CVE List - 2018 / October
Showing 1 - 100 of 1468 CVEs for October 2018 (Page 1 of 15)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-17217 | 2018-10-01 | An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is a hardcoded encryption key. |
| CVE-2018-17218 | 2018-10-01 | An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is reflected XSS in the SQUEAL search function. |
| CVE-2015-9267 | 2018-10-01 | Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or... |
| CVE-2015-9268 | 2018-10-01 | Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at... |
| CVE-2018-17427 | 2018-10-01 | SIMDComp before 0.1.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) because it can read (and then discard) extra bytes. |
| CVE-2018-17825 | 2018-10-01 | An issue was discovered in AdPlug 2.3.1. There are several double-free vulnerabilities in the CEmuopl class in emuopl.cpp because of a destructor's two OPLDestroy calls, each of which frees TL_TABLE,... |
| CVE-2018-17826 | 2018-10-01 | HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add an administrator account. The attacker can then use that account to execute arbitrary PHP code by leveraging app/common/model/AdminAnnex.php to add .php to... |
| CVE-2018-17827 | 2018-10-01 | HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP code by editing a plugin's name to contain that code. This name is then injected into app/admin/model/AdminPlugins.php. |
| CVE-2018-17828 | 2018-10-01 | Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file. |
| CVE-2018-17830 | 2018-10-01 | The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=&args[... |
| CVE-2018-17831 | 2018-10-01 | In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was... |
| CVE-2018-17832 | 2018-10-01 | XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter. |
| CVE-2018-17835 | 2018-10-01 | An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created... |
| CVE-2018-17836 | 2018-10-01 | An issue was discovered in JTBC(PHP) 3.0.1.6. It allows remote attackers to execute arbitrary PHP code by using a /console/file/manage.php?type=action&action=addfile&path=..%2F substring to upload, in conjunction with a multipart/form-data PHP payload. |
| CVE-2018-17837 | 2018-10-01 | An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file deletion is possible via a /console/file/manage.php?type=action&action=delete&path=c%3A%2F substring. |
| CVE-2018-17838 | 2018-10-01 | An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file read operations are possible via a /console/#/console/file/manage.php?type=list&path=c:/ substring. |
| CVE-2018-17846 | 2018-10-01 | The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification. |
| CVE-2018-17847 | 2018-10-01 | The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElements, during an... |
| CVE-2018-17848 | 2018-10-01 | The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an... |
| CVE-2018-17852 | 2018-10-01 | A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI. |
| CVE-2018-17854 | 2018-10-01 | SIMDComp before 0.1.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) because it can read (and then discard) extra bytes. NOTE: this issue... |
| CVE-2018-14788 | 2018-10-01 | Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. A buffer overflow information disclosure vulnerability occurs when parsing certain file types. |
| CVE-2018-14790 | 2018-10-01 | Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. A buffer over-read vulnerability may allow remote code execution on the device. |
| CVE-2018-14794 | 2018-10-01 | Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. The device does not perform a check on the length/size of a project file before copying the entire contents of the... |
| CVE-2018-14798 | 2018-10-01 | Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly parse FNC files that may allow for information disclosure. |
| CVE-2018-14802 | 2018-10-01 | Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly check user-supplied comments which may allow for arbitrary remote code... |
| CVE-2018-1420 | 2018-10-01 | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security... |
| CVE-2018-1672 | 2018-10-01 | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity... |
| CVE-2018-10605 | 2018-10-01 | Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/upload a new system configuration or take the full control over the RTU using default credentials to connect... |
| CVE-2018-14804 | 2018-10-01 | Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution. |
| CVE-2018-14808 | 2018-10-01 | Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products. |
| CVE-2018-4001 | 2018-10-01 | An exploitable uninitialized pointer vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause an uninitialized pointer representing a TTableRow... |
| CVE-2018-15700 | 2018-10-01 | The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer... |
| CVE-2018-15701 | 2018-10-01 | The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Cookie... |
| CVE-2018-15702 | 2018-10-01 | The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field. |
| CVE-2018-3975 | 2018-10-01 | An exploitable uninitialized variable vulnerability exists in the RTF-parsing functionality of Atlantis Word Processor 3.2.6 version. A specially crafted RTF file can leverage an uninitialized stack address, resulting in an... |
| CVE-2018-3978 | 2018-10-01 | An exploitable out-of-bounds write vulnerability exists in the Word Document parser of the Atlantis Word Processor 3.0.2.3, 3.0.2.5. A specially crafted document can cause Atlantis to write a value outside... |
| CVE-2018-3981 | 2018-10-01 | An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. |
| CVE-2018-3982 | 2018-10-01 | An exploitable arbitrary write vulnerability exists in the Word document parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can prevent Atlas from adding elements to... |
| CVE-2018-3984 | 2018-10-01 | An exploitable uninitialized length vulnerability exists within the Word document-parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can cause Atlantis to skip initializing a value... |
| CVE-2018-3998 | 2018-10-01 | An exploitable heap-based buffer overflow vulnerability exists in the Windows enhanced metafile parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause an... |
| CVE-2018-3999 | 2018-10-01 | An exploitable stack-based buffer overflow vulnerability exists in the JPEG parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause a length to... |
| CVE-2018-4000 | 2018-10-01 | An exploitable double-free vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause a TTableRow instance to be referenced twice,... |
| CVE-2015-9269 | 2018-10-01 | The export/content.php exportarticle feature in the wordpress-mobile-pack plugin before 2.1.3 2015-06-03 for WordPress allows remote attackers to obtain sensitive information because the content of a privately published post is sent... |
| CVE-2015-9270 | 2018-10-01 | XSS exists in the the-holiday-calendar plugin before 1.11.3 for WordPress via the thc-month parameter. |
| CVE-2018-17867 | 2018-10-01 | The Port Forwarding functionality on DASAN H660GW devices allows remote attackers to execute arbitrary code via shell metacharacters in the cgi-bin/adv_nat_virsvr.asp Addr parameter (aka the Local IP Address field). |
| CVE-2018-17868 | 2018-10-01 | DASAN H660GW devices have Stored XSS in the Port Forwarding functionality. |
| CVE-2018-17869 | 2018-10-01 | DASAN H660GW devices do not implement any CSRF protection mechanism. |
| CVE-2018-17870 | 2018-10-01 | An issue was discovered in BTITeam XBTIT 2.5.4. The "returnto" parameter of account_change.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683. |
| CVE-2018-17874 | 2018-10-01 | ExpressionEngine before 4.3.5 has reflected XSS. |
| CVE-2018-11072 | 2018-10-02 | Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection Vulnerability. A local authenticated malicious user with advance knowledge of the application workflow could potentially load and execute a... |
| CVE-2018-9069 | 2018-10-02 | BIOS Write Protection Race Condition |
| CVE-2017-1649 | 2018-10-02 | IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI... |
| CVE-2018-12473 | 2018-10-02 | path traversal in obs-service-tar_scm |
| CVE-2018-1395 | 2018-10-02 | IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI... |
| CVE-2018-1403 | 2018-10-02 | IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI... |
| CVE-2018-1404 | 2018-10-02 | IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI... |
| CVE-2018-1405 | 2018-10-02 | IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI... |
| CVE-2018-1439 | 2018-10-02 | IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI... |
| CVE-2018-1440 | 2018-10-02 | IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI... |
| CVE-2018-1498 | 2018-10-02 | IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 141223. |
| CVE-2018-1509 | 2018-10-02 | IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The... |
| CVE-2018-1522 | 2018-10-02 | IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI... |
| CVE-2018-1557 | 2018-10-02 | IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI... |
| CVE-2018-1558 | 2018-10-02 | IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI... |
| CVE-2018-1593 | 2018-10-02 | IBM Multi-Cloud Data Encryption (MDE) 2.1 could allow an unauthorized user to manipulate data due to missing file checksums. IBM X-Force ID: 143568. |
| CVE-2018-1601 | 2018-10-02 | IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI... |
| CVE-2018-1605 | 2018-10-02 | IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI... |
| CVE-2018-1691 | 2018-10-02 | IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI... |
| CVE-2018-1692 | 2018-10-02 | IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI... |
| CVE-2018-6261 | 2018-10-02 | NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation... |
| CVE-2018-6262 | 2018-10-02 | NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to... |
| CVE-2018-15563 | 2018-10-02 | _core/admin/pages/add/ in Subrion CMS 4.2.1 has XSS via the titles[en] parameter. |
| CVE-2018-15752 | 2018-10-02 | An issue was discovered in the MensaMax (aka com.breustedt.mensamax) application 4.3 for Android. Cleartext Transmission of Sensitive Information allows man-in-the-middle attackers to eavesdrop authentication information between the application and the... |
| CVE-2018-15753 | 2018-10-02 | An issue was discovered in the MensaMax (aka com.breustedt.mensamax) application 4.3 for Android. The use of a Hard-coded DES Cryptographic Key allows an attacker who decodes the application to decrypt... |
| CVE-2018-16984 | 2018-10-02 | An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin... |
| CVE-2018-17587 | 2018-10-02 | AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. |
| CVE-2018-17588 | 2018-10-02 | AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. |
| CVE-2018-17589 | 2018-10-02 | AirTies Air 5650 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. |
| CVE-2018-17590 | 2018-10-02 | AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. |
| CVE-2018-17591 | 2018-10-02 | AirTies Air 5343v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. |
| CVE-2018-17593 | 2018-10-02 | AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. |
| CVE-2018-17594 | 2018-10-02 | AirTies Air 5443v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. |
| CVE-2018-17595 | 2018-10-02 | In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI. |
| CVE-2018-17596 | 2018-10-02 | In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter. |
| CVE-2018-17786 | 2018-10-02 | On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary code. |
| CVE-2018-17787 | 2018-10-02 | On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function. |
| CVE-2018-17884 | 2018-10-02 | XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook (gwolle-gb) plugin before 2.5.4 for WordPress via the PATH_INFO to wp-admin/index.php |
| CVE-2018-17886 | 2018-10-02 | An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a <svg/onLoad=confirm substring. NOTE: this vulnerability exists because of an incomplete fix... |
| CVE-2018-11748 | 2018-10-02 | Previous releases of the Puppet device_manager module creates configuration files containing credentials that are world readable. This issue has been resolved as of device_manager 2.7.0. |
| CVE-2018-11750 | 2018-10-02 | Previous releases of the Puppet cisco_ios module did not validate a host's identity before starting a SSH connection. As of the 0.4.0 release of cisco_ios, host key checking is enabled... |
| CVE-2018-11752 | 2018-10-02 | Previous releases of the Puppet cisco_ios module output SSH session debug information including login credentials to a world readable file on every run. These issues have been resolved in the... |
| CVE-2018-9452 | 2018-10-02 | In getOffsetForHorizontal of Layout.java, there is a possible application hang due to a slow width calculation. This could lead to remote denial of service if a contact with many hidden... |
| CVE-2018-9473 | 2018-10-02 | In ihevcd_parse_sei_payload of ihevcd_parse_headers.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction... |
| CVE-2018-9476 | 2018-10-02 | In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible use-after-free due to improper locking. This could lead to remote escalation of privilege in the Bluetooth service with no additional execution privileges... |
| CVE-2018-9490 | 2018-10-02 | In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type confusion. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2018-9491 | 2018-10-02 | In AMediaCodecCryptoInfo_new of NdkMediaCodec.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution in external apps with no additional execution privileges... |
| CVE-2018-9492 | 2018-10-02 | In checkGrantUriPermissionLocked of ActivityManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for... |
| CVE-2018-9493 | 2018-10-02 | In the content provider of the download manager, there is a possible SQL injection due to improper input validation. This could lead to local information disclosure with no additional execution... |
| CVE-2018-9496 | 2018-10-02 | In ixheaacd_real_synth_fft_p3 of ixheaacd_esbr_fft.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges... |