| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
551 |
CVE-2018-15967 |
200 |
|
+Info |
2018-09-25 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure. |
|
552 |
CVE-2018-15965 |
502 |
|
Exec Code |
2018-09-25 |
2020-09-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
553 |
CVE-2018-15964 |
200 |
|
+Info |
2018-09-25 |
2020-09-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure. |
|
554 |
CVE-2018-15963 |
|
|
Bypass |
2018-09-25 |
2020-09-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary folder creation. |
|
555 |
CVE-2018-15962 |
200 |
|
+Info |
2018-09-25 |
2020-09-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a directory listing vulnerability. Successful exploitation could lead to information disclosure. |
|
556 |
CVE-2018-15961 |
434 |
|
Exec Code |
2018-09-25 |
2020-09-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
557 |
CVE-2018-15960 |
20 |
|
|
2018-09-25 |
2020-09-04 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to arbitrary file overwrite. |
|
558 |
CVE-2018-15959 |
502 |
|
Exec Code |
2018-09-25 |
2020-09-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
559 |
CVE-2018-15958 |
502 |
|
Exec Code |
2018-09-25 |
2020-09-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
560 |
CVE-2018-15957 |
502 |
|
Exec Code |
2018-09-25 |
2020-09-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
561 |
CVE-2018-15918 |
89 |
|
Sql |
2018-09-05 |
2018-11-05 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) allows a user of the application without permissions to read and modify sensitive information from the database used by the application via the startdate or enddate parameter to leaves/validate. |
|
562 |
CVE-2018-15917 |
79 |
|
XSS |
2018-09-05 |
2018-10-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language. |
|
563 |
CVE-2018-15898 |
295 |
|
|
2018-09-11 |
2018-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Subsonic Music Streamer application 4.4 for Android has Improper Certificate Validation of the Subsonic server certificate, which might allow man-in-the-middle attackers to obtain interaction data. |
|
564 |
CVE-2018-15886 |
94 |
|
Exec Code |
2018-09-10 |
2018-11-14 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=edit_snippet&filename=google-analytics URI, which allows attackers to execute arbitrary PHP code by placing this code after a <?php substring. |
|
565 |
CVE-2018-15865 |
|
|
|
2018-09-06 |
2020-05-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Pulse Secure Desktop (macOS) has a Privilege Escalation Vulnerability. |
|
566 |
CVE-2018-15836 |
347 |
|
|
2018-09-26 |
2019-01-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used. IKEv2 signature verification is affected when RAW RSA keys are used. |
|
567 |
CVE-2018-15834 |
787 |
|
Overflow |
2018-09-12 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In radare2 before 2.9.0, a heap overflow vulnerability exists in the read_module_referenced_functions function in libr/anal/flirt.c via a crafted flirt signature file. |
|
568 |
CVE-2018-15832 |
20 |
|
Exec Code |
2018-09-20 |
2018-12-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. |
|
569 |
CVE-2018-15764 |
|
|
Exec Code |
2018-09-28 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code in the server's JVM. |
|
570 |
CVE-2018-15749 |
134 |
|
|
2018-09-06 |
2020-05-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability. |
|
571 |
CVE-2018-15726 |
78 |
|
|
2018-09-06 |
2020-05-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability. |
|
572 |
CVE-2018-15684 |
200 |
|
+Info |
2018-09-05 |
2018-11-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in BTITeam XBTIT. PHP error logs are stored in an open directory (/include/logs) using predictable file names, which can lead to full path disclosure and leakage of sensitive data. |
|
573 |
CVE-2018-15683 |
601 |
|
|
2018-09-05 |
2018-11-06 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An issue was discovered in BTITeam XBTIT. The "returnto" parameter of the login page is vulnerable to an open redirect due to a lack of validation. If a user is already logged in when accessing the page, they will be instantly redirected. |
|
574 |
CVE-2018-15682 |
352 |
|
CSRF |
2018-09-05 |
2018-11-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site request forgery protection, it is possible to automate the action of sending private messages to users by luring an authenticated user to a web page that automatically submits a form on their behalf. |
|
575 |
CVE-2018-15681 |
732 |
|
|
2018-09-05 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the "pass" cookie, which is not flagged as HTTPOnly. Due to the weak and predictable salt that is in place, an attacker who successfully steals this cookie can efficiently brute-force it to retrieve the user's cleartext password. |
|
576 |
CVE-2018-15680 |
916 |
|
|
2018-09-05 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtit_users table are stored as unsalted MD5 hashes, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. |
|
577 |
CVE-2018-15679 |
79 |
|
XSS |
2018-09-05 |
2018-11-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in BTITeam XBTIT 2.5.4. The "keywords" parameter in the search function available at /index.php?page=forums&action=search is vulnerable to reflected cross-site scripting. |
|
578 |
CVE-2018-15678 |
79 |
|
XSS |
2018-09-05 |
2018-11-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in BTITeam XBTIT 2.5.4. The "act" parameter in the sign-up page available at /index.php?page=signup is vulnerable to reflected cross-site scripting. |
|
579 |
CVE-2018-15677 |
352 |
|
XSS CSRF |
2018-09-05 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF. |
|
580 |
CVE-2018-15676 |
79 |
|
XSS Bypass |
2018-09-05 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in BTITeam XBTIT. By using String.replace and eval, it is possible to bypass the includes/crk_protection.php anti-XSS mechanism that looks for a number of dangerous fingerprints. |
|
581 |
CVE-2018-15615 |
200 |
|
+Info |
2018-09-24 |
2019-10-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x. |
|
582 |
CVE-2018-15613 |
79 |
|
XSS |
2018-09-21 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1. |
|
583 |
CVE-2018-15612 |
352 |
|
CSRF |
2018-09-21 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1. |
|
584 |
CVE-2018-15611 |
|
|
+Priv |
2018-09-27 |
2019-10-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1. |
|
585 |
CVE-2018-15610 |
22 |
|
Dir. Trav. |
2018-09-12 |
2019-10-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2. |
|
586 |
CVE-2018-15606 |
79 |
|
XSS |
2018-09-26 |
2018-11-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An XSS issue was discovered in SalesAgility SuiteCRM 7.x before 7.8.21 and 7.10.x before 7.10.8, related to phishing an error message. |
|
587 |
CVE-2018-15552 |
338 |
|
|
2018-09-07 |
2019-09-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable "maxTickets" (which is private, yet predictable and readable by the eth.getStorageAt function). Therefore, it allows attackers to always win and get rewards. |
|
588 |
CVE-2018-15546 |
79 |
|
XSS |
2018-09-18 |
2018-11-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Accusoft PrizmDoc version 13.3 and earlier contains a Stored Cross-Site Scripting issue through a crafted PDF file. |
|
589 |
CVE-2018-15531 |
611 |
|
|
2018-09-26 |
2018-11-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java. |
|
590 |
CVE-2018-15514 |
502 |
|
|
2018-09-01 |
2018-11-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges. |
|
591 |
CVE-2018-15502 |
732 |
|
|
2018-09-12 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-08-13 allow remote attackers to download any confidential files via https requests for predictable URLs. |
|
592 |
CVE-2018-15486 |
829 |
|
File Inclusion |
2018-09-07 |
2019-10-03 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02. |
|
593 |
CVE-2018-15485 |
287 |
|
|
2018-09-07 |
2018-11-13 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03. |
|
594 |
CVE-2018-15484 |
78 |
|
Exec Code |
2018-09-07 |
2018-11-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01. |
|
595 |
CVE-2018-15483 |
20 |
|
DoS |
2018-09-07 |
2018-11-14 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Denial of Service can occur through the open HTTP interface, aka KONE-04. |
|
596 |
CVE-2018-15474 |
1236 |
|
Exec Code |
2018-09-07 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the vendor has stated "this is not a security problem in DokuWiki." |
|
597 |
CVE-2018-15365 |
79 |
|
XSS Bypass CSRF |
2018-09-28 |
2018-11-16 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations. An attacker must be an authenticated user in order to exploit the vulnerability. |
|
598 |
CVE-2018-15310 |
200 |
|
+Info |
2018-09-13 |
2018-11-27 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, 11.6.0-11.6.3, and 12.1.0-12.1.3 discloses the BIG-IP software version in rewritten pages. |
|
599 |
CVE-2018-15161 |
125 |
|
|
2018-09-01 |
2018-10-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
** DISPUTED ** The libesedb_key_append_data function in libesedb_key.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments. |
|
600 |
CVE-2018-15160 |
125 |
|
|
2018-09-01 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
** DISPUTED ** The libesedb_catalog_definition_read function in libesedb_catalog_definition.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments. |
