CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-1000802 DoS 2018-09-18 2018-11-16
0.0
None ??? ??? ??? ??? ??? ???
Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.
2 CVE-2018-1000801 22 Dir. Trav. 2018-09-06 2018-11-10
4.3
None Remote Medium Not required None Partial None
okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1
3 CVE-2018-1000800 476 2018-09-06 2018-11-02
7.5
None Remote Low Not required Partial Partial Partial
zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). This attack appear to be exploitable via a malicious application call the vulnerable kernel APIs (system sys_ring_buf_get() and sys_ring_buf_put).
4 CVE-2018-1000773 20 Exec Code 2018-09-06 2018-11-14
6.5
None Remote Low Single system Partial Partial Partial
WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time.
5 CVE-2018-1000671 601 XSS 2018-09-06 2018-11-02
5.8
None Remote Medium Not required Partial Partial None
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available.
6 CVE-2018-1000670 79 XSS 2018-09-06 2018-11-07
4.3
None Remote Medium Not required None Partial None
KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Scripting (XSS) vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number] , /cgi-bin/koha/serials/subscription-add.pl that can result in Privilege escalation by taking control of higher privileged users browser sessions. This attack appear to be exploitable via Victims must be socially engineered to visit a vulnerable webpage containing malicious payload. This vulnerability appears to have been fixed in 17.11.
7 CVE-2018-1000669 352 CSRF 2018-09-06 2018-11-07
6.8
None Remote Medium Not required Partial Partial Partial
KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments as paid for certain users on behalf of Administrators. This attack appear to be exploitable via The victim must be socially engineered into clicking a link, usually via email. This vulnerability appears to have been fixed in 17.11.
8 CVE-2018-1000668 125 Exec Code 2018-09-06 2018-10-25
4.3
None Remote Medium Not required None None Partial
jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds Read vulnerability in function jsi_ObjArrayLookup (jsiObj.c:274) that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code. This vulnerability appears to have been fixed in 2.4.71.
9 CVE-2018-1000667 119 Overflow Mem. Corr. 2018-09-06 2018-11-01
4.3
None Remote Medium Not required None None Partial
NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appear to be exploitable via a specially crafted asm file..
10 CVE-2018-1000666 78 Exec Code 2018-09-06 2018-10-31
10.0
None Remote Low Not required Complete Complete Complete
GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in method: notifySpaceModification; that can result in Improper validation of parameters results in command execution. This attack appear to be exploitable via Network connectivity, required minimal auth privileges (everyone can register an account). This vulnerability appears to have been fixed in After commit 15443122ed2b1cbfd7bdefc048bf106f075becdb.
11 CVE-2018-1000665 79 XSS Bypass 2018-09-06 2018-11-07
4.3
None Remote Medium Not required None Partial None
Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. This vulnerability appears to have been fixed in 1.14.
12 CVE-2018-1000664 295 2018-09-06 2018-12-12
4.3
None Remote Medium Not required None Partial None
daneren2005 DSub for Subsonic (Android client) version 5.4.1 contains a CWE-295: Improper Certificate Validation vulnerability in HTTPS Client that can result in Any non-CA signed server certificate, including self signed and expired, are accepted by the client. This attack appear to be exploitable via The victim connects to a server that's MITM/Proxied by an attacker.
13 CVE-2018-1000663 119 Exec Code Overflow 2018-09-06 2018-10-25
4.3
None Remote Medium Not required None None Partial
jsish version 2.4.70 2.047 contains a Buffer Overflow vulnerability in function _jsi_evalcode from jsiEval.c that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code.
14 CVE-2018-1000661 476 2018-09-06 2018-10-25
4.3
None Remote Medium Not required None None Partial
jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in Jsi_LogMsg (jsiUtils.c:196) that can result in Crash due to segmentation fault. This attack appear to be exploitable via the victim executing specially crafted javascript code. This vulnerability appears to have been fixed in 2.4.69.
15 CVE-2018-1000660 275 2018-09-06 2018-10-31
5.0
None Remote Low Not required Partial None None
TOCK version prior to commit 42f7f36e74088036068d62253e1d8fb26605feed. For example dfde28196cd12071fcf6669f7654be7df482b85d contains a Insecure Permissions vulnerability in Function get_package_name in the file kernel/src/tbfheader.rs, variable "pub package_name: &'static str," in the file process.rs that can result in A tock capsule (untrusted driver) could access arbitrary memory by using only safe code. This vulnerability appears to have been fixed in commit 42f7f36e74088036068d62253e1d8fb26605feed.
16 CVE-2018-1000659 22 Exec Code Dir. Trav. 2018-09-06 2018-10-26
6.5
None Remote Low Single system Partial Partial Partial
LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An authenticated user can upload a specially crafted zip file to get remote code execution. This vulnerability appears to have been fixed in after commit 72a02ebaaf95a80e26127ee7ee2b123cccce05a7 / version 3.14.4.
17 CVE-2018-1000658 434 Exec Code 2018-09-06 2018-10-26
6.5
None Remote Low Single system Partial Partial Partial
LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious php files that can be called under certain circumstances. This vulnerability appears to have been fixed in after commit 91d143230eb357260a19c8424b3005deb49a47f7 / version 3.14.4.
18 CVE-2018-17798 2018-09-30 2018-09-30
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote attackers to delete arbitrary files via an absolute pathname in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
19 CVE-2018-17797 22 Dir. Trav. 2018-09-30 2018-11-28
5.5
None Remote Low Single system None Partial Partial
An issue was discovered in zzcms 8.3. user/zssave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
20 CVE-2018-17796 89 Sql 2018-09-30 2018-11-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The WebParam.java file directly accepts the FIELD_T parameter in a request and uses it as a hash of SQL statements without filtering, resulting in a SQL injection vulnerability in getChannel() in the ChannelService.java file.
21 CVE-2018-17795 119 DoS Overflow 2018-09-30 2018-11-15
6.8
None Remote Medium Not required Partial Partial Partial
The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935.
22 CVE-2018-17794 476 2018-09-30 2018-11-28
4.3
None Remote Medium Not required None None Partial
An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function.
23 CVE-2018-17793 Exec Code 2018-09-30 2018-10-22
0.0
None ??? ??? ??? ??? ??? ???
** DISPUTED ** Virtualenv 16.0.0 allows a sandbox escape via "python $(bash >&2)" and "python $(rbash >&2)" commands. NOTE: the software maintainer disputes this because the Python interpreter in a virtualenv is supposed to be able to execute arbitrary code.
24 CVE-2018-17785 Dir. Trav. 2018-09-30 2018-09-30
0.0
None ??? ??? ??? ??? ??? ???
In blynk-server in Blynk before 0.39.7, Directory Traversal exists via a ../ in a URI that has /static or /static/js at the beginning, as demonstrated by reading the /etc/passwd file.
25 CVE-2018-17781 200 +Info 2018-09-29 2018-11-19
5.0
None Remote Low Not required Partial None None
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigger Uninitialized Object Information Disclosure because creation of ArrayBuffer and DataView objects is mishandled.
26 CVE-2018-17780 200 +Info 2018-09-29 2018-12-06
4.0
None Remote Low Single system Partial None None
Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, leaks end-user public and private IP addresses during a call because of an unsafe default behavior in which P2P connections are accepted from clients outside of the My Contacts list.
27 CVE-2018-17776 +Priv 2018-09-28 2018-10-08
0.0
None ??? ??? ??? ??? ??? ???
PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for %PROGRAMFILES(X86)%\PCProtect, which allows local users to gain privileges by replacing an executable file with a Trojan horse.
28 CVE-2018-17613 255 2018-09-28 2018-12-06
5.0
None Remote Low Not required Partial None None
Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol.
29 CVE-2018-17611 416 DoS Exec Code 2018-09-28 2018-11-14
7.5
None Remote Low Not required Partial Partial Partial
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.
30 CVE-2018-17610 416 DoS Exec Code 2018-09-28 2018-11-14
7.5
None Remote Low Not required Partial Partial Partial
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.
31 CVE-2018-17609 416 DoS Exec Code 2018-09-28 2018-11-14
7.5
None Remote Low Not required Partial Partial Partial
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.
32 CVE-2018-17608 416 DoS Exec Code 2018-09-28 2018-11-14
7.5
None Remote Low Not required Partial Partial Partial
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.
33 CVE-2018-17607 416 DoS Exec Code 2018-09-28 2018-11-14
7.5
None Remote Low Not required Partial Partial Partial
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.
34 CVE-2018-17605 Dir. Trav. 2018-09-28 2018-09-28
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in AssetPipelineFilter.groovy or AssetPipelineFilterCore.groovy.
35 CVE-2018-17582 DoS 2018-09-28 2018-10-03
0.0
None ??? ??? ??? ??? ??? ???
Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get_next_packet() function in the send_packets.c file uses the memcpy() function unsafely to copy sequences from the source buffer pktdata to the destination (*prev_packet)->pktdata. This will result in a Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a file.
36 CVE-2018-17581 400 DoS 2018-09-28 2018-12-12
4.3
None Remote Medium Not required None None Partial
CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.
37 CVE-2018-17580 119 DoS Overflow 2018-09-28 2018-11-29
5.8
None Remote Medium Not required Partial None Partial
A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1. This can lead to Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a crafted pcap file.
38 CVE-2018-17575 89 Sql 2018-09-28 2018-11-21
7.5
None Remote Low Not required Partial Partial Partial
SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter.
39 CVE-2018-17574 79 XSS 2018-09-28 2018-11-14
3.5
None Remote Medium Single system None Partial None
An issue was discovered in YMFE YApi 1.3.23. There is stored XSS in the name field of a project.
40 CVE-2018-17573 434 2018-09-28 2018-11-23
7.5
None Remote Low Not required Partial Partial Partial
The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and fckeditor/editor/filemanager/connectors/uploadtest.html.
41 CVE-2018-17571 79 XSS 2018-09-28 2018-11-15
4.3
None Remote Medium Not required None Partial None
Vanilla before 2.6.1 allows XSS via the email field of a profile.
42 CVE-2018-17570 190 Overflow Mem. Corr. 2018-09-26 2018-11-26
7.5
None Remote Low Not required Partial Partial Partial
utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption.
43 CVE-2018-17569 190 Overflow Mem. Corr. 2018-09-26 2018-11-26
7.5
None Remote Low Not required Partial Partial Partial
network/nw_buf.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption.
44 CVE-2018-17568 190 Overflow Mem. Corr. 2018-09-26 2018-11-20
7.5
None Remote Low Not required Partial Partial Partial
utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption.
45 CVE-2018-17567 2018-09-27 2018-09-27
0.0
None ??? ??? ??? ??? ??? ???
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file.
46 CVE-2018-17566 89 Sql 2018-09-26 2018-11-20
7.5
None Remote Low Not required Partial Partial Partial
In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request.
47 CVE-2018-17556 79 XSS 2018-09-26 2018-11-15
3.5
None Remote Medium Single system None Partial None
MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action.
48 CVE-2018-17555 +Info 2018-09-26 2018-09-26
0.0
None ??? ??? ??? ??? ??? ???
The web component on ARRIS TG2492LG-NA 061213 devices allows remote attackers to obtain sensitive information via the /snmpGet oids parameter.
49 CVE-2018-17538 2018-09-26 2018-10-20
0.0
None ??? ??? ??? ??? ??? ???
** DISPUTED ** Axon (formerly TASER International) Evidence Sync 3.15.89 is vulnerable to process injection. NOTE: the vendor's position is that this CVE is not associated with information that supports any finding of any type of vulnerability.
50 CVE-2018-17439 119 Overflow 2018-09-24 2018-11-09
4.3
None Remote Medium Not required None None Partial
An issue was discovered in the HDF HDF5 1.10.3 library. There is a stack-based buffer overflow in the function H5S_extent_get_dims() in H5S.c. Specifically, this issue occurs while converting an HDF5 file to a GIF file.
Total number of vulnerabilities : 1171   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.