CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2018-17313 79 XSS 2018-09-26 2018-11-15
4.3
None Remote Medium Not required None Partial None
On the RICOH MP C307 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
102 CVE-2018-17312 79 XSS 2018-09-26 2018-11-15
4.3
None Remote Medium Not required None Partial None
On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
103 CVE-2018-17311 79 XSS 2018-09-26 2018-11-15
4.3
None Remote Medium Not required None Partial None
On the RICOH MP C6503 Plus printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
104 CVE-2018-17310 79 XSS 2018-09-26 2018-11-15
4.3
None Remote Medium Not required None Partial None
On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
105 CVE-2018-17309 79 XSS 2018-09-26 2018-11-15
4.3
None Remote Medium Not required None Partial None
On the RICOH MP C406Z printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
106 CVE-2018-17302 79 XSS 2018-09-21 2018-12-28
3.5
None Remote Medium Single system None Partial None
Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /#Email/view saved draft message.
107 CVE-2018-17301 79 XSS 2018-09-21 2018-12-28
3.5
None Remote Medium Single system None Partial None
Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /#Account in the search panel.
108 CVE-2018-17300 79 XSS 2018-09-21 2019-09-16
3.5
None Remote Medium Single system None Partial None
Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name.
109 CVE-2018-17298 2018-09-21 2018-09-21
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated after a user changes its password.
110 CVE-2018-17297 22 Dir. Trav. 2018-09-21 2018-11-26
6.4
None Remote Low Not required None Partial Partial
The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive.
111 CVE-2018-17294 125 DoS 2018-09-21 2019-04-18
4.3
None Remote Medium Not required None None Partial
The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.
112 CVE-2018-17293 476 DoS 2018-09-21 2018-11-21
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in WAVM before 2018-09-16. The run function in Programs/wavm/wavm.cpp does not check whether there is Emscripten memory to store the command-line arguments passed by the input WebAssembly file's main function, which allows attackers to cause a denial of service (application crash by NULL pointer dereference) or possibly have unspecified other impact by crafting certain WebAssembly files.
113 CVE-2018-17292 125 DoS 2018-09-21 2018-11-21
4.3
None Remote Medium Not required None None Partial
An issue was discovered in WAVM before 2018-09-16. The loadModule function in Include/Inline/CLI.h lacks checking of the file length before a file magic comparison, allowing attackers to cause a Denial of Service (application crash caused by out-of-bounds read) by crafting a file that has fewer than 4 bytes.
114 CVE-2018-17283 89 Sql 2018-09-20 2018-11-09
5.0
None Remote Low Not required Partial None None
Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter.
115 CVE-2018-17282 476 2018-09-20 2019-08-06
4.3
None Remote Medium Not required None None Partial
An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference.
116 CVE-2018-17281 400 2018-09-24 2019-10-02
5.0
None Remote Low Not required None None Partial
There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket.
117 CVE-2018-17255 79 XSS 2018-09-20 2018-11-07
4.3
None Remote Medium Not required None Partial None
Navigate CMS 2.8 has Reflected XSS via the navigate.php fid parameter.
118 CVE-2018-17254 89 Sql 2018-09-20 2018-11-06
7.5
None Remote Low Not required Partial Partial Partial
The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.
119 CVE-2018-17243 89 Sql 2018-09-20 2018-11-09
7.5
None Remote Low Not required Partial Partial Partial
Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection.
120 CVE-2018-17237 369 2018-09-20 2018-11-21
4.3
None Remote Medium Not required None None Partial
A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207.
121 CVE-2018-17236 416 2018-09-20 2018-12-10
4.3
None Remote Medium Not required None None Partial
The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0 internally calls free() on a invalid pointer, raising a SIGABRT signal.
122 CVE-2018-17235 125 DoS 2018-09-20 2018-11-14
4.3
None Remote Medium Not required None None Partial
The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp in libmp4v2 2.1.0 mishandles compatibleBrand while processing a crafted mp4 file, which leads to a heap-based buffer over-read, causing denial of service.
123 CVE-2018-17234 772 DoS 2018-09-20 2019-10-02
4.3
None Remote Medium Not required None None Partial
Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.
124 CVE-2018-17233 369 DoS 2018-09-20 2018-11-21
4.3
None Remote Medium Not required None None Partial
A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
125 CVE-2018-17232 89 Exec Code Sql 2018-09-20 2019-09-26
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in archivebot.py in docmarionum1 Slack ArchiveBot (aka slack-archive-bot) before 2018-09-19 allows remote attackers to execute arbitrary SQL commands via the text parameter to cursor.execute().
126 CVE-2018-17231 617 DoS 2018-09-19 2019-10-02
5.0
None Remote Low Not required None None Partial
** DISPUTED ** Telegram Desktop (aka tdesktop) 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette" search that triggers an "index out of range" condition. NOTE: this issue is disputed by multiple third parties because the described attack scenario does not cross a privilege boundary.
127 CVE-2018-17230 119 DoS Overflow 2018-09-19 2018-11-07
4.3
None Remote Medium Not required None None Partial
Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.
128 CVE-2018-17229 119 DoS Overflow 2018-09-19 2018-11-07
4.3
None Remote Medium Not required None None Partial
Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.
129 CVE-2018-17228 78 Exec Code 2018-09-19 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
nmap4j 1.1.0 allows attackers to execute arbitrary commands via shell metacharacters in an includeHosts call.
130 CVE-2018-17218 79 XSS 2018-09-30 2019-09-26
3.5
None Remote Medium Single system None Partial None
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is reflected XSS in the SQUEAL search function.
131 CVE-2018-17217 798 2018-09-30 2018-11-15
5.0
None Remote Low Not required Partial None None
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is a hardcoded encryption key.
132 CVE-2018-17216 200 +Info 2018-09-30 2018-11-15
4.0
None Remote Low Single system Partial None None
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is password hash exposure to privileged users.
133 CVE-2018-17215 295 2018-09-26 2018-11-21
4.3
None Remote Medium Not required Partial None None
An information-disclosure issue was discovered in Postman through 6.3.0. It validates a server's X.509 certificate and presents an error if the certificate is not valid. Unfortunately, the associated HTTPS request data is sent anyway. Only the response is not displayed. Thus, all contained information of the HTTPS request is disclosed to a man-in-the-middle attacker (for example, user credentials).
134 CVE-2018-17208 78 Exec Code CSRF 2018-09-19 2019-10-02
9.3
None Remote Medium Not required Complete Complete Complete
Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface). This occurs because shell metacharacters in the query string are mishandled by ShellExecute, as demonstrated by the zbtest.cgi?cmd=level&level= substring. This can also be exploited via CSRF.
135 CVE-2018-17207 94 Exec Code 2018-09-19 2018-12-10
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution.
136 CVE-2018-17206 2018-09-19 2019-01-17
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.
137 CVE-2018-17205 617 2018-09-19 2019-10-02
5.0
None Remote Low Not required None None Partial
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash.
138 CVE-2018-17204 617 2018-09-19 2019-10-02
4.0
None Remote Low Single system None None Partial
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default.
139 CVE-2018-17183 20 2018-09-19 2018-12-18
6.8
None Remote Medium Not required Partial Partial Partial
Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code.
140 CVE-2018-17182 416 Overflow +Priv 2018-09-19 2019-01-10
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
141 CVE-2018-17178 Exec Code 2018-09-18 2019-10-02
2.9
None Local Network Medium Not required None Partial None
An issue was discovered on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands (sent to /bin/webserver on port 8081) if they already have an active session. Commands like forward, back, arc-left, arc-right, pivot-left, and pivot-right are executed even though the web socket replies with { "message" : "invalid authorization header" }. Without an active session, commands are still interpreted, but (except for eco-on and eco-off) have no effect, since without active driving, a driving direction does not change anything.
142 CVE-2018-17177 326 2018-09-18 2018-12-07
2.1
None Local Low Not required Partial None None
An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called "black box" logs (event logs and core dumps) to a USB stick. These logs are RC4-encrypted with a 9-character password of *^JEd4W!I that is obfuscated by hiding it within a custom /bin/rc4_crypt binary.
143 CVE-2018-17176 287 2018-09-18 2018-12-07
5.0
None Remote Low Not required None Partial None
A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all.
144 CVE-2018-17175 2018-09-18 2019-10-02
5.0
None Remote Low Not required Partial None None
In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields (if the schema is being filtered dynamically using the "only" option, and there is a user role that produces an empty value for "only").
145 CVE-2018-17174 119 DoS Exec Code Overflow 2018-09-21 2018-11-28
7.5
None Remote Low Not required Partial Partial Partial
A stack-based buffer overflow was discovered in the xtimor NMEA library (aka nmealib) 0.5.3. nmea_parse() in parser.c allows an attacker to trigger denial of service (even arbitrary code execution in a certain context) in a product using this library via malformed data.
146 CVE-2018-17173 94 Exec Code 2018-09-21 2019-05-06
7.5
None Remote Low Not required Partial Partial Partial
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.
147 CVE-2018-17155 200 +Info 2018-09-28 2018-11-23
2.1
None Local Low Not required Partial None None
In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts privileged kernel data.
148 CVE-2018-17154 476 DoS 2018-09-28 2018-11-23
4.9
None Local Low Not required None None Complete
In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELEASE-p15, due to insufficient memory checking in the freebsd4_getfsstat system call, a NULL pointer dereference can occur. Unprivileged authenticated local users may be able to cause a denial of service.
149 CVE-2018-17153 287 +Priv Bypass 2018-09-18 2018-12-18
10.0
None Remote Low Not required Complete Complete Complete
It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called "cgi_get_ipv6" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter "flag" with the value "1" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie.
150 CVE-2018-17144 20 DoS 2018-09-19 2019-04-09
5.0
None Remote Low Not required None None Partial
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.
Total number of vulnerabilities : 1171   Page : 1 2 3 (This Page)4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.