| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-1000802 |
77 |
|
DoS |
2018-09-18 |
2020-12-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace. |
|
2 |
CVE-2018-1000801 |
22 |
|
Dir. Trav. |
2018-09-06 |
2019-03-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1 |
|
3 |
CVE-2018-1000800 |
476 |
|
|
2018-09-06 |
2020-05-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). This attack appear to be exploitable via a malicious application call the vulnerable kernel APIs (system sys_ring_buf_get() and sys_ring_buf_put). |
|
4 |
CVE-2018-1000773 |
20 |
|
Exec Code |
2018-09-06 |
2018-11-14 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time. |
|
5 |
CVE-2018-1000671 |
601 |
|
XSS |
2018-09-06 |
2020-11-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available. |
|
6 |
CVE-2018-1000670 |
79 |
|
XSS |
2018-09-06 |
2018-11-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Scripting (XSS) vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number] , /cgi-bin/koha/serials/subscription-add.pl that can result in Privilege escalation by taking control of higher privileged users browser sessions. This attack appear to be exploitable via Victims must be socially engineered to visit a vulnerable webpage containing malicious payload. This vulnerability appears to have been fixed in 17.11. |
|
7 |
CVE-2018-1000669 |
352 |
|
CSRF |
2018-09-06 |
2018-11-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments as paid for certain users on behalf of Administrators. This attack appear to be exploitable via The victim must be socially engineered into clicking a link, usually via email. This vulnerability appears to have been fixed in 17.11. |
|
8 |
CVE-2018-1000668 |
125 |
|
Exec Code |
2018-09-06 |
2018-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds Read vulnerability in function jsi_ObjArrayLookup (jsiObj.c:274) that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code. This vulnerability appears to have been fixed in 2.4.71. |
|
9 |
CVE-2018-1000667 |
119 |
|
Overflow Mem. Corr. |
2018-09-06 |
2020-07-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appear to be exploitable via a specially crafted asm file.. |
|
10 |
CVE-2018-1000666 |
78 |
|
Exec Code |
2018-09-06 |
2019-03-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in method: notifySpaceModification; that can result in Improper validation of parameters results in command execution. This attack appear to be exploitable via Network connectivity, required minimal auth privileges (everyone can register an account). This vulnerability appears to have been fixed in After commit 15443122ed2b1cbfd7bdefc048bf106f075becdb. |
|
11 |
CVE-2018-1000665 |
79 |
|
XSS Bypass |
2018-09-06 |
2018-11-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. This vulnerability appears to have been fixed in 1.14. |
|
12 |
CVE-2018-1000664 |
295 |
|
|
2018-09-06 |
2018-12-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
daneren2005 DSub for Subsonic (Android client) version 5.4.1 contains a CWE-295: Improper Certificate Validation vulnerability in HTTPS Client that can result in Any non-CA signed server certificate, including self signed and expired, are accepted by the client. This attack appear to be exploitable via The victim connects to a server that's MITM/Proxied by an attacker. |
|
13 |
CVE-2018-1000663 |
119 |
|
Exec Code Overflow |
2018-09-06 |
2018-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
jsish version 2.4.70 2.047 contains a Buffer Overflow vulnerability in function _jsi_evalcode from jsiEval.c that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code. |
|
14 |
CVE-2018-1000661 |
476 |
|
|
2018-09-06 |
2018-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in Jsi_LogMsg (jsiUtils.c:196) that can result in Crash due to segmentation fault. This attack appear to be exploitable via the victim executing specially crafted javascript code. This vulnerability appears to have been fixed in 2.4.69. |
|
15 |
CVE-2018-1000660 |
732 |
|
|
2018-09-06 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
TOCK version prior to commit 42f7f36e74088036068d62253e1d8fb26605feed. For example dfde28196cd12071fcf6669f7654be7df482b85d contains a Insecure Permissions vulnerability in Function get_package_name in the file kernel/src/tbfheader.rs, variable "pub package_name: &'static str," in the file process.rs that can result in A tock capsule (untrusted driver) could access arbitrary memory by using only safe code. This vulnerability appears to have been fixed in commit 42f7f36e74088036068d62253e1d8fb26605feed. |
|
16 |
CVE-2018-1000659 |
22 |
|
Exec Code Dir. Trav. |
2018-09-06 |
2018-10-26 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An authenticated user can upload a specially crafted zip file to get remote code execution. This vulnerability appears to have been fixed in after commit 72a02ebaaf95a80e26127ee7ee2b123cccce05a7 / version 3.14.4. |
|
17 |
CVE-2018-1000658 |
434 |
|
Exec Code |
2018-09-06 |
2018-10-26 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious php files that can be called under certain circumstances. This vulnerability appears to have been fixed in after commit 91d143230eb357260a19c8424b3005deb49a47f7 / version 3.14.4. |
|
18 |
CVE-2018-17798 |
22 |
|
Dir. Trav. |
2018-09-30 |
2020-08-24 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote attackers to delete arbitrary files via an absolute pathname in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. |
|
19 |
CVE-2018-17797 |
22 |
|
Dir. Trav. |
2018-09-30 |
2018-11-28 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
An issue was discovered in zzcms 8.3. user/zssave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. |
|
20 |
CVE-2018-17796 |
89 |
|
Sql |
2018-09-30 |
2018-11-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The WebParam.java file directly accepts the FIELD_T parameter in a request and uses it as a hash of SQL statements without filtering, resulting in a SQL injection vulnerability in getChannel() in the ChannelService.java file. |
|
21 |
CVE-2018-17795 |
787 |
|
DoS Overflow |
2018-09-30 |
2020-10-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. |
|
22 |
CVE-2018-17794 |
476 |
|
|
2018-09-30 |
2020-04-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function. |
|
23 |
CVE-2018-17793 |
254 |
|
Exec Code |
2018-09-30 |
2019-01-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** Virtualenv 16.0.0 allows a sandbox escape via "python $(bash >&2)" and "python $(rbash >&2)" commands. NOTE: the software maintainer disputes this because the Python interpreter in a virtualenv is supposed to be able to execute arbitrary code. |
|
24 |
CVE-2018-17785 |
22 |
|
Dir. Trav. |
2018-09-30 |
2018-12-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In blynk-server in Blynk before 0.39.7, Directory Traversal exists via a ../ in a URI that has /static or /static/js at the beginning, as demonstrated by reading the /etc/passwd file. |
|
25 |
CVE-2018-17781 |
200 |
|
+Info |
2018-09-29 |
2018-11-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigger Uninitialized Object Information Disclosure because creation of ArrayBuffer and DataView objects is mishandled. |
|
26 |
CVE-2018-17780 |
200 |
|
+Info |
2018-09-29 |
2018-12-06 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, leaks end-user public and private IP addresses during a call because of an unsafe default behavior in which P2P connections are accepted from clients outside of the My Contacts list. |
|
27 |
CVE-2018-17776 |
732 |
|
+Priv |
2018-09-28 |
2021-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for %PROGRAMFILES(X86)%\PCProtect, which allows local users to gain privileges by replacing an executable file with a Trojan horse. |
|
28 |
CVE-2018-17613 |
522 |
|
|
2018-09-28 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol. |
|
29 |
CVE-2018-17611 |
416 |
|
DoS Exec Code |
2018-09-28 |
2018-11-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. |
|
30 |
CVE-2018-17610 |
416 |
|
DoS Exec Code |
2018-09-28 |
2018-11-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. |
|
31 |
CVE-2018-17609 |
416 |
|
DoS Exec Code |
2018-09-28 |
2018-11-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. |
|
32 |
CVE-2018-17608 |
416 |
|
DoS Exec Code |
2018-09-28 |
2018-11-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. |
|
33 |
CVE-2018-17607 |
416 |
|
DoS Exec Code |
2018-09-28 |
2018-11-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. |
|
34 |
CVE-2018-17605 |
22 |
|
Dir. Trav. |
2018-09-28 |
2018-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in AssetPipelineFilter.groovy or AssetPipelineFilterCore.groovy. |
|
35 |
CVE-2018-17582 |
125 |
|
DoS |
2018-09-28 |
2022-04-02 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get_next_packet() function in the send_packets.c file uses the memcpy() function unsafely to copy sequences from the source buffer pktdata to the destination (*prev_packet)->pktdata. This will result in a Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a file. |
|
36 |
CVE-2018-17581 |
400 |
|
DoS |
2018-09-28 |
2019-08-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. |
|
37 |
CVE-2018-17580 |
125 |
|
DoS |
2018-09-28 |
2022-04-02 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1. This can lead to Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a crafted pcap file. |
|
38 |
CVE-2018-17575 |
89 |
|
Sql |
2018-09-28 |
2018-11-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter. |
|
39 |
CVE-2018-17573 |
434 |
|
|
2018-09-28 |
2018-11-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and fckeditor/editor/filemanager/connectors/uploadtest.html. |
|
40 |
CVE-2018-17571 |
79 |
|
XSS |
2018-09-28 |
2018-11-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Vanilla before 2.6.1 allows XSS via the email field of a profile. |
|
41 |
CVE-2018-17570 |
190 |
|
Overflow Mem. Corr. |
2018-09-26 |
2018-11-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. |
|
42 |
CVE-2018-17569 |
190 |
|
Overflow Mem. Corr. |
2018-09-26 |
2018-11-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
network/nw_buf.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. |
|
43 |
CVE-2018-17568 |
190 |
|
Overflow Mem. Corr. |
2018-09-26 |
2018-11-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. |
|
44 |
CVE-2018-17567 |
59 |
|
|
2018-09-28 |
2019-04-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file. |
|
45 |
CVE-2018-17566 |
89 |
|
Sql |
2018-09-26 |
2018-11-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request. |
|
46 |
CVE-2018-17555 |
200 |
|
+Info |
2018-09-26 |
2021-09-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The web component on ARRIS TG2492LG-NA 061213 devices allows remote attackers to obtain sensitive information via the /snmpGet oids parameter. |
|
47 |
CVE-2018-17538 |
|
|
|
2018-09-26 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** Axon (formerly TASER International) Evidence Sync 3.15.89 is vulnerable to process injection. NOTE: the vendor's position is that this CVE is not associated with information that supports any finding of any type of vulnerability. |
|
48 |
CVE-2018-17439 |
787 |
|
Overflow |
2018-09-24 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the HDF HDF5 1.10.3 library. There is a stack-based buffer overflow in the function H5S_extent_get_dims() in H5S.c. Specifically, this issue occurs while converting an HDF5 file to a GIF file. |
|
49 |
CVE-2018-17438 |
369 |
|
DoS |
2018-09-24 |
2018-11-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack. |
|
50 |
CVE-2018-17437 |
772 |
|
DoS |
2018-09-24 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file. |
