CVE List - 2018 / September
Showing 101 - 200 of 1169 CVEs for September 2018 (Page 2 of 12)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-16448 | 2018-09-04 | Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save,... |
| CVE-2018-16449 | 2018-09-04 | OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html,... |
| CVE-2018-16450 | 2018-09-04 | CraftedWeb through 2013-09-24 has reflected XSS via the p parameter. |
| CVE-2018-16458 | 2018-09-04 | An issue was discovered in baigo CMS v2.1.1. There is... |
| CVE-2018-14627 | 2018-09-04 | The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does... |
| CVE-2018-0646 | 2018-09-04 | Directory traversal vulnerability in Explzh v.7.58 and earlier allows an... |
| CVE-2018-0656 | 2018-09-04 | Untrusted search path vulnerability in The installer of Digital Paper... |
| CVE-2018-0664 | 2018-09-04 | A vulnerability in NoMachine App for Android 5.0.63 and earlier... |
| CVE-2018-0672 | 2018-09-04 | Cross-site scripting vulnerability in Movable Type versions prior to Ver.... |
| CVE-2018-0674 | 2018-09-04 | AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script execution via... |
| CVE-2018-0675 | 2018-09-04 | AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script execution via... |
| CVE-2018-10904 | 2018-09-04 | It was found that glusterfs server does not properly sanitize... |
| CVE-2018-10907 | 2018-09-04 | It was found that glusterfs server is vulnerable to multiple... |
| CVE-2018-10911 | 2018-09-04 | A flaw was found in the way dic_unserialize function of... |
| CVE-2018-10913 | 2018-09-04 | An information disclosure vulnerability was discovered in glusterfs server. An... |
| CVE-2018-10914 | 2018-09-04 | It was found that an attacker could issue a xattr... |
| CVE-2018-10923 | 2018-09-04 | It was found that the "mknod" call derived from mknod(2)... |
| CVE-2018-10924 | 2018-09-04 | It was discovered that fsync(2) system call in glusterfs client... |
| CVE-2018-10926 | 2018-09-04 | A flaw was found in RPC request using gfs3_mknod_req supported... |
| CVE-2018-10927 | 2018-09-04 | A flaw was found in RPC request using gfs3_lookup_req in... |
| CVE-2018-10928 | 2018-09-04 | A flaw was found in RPC request using gfs3_symlink_req in... |
| CVE-2018-10929 | 2018-09-04 | A flaw was found in RPC request using gfs2_create_req in... |
| CVE-2018-10930 | 2018-09-04 | A flaw was found in RPC request using gfs3_rename_req in... |
| CVE-2018-11262 | 2018-09-04 | In Android for MSM, Firefox OS for MSM, and QRD... |
| CVE-2018-7936 | 2018-09-04 | Mate 10 Pro Huawei smart phones with the versions before... |
| CVE-2018-7937 | 2018-09-04 | In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10... |
| CVE-2018-7938 | 2018-09-04 | P10 Huawei smartphones with the versions before Victoria-AL00AC00B217 have an... |
| CVE-2018-7990 | 2018-09-04 | Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00)... |
| CVE-2018-6554 | 2018-09-04 | Memory leak in the irda_bind function in net/irda/af_irda.c and later... |
| CVE-2018-6555 | 2018-09-04 | The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in... |
| CVE-2018-6923 | 2018-09-04 | In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code... |
| CVE-2018-16509 | 2018-09-05 | An issue was discovered in Artifex Ghostscript before 9.24. Incorrect... |
| CVE-2018-16510 | 2018-09-05 | An issue was discovered in Artifex Ghostscript before 9.24. Incorrect... |
| CVE-2018-16511 | 2018-09-05 | An issue was discovered in Artifex Ghostscript before 9.24. A... |
| CVE-2018-0502 | 2018-09-05 | An issue was discovered in zsh before 5.6. The beginning... |
| CVE-2018-13259 | 2018-09-05 | An issue was discovered in zsh before 5.6. Shebang lines... |
| CVE-2018-16513 | 2018-09-05 | In Artifex Ghostscript before 9.24, attackers able to supply crafted... |
| CVE-2018-1353 | 2018-09-05 | An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below... |
| CVE-2018-9192 | 2018-09-05 | A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM)... |
| CVE-2018-9194 | 2018-09-05 | A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM)... |
| CVE-2018-16516 | 2018-09-05 | helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted... |
| CVE-2018-16518 | 2018-09-05 | A directory traversal vulnerability with remote code execution in Prim'X... |
| CVE-2018-16521 | 2018-09-05 | An XML External Entity (XXE) vulnerability exists in HTML Form... |
| CVE-2016-1000030 | 2018-09-05 | Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports... |
| CVE-2016-1000232 | 2018-09-05 | NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability... |
| CVE-2018-16539 | 2018-09-05 | In Artifex Ghostscript before 9.24, attackers able to supply crafted... |
| CVE-2018-16540 | 2018-09-05 | In Artifex Ghostscript before 9.24, attackers able to supply crafted... |
| CVE-2018-16541 | 2018-09-05 | In Artifex Ghostscript before 9.24, attackers able to supply crafted... |
| CVE-2018-16542 | 2018-09-05 | In Artifex Ghostscript before 9.24, attackers able to supply crafted... |
| CVE-2018-16543 | 2018-09-05 | In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers... |
| CVE-2018-14618 | 2018-09-05 | curl before version 7.61.1 is vulnerable to a buffer overrun... |
| CVE-2018-16545 | 2018-09-05 | Kaizen Asset Manager (Enterprise Edition) and Training Manager (Enterprise Edition)... |
| CVE-2018-16436 | 2018-09-05 | Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable... |
| CVE-2018-16437 | 2018-09-05 | Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable... |
| CVE-2018-16546 | 2018-09-05 | Amcrest networked devices use the same hardcoded SSL private key... |
| CVE-2015-9266 | 2018-09-05 | Ubiquiti airOS HTTP(S) unauthenticated arbitrary file upload |
| CVE-2018-14769 | 2018-09-05 | VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF. |
| CVE-2018-14770 | 2018-09-05 | VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute... |
| CVE-2018-14771 | 2018-09-05 | VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute... |
| CVE-2018-15676 | 2018-09-05 | An issue was discovered in BTITeam XBTIT. By using String.replace... |
| CVE-2018-15677 | 2018-09-05 | The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored... |
| CVE-2018-15678 | 2018-09-05 | An issue was discovered in BTITeam XBTIT 2.5.4. The "act"... |
| CVE-2018-15679 | 2018-09-05 | An issue was discovered in BTITeam XBTIT 2.5.4. The "keywords"... |
| CVE-2018-15680 | 2018-09-05 | An issue was discovered in BTITeam XBTIT 2.5.4. The hashed... |
| CVE-2018-15681 | 2018-09-05 | An issue was discovered in BTITeam XBTIT 2.5.4. When a... |
| CVE-2018-15682 | 2018-09-05 | An issue was discovered in BTITeam XBTIT. Due to a... |
| CVE-2018-15683 | 2018-09-05 | An issue was discovered in BTITeam XBTIT. The "returnto" parameter... |
| CVE-2018-15684 | 2018-09-05 | An issue was discovered in BTITeam XBTIT. PHP error logs... |
| CVE-2018-15917 | 2018-09-05 | Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote... |
| CVE-2018-15918 | 2018-09-05 | An issue was discovered in Jorani 0.6.5. SQL Injection (error-based)... |
| CVE-2018-16144 | 2018-09-05 | The test connection functionality in the NetAudit section of Opsview... |
| CVE-2018-16145 | 2018-09-05 | The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview... |
| CVE-2018-16146 | 2018-09-05 | The web management console of Opsview Monitor 5.4.x before 5.4.2... |
| CVE-2018-16147 | 2018-09-05 | The data parameter of the /settings/api/router endpoint in Opsview Monitor... |
| CVE-2018-16148 | 2018-09-05 | The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor... |
| CVE-2018-16252 | 2018-09-05 | FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML... |
| CVE-2018-16307 | 2018-09-05 | An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi... |
| CVE-2018-16361 | 2018-09-05 | An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows... |
| CVE-2018-16381 | 2018-09-05 | e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter. |
| CVE-2018-16548 | 2018-09-05 | An issue was discovered in ZZIPlib through 0.13.69. There is... |
| CVE-2018-16549 | 2018-09-05 | HScripts PHP File Browser Script v1.0 allows Directory Traversal via... |
| CVE-2018-16550 | 2018-09-05 | TeamViewer 10.x through 13.x allows remote attackers to bypass the... |
| CVE-2018-16551 | 2018-09-05 | LavaLite 5.5 has XSS via a /edit URI, as demonstrated... |
| CVE-2018-16552 | 2018-09-05 | MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/edit/, and /accounts/##/delete/... |
| CVE-2017-1000600 | 2018-09-06 | WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in... |
| CVE-2018-14624 | 2018-09-06 | A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8... |
| CVE-2018-14632 | 2018-09-06 | An out of bound write can occur when patching an... |
| CVE-2018-16585 | 2018-09-06 | An issue was discovered in Artifex Ghostscript before 9.24. The... |
| CVE-2018-16459 | 2018-09-06 | An unescaped payload in exceljs <v1.6 allows a possible XSS... |
| CVE-2018-11263 | 2018-09-06 | In all Android releases (Android for MSM, Firefox OS for... |
| CVE-2018-1695 | 2018-09-06 | IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using... |
| CVE-2018-1000773 | 2018-09-06 | WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation... |
| CVE-2018-16606 | 2018-09-06 | In ProConf before 6.1, an Insecure Direct Object Reference (IDOR)... |
| CVE-2018-16604 | 2018-09-06 | An issue was discovered in Nibbleblog v4.0.5. With an admin's... |
| CVE-2018-1000666 | 2018-09-06 | GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb... |
| CVE-2018-1000667 | 2018-09-06 | NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a... |
| CVE-2018-1000658 | 2018-09-06 | LimeSurvey version prior to 3.14.4 contains a file upload vulnerability... |
| CVE-2018-1000659 | 2018-09-06 | LimeSurvey version 3.14.4 and earlier contains a directory traversal in... |
| CVE-2018-1000660 | 2018-09-06 | TOCK version prior to commit 42f7f36e74088036068d62253e1d8fb26605feed. For example dfde28196cd12071fcf6669f7654be7df482b85d contains... |
| CVE-2018-1000661 | 2018-09-06 | jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability... |