CVE List - 2018 / September
Showing 1 - 100 of 1169 CVEs for September 2018 (Page 1 of 12)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-15157 | 2018-09-01 | The libfsclfs_block_read function in libfsclfs_block.c in libfsclfs before 2018-07-25 allows remote attackers to cause a heap-based buffer over-read via a crafted clfs file. NOTE: the vendor has disputed this as... |
| CVE-2018-15158 | 2018-09-01 | The libesedb_page_read_values function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as... |
| CVE-2018-15159 | 2018-09-01 | The libesedb_page_read_tags function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as... |
| CVE-2018-15160 | 2018-09-01 | The libesedb_catalog_definition_read function in libesedb_catalog_definition.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as... |
| CVE-2018-15161 | 2018-09-01 | The libesedb_key_append_data function in libesedb_key.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as... |
| CVE-2018-16302 | 2018-09-01 | MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted file. |
| CVE-2018-16303 | 2018-09-01 | PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564. |
| CVE-2018-16308 | 2018-09-01 | The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. |
| CVE-2018-16313 | 2018-09-01 | Bludit 2.3.4 allows XSS via a user name. |
| CVE-2018-16314 | 2018-09-01 | An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an... |
| CVE-2018-16315 | 2018-09-01 | In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add. |
| CVE-2018-16316 | 2018-09-01 | A stored Cross-site scripting (XSS) vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field. |
| CVE-2018-16320 | 2018-09-01 | idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file. |
| CVE-2018-16323 | 2018-09-01 | ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library... |
| CVE-2018-16324 | 2018-09-01 | In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. |
| CVE-2018-16325 | 2018-09-01 | There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field. |
| CVE-2018-16327 | 2018-09-01 | There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration. |
| CVE-2018-16328 | 2018-09-01 | In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. |
| CVE-2018-16329 | 2018-09-01 | In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c. |
| CVE-2018-16330 | 2018-09-02 | Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element. |
| CVE-2018-16331 | 2018-09-02 | admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password. |
| CVE-2018-16332 | 2018-09-02 | An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability. |
| CVE-2018-16333 | 2018-09-02 | An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While... |
| CVE-2018-16334 | 2018-09-02 | An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection. |
| CVE-2018-16335 | 2018-09-02 | newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact... |
| CVE-2018-16336 | 2018-09-02 | Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999. |
| CVE-2018-16337 | 2018-09-02 | An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save. |
| CVE-2018-16338 | 2018-09-02 | An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a... |
| CVE-2018-16339 | 2018-09-02 | An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser. |
| CVE-2018-16342 | 2018-09-02 | ShowDoc v1.8.0 has XSS via a new page. |
| CVE-2018-16343 | 2018-09-02 | SeaCMS 6.61 allows remote attackers to execute arbitrary code because parseIf() in include/main.class.php does not block use of $GLOBALS. |
| CVE-2018-16344 | 2018-09-02 | An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access... |
| CVE-2018-16345 | 2018-09-02 | An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent. |
| CVE-2018-16346 | 2018-09-02 | ChemCMS 1.0.6 has XSS via the "setting -> website information" field. |
| CVE-2018-16347 | 2018-09-02 | An issue was discovered in Gleez CMS v1.2.0. There is XSS via media/imagecache/resize. |
| CVE-2018-16348 | 2018-09-02 | SeaCMS V6.61 has XSS via the admin_video.php v_content parameter, related to the site name. |
| CVE-2018-16349 | 2018-09-02 | WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter. |
| CVE-2018-16350 | 2018-09-02 | WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter. |
| CVE-2018-16352 | 2018-09-02 | There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is... |
| CVE-2018-16353 | 2018-09-02 | An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the /index.php/Customer/read limit parameter. |
| CVE-2018-16354 | 2018-09-02 | An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the index.php/User/read limit parameter. |
| CVE-2018-16358 | 2018-09-02 | A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file... |
| CVE-2018-16359 | 2018-09-02 | Google gVisor before 2018-08-23, within the seccomp sandbox, permits access to the renameat system call, which allows attackers to rename files on the host OS. |
| CVE-2018-16362 | 2018-09-02 | An issue was discovered in the Source Integration plugin before 1.5.9 and 2.x before 2.1.5 for MantisBT. A cross-site scripting (XSS) vulnerability in the Manage Repository and Changesets List pages... |
| CVE-2018-16365 | 2018-09-02 | An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF. |
| CVE-2018-16366 | 2018-09-02 | An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF. |
| CVE-2018-16367 | 2018-09-02 | In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file anywhere. A user can write a directory listing to /tmp, and can leak file... |
| CVE-2018-16368 | 2018-09-03 | SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. |
| CVE-2018-16369 | 2018-09-03 | XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE:... |
| CVE-2018-16370 | 2018-09-03 | In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team&m=Setting&a=upgrade by placing a .php file in a ZIP archive. |
| CVE-2018-16371 | 2018-09-03 | PESCMS Team 2.2.1 has multiple reflected XSS via the keyword parameter: g=Team&m=User&a=index&keyword=, g=Team&m=User_group&a=index&keyword=, g=Team&m=Department&a=index&keyword=, and g=Team&m=Bulletin&a=index&keyword=. |
| CVE-2018-16372 | 2018-09-03 | The issue was discovered in IdeaCMS through 2016-04-30. There is reflected XSS via the index.php?c=content&a=search kw parameter. NOTE: this product is discontinued. |
| CVE-2018-16373 | 2018-09-03 | Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save. |
| CVE-2018-16374 | 2018-09-03 | Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings. |
| CVE-2018-16375 | 2018-09-03 | An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow. |
| CVE-2018-16376 | 2018-09-03 | An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote... |
| CVE-2018-16379 | 2018-09-03 | Ogma CMS 0.4 Beta has XSS via the "Footer Text footer" field on the "Theme/Theme Options" screen. |
| CVE-2018-16380 | 2018-09-03 | An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF vulnerability in users.php?action=createnew that can add an admin account. |
| CVE-2018-16384 | 2018-09-03 | A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and... |
| CVE-2018-16382 | 2018-09-03 | Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c. |
| CVE-2018-16385 | 2018-09-03 | ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string. |
| CVE-2018-16387 | 2018-09-03 | An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF vulnerability that can add an account via user/add. |
| CVE-2018-16391 | 2018-09-03 | Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause... |
| CVE-2018-16392 | 2018-09-03 | Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause... |
| CVE-2018-16393 | 2018-09-03 | Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to... |
| CVE-2018-16397 | 2018-09-03 | In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file, |
| CVE-2018-16398 | 2018-09-03 | In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=\/start to bypass a policy in which "docker start" is allowed but "docker pause" is not allowed. |
| CVE-2018-16402 | 2018-09-03 | libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. |
| CVE-2018-16403 | 2018-09-03 | libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash. |
| CVE-2018-16405 | 2018-09-03 | An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS. |
| CVE-2018-16406 | 2018-09-03 | An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app has XSS via a crafted cabinet label. |
| CVE-2018-16407 | 2018-09-03 | An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled. |
| CVE-2018-16408 | 2018-09-03 | D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access. |
| CVE-2018-16409 | 2018-09-03 | In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF. |
| CVE-2018-16410 | 2018-09-03 | Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php. |
| CVE-2018-16412 | 2018-09-03 | ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function. |
| CVE-2018-16413 | 2018-09-03 | ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function. |
| CVE-2018-16416 | 2018-09-03 | Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password. |
| CVE-2018-16418 | 2018-09-04 | A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of... |
| CVE-2018-16419 | 2018-09-04 | Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause... |
| CVE-2018-16420 | 2018-09-04 | Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to... |
| CVE-2018-16421 | 2018-09-04 | Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause... |
| CVE-2018-16422 | 2018-09-04 | A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards... |
| CVE-2018-16423 | 2018-09-04 | A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a... |
| CVE-2018-16424 | 2018-09-04 | A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to... |
| CVE-2018-16425 | 2018-09-04 | A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause... |
| CVE-2018-16426 | 2018-09-04 | Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or... |
| CVE-2018-16427 | 2018-09-04 | Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs. |
| CVE-2018-16428 | 2018-09-04 | In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference. |
| CVE-2018-16429 | 2018-09-04 | GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). |
| CVE-2018-16430 | 2018-09-04 | GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c. |
| CVE-2018-16431 | 2018-09-04 | admin/admin/adminsave.html in YFCMF v3.0 allows CSRF to add an administrator account. |
| CVE-2018-16432 | 2018-09-04 | BlueCMS 1.6 allows SQL Injection via the user_name parameter to uploads/user.php?act=index_login. |
| CVE-2018-16435 | 2018-09-04 | Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a... |
| CVE-2018-16438 | 2018-09-04 | An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c. |
| CVE-2018-16444 | 2018-09-04 | An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter. |
| CVE-2018-16445 | 2018-09-04 | An issue was discovered in SeaCMS through 6.61. SQL injection exists via the tid parameter in an adm1n/admin_topic_vod.php request. |
| CVE-2018-16446 | 2018-09-04 | An issue was discovered in SeaCMS through 6.61. adm1n/admin_database.php allows remote attackers to delete arbitrary files via directory traversal sequences in the bakfiles parameter. This can allow the product to... |
| CVE-2018-16447 | 2018-09-04 | Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF. |
| CVE-2018-16448 | 2018-09-04 | Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save. |