# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
451 |
CVE-2018-15360 |
254 |
|
|
2018-08-17 |
2018-10-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0. |
452 |
CVE-2018-15351 |
59 |
|
DoS |
2018-08-17 |
2018-10-15 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
Denial of service via crafting malicious link and sending it to a privileged user can cause Denial of Service in Kraftway 24F2XG Router firmware version 3.5.30.1118. |
453 |
CVE-2018-15330 |
20 |
|
|
2018-12-20 |
2019-01-10 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, when a virtual server using the inflate functionality to process a gzip bomb as a payload, the BIG-IP system will experience a fatal error and may cause the Traffic Management Microkernel (TMM) to produce a core file. |
454 |
CVE-2018-15319 |
20 |
|
|
2018-10-31 |
2018-12-11 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.6, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with the non-default "normalize URI" configuration options used in iRules and/or BIG-IP LTM policies. |
455 |
CVE-2018-15318 |
20 |
|
|
2018-10-31 |
2018-12-14 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
In BIG-IP 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, or 12.1.3.4-12.1.3.6, If an MPTCP connection receives an abort signal while the initial flow is not the primary flow, the initial flow will remain after the closing procedure is complete. TMM may restart and produce a core file as a result of this condition. |
456 |
CVE-2018-15168 |
89 |
|
Sql |
2018-08-07 |
2018-10-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request. |
457 |
CVE-2018-15145 |
89 |
|
Exec Code Sql |
2018-08-13 |
2018-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple SQL injection vulnerabilities in portal/add_edit_event_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) eid, (2) userid, or (3) pid parameter. |
458 |
CVE-2018-15143 |
89 |
|
Exec Code Sql |
2018-08-13 |
2018-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple SQL injection vulnerabilities in portal/find_appt_popup_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) catid or (2) providerid parameter. |
459 |
CVE-2018-15127 |
787 |
|
Exec Code |
2018-12-19 |
2019-01-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution |
460 |
CVE-2018-15126 |
416 |
|
Exec Code |
2018-12-19 |
2019-01-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution |
461 |
CVE-2018-14982 |
284 |
|
|
2018-08-17 |
2018-10-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004. |
462 |
CVE-2018-14981 |
284 |
|
|
2018-08-17 |
2018-10-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. The LG ID is LVE-SMP-180005. |
463 |
CVE-2018-14968 |
89 |
|
Sql |
2018-08-06 |
2018-10-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.address.php has SQL Injection via the numPerPage parameter. |
464 |
CVE-2018-14957 |
22 |
|
Dir. Trav. |
2018-09-27 |
2018-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggetto_documenti/../.././inc/config.php (one can take the control of the application because credentials are present in that config.php file). |
465 |
CVE-2018-14956 |
89 |
|
Sql +Info |
2018-09-27 |
2018-11-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information. |
466 |
CVE-2018-14939 |
119 |
|
DoS Overflow |
2018-08-05 |
2018-10-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site. |
467 |
CVE-2018-14928 |
200 |
|
+Info |
2018-08-03 |
2018-10-11 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
/contingency/servlet/ServletFileDownload executes as root and provides unauthenticated access to files via the file parameter. |
468 |
CVE-2018-14925 |
388 |
|
|
2018-08-03 |
2018-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Matera Banco 1.0.0 mishandles Java errors in the backend, as demonstrated by a stack trace revealing use of net.sf.acegisecurity components. |
469 |
CVE-2018-14829 |
119 |
|
Exec Code Overflow |
2018-09-20 |
2018-11-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code. |
470 |
CVE-2018-14828 |
264 |
|
|
2018-10-23 |
2018-12-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level. |
471 |
CVE-2018-14826 |
20 |
|
Exec Code Bypass |
2018-10-02 |
2019-01-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Entes EMG12 versions 2.57 and prior The application uses a web interface where it is possible for an attacker to bypass authentication with a specially crafted URL. This could allow for remote code execution. |
472 |
CVE-2018-14823 |
119 |
|
Exec Code Overflow |
2018-09-26 |
2018-11-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution. |
473 |
CVE-2018-14822 |
200 |
|
Exec Code +Info |
2018-10-02 |
2019-01-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user and execute arbitrary code. |
474 |
CVE-2018-14819 |
125 |
|
Exec Code |
2018-09-26 |
2018-11-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution. |
475 |
CVE-2018-14818 |
119 |
|
Exec Code Overflow |
2018-10-08 |
2018-11-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior have a stack-based buffer overflow vulnerability which may allow remote code execution. |
476 |
CVE-2018-14817 |
191 |
|
Exec Code |
2018-09-26 |
2018-11-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution. |
477 |
CVE-2018-14816 |
119 |
|
Exec Code Overflow |
2018-10-23 |
2018-12-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code. |
478 |
CVE-2018-14815 |
787 |
|
Exec Code |
2018-09-26 |
2018-11-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution. |
479 |
CVE-2018-14813 |
119 |
|
Exec Code Overflow |
2018-09-26 |
2018-11-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution. |
480 |
CVE-2018-14811 |
476 |
|
Exec Code |
2018-09-26 |
2018-11-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution. |
481 |
CVE-2018-14809 |
416 |
|
Exec Code |
2018-09-26 |
2018-11-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution. |
482 |
CVE-2018-14807 |
119 |
|
Exec Code Overflow |
2018-10-18 |
2018-12-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior may allow remote code execution. |
483 |
CVE-2018-14806 |
22 |
|
Exec Code Dir. Trav. |
2018-10-23 |
2018-12-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code. |
484 |
CVE-2018-14805 |
287 |
|
|
2018-08-29 |
2018-11-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability. |
485 |
CVE-2018-14804 |
94 |
|
Exec Code |
2018-10-01 |
2018-11-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution. |
486 |
CVE-2018-14802 |
119 |
|
Exec Code Overflow |
2018-10-01 |
2018-12-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly check user-supplied comments which may allow for arbitrary remote code execution. |
487 |
CVE-2018-14801 |
798 |
|
|
2018-08-22 |
2018-11-01 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords. |
488 |
CVE-2018-14796 |
306 |
|
DoS |
2018-09-20 |
2018-11-26 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Tec4Data SmartCooler, all versions prior to firmware 180806, the device responds to a remote unauthenticated reboot command that may be used to perform a denial of service attack. |
489 |
CVE-2018-14786 |
306 |
|
|
2018-08-23 |
2018-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA) versions 2.3.6 and prior are affected by an improper authentication vulnerability where the software does not perform authentication for functionality that requires a provable user identity, where it may allow a remote attacker to gain unauthorized access to various Alaris Syringe pumps and impact the intended operation of the pump when it is connected to a terminal server via the serial port. |
490 |
CVE-2018-14779 |
787 |
|
Overflow |
2018-08-15 |
2018-10-22 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len - 2 > max_out) { fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy()`, but no error handling happens to avoid the `memcpy()` in such cases. This code path can be triggered with malicious data coming from a smartcard. |
491 |
CVE-2018-14767 |
20 |
|
DoS Exec Code |
2018-07-31 |
2018-10-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "build_res_buf_from_sip_req" core function. This could result in denial of service and potentially the execution of arbitrary code. |
492 |
CVE-2018-14749 |
119 |
|
Overflow |
2018-11-28 |
2018-12-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could have unspecified impact on the NAS. |
493 |
CVE-2018-14748 |
285 |
|
|
2018-11-28 |
2018-12-27 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to power off the NAS. |
494 |
CVE-2018-14744 |
416 |
|
|
2018-07-29 |
2018-09-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A use-after-free can occur in _pbcM_sp_query in map.c. |
495 |
CVE-2018-14728 |
918 |
|
|
2018-08-03 |
2018-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter. |
496 |
CVE-2018-14721 |
918 |
|
|
2019-01-02 |
2019-01-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. |
497 |
CVE-2018-14720 |
611 |
|
|
2019-01-02 |
2019-01-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. |
498 |
CVE-2018-14719 |
502 |
|
Exec Code |
2019-01-02 |
2019-01-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. |
499 |
CVE-2018-14718 |
502 |
|
Exec Code |
2019-01-02 |
2019-01-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. |
500 |
CVE-2018-14707 |
22 |
|
Dir. Trav. |
2018-12-03 |
2018-12-20 |
7.8 |
None |
Remote |
Low |
Not required |
None |
Complete |
None |
Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to upload files to arbitrary locations. |