The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2018-14821 | Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote, unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818, causing the RSLinx Classic application to terminate. The user will need to manually restart the software to regain functionality. | MEDIUM | Sep 21, 2018 |
| CVE-2018-14829 | Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code. | HIGH | Sep 21, 2018 |
| CVE-2018-14889 | CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability. | MEDIUM | Sep 21, 2018 |
| CVE-2018-14890 | Vectra Networks Cognito Brain and Sensor before 4.2 contains a cross-site scripting (XSS) vulnerability in the Web Management Console. | LOW | Sep 21, 2018 |
| CVE-2018-14891 | Management Console in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local privilege escalation vulnerability. | MEDIUM | Sep 21, 2018 |
| CVE-2018-15612 | A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1. | MEDIUM | Sep 21, 2018 |
| CVE-2018-15613 | A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1. | MEDIUM | Sep 21, 2018 |
| CVE-2018-16281 | The DEISER Profields - Project Custom Fields app before 6.0.2 for Jira has Incorrect Access Control. | HIGH | Sep 21, 2018 |
| CVE-2018-16784 | DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a <file type='file' name='../ substring. | MEDIUM | Sep 21, 2018 |
| CVE-2018-16786 | DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php. | MEDIUM | Sep 21, 2018 |
| CVE-2018-16821 | SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests. | MEDIUM | Sep 21, 2018 |
| CVE-2018-16822 | SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter. | HIGH | Sep 21, 2018 |
| CVE-2018-16833 | Zoho ManageEngine Desktop Central 10.0.271 has XSS via the Features & Articles search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI. | MEDIUM | Sep 21, 2018 |
| CVE-2018-17001 | On the RICOH SP 4510SF printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | MEDIUM | Sep 21, 2018 |
| CVE-2018-17002 | On the RICOH MP 2001 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | MEDIUM | Sep 21, 2018 |
| CVE-2018-17003 | In LimeSurvey 3.14.7, HTML Injection and Stored XSS have been discovered in the appendix via the surveyls_title parameter to /index.php?r=admin/survey/sa/insert. | MEDIUM | Sep 21, 2018 |
| CVE-2018-17050 | The mintToken function of a smart contract implementation for PolyAi (AI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | MEDIUM | Sep 21, 2018 |
| CVE-2018-17174 | A stack-based buffer overflow was discovered in the xtimor NMEA library (aka nmealib) 0.5.3. nmea_parse() in parser.c allows an attacker to trigger denial of service (even arbitrary code execution in a certain context) in a product using this library via malformed data. | HIGH | Sep 21, 2018 |
| CVE-2018-17292 | An issue was discovered in WAVM before 2018-09-16. The loadModule function in Include/Inline/CLI.h lacks checking of the file length before a file magic comparison, allowing attackers to cause a Denial of Service (application crash caused by out-of-bounds read) by crafting a file that has fewer than 4 bytes. | MEDIUM | Sep 21, 2018 |
| CVE-2018-17293 | An issue was discovered in WAVM before 2018-09-16. The run function in Programs/wavm/wavm.cpp does not check whether there is Emscripten memory to store the command-line arguments passed by the input WebAssembly file's main function, which allows attackers to cause a denial of service (application crash by NULL pointer dereference) or possibly have unspecified other impact by crafting certain WebAssembly files. | MEDIUM | Sep 21, 2018 |
| CVE-2018-17297 | The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive. | MEDIUM | Sep 21, 2018 |
| CVE-2018-17298 | An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated after a user changes its password. | MEDIUM | Sep 21, 2018 |
| CVE-2018-17301 | Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /#Account in the search panel. | LOW | Sep 21, 2018 |
| CVE-2018-17302 | Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /#Email/view saved draft message. | LOW | Sep 21, 2018 |
| CVE-2018-17317 | FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the io_mode, ap_mode, io_action, io_in_iface, io_in_set, io_in_ip, io_in_mask, io_in_gw, io_out_iface, io_out_set, io_out_mask, io_out_gw, iface, or domain parameter to /www/script/config_iface.php, or the newSSID, hostapd_secure, hostapd_wpa_passphrase, or supplicant_ssid parameter to /www/page_config.php. | HIGH | Sep 21, 2018 |
| CVE-2018-17320 | An issue was discovered in UCMS 1.4.6. aaddpost.php has stored XSS via the sadmin/aindex.php minfo parameter in a sadmin_aaddpost action. | MEDIUM | Sep 21, 2018 |
| CVE-2018-17321 | An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action. | MEDIUM | Sep 21, 2018 |
| CVE-2018-17322 | Cross-site scripting (XSS) vulnerability in index.php/index/category/index in YUNUCMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the area parameter. | MEDIUM | Sep 21, 2018 |
| CVE-2018-3873 | An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long secretKey value in order to exploit this vulnerability. | HIGH | Sep 21, 2018 |
| CVE-2018-3874 | An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long accessKey value in order to exploit this vulnerability. | HIGH | Sep 21, 2018 |
| CVE-2018-3876 | An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long bucket value in order to exploit this vulnerability. | HIGH | Sep 21, 2018 |
| CVE-2018-3877 | An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 160 bytes. An attacker can send an arbitrarily long directory value in order to exploit this vulnerability. | HIGH | Sep 21, 2018 |
| CVE-2018-3894 | An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core\'s HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long startTime value in order to exploit this vulnerability. | HIGH | Sep 21, 2018 |
| CVE-2018-3906 | An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | HIGH | Sep 21, 2018 |
| CVE-2018-3913 | An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long accessKey value in order to exploit this vulnerability. | HIGH | Sep 21, 2018 |
| CVE-2018-3914 | An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 2000 bytes. An attacker can send an arbitrarily long sessionToken value in order to exploit this vulnerability. | HIGH | Sep 21, 2018 |
| CVE-2018-3915 | An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long bucket value in order to exploit this vulnerability. | HIGH | Sep 21, 2018 |
| CVE-2018-8023 | Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT). In Apache Mesos versions pre-1.4.2, 1.5.0, 1.5.1, 1.6.0 the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timing attack because instead of a constant-time string comparison routine a standard `==` operator has been used. A malicious actor can therefore abuse the timing difference of when the JWT validation function returns to reveal the correct HMAC value. | MEDIUM | Sep 21, 2018 |
| CVE-2018-9282 | An XSS issue was discovered in Subsonic Media Server 6.1.1. The podcast subscription form is affected by a stored XSS vulnerability in the add parameter to podcastReceiverAdmin.view; no administrator access is required. By injecting a JavaScript payload, this flaw could be used to manipulate a user's session, or elevate privileges by targeting an administrative user. | MEDIUM | Sep 21, 2018 |
| CVE-2017-18314 | In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, on TZ cold boot the CNOC_QDSS RG0 locked by xBL_SEC is cleared by TZ. | HIGH | Sep 20, 2018 |
| CVE-2018-11267 | In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, when sending an malformed XML data to deviceprogrammer/firehose it may do an out of bounds buffer write allowing a region of memory to be filled with 0x20. | HIGH | Sep 20, 2018 |
| CVE-2018-11268 | In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, a potential buffer overflow exists when parsing TFTP options. | HIGH | Sep 20, 2018 |
| CVE-2018-11269 | In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, a potential buffer overflow exists when parsing TFTP options. | HIGH | Sep 20, 2018 |
| CVE-2018-11277 | In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, the com.qualcomm.embms is a vendor package deployed in the system image which has an inadequate permission level and allows any application installed from Play Store to request this permission at install-time. The system application interfaces with the Radio Interface Layer leading to potential access control issue. | MEDIUM | Sep 20, 2018 |
| CVE-2018-11285 | In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, while parsing FLAC file with corrupted picture block, a buffer over-read can occur. | HIGH | Sep 20, 2018 |
| CVE-2018-11287 | In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, incorrect control flow implementation in Video while checking buffer sufficiency. | HIGH | Sep 20, 2018 |
| CVE-2018-11290 | In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG in use. | MEDIUM | Sep 20, 2018 |
| CVE-2018-11291 | In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, cryptographic issues due to the random number generator was not a strong one in NAN. | MEDIUM | Sep 20, 2018 |
| CVE-2018-11292 | In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, lack of input validation in WLANWMI command handlers can lead to integer & heap overflows. | HIGH | Sep 20, 2018 |
| CVE-2018-11982 | In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016, a double free of ASN1 heap memory used for EUTRA CAP container occurs during UTRAN to LTE Capability inquiry procedure. | HIGH | Sep 20, 2018 |
