vulnerabilities across systems. Organizations should regularly monitor CVE databases, assess the impact of vulnerabilities, and apply patches promptly to reduce the risk of exploitation.
CVE (Common Vulnerabilities and Exposures) is a public database that provides a standardized method for identifying, tracking, and referencing publicly disclosed security vulnerabilities in software and hardware. Each vulnerability receives a unique identifier called a CVE ID (e.g., CVE-2023-12345), making it easier to reference specific vulnerabilities across different tools and databases.

CVE Details

Show All Records

Total Search Results: 158437

 1   2   3   4   5   6   7   8   9   10   11   12   13   14   15   16   17   18   19   20   21   22   23   24   25   26   27   28   29   30   31   32   33   34   35   36   37   38   39   40 
 41   42   43   44   45   46   47   48   49   50   51   52   53   54   55   56   57   58   59   60   61   62   63   64   65   66   67   68   69   70   71   72   73   74   75   76   77   78   79   80 
 81   82   83   84   85   86   87   88   89   90   91   92   93   94   95   96   97   98   99   100   101   102   103   104   105   106   107   108   109   110   111   112   113   114   115   116   117   118   119   120 
 121   122   123   124   125   126   127   128   129   130   131   132   133   134   135   136   137   138   139   140   141   142   143   144   145   146   147   148   149   150   151   152   153   154   155   156   157   158   159   160 
 161   162   163   164   165   166   167   168   169   170   171   172   173   174   175   176   177   178   179   180   181   182   183   184   185   186   187   188   189   190   191   192   193   194   195   196   197   198   199   200 
 201   202   203   204   205   206   207   208   209   210   211   212   213   214   215   216   217   218   219   220   221   222   223   224   225   226   227   228   229   230   231   232   233   234   235   236   237   238   239   240 
 241   242   243   244   245   246   247   248   249   250   251   252   253   254   255   256   257   258   259   260   261   262   263   264   265   266   267   268   269   270   271   272   273   274   275   276   277   278   279   280 
 281   282   283   284   285   286   287   288   289   290   291   292   293   294   295   296   297   298   299   300   301   302   303   304   305   306   307   308   309   310   311   312   313   314   315   316   317   318   319   320 
 321   322   323   324   325   326   327   328   329   330   331   332   333   334   335   336   337   338   339   340   341   342   343   344   345   346   347   348   349   350   351   352   353   354   355   356   357   358   359   360 
 361   362   363   364   365   366   367   368   369   370   371   372   373   374   375   376   377   378   379   380   381   382   383   384   385   386   387   388   389   390   391   392   393   394   395   396   397   398   399   400 
 401   402   403   404   405   406   407   408   409   410   411   412   413   414   415   416   417   418   419   420   421   422   423   424   425   426   427   428   429   430   431   432   433   434   435   436   437   438   439   440 
 441   442   443   444   445   446   447   448   449   450   451   452   453   454   455   456   457   458   459   460   461   462   463   464   465   466   467   468   469   470   471   472   473   474   475   476   477   478   479   480 
 481   482   483   484   485   486   487   488   489   490   491   492   493   494   495   496   497   498   499   500   501   502   503   504   505   506   507   508   509   510   511   512   513   514   515   516   517   518   519   520 
 521   522   523   524   525   526   527   528   529   530   531   532   533   534   535   536   537   538   539   540   541   542   543   544   545   546   547   548   549   550   551   552   553   554   555   556   557   558   559   560 
 561   562   563   564   565   566   567   568   569   570   571   572   573   574   575   576   577   578   579   580   581   582   583   584   585   586   587   588   589   590   591   592   593   594   595   596   597   598   599   600 
 601   602   603   604   605   606   607   608   609   610   611   612   613   614   615   616   617   618   619   620   621   622   623   624   625   626   627   628   629   630   631   632   633   634   635   636   637   638   639   640 
 641   642   643   644   645   646   647   648   649   650   651   652   653   654   655   656   657   658   659   660   661   662   663   664   665   666   667   668   669   670   671   672   673   674   675   676   677   678   679   680 
 681   682   683   684   685   686   687   688   689   690   691   692   693   694   695   696   697   698   699   700   701   702   703   704   705   706   707   708   709   710   711   712   713   714   715   716   717   718   719   720 
 721   722   723   724   725   726   727   728   729   730   731   732   733   734   735   736   737   738   739   740   741   742   743   744   745   746   747   748   749   750   751   752   753   754   755   756   757   758   759   760 
 761   762   763   764   765   766   767   768   769   770   771   772   773   774   775   776   777   778   779   780   781   782   783   784   785   786   787   788   789   790   791   792   793   794   795   796   797   798   799   800 
 801   802   803   804   805   806   807   808   809   810   811   812   813   814   815   816   817   818   819   820   821   822   823   824   825   826   827   828   829   830   831   832   833   834   835   836   837   838   839   840 
 841   842   843   844   845   846   847   848   849   850   851   852   853   854   855   856   857   858   859   860   861   862   863   864   865   866   867   868   869   870   871   872   873   874   875   876   877   878   879   880 
 881   882   883   884   885   886   887   888   889   890   891   892   893   894   895   896   897   898   899   900   901   902   903   904   905   906   907   908   909   910   911   912   913   914   915   916   917   918   919   920 
 921   922   923   924   925   926   927   928   929   930   931   932   933   934   935   936   937   938   939   940   941   942   943   944   945   946   947   948   949   950   951   952   953   954   955   956   957   958   959   960 
 961   962   963   964   965   966   967   968   969   970   971   972   973   974   975   976   977   978   979   980   981   982   983   984   985   986   987   988   989   990   991   992   993   994   995   996   997   998   999   1000 
 1001   1002   1003   1004   1005   1006   1007   1008   1009   1010   1011   1012   1013   1014   1015   1016   1017   1018   1019   1020   1021   1022   1023   1024   1025   1026   1027   1028   1029   1030   1031   1032   1033   1034   1035   1036   1037   1038   1039   1040 
 1041   1042   1043   1044   1045   1046   1047   1048   1049   1050   1051   1052   1053   1054   1055   1056   1057   1058   1059   1060   1061   1062   1063   1064   1065   1066   1067   1068   1069   1070   1071   1072   1073   1074   1075   1076   1077   1078   1079   1080 
 1081   1082   1083   1084   1085   1086   1087   1088   1089   1090   1091   1092   1093   1094   1095   1096   1097   1098   1099   1100   1101   1102   1103   1104   1105   1106   1107   1108   1109   1110   1111   1112   1113   1114   1115   1116   1117   1118   1119   1120 
 1121   1122   1123   1124   1125   1126   1127   1128   1129   1130   1131   1132   1133   1134   1135   1136   1137   1138   1139   1140   1141   1142   1143   1144   1145   1146   1147   1148   1149   1150   1151   1152   1153   1154   1155   1156   1157   1158   1159   1160 
 1161   1162   1163   1164   1165   1166   1167   1168   1169   1170   1171   1172   1173   1174   1175   1176   1177   1178   1179   1180   1181   1182   1183   1184   1185   1186   1187   1188   1189   1190   1191   1192   1193   1194   1195   1196   1197   1198   1199   1200 
 1201   1202   1203   1204   1205   1206   1207   1208   1209   1210   1211   1212   1213   1214   1215   1216   1217   1218   1219   1220   1221   1222   1223   1224   1225   1226   1227   1228   1229   1230   1231   1232   1233   1234   1235   1236   1237   1238   1239   1240 
 1241   1242   1243   1244   1245   1246   1247   1248   1249   1250   1251   1252   1253   1254   1255   1256   1257   1258   1259   1260   1261   1262   1263   1264   1265   1266   1267   1268   1269   1270   1271   1272   1273   1274   1275   1276   1277   1278   1279   1280 
 1281   1282   1283   1284   1285   1286   1287   1288   1289   1290   1291   1292   1293   1294   1295   1296   1297   1298   1299   1300   1301   1302   1303   1304   1305   1306   1307   1308   1309   1310   1311   1312   1313   1314   1315   1316   1317   1318   1319   1320 
 1321   1322   1323   1324   1325   1326   1327   1328   1329   1330   1331   1332   1333   1334   1335   1336   1337   1338   1339   1340   1341   1342   1343   1344   1345   1346   1347   1348   1349   1350   1351   1352   1353   1354   1355   1356   1357   1358   1359   1360 
 1361   1362   1363   1364   1365   1366   1367   1368   1369   1370   1371   1372   1373   1374   1375   1376   1377   1378   1379   1380   1381   1382   1383   1384   1385   1386   1387   1388   1389   1390   1391   1392   1393   1394   1395   1396   1397   1398   1399   1400 
 1401   1402   1403   1404   1405   1406   1407   1408   1409   1410   1411   1412   1413   1414   1415   1416   1417   1418   1419   1420   1421   1422   1423   1424   1425   1426   1427   1428   1429   1430   1431   1432   1433   1434   1435   1436   1437   1438   1439   1440 
 1441   1442   1443   1444   1445   1446   1447   1448   1449   1450   1451   1452   1453   1454   1455   1456   1457   1458   1459   1460   1461   1462   1463   1464   1465   1466   1467   1468   1469   1470   1471   1472   1473   1474   1475   1476   1477   1478   1479   1480 
 1481   1482   1483   1484   1485   1486   1487   1488   1489   1490   1491   1492   1493   1494   1495   1496   1497   1498   1499   1500   1501   1502   1503   1504   1505   1506   1507   1508   1509   1510   1511   1512   1513   1514   1515   1516   1517   1518   1519   1520 
 1521   1522   1523   1524   1525   1526   1527   1528   1529   1530   1531   1532   1533   1534   1535   1536   1537   1538   1539   1540   1541   1542   1543   1544   1545   1546   1547   1548   1549   1550   1551   1552   1553   1554   1555   1556   1557   1558   1559   1560 
 1561   1562   1563   1564   1565   1566   1567   1568   1569   1570   1571   1572   1573   1574   1575   1576   1577   1578   1579   1580   1581   1582   1583   1584   1585 
CVE ID Description Severity Published Date Affected Vendor Action
CVE-2018-1000400 Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via container execution. This vulnerability appears to have been fixed in 1.9. Unknown N/A n/a
CVE-2018-1000401 Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodePipelineSCM.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.37 and later. Unknown N/A n/a
CVE-2018-1000402 Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a File and Directory Information Exposure vulnerability in AWSCodeDeployPublisher.java that can result in Disclosure of environment variables. This vulnerability appears to have been fixed in 1.20 and later. Unknown N/A n/a
CVE-2018-1000403 Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodeDeployPublisher.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 1.20 and later. Unknown N/A n/a
CVE-2018-1000404 Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSClientFactory.java, CodeBuilder.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.27 and later. Unknown N/A n/a
CVE-2018-1000406 A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build. Unknown N/A n/a
CVE-2018-1000407 A cross-site scripting vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/Api.java that allows attackers to specify URLs to Jenkins that result in rendering arbitrary attacker-controlled HTML by Jenkins. Unknown N/A n/a
CVE-2018-1000408 A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a specific URL on instances using the built-in Jenkins user database security realm that results in the creation of an ephemeral user record in memory. Unknown N/A n/a
CVE-2018-1000409 A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user signed up for a new user account. Unknown N/A n/a
CVE-2018-1000410 An information exposure vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier, and the Stapler framework used by these releases, in core/src/main/java/org/kohsuke/stapler/RequestImpl.java, core/src/main/java/hudson/model/Descriptor.java that allows attackers with Overall/Administer permission or access to the local file system to obtain credentials entered by users if the form submission could not be successfully processed. Unknown N/A n/a
CVE-2018-1000411 A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result. Unknown N/A n/a
CVE-2018-1000412 An improper authorization vulnerability exists in Jenkins Jira Plugin 3.0.1 and earlier in JiraSite.java that allows attackers with Overall/Read access to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Unknown N/A n/a
CVE-2018-1000413 A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly, providerlist.jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in Jenkins. Unknown N/A n/a
CVE-2018-1000414 A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions. Unknown N/A n/a
CVE-2018-1000415 A cross-site scripting vulnerability exists in Jenkins Rebuilder Plugin 1.28 and earlier in RebuildAction/BooleanParameterValue.jelly, RebuildAction/ExtendedChoiceParameterValue.jelly, RebuildAction/FileParameterValue.jelly, RebuildAction/LabelParameterValue.jelly, RebuildAction/ListSubversionTagsParameterValue.jelly, RebuildAction/MavenMetadataParameterValue.jelly, RebuildAction/NodeParameterValue.jelly, RebuildAction/PasswordParameterValue.jelly, RebuildAction/RandomStringParameterValue.jelly, RebuildAction/RunParameterValue.jelly, RebuildAction/StringParameterValue.jelly, RebuildAction/TextParameterValue.jelly, RebuildAction/ValidatingStringParameterValue.jelly that allows users with Job/Configuration permission to insert arbitrary HTML into rebuild forms. Unknown N/A n/a
CVE-2018-1000416 A reflected cross-site scripting vulnerability exists in Jenkins Job Config History Plugin 2.18 and earlier in all Jelly files that shows arbitrary attacker-specified HTML in Jenkins to users with Job/Configure access. Unknown N/A n/a
CVE-2018-1000417 A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and earlier in ExtEmailTemplateManagement.java that allows creating or removing templates. Unknown N/A n/a
CVE-2018-1000418 An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Unknown N/A n/a
CVE-2018-1000419 An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins. Unknown N/A n/a
CVE-2018-1000420 An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins. Unknown N/A n/a
CVE-2018-1000421 An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to initiate a test connection to an attacker-specified Mesos server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Unknown N/A n/a
CVE-2018-1000422 An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings. Unknown N/A n/a
CVE-2018-1000423 An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2. Unknown N/A n/a
CVE-2018-1000424 An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin. Unknown N/A n/a
CVE-2018-1000425 An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8 and earlier in SonarInstallation.java that allows attackers with local file system access to obtain the credentials used to connect to SonarQube. Unknown N/A n/a
CVE-2018-1000426 A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attackers able to control the Git history parsed by the plugin to have Jenkins render arbitrary HTML on some pages. Unknown N/A n/a
CVE-2018-1000500 Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file". Unknown N/A n/a
CVE-2018-1000501 Instant Update CMS contains a Password Reset Vulnerability vulnerability in /iu-application/controllers/administration/auth.php that can result in Account Tackover. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in v0.3.3. Unknown N/A n/a
CVE-2018-1000502 MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. This attack appear to be exploitable via Must have access to admin panel. This vulnerability appears to have been fixed in 1.8.15. Unknown N/A n/a
CVE-2018-1000503 MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be exploitable via Subscribe to a forum through IDOR. This vulnerability appears to have been fixed in 1.8.15. Unknown N/A n/a
CVE-2018-1000504 Redirection version 2.7.3 contains a ACE via file inclusion vulnerability in Pass-through mode that can result in allows admins to execute any PHP file in the filesystem. This attack appear to be exploitable via Attacker must be have access to an admin account on the target site. This vulnerability appears to have been fixed in 2.8. Unknown N/A n/a
CVE-2018-1000505 Tooltipy (tooltips for WP) version 5 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1. Unknown N/A n/a
CVE-2018-1000506 Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody to do almost anything an admin can. This attack appear to be exploitable via Logged in user must follow a link. This vulnerability appears to have been fixed in 1.2.9. Unknown N/A n/a
CVE-2018-1000507 WP User Groups version 2.0.0 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in allows anybody to modify user groups and types. This attack appear to be exploitable via Admin must click on link. This vulnerability appears to have been fixed in 2.1.1. Unknown N/A n/a
CVE-2018-1000508 WP ULike version 2.8.1, 3.1 contains a Cross Site Scripting (XSS) vulnerability in Settings screen that can result in allows unauthorised users to do almost anything an admin can. This attack appear to be exploitable via Admin must visit logs page. This vulnerability appears to have been fixed in 3.2. Unknown N/A n/a
CVE-2018-1000509 Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE vulnerability in Settings page AJAX that can result in could allow admin to execute arbitrary code in some circumstances. This attack appear to be exploitable via Attacker must have access to admin account. This vulnerability appears to have been fixed in 2.8. Unknown N/A n/a
CVE-2018-1000510 WP Image Zoom version 1.23 contains a Incorrect Access Control vulnerability in AJAX settings that can result in allows anybody to cause denial of service. This attack appear to be exploitable via Can be triggered intentionally (or unintentionally via CSRF) by any logged in user. This vulnerability appears to have been fixed in 1.24. Unknown N/A n/a
CVE-2018-1000511 WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulnerability in AJAX that can result in allows anybody to delete any row in certain tables. This attack appear to be exploitable via Attacker must make AJAX request. This vulnerability appears to have been fixed in 3.2. Unknown N/A n/a
CVE-2018-1000512 Tooltipy Tooltipy (tooltips for WP) version 5 contains a Cross Site Scripting (XSS) vulnerability in Glossary shortcode that can result in could allow anybody to do almost anything an admin can. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1. Unknown N/A n/a
CVE-2018-1000513 LimeSurvey version 3.0.0-beta.3+17110 contains a Cross Site Scripting (XSS) vulnerability in Boxes that can result in JS code execution against LimeSurvey admins. This vulnerability appears to have been fixed in 3.6.x. Unknown N/A n/a
CVE-2018-1000514 LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Boxes that can result in CSRF admins to delete boxes. This vulnerability appears to have been fixed in 3.6.x. Unknown N/A n/a
CVE-2018-1000515 ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity (XXE) vulnerability in News-Articles/API/MetaWebLog/Handler.ashx.vb that can result in Attacker can read any file in the server or use smbrelay attack to access to server.. Unknown N/A n/a
CVE-2018-1000516 The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many templates used in the Galaxy server did not properly sanitize user's input, which would allow for cross-site scripting (XSS) attacks. In this form of attack, a malicious person can create a URL which, when opened by a Galaxy user or administrator, would allow the malicious user to execute arbitrary Javascript. that can result in Arbitrary JavaScript code execution. This attack appear to be exploitable via The victim must interact with component on page witch contains injected JavaScript code.. This vulnerability appears to have been fixed in v14.10.1, v15.01. Unknown N/A n/a
CVE-2018-1000517 BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e. Unknown N/A n/a
CVE-2018-1000518 aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sending a specially crafted frame on an established connection. This vulnerability appears to have been fixed in 5. Unknown N/A n/a
CVE-2018-1000519 aio-libs aiohttp-session contains a Session Fixation vulnerability in load_session function for RedisStorage (see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttp_session/redis_storage.py#L42) that can result in Session Hijacking. This attack appear to be exploitable via Any method that allows setting session cookies (?session=<>, or meta tags or script tags with Set-Cookie). Unknown N/A n/a
CVE-2018-1000520 ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be exploitable via Peers negotiate a TLS-ECDH-RSA-* ciphersuite. Any of the peers can then provide an ECDSA-signed certificate, when only an RSA-signed one should be accepted.. Unknown N/A n/a
CVE-2018-1000521 BigTree-CMS contains a Cross Site Scripting (XSS) vulnerability in /users/create that can result in The low-privileged users can use this vulnerability to attack high-privileged(Developer) users.. This attack appear to be exploitable via no. This vulnerability appears to have been fixed in after commit b652cfdc14d0670c81ac4401ad5a04376745c279. Unknown N/A n/a
CVE-2018-1000523 topydo contains a CWE-20: Improper Input Validation vulnerability in ListFormatParser::parse, file topydo/lib/ListFormat.py line 292 as of d4f843dac71308b2f29a7c2cdc76f055c3841523 that can result in Injection of arbitrary bytes to the terminal, including terminal escape code sequences. This attack appear to be exploitable via The victim must open a todo.txt with at least one specially crafted line.. Unknown N/A n/a
CVE-2018-1000524 miniSphere version 5.2.9 and earlier contains a Integer Overflow vulnerability in layer_resize() function in map_engine.c that can result in remote denial of service. This attack appear to be exploitable via the victim must load a specially-crafted map which calls SetLayerSize in its entry script. This vulnerability appears to have been fixed in 5.0.3, 5.1.5, 5.2.10 and later. Unknown N/A n/a
CVE-2018-1000525 openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This vulnerability appears to have been fixed in after commit 097eae0. Unknown N/A n/a
CVE-2018-1000526 Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. This attack appear to be exploitable via Specially crafted XML file. This vulnerability appears to have been fixed in after commit 4974a26. Unknown N/A n/a
CVE-2018-1000527 Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $_POST['ssl_ipandport']. This vulnerability appears to have been fixed in after commit c1e62e6. Unknown N/A n/a
CVE-2018-1000528 GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password form (html/password.php, #308) that can result in injection of arbitrary web script or HTML. This attack appear to be exploitable via the victim must open a specially crafted web page. This vulnerability appears to have been fixed in after commit 56070d6289d47ba3f5918885954dcceb75606001. Unknown N/A n/a
CVE-2018-1000529 Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in Using the display tag that can result in XSS . This vulnerability appears to have been fixed in 2.2.8. Unknown N/A n/a
CVE-2018-1000531 inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-20 vulnerability in JWTDecoder.decode that can result in an incorrect signature validation of a JWT token. This attack can be exploitable when an attacker crafts a JWT token with a valid header using 'none' as algorithm and a body to requests it be validated. This vulnerability was fixed after commit abb0d479389a2509f939452a6767dc424bb5e6ba. Unknown N/A n/a
CVE-2018-1000532 beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users to run beep. Unknown N/A n/a
CVE-2018-1000533 klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user. This attack appear to be exploitable via Send POST request using search form. This vulnerability appears to have been fixed in 0.7 after commit 87b8c26b023c3fc37f0796b14bb13710f397b322. Unknown N/A n/a
CVE-2018-1000534 Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field - information on the fix can be found here https://github.com/laurent22/joplin/commit/494e235e18659574f836f84fcf9f4d4fcdcfcf89 that can result in executing unauthorized code within the rights in which the application is running. This attack appear to be exploitable via Victim synchronizing notes from the cloud services or other note-keeping services which contain malicious code. This vulnerability appears to have been fixed in 1.0.90 and later. Unknown N/A n/a
CVE-2018-1000535 lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. This attack appear to be exploitable via GET parameter. This vulnerability appears to have been fixed in after commit 254765e. Unknown N/A n/a
CVE-2018-1000536 Medis version 0.6.1 and earlier contains a XSS vulnerability evolving into code execution due to enabled nodeIntegration for the renderer process vulnerability in Key name parameter on new key creation that can result in Unauthorized code execution in the victim's machine, within the rights of the running application. This attack appear to be exploitable via Victim is synchronizing data from the redis server which contains malicious key value. Unknown N/A n/a
CVE-2018-1000537 Marlin Firmware Marlin version 1.1.x and earlier contains a Buffer Overflow vulnerability in cardreader.cpp (Depending on branch/version) that can result in Arbitrary code execution. This attack appear to be exploitable via Crafted G-Code instruction/file is sent to the printer. Unknown N/A n/a
CVE-2018-1000538 Minio Inc. Minio S3 server version prior to RELEASE.2018-05-16T23-35-33Z contains a Allocation of Memory Without Limits or Throttling (similar to CWE-774) vulnerability in write-to-RAM that can result in Denial of Service. This attack appear to be exploitable via Sending V4-(pre)signed requests with large bodies . This vulnerability appears to have been fixed in after commit 9c8b7306f55f2c8c0a5c7cea9a8db9d34be8faa7. Unknown N/A n/a
CVE-2018-1000539 Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 1.9.4 and later. Unknown N/A n/a
CVE-2018-1000540 LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted XML file. Unknown N/A n/a
CVE-2018-1000542 netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted MMD file. Unknown N/A n/a
CVE-2018-1000543 Akiee version 0.0.3 contains a XSS leading to code execution due to the use of node integration vulnerability in "Details" of a task is not validated that can result in XSS leading to abritrary code execution. This attack appear to be exploitable via The attacker tricks the victim into opening a crafted markdown. Unknown N/A n/a
CVE-2018-1000544 rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem.. Unknown N/A n/a
CVE-2018-1000546 Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted game data file (XML). Unknown N/A n/a
CVE-2018-1000547 coreBOS version 7.0 and earlier contains a Incorrect Access Control vulnerability in Module: Contacts that can result in The error allows you to access records that you have no permissions to. . Unknown N/A n/a
CVE-2018-1000548 Umlet version < 14.3 contains a XML External Entity (XXE) vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted UXF file. This vulnerability appears to have been fixed in 14.3. Unknown N/A n/a
CVE-2018-1000549 Wekan version 1.04.0 contains a Email / Username Enumeration vulnerability in Register' and 'Forgot your password?' pages that can result in A remote attacker could perform a brute force attack to obtain valid usernames and email addresses.. This attack appear to be exploitable via HTTP Request. Unknown N/A n/a
CVE-2018-1000550 The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This vulnerability appears to have been fixed in 6.2.32. Unknown N/A n/a
CVE-2018-1000551 Trovebox version <= 4.0.0-rc6 contains a PHP Type juggling vulnerability in album view component that can result in Authentication bypass. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit 742b8edbe. Unknown N/A n/a
CVE-2018-1000552 Trovebox version <= 4.0.0-rc6 contains a SQL Injection vulnerability in album component that can result in SQL code injection. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed. Unknown N/A n/a
CVE-2018-1000553 Trovebox version <= 4.0.0-rc6 contains a Server-Side request forgery vulnerability in webhook component that can result in read or update internal resources. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed. Unknown N/A n/a
CVE-2018-1000554 Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in user component that can result in Password reset. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed. Unknown N/A n/a
CVE-2018-1000556 WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing a cookie to code injection. This attack appear to be exploitable via an attacker must craft an URL with payload and send to the user. Victim need to open the link to be affected by reflected XSS. . Unknown N/A n/a
CVE-2018-1000557 OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search functionality that can result in An attacker is able to execute arbitrary (javascript) code within a victims' browser. This attack appear to be exploitable via Victim must open a crafted link to the application. This vulnerability appears to have been fixed in ocsreports 2.4.1. Unknown N/A n/a
CVE-2018-1000558 OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By sending crafted requests it is possible to gain database access. This vulnerability appears to have been fixed in 2.4.1. Unknown N/A n/a
CVE-2018-1000559 qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This attack appear to be exploitable via the victim must open a page with a specially crafted attribute, and then open the qute://history site via the :history command. This vulnerability appears to have been fixed in fixed in v1.3.3 (4c9360237f186681b1e3f2a0f30c45161cf405c7, to be released today) and v1.4.0 (5a7869f2feaa346853d2a85413d6527c87ef0d9f, released later this week).</td> <td>Unknown</td> <td>N/A</td> <td>n/a</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2018-1000559"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2018-1000600</td> <td>A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.</td> <td>Unknown</td> <td>2018-06-26</td> <td>n/a</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2018-1000600"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2018-1000601</td> <td>A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system.</td> <td>Unknown</td> <td>2018-06-26</td> <td>n/a</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2018-1000601"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2018-1000602</td> <td>A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session.</td> <td>Unknown</td> <td>2018-06-26</td> <td>n/a</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2018-1000602"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2018-1000603</td> <td>A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java, JCloudsSlaveTemplate.java, LauncherFactory.java, OpenstackCredentials.java, OpenStackMachineStep.java, SlaveOptions.java, SlaveOptionsDescriptor.java that allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins, and to cause Jenkins to submit HTTP requests to attacker-specified URLs.</td> <td>Unknown</td> <td>2018-06-26</td> <td>n/a</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2018-1000603"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2018-1000604</td> <td>A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.</td> <td>Unknown</td> <td>2018-06-26</td> <td>n/a</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2018-1000604"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2018-1000605</td> <td>A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to.</td> <td>Unknown</td> <td>2018-06-26</td> <td>n/a</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2018-1000605"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2018-1000606</td> <td>A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.</td> <td>Unknown</td> <td>2018-06-26</td> <td>n/a</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2018-1000606"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2018-1000607</td> <td>A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any file on the Jenkins master file system, only limited by the permissions of the user the Jenkins master process is running as.</td> <td>Unknown</td> <td>2018-06-26</td> <td>n/a</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2018-1000607"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2018-1000608</td> <td>A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured password.</td> <td>Unknown</td> <td>N/A</td> <td>n/a</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2018-1000608"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2018-1000609</td> <td>A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration.</td> <td>Unknown</td> <td>2018-06-26</td> <td>n/a</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2018-1000609"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2018-1000610</td> <td>A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords configured using Configuration as Code Plugin.</td> <td>Unknown</td> <td>2018-06-26</td> <td>n/a</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2018-1000610"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2018-1000611</td> <td>SURFnet OpenConext EngineBlock version 5.7.0 to 5.7.3 contains a Cross Site Scripting (XSS) vulnerability that can result in Allows an attacker to inject arbitrary web scripts or HTML into help and login pages. This attack appear to be exploitable via the victim opening a specially crafted URL.</td> <td>Unknown</td> <td>2018-07-09</td> <td>n/a</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2018-1000611"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2018-1000613</td> <td>Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.</td> <td>Unknown</td> <td>N/A</td> <td>n/a</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2018-1000613"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2018-1000614</td> <td>ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication.. This attack appear to be exploitable via crafted protocol message.</td> <td>Unknown</td> <td>2018-07-09</td> <td>n/a</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2018-1000614"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2018-1000615</td> <td>ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via the attacker should be able to control or forge a switch in the network..</td> <td>Unknown</td> <td>2018-07-09</td> <td>n/a</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2018-1000615"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2018-1000616</td> <td>ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device.. This attack appear to be exploitable via network connectivity.</td> <td>Unknown</td> <td>2018-07-09</td> <td>n/a</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2018-1000616"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2018-1000617</td> <td>Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Denial of Service vulnerability in Forwarding module that can result in Improper type cast in Forwarding module allows remote attackers to cause a DoS(thread crash).. This attack appear to be exploitable via network connectivity (Remote attack).</td> <td>Unknown</td> <td>N/A</td> <td>n/a</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2018-1000617"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2018-1000618</td> <td>EOSIO/eos eos version after commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168 contains a stack overflow vulnerability in abi_serializer that can result in attack eos network node. This attack appear to be exploitable via network request. This vulnerability appears to have been fixed in after commit cf7209e703e6d3f7a5413e0cb1fe88a4d8e4b38d .</td> <td>Unknown</td> <td>2018-07-09</td> <td>n/a</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2018-1000618"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2018-1000619</td> <td>Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, bab_getAddonFilePathfromTg that can result in Authenticated Remote Code Execution. This attack appear to be exploitable via The attacker must have permission to upload addons.</td> <td>Unknown</td> <td>2018-07-09</td> <td>n/a</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2018-1000619"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> </table> </div> </div> </div> </div> </div> </div> <!-- Bottom Code --> </div> <!-- Footer-Section --> <div class="footer-section"> <div class="container"> <div class="row"> <!-- <div class="col-lg-4 col-md-4 col-sm-6"> <div class="footer-content1"> <a href="index.html" class="text-decoration-none"><figure><img src="./assets/images/footer-logo.png" alt="" class="img-fluid"></figure></a> <p class="footer-section-text">Deleniti aeue corrupti quos dolores et quas molestias excepturi sint occaecati rupiditate non provident, similique sunt...</p> <ul class="list-unstyled"> <li class="list-item"> <a href="#"><i class="fa-brands fa-facebook-f marginLeft"></i></a> <a href="#"><i class="fa-brands fa-twitter marginLeft"></i></a> <a href="#"><i class="fa-brands fa-instagram marginLeft"></i></a> </li> </ul> </div> </div> --> <div class="col-lg-2 col-md-2 col-sm-12 d-lg-block d-none"> <h5 class="footer-link footer-next-list footer-next-list-about">About Us</h5> <ul class="useful-footer"> <li> <a href="Controller?page=home" class="text-decoration-none footer-link-p"> About Us </a> </li> <li> <a href="Controller?page=contact_us" class="text-decoration-none footer-link-p"> Contact us </a> </li> <li> <a href="Controller?page=tos" class="text-decoration-none footer-link-p"> Terms of Service </a> </li> </ul> </div> <div class="col-lg-3 col-md-4 col-sm-12 d-md-block d-none"> <h5 class="footer-link text-white footer-next-list footer-next-list-contact">Contact Info</h5> <div class="footer-list footer-link contact-list"> <div class="icon-list-box1"> <ul class="list-unstyled contact-us-ul"> <li class="list-item"> <a href="mailto:info@vulnerability-insight.com" class="text-decoration-none footer-link-auto">info@vulnerability-insight.com</a> <i class="fa fa-envelope fa-icon footer-location2"></i> </li> <li class="list-item"> </li> <li class="list-item"> <a class="text-decoration-none footer-link-auto">Kuala Lumpur, MALAYSIA</a> </li><i class="fa-solid fa-location-dot footer-location"></i> </ul> </div> </div> </div> <div class="col-lg-6 col-md-4 col-sm-6"> <div class="footer-list signupbox"> <div class="form-btn"> <form id="subscribeForm" action="Controller?page=subscribing_us" method="POST" onsubmit="return validateEmail()"> <h4 class="footer-link text-white footer-next-list footer-next-list-signup">Sign up for Newsletter</h4> <div class="icon-list-box1"> <div class="col-inner"> <input type="text" id="email" name="email" class="form-control input-fill" placeholder="Email Address:"> </div> <div class="form-btn"> <button type="submit" class="btn btn-primary" onclick="subscribe()">Subscribe</button> </div> </div> <p id="message" style="color: red;"> </p> </form> </div> </div> </div> </div> </div> <div class="footer-bar text-center"> <div class="row"> <div class="footer-bar-content w-100"> <p class="text-size-16 mb-0"><a href="Controller?page=home"> vunerability-insight.com © 2023 - 2025</a>. All Rights Reserved. <br>Vulnerability Data Repositories v </p> </div> </div> </div> </div> <script> function validateEmail() { // Get the email value from the input field var email = document.getElementById('email').value; // Email validation using a regular expression var emailPattern = /^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/; if (!emailPattern.test(email)) { // Display error message if the email is invalid var messageElement = document.getElementById('message'); messageElement.textContent = 'Please enter a valid email address.'; messageElement.classList.remove('success-message'); messageElement.classList.add('error-message'); hideMessageAfterDelay(); // Hide message after delay return false; // Prevent form submission } return true; // Allow form submission if email is valid } // Function to hide the message after 5 seconds function hideMessageAfterDelay() { setTimeout(function() { document.getElementById('message').style.display = 'none'; // Hide the message }, 5000); // 5000 milliseconds = 5 seconds } </script> <script src="https://code.jquery.com/jquery-1.12.1.min.js"></script> <script src="assets/js/animations.js"></script> <script src="assets/js/bootstrap.min.js"></script> <script src="assets/js/jquery-3.6.0.min.js"></script> <script src="assets/js/popper.min.js"></script> <script src="assets/js/owl.carousel.js"></script> <script src="https://unpkg.com/aos@2.3.1/dist/aos.js"></script> <script src="assets/js/text-animations.js"></script> <script src="assets/js/carousel.js"></script> <script src="assets/js/showhide.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/jquery.magnific-popup.js"></script> <script src="https://unpkg.com/ityped@0.0.10"></script> <script src="./assets/js/type.js"></script> <script src="assets/js/custom-script.js"></script> </body> </html>