| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
951 |
CVE-2018-16325 |
79 |
|
XSS |
2018-09-01 |
2018-11-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field. |
|
952 |
CVE-2018-16324 |
79 |
|
XSS |
2018-09-01 |
2018-11-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. |
|
953 |
CVE-2018-16323 |
200 |
|
+Info |
2018-09-01 |
2018-11-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data. |
|
954 |
CVE-2018-16315 |
352 |
|
CSRF |
2018-09-01 |
2018-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add. |
|
955 |
CVE-2018-16313 |
79 |
|
XSS |
2018-09-01 |
2018-11-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Bludit 2.3.4 allows XSS via a user name. |
|
956 |
CVE-2018-16298 |
79 |
|
XSS |
2018-08-31 |
2018-11-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in MiniCMS 1.10. There is an mc-admin/post.php?tag= XSS vulnerability for a state=delete, state=draft, or state=publish request. |
|
957 |
CVE-2018-16285 |
79 |
|
XSS |
2018-09-06 |
2018-11-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php. |
|
958 |
CVE-2018-16261 |
264 |
|
|
2018-09-06 |
2018-11-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust. |
|
959 |
CVE-2018-16253 |
347 |
|
|
2018-11-07 |
2018-12-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not properly verify the ASN.1 metadata. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation through fake X.509 certificates. This is an even more permissive variant of CVE-2006-4790 and CVE-2014-1568. |
|
960 |
CVE-2018-16237 |
22 |
|
Dir. Trav. |
2018-08-30 |
2018-10-19 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI. |
|
961 |
CVE-2018-16236 |
79 |
|
XSS |
2018-08-30 |
2018-10-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering. |
|
962 |
CVE-2018-16235 |
79 |
|
XSS |
2018-10-23 |
2018-12-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Telligent Community 6.x, 7.x, 8.x, 9.x, and 10.x up to 10.1.10.11792 has XSS via the Feed RSS widget. |
|
963 |
CVE-2018-16234 |
79 |
|
XSS |
2018-08-30 |
2018-10-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
MorningStar WhatWeb 0.4.9 has XSS via JSON report files. |
|
964 |
CVE-2018-16233 |
79 |
|
XSS |
2018-08-30 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter. |
|
965 |
CVE-2018-16226 |
79 |
|
XSS |
2018-10-23 |
2018-12-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack, due to insufficient validation for the start.asp page. A successful exploit could allow the attacker to execute arbitrary scripts to access sensitive browser-based information. |
|
966 |
CVE-2018-16210 |
79 |
|
XSS |
2018-10-12 |
2018-12-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
WAGO 750-881 Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field. |
|
967 |
CVE-2018-16206 |
79 |
|
XSS |
2019-01-12 |
2019-01-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting vulnerability in WordPress plugin spam-byebye 2.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
968 |
CVE-2018-16199 |
79 |
|
XSS |
2019-01-09 |
2019-01-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors. |
|
969 |
CVE-2018-16180 |
79 |
|
XSS |
2019-01-09 |
2019-01-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
970 |
CVE-2018-16179 |
295 |
|
+Info |
2019-01-09 |
2019-01-17 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Mizuho Direct App for Android version 3.13.0 and earlier does not verify server certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
|
971 |
CVE-2018-16173 |
79 |
|
XSS |
2019-01-09 |
2019-01-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
972 |
CVE-2018-16165 |
79 |
|
XSS |
2019-01-09 |
2019-01-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting vulnerability in LogonTracer 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
973 |
CVE-2018-16162 |
255 |
|
|
2018-11-15 |
2018-12-17 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
OpenDolphin 2.7.0 and earlier allows authenticated attackers to obtain other users credentials such as a user ID and/or its password via unspecified vectors. |
|
974 |
CVE-2018-16160 |
287 |
|
Bypass |
2018-11-15 |
2018-12-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
SecureCore Standard Edition Version 2.x allows an attacker to bypass the product 's authentication to log in to a Windows PC. |
|
975 |
CVE-2018-16150 |
347 |
|
|
2018-11-07 |
2018-12-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not reject excess data after the hash value. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation through fake X.509 certificates. This is a variant of CVE-2006-4340. |
|
976 |
CVE-2018-16148 |
79 |
|
XSS |
2018-09-05 |
2018-11-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting. |
|
977 |
CVE-2018-16147 |
79 |
|
XSS |
2018-09-05 |
2018-11-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting. |
|
978 |
CVE-2018-16142 |
79 |
|
XSS |
2018-08-30 |
2018-10-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login_control.php via the _back parameter to the ok_f function. |
|
979 |
CVE-2018-16134 |
79 |
|
XSS |
2018-08-29 |
2018-10-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cybrotech CyBroHttpServer 1.0.3 allows XSS via a URI. |
|
980 |
CVE-2018-16097 |
434 |
|
|
2018-11-30 |
2018-12-28 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate. |
|
981 |
CVE-2018-16096 |
79 |
|
XSS |
2018-11-27 |
2018-12-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In System Management Module (SMM) versions prior to 1.06, the SMM web interface for changing Enclosure VPD fails to sufficiently sanitize all input for HTML tags, possibly opening a path for cross-site scripting. |
|
982 |
CVE-2018-16095 |
534 |
|
|
2018-11-27 |
2018-12-19 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In System Management Module (SMM) versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails. |
|
983 |
CVE-2018-16093 |
434 |
|
|
2018-11-30 |
2018-12-28 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file. |
|
984 |
CVE-2018-16092 |
255 |
|
|
2018-11-27 |
2018-12-19 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In System Management Module (SMM) versions prior to 1.06, the FFDC feature includes the collection of SMM system files containing sensitive information; notably, the SMM user account credentials and the system shadow file. |
|
985 |
CVE-2018-16082 |
125 |
|
|
2019-01-09 |
2019-01-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
|
986 |
CVE-2018-16080 |
20 |
|
|
2019-01-09 |
2019-01-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A missing check for popup window handling in Fullscreen in Google Chrome on macOS prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
|
987 |
CVE-2018-16072 |
284 |
|
Bypass |
2019-01-09 |
2019-01-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page. |
|
988 |
CVE-2018-16067 |
416 |
|
|
2019-01-09 |
2019-01-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
989 |
CVE-2018-16066 |
416 |
|
|
2019-01-09 |
2019-01-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
990 |
CVE-2018-16062 |
119 |
|
DoS Overflow |
2018-08-28 |
2018-10-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. |
|
991 |
CVE-2018-16051 |
200 |
|
+Info |
2018-10-03 |
2018-12-04 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Orphaned Upload Files Exposure. |
|
992 |
CVE-2018-16050 |
79 |
|
XSS |
2018-10-03 |
2018-11-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x before 11.2.2. There is Persistent XSS in the Merge Request Changes View. |
|
993 |
CVE-2018-16048 |
285 |
|
|
2018-10-03 |
2018-12-04 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Missing Authorization Control for API Repository Storage. |
|
994 |
CVE-2018-16043 |
125 |
|
|
2019-01-18 |
2019-01-22 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
|
995 |
CVE-2018-16034 |
125 |
|
|
2019-01-18 |
2019-01-22 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
|
996 |
CVE-2018-16033 |
125 |
|
|
2019-01-18 |
2019-01-22 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
|
997 |
CVE-2018-16032 |
125 |
|
|
2019-01-18 |
2019-01-22 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
|
998 |
CVE-2018-16030 |
125 |
|
|
2019-01-18 |
2019-01-23 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
|
999 |
CVE-2018-16028 |
125 |
|
|
2019-01-18 |
2019-01-23 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
|
1000 |
CVE-2018-16024 |
125 |
|
|
2019-01-18 |
2019-01-22 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
