The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2018-18621 | CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto! Mail Composer, which is mishandled in /MIME/INBOX-MM-1/ if the raw email link (in .txt format) is modified and then renamed with a .html or .wssp extension. | MEDIUM | Oct 24, 2018 | n/a |
| CVE-2018-18622 | An issue was discovered in Waimai Super Cms 20150505. There is XSS via the index.php?m=public&a=doregister username parameter. | MEDIUM | Oct 23, 2018 | n/a |
| CVE-2018-18626 | An issue was discovered in PHPYun V4.6. There is a vulnerability that can delete any file or directory via the admin/index.php?m=database&c=del sql parameter because del_action() in admin/model/database.class.php mishandles this parameter. | MEDIUM | Oct 23, 2018 | n/a |
| CVE-2018-18635 | www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO. | MEDIUM | Oct 24, 2018 | n/a |
| CVE-2018-18636 | XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the var:RelaodHref or var:conid parameter. | MEDIUM | Oct 24, 2018 | n/a |
| CVE-2018-18650 | An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory. | MEDIUM | Oct 25, 2018 | n/a |
| CVE-2018-18651 | An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file. | MEDIUM | Oct 25, 2018 | n/a |
| CVE-2018-18655 | Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting. | MEDIUM | Oct 25, 2018 | n/a |
| CVE-2018-18657 | An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated Sensitive Information Disclosure via /gateway/services/EdgeServiceImpl issue. | MEDIUM | Oct 26, 2018 | n/a |
| CVE-2018-18658 | An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclosure via /UDPUpdates/Config/FullUpdateSettings.xml issue. | MEDIUM | Oct 26, 2018 | n/a |
| CVE-2018-18659 | An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in /management/UdpHttpService issue. | MEDIUM | Oct 26, 2018 | n/a |
| CVE-2018-18660 | An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue. | MEDIUM | Sep 19, 2019 | n/a |
| CVE-2018-18661 | An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c. | MEDIUM | Oct 26, 2018 | n/a |
| CVE-2018-18662 | There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool. | MEDIUM | Oct 26, 2018 | n/a |
| CVE-2018-18690 | In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form. | MEDIUM | Oct 26, 2018 | n/a |
| CVE-2018-18699 | An issue was discovered in GoPro gpmf-parser 1.2.1. There is an out-of-bounds write in OpenMP4Source in GPMF_mp4reader.c. | MEDIUM | Oct 29, 2018 | n/a |
| CVE-2018-18700 | An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm. | MEDIUM | Oct 29, 2018 | n/a |
| CVE-2018-18701 | An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm. | MEDIUM | Oct 29, 2018 | n/a |
| CVE-2018-18703 | PhpTpoint Mailing Server Using File Handling 1.0 suffers from multiple Arbitrary File Read vulnerabilities in different sections that allow an attacker to read sensitive files on the system via directory traversal, bypassing the login page, as demonstrated by the Mailserver_filesystem/home.php coninb, consent, contrsh, condrft, or conspam parameter. | MEDIUM | Oct 29, 2018 | n/a |
| CVE-2018-18711 | An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's password via index.php?m=core&f=panel&v=edit_info. | MEDIUM | Oct 29, 2018 | n/a |
| CVE-2018-18712 | An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's username via index.php?m=member&f=index&v=edit&uid=1. | MEDIUM | Oct 29, 2018 | n/a |
| CVE-2018-18713 | The function down_sql_action() in /admin/model/database.class.php in PHPYun 4.6 allows remote attackers to read arbitrary files via directory traversal in an m=database&c=down_sql&name=../ URI. | MEDIUM | Oct 29, 2018 | n/a |
| CVE-2018-18718 | An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_themes_from_dir method in dlg-contact-sheet.c because of two successive calls of g_free, each of which frees the same buffer. | MEDIUM | Oct 29, 2018 | n/a |
| CVE-2018-18734 | A CSRF issue was discovered in admin/Index/addmanageuser.html in Catfish CMS 4.8.30. | MEDIUM | Oct 29, 2018 | n/a |
| CVE-2018-18735 | A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33. | MEDIUM | Oct 29, 2018 | n/a |
| CVE-2018-18737 | An XXE issue was discovered in Douchat 4.0.4 because Data\\notify.php calls simplexml_load_string. This can also be used for SSRF. | MEDIUM | Oct 29, 2018 | n/a |
| CVE-2018-18742 | A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI. | MEDIUM | Oct 29, 2018 | n/a |
| CVE-2018-18749 | data-tools through 2017-07-26 has an Integer Overflow leading to an incorrect end value for the write_wchars function. | MEDIUM | Oct 29, 2018 | n/a |
| CVE-2018-18754 | ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file. | MEDIUM | Oct 29, 2018 | n/a |
| CVE-2018-18764 | An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in a parse_mqtt getu16 call. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. | MEDIUM | Oct 29, 2018 | n/a |
| CVE-2018-18765 | An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. | MEDIUM | Oct 29, 2018 | n/a |
| CVE-2018-18771 | An issue was discovered in LuLu CMS through 2015-05-14. backend\\modules\\filemanager\\controllers\\DefaultController.php allows arbitrary file upload by entering a filename, directory name, and PHP code into the three text input fields. | MEDIUM | Oct 29, 2018 | n/a |
| CVE-2018-18778 | ACME mini_httpd before 1.30 lets remote users read arbitrary files. | MEDIUM | Oct 29, 2018 | n/a |
| CVE-2018-18781 | DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter. | MEDIUM | Oct 29, 2018 | n/a |
| CVE-2018-18782 | Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter. | MEDIUM | Oct 29, 2018 | n/a |
| CVE-2018-18783 | XSS was discovered in SEMCMS V3.4 via the semcms_remail.php?type=ok umail parameter. | MEDIUM | Oct 29, 2018 | n/a |
| CVE-2018-18784 | An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.) | MEDIUM | Oct 29, 2018 | n/a |
| CVE-2018-18788 | An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.) | MEDIUM | Oct 29, 2018 | n/a |
| CVE-2018-18790 | An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.) | MEDIUM | Oct 29, 2018 | n/a |
| CVE-2018-18817 | The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API. | MEDIUM | Oct 29, 2018 | n/a |
| CVE-2018-18825 | Pagoda Linux panel V6.0 has XSS via the verification code associated with an invalid account login. A crafted code is mishandled during rendering of the login log. | MEDIUM | Oct 30, 2018 | n/a |
| CVE-2018-18826 | There exists a heap-based buffer overflow in vc1_decode_p_mb_intfi in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file. | MEDIUM | Oct 30, 2018 | n/a |
| CVE-2018-18827 | There exists a heap-based buffer over-read in ff_vc1_pred_dc in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file. | MEDIUM | Oct 30, 2018 | n/a |
| CVE-2018-18828 | There exists a heap-based buffer overflow in vc1_decode_i_block_adv in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file. | MEDIUM | Oct 30, 2018 | n/a |
| CVE-2018-18829 | There exists a NULL pointer dereference in ff_vc1_parse_frame_header_adv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafted aac file. | MEDIUM | Oct 30, 2018 | n/a |
| CVE-2018-18831 | An issue was discovered in com\\mingsoft\\cms\\action\\GeneraterAction.java in MCMS 4.6.5. An attacker can write a .jsp file (in the position parameter) to an arbitrary directory via a ../ Directory Traversal in the url parameter. | MEDIUM | Oct 30, 2018 | n/a |
| CVE-2018-18842 | CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code. | MEDIUM | Oct 30, 2018 | n/a |
| CVE-2018-18853 | Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of a field composed of many decimal digits. | MEDIUM | Oct 31, 2018 | n/a |
| CVE-2018-18854 | Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of many JSON object fields (with keys that have the same hash code). | MEDIUM | Oct 31, 2018 | n/a |
| CVE-2018-18867 | An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495. | MEDIUM | Oct 31, 2018 | n/a |
