CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2018-16376 An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may ... | N/A | NONE | — | 0 |
| CVE-2018-16379 Ogma CMS 0.4 Beta has XSS via the "Footer Text footer" field on the "Theme/Theme Options" screen. | N/A | NONE | — | 0 |
| CVE-2018-16380 An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF vulnerability in users.php?action=createnew that can add an admin account. | N/A | NONE | — | 0 |
| CVE-2018-16382 Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c. | N/A | NONE | — | 0 |
| CVE-2018-16384 A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the S... | 7.5 | HIGH | — | 0 |
| CVE-2018-16385 ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string. | N/A | NONE | — | 0 |
| CVE-2018-16387 An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF vulnerability that can add an account via user/add. | N/A | NONE | — | 0 |
| CVE-2018-16781 ffjpeg.dll in ffjpeg before 2018-08-22 allows remote attackers to cause a denial of service (FPE signal) via a progressive JPEG file that lacks an AC Huffman table. | N/A | NONE | — | 0 |
| CVE-2018-16391 Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartc... | N/A | NONE | — | 0 |
| CVE-2018-16392 Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards ... | N/A | NONE | — | 0 |
| CVE-2018-16393 Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supp... | N/A | NONE | — | 0 |
| CVE-2018-16397 In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file, | N/A | NONE | — | 0 |
| CVE-2018-16398 In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=\/start to bypass a policy in which "docker start" is allowed but "docker pause" is not al... | N/A | NONE | — | 0 |
| CVE-2018-16402 libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twi... | 9.8 | CRITICAL | — | 0 |
| CVE-2018-16403 libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an ... | N/A | NONE | — | 0 |
| CVE-2018-16405 An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS. | N/A | NONE | — | 0 |
| CVE-2018-16406 An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app has XSS via a crafted cabinet label. | N/A | NONE | — | 0 |
| CVE-2018-16407 An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled. | N/A | NONE | — | 0 |
| CVE-2018-16782 libimageworsener.a in ImageWorsener 1.3.2 has a buffer overflow in the bmpr_read_rle_internal function in imagew-bmp.c. | N/A | NONE | — | 0 |
| CVE-2018-16408 D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access. | N/A | NONE | — | 0 |
| CVE-2018-16409 In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF. | N/A | NONE | — | 0 |
| CVE-2018-16410 Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controll... | N/A | NONE | — | 0 |
| CVE-2018-16412 ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function. | N/A | NONE | — | 0 |
| CVE-2018-16413 ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function. | N/A | NONE | — | 0 |
| CVE-2018-16416 Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password. | N/A | NONE | — | 0 |
| CVE-2018-16418 A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of se... | N/A | NONE | — | 0 |
| CVE-2018-8392 A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulne... | N/A | NONE | — | 0 |
| CVE-2018-8393 A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulne... | N/A | NONE | — | 0 |
| CVE-2018-8409 A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Cor... | 7.5 | HIGH | — | 0 |
| CVE-2018-8410 An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka "Windows Registry Elevation of Privilege Vulnerability." This affects Wind... | N/A | NONE | — | 0 |
| CVE-2018-8419 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7,... | N/A | NONE | — | 0 |
| CVE-2018-8420 A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows S... | N/A | NONE | — | 0 |
| CVE-2018-8421 A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.... | N/A | NONE | — | 0 |
| CVE-2018-8422 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Wind... | N/A | NONE | — | 0 |
| CVE-2018-8424 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Wind... | N/A | NONE | — | 0 |
| CVE-2018-8425 A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. | N/A | NONE | — | 0 |
| CVE-2018-8426 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office Sh... | N/A | NONE | — | 0 |
| CVE-2018-8428 An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint E... | N/A | NONE | — | 0 |
| CVE-2018-8429 An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft ... | N/A | NONE | — | 0 |
| CVE-2018-8474 A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka "Lync for Mac 2011 Security Feature Bypass Vulnerability." This affects... | N/A | NONE | — | 0 |
| CVE-2018-8430 A remote code execution vulnerability exists in Microsoft Word if a user opens a specially crafted PDF file, aka "Word PDF Remote Code Execution Vulnerability." This affects Microsoft Word, Microsoft ... | N/A | NONE | — | 0 |
| CVE-2018-8431 An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint E... | N/A | NONE | — | 0 |
| CVE-2018-8433 An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory, aka "Microsoft Graphics Component Information Disclosure Vulnerability." This a... | N/A | NONE | — | 0 |
| CVE-2018-8434 An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyp... | N/A | NONE | — | 0 |
| CVE-2018-17125 CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php. | N/A | NONE | — | 0 |
| CVE-2018-8435 A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source, aka "Windows Hyper-V Security Feature Bypass Vulnerability." This affects Window... | N/A | NONE | — | 0 |
| CVE-2018-8436 A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-... | N/A | NONE | — | 0 |
| CVE-2018-8437 A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-... | N/A | NONE | — | 0 |
| CVE-2018-8438 A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-... | N/A | NONE | — | 0 |
| CVE-2018-5545 On F5 WebSafe Alert Server 1.0.0-4.2.6, a malicious, authenticated user can execute code on the alert server by using a maliciously crafted payload. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.