CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2018 (CVSS score >= 5)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-1000810 190 Overflow 2018-10-08 2019-01-04
7.5
None Remote Low Not required Partial Partial Partial
The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat, passed a large number, can overflow an internal buffer. This vulnerability appears to have been fixed in 1.29.1.
2 CVE-2018-1000809 20 2018-10-08 2019-01-08
5.0
None Remote Low Not required None None Partial
privacyIDEA version 2.23.1 and earlier contains a Improper Input Validation vulnerability in token validation api that can result in Denial-of-Service. This attack appear to be exploitable via http request with user=<space>&pass= to /validate/check url. This vulnerability appears to have been fixed in 2.23.2.
3 CVE-2018-1000807 416 DoS Exec Code 2018-10-08 2019-09-27
6.8
None Remote Medium Not required Partial Partial Partial
Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0.
4 CVE-2018-1000805 732 2018-10-08 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
5 CVE-2018-1000804 119 Exec Code Overflow Sql 2018-10-08 2019-09-27
10.0
None Remote Low Not required Complete Complete Complete
contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able to run malicious AQL code (e.g. via SQL-like Injection attack).
6 CVE-2018-1000803 200 +Info 2018-10-08 2019-01-08
5.0
None Remote Low Not required Partial None None
Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. This attack appear to be exploitable via Watch a repository to receive email notifications. Emails received contain the other recipients even if they have the email set as private. This vulnerability appears to have been fixed in 1.5.1.
7 CVE-2018-18892 94 Exec Code 2018-10-31 2018-12-03
7.5
None Remote Low Not required Partial Partial Partial
MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php.
8 CVE-2018-18891 287 2018-10-31 2018-12-03
6.4
None Remote Low Not required None Partial Partial
MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late.
9 CVE-2018-18890 22 Dir. Trav. 2018-10-31 2018-12-03
5.0
None Remote Low Not required Partial None None
MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename.
10 CVE-2018-18887 89 Sql 2018-10-31 2018-12-07
7.5
None Remote Low Not required Partial Partial Partial
S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field).
11 CVE-2018-18883 476 DoS 2018-10-31 2019-01-24
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is not properly restricted.
12 CVE-2018-18874 434 Exec Code 2018-10-31 2018-12-10
7.5
None Remote Low Not required Partial Partial Partial
nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=file_manager_upload URI.
13 CVE-2018-18873 476 2018-10-31 2019-08-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.
14 CVE-2018-18869 22 Exec Code Dir. Trav. 2018-10-31 2018-12-10
7.5
None Remote Low Not required Partial Partial Partial
EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter.
15 CVE-2018-18867 918 2018-10-31 2018-12-07
5.0
None Remote Low Not required Partial None None
An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495.
16 CVE-2018-18854 400 DoS 2018-10-31 2018-12-12
5.0
None Remote Low Not required None None Partial
Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of many JSON object fields (with keys that have the same hash code).
17 CVE-2018-18853 400 DoS 2018-10-31 2018-12-12
5.0
None Remote Low Not required None None Partial
Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of a field composed of many decimal digits.
18 CVE-2018-18850 20 Exec Code 2018-10-30 2018-12-31
9.0
None Remote Low Single system Complete Complete Complete
In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes could upload a maliciously crafted YAML configuration, potentially allowing for remote execution of arbitrary code, running in the same context as the Octopus Server (for self-hosted installations by default, SYSTEM).
19 CVE-2018-18842 352 Exec Code CSRF 2018-10-30 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code.
20 CVE-2018-18835 94 Exec Code 2018-10-30 2018-12-06
7.5
None Remote Low Not required Partial Partial Partial
upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file.
21 CVE-2018-18834 119 Overflow 2018-10-30 2018-12-07
7.5
None Remote Low Not required Partial Partial Partial
An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c.
22 CVE-2018-18832 89 Sql 2018-10-30 2018-12-06
7.5
None Remote Low Not required Partial Partial Partial
admin/check.asp in DKCMS 9.4 allows SQL Injection via an ASPSESSIONID cookie to admin/admin.asp.
23 CVE-2018-18831 22 Dir. Trav. 2018-10-30 2018-12-11
5.0
None Remote Low Not required None Partial None
An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5. An attacker can write a .jsp file (in the position parameter) to an arbitrary directory via a ../ Directory Traversal in the url parameter.
24 CVE-2018-18830 434 Exec Code 2018-10-30 2018-12-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercept the data packet. In the name parameter, change the suffix to jsp. In the response, the server returns the storage path of the file, which can be accessed to execute arbitrary JSP code.
25 CVE-2018-18822 89 Sql 2018-10-30 2018-12-18
7.5
None Remote Low Not required Partial Partial Partial
Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter.
26 CVE-2018-18817 668 2018-10-29 2019-10-02
5.0
None Remote Low Not required None Partial None
The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API.
27 CVE-2018-18792 89 Sql 2018-10-29 2018-12-04
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie.
28 CVE-2018-18791 89 Sql 2018-10-29 2018-12-04
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie.
29 CVE-2018-18790 89 Sql 2018-10-29 2018-12-04
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.)
30 CVE-2018-18789 89 Sql 2018-10-29 2018-12-04
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php.
31 CVE-2018-18788 89 Sql 2018-10-29 2018-12-04
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.)
32 CVE-2018-18787 89 Sql 2018-10-29 2018-12-04
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie.
33 CVE-2018-18786 89 Sql 2018-10-29 2018-12-04
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie.
34 CVE-2018-18785 89 Sql 2018-10-29 2018-12-04
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php.
35 CVE-2018-18784 89 Sql 2018-10-29 2018-12-04
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.)
36 CVE-2018-18771 434 2018-10-29 2018-12-11
5.0
None Remote Low Not required None Partial None
An issue was discovered in LuLu CMS through 2015-05-14. backend\modules\filemanager\controllers\DefaultController.php allows arbitrary file upload by entering a filename, directory name, and PHP code into the three text input fields.
37 CVE-2018-18765 125 DoS 2018-10-29 2018-12-07
6.4
None Remote Low Not required Partial None Partial
An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.
38 CVE-2018-18764 125 DoS 2018-10-29 2018-12-07
6.4
None Remote Low Not required Partial None Partial
An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in a parse_mqtt getu16 call. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.
39 CVE-2018-18754 522 2018-10-29 2019-10-02
5.0
None Remote Low Not required Partial None None
ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the [email protected]!Sr0O+ password hash in the etc/default.cfg file.
40 CVE-2018-18752 434 2018-10-29 2018-12-07
7.5
None Remote Low Not required Partial Partial Partial
Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter.
41 CVE-2018-18751 415 2018-10-29 2018-12-07
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.
42 CVE-2018-18742 352 CSRF 2018-10-29 2018-11-14
6.8
None Remote Medium Not required Partial Partial Partial
A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI.
43 CVE-2018-18737 611 2018-10-29 2018-12-11
5.0
None Remote Low Not required Partial None None
An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php calls simplexml_load_string. This can also be used for SSRF.
44 CVE-2018-18735 352 CSRF 2018-10-29 2018-11-14
6.8
None Remote Medium Not required Partial Partial Partial
A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33.
45 CVE-2018-18734 352 CSRF 2018-10-29 2018-11-13
6.8
None Remote Medium Not required Partial Partial Partial
A CSRF issue was discovered in admin/Index/addmanageuser.html in Catfish CMS 4.8.30.
46 CVE-2018-18730 119 Overflow 2018-10-29 2018-12-14
7.8
None Remote Low Not required None None Complete
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters for a post request, each value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.
47 CVE-2018-18729 787 Overflow +Info 2018-10-29 2019-10-02
9.0
None Remote Low Not required Partial Partial Complete
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the 'mac' parameter for a post request, the value is directly used in a strcpy to a variable placed on the heap, which can leak sensitive information or even hijack program control flow.
48 CVE-2018-18728 78 Exec Code 2018-10-29 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. They allow remote code execution via shell metacharacters in the usbName field to the __fastcall function with a POST request.
49 CVE-2018-18727 119 Overflow 2018-10-29 2018-12-14
7.8
None Remote Low Not required None None Complete
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceList' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function.
50 CVE-2018-18712 352 CSRF 2018-10-29 2018-11-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's username via index.php?m=member&f=index&v=edit&uid=1.
Total number of vulnerabilities : 882   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.