| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-1000810 |
190 |
|
Overflow |
2018-10-08 |
2019-01-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat, passed a large number, can overflow an internal buffer. This vulnerability appears to have been fixed in 1.29.1. |
|
2 |
CVE-2018-1000809 |
20 |
|
|
2018-10-08 |
2019-01-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
privacyIDEA version 2.23.1 and earlier contains a Improper Input Validation vulnerability in token validation api that can result in Denial-of-Service. This attack appear to be exploitable via http request with user=<space>&pass= to /validate/check url. This vulnerability appears to have been fixed in 2.23.2. |
|
3 |
CVE-2018-1000808 |
404 |
|
DoS |
2018-10-08 |
2021-08-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.. This vulnerability appears to have been fixed in 17.5.0. |
|
4 |
CVE-2018-1000807 |
416 |
|
DoS Exec Code |
2018-10-08 |
2021-08-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0. |
|
5 |
CVE-2018-1000805 |
863 |
|
|
2018-10-08 |
2022-04-06 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. |
|
6 |
CVE-2018-1000804 |
119 |
|
Exec Code Overflow Sql |
2018-10-08 |
2019-09-27 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able to run malicious AQL code (e.g. via SQL-like Injection attack). |
|
7 |
CVE-2018-1000803 |
200 |
|
+Info |
2018-10-08 |
2019-01-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. This attack appear to be exploitable via Watch a repository to receive email notifications. Emails received contain the other recipients even if they have the email set as private. This vulnerability appears to have been fixed in 1.5.1. |
|
8 |
CVE-2018-18874 |
434 |
|
Exec Code |
2018-10-31 |
2018-12-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=file_manager_upload URI. |
|
9 |
CVE-2018-18873 |
476 |
|
|
2018-10-31 |
2020-09-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c. |
|
10 |
CVE-2018-18869 |
22 |
|
Exec Code Dir. Trav. |
2018-10-31 |
2018-12-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter. |
|
11 |
CVE-2018-18868 |
79 |
|
XSS |
2018-10-31 |
2018-12-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
No-CMS 1.1.3 is prone to Persistent XSS via a contact_us name parameter, as demonstrated by the VG48Z5PqVWname parameter. |
|
12 |
CVE-2018-18867 |
918 |
|
|
2018-10-31 |
2018-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495. |
|
13 |
CVE-2018-18854 |
400 |
|
DoS |
2018-10-31 |
2018-12-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of many JSON object fields (with keys that have the same hash code). |
|
14 |
CVE-2018-18853 |
400 |
|
DoS |
2018-10-31 |
2018-12-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of a field composed of many decimal digits. |
|
15 |
CVE-2018-18850 |
|
|
Exec Code |
2018-10-31 |
2020-08-24 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes could upload a maliciously crafted YAML configuration, potentially allowing for remote execution of arbitrary code, running in the same context as the Octopus Server (for self-hosted installations by default, SYSTEM). |
|
16 |
CVE-2018-18842 |
352 |
|
Exec Code CSRF |
2018-10-30 |
2019-01-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code. |
|
17 |
CVE-2018-18841 |
79 |
|
XSS |
2018-10-30 |
2018-12-06 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexkey parameter. |
|
18 |
CVE-2018-18840 |
79 |
|
XSS |
2018-10-30 |
2018-12-06 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexmetatit parameter. |
|
19 |
CVE-2018-18835 |
94 |
|
Exec Code |
2018-10-30 |
2018-12-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file. |
|
20 |
CVE-2018-18834 |
787 |
|
Overflow |
2018-10-30 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. |
|
21 |
CVE-2018-18832 |
89 |
|
Sql |
2018-10-30 |
2018-12-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
admin/check.asp in DKCMS 9.4 allows SQL Injection via an ASPSESSIONID cookie to admin/admin.asp. |
|
22 |
CVE-2018-18831 |
22 |
|
Dir. Trav. |
2018-10-30 |
2018-12-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5. An attacker can write a .jsp file (in the position parameter) to an arbitrary directory via a ../ Directory Traversal in the url parameter. |
|
23 |
CVE-2018-18830 |
434 |
|
Exec Code |
2018-10-30 |
2018-12-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercept the data packet. In the name parameter, change the suffix to jsp. In the response, the server returns the storage path of the file, which can be accessed to execute arbitrary JSP code. |
|
24 |
CVE-2018-18829 |
476 |
|
|
2018-10-30 |
2018-12-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There exists a NULL pointer dereference in ff_vc1_parse_frame_header_adv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafted aac file. |
|
25 |
CVE-2018-18828 |
787 |
|
Overflow |
2018-10-30 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There exists a heap-based buffer overflow in vc1_decode_i_block_adv in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file. |
|
26 |
CVE-2018-18827 |
125 |
|
|
2018-10-30 |
2018-12-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There exists a heap-based buffer over-read in ff_vc1_pred_dc in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file. |
|
27 |
CVE-2018-18826 |
787 |
|
Overflow |
2018-10-30 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There exists a heap-based buffer overflow in vc1_decode_p_mb_intfi in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file. |
|
28 |
CVE-2018-18825 |
79 |
|
XSS |
2018-10-30 |
2018-12-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Pagoda Linux panel V6.0 has XSS via the verification code associated with an invalid account login. A crafted code is mishandled during rendering of the login log. |
|
29 |
CVE-2018-18822 |
89 |
|
Sql |
2018-10-30 |
2018-12-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter. |
|
30 |
CVE-2018-18817 |
|
|
|
2018-10-30 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API. |
|
31 |
CVE-2018-18792 |
89 |
|
Sql |
2018-10-29 |
2018-12-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie. |
|
32 |
CVE-2018-18791 |
89 |
|
Sql |
2018-10-29 |
2018-12-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie. |
|
33 |
CVE-2018-18790 |
89 |
|
Sql |
2018-10-29 |
2018-12-04 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.) |
|
34 |
CVE-2018-18789 |
89 |
|
Sql |
2018-10-29 |
2018-12-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php. |
|
35 |
CVE-2018-18788 |
89 |
|
Sql |
2018-10-29 |
2018-12-04 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.) |
|
36 |
CVE-2018-18787 |
89 |
|
Sql |
2018-10-29 |
2018-12-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie. |
|
37 |
CVE-2018-18786 |
89 |
|
Sql |
2018-10-29 |
2018-12-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie. |
|
38 |
CVE-2018-18785 |
89 |
|
Sql |
2018-10-29 |
2018-12-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php. |
|
39 |
CVE-2018-18784 |
89 |
|
Sql |
2018-10-29 |
2018-12-04 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.) |
|
40 |
CVE-2018-18783 |
79 |
|
XSS |
2018-10-29 |
2018-12-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
XSS was discovered in SEMCMS V3.4 via the semcms_remail.php?type=ok umail parameter. |
|
41 |
CVE-2018-18782 |
79 |
|
XSS |
2018-10-29 |
2018-12-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter. |
|
42 |
CVE-2018-18781 |
79 |
|
XSS |
2018-10-29 |
2018-12-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter. |
|
43 |
CVE-2018-18778 |
200 |
|
+Info |
2018-10-29 |
2018-12-06 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
ACME mini_httpd before 1.30 lets remote users read arbitrary files. |
|
44 |
CVE-2018-18771 |
434 |
|
|
2018-10-29 |
2018-12-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in LuLu CMS through 2015-05-14. backend\modules\filemanager\controllers\DefaultController.php allows arbitrary file upload by entering a filename, directory name, and PHP code into the three text input fields. |
|
45 |
CVE-2018-18765 |
125 |
|
DoS |
2018-10-29 |
2018-12-07 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. |
|
46 |
CVE-2018-18764 |
125 |
|
DoS |
2018-10-29 |
2018-12-07 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in a parse_mqtt getu16 call. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. |
|
47 |
CVE-2018-18754 |
522 |
|
|
2018-10-29 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file. |
|
48 |
CVE-2018-18753 |
918 |
|
|
2018-10-29 |
2019-01-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF. |
|
49 |
CVE-2018-18752 |
434 |
|
|
2018-10-29 |
2018-12-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter. |
|
50 |
CVE-2018-18751 |
415 |
|
|
2018-10-29 |
2020-09-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt. |
