CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1901 CVE-2018-12559 22 Dir. Trav. Bypass 2018-06-19 2018-08-10
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient. A regular user can consequently mount a CIFS filesystem anywhere (e.g., outside of the /home directory tree) by passing directory traversal sequences such as a home/../usr substring.
1902 CVE-2018-12551 287 2019-03-27 2019-03-28
6.8
None Remote Medium Not required Partial Partial Partial
When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability.
1903 CVE-2018-12550 284 2019-03-27 2019-03-28
6.8
None Remote Medium Not required Partial Partial Partial
When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected.
1904 CVE-2018-12540 352 CSRF 2018-07-12 2018-09-11
6.8
None Remote Medium Not required Partial Partial Partial
In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.
1905 CVE-2018-12538 384 2018-06-22 2018-10-16
6.5
None Remote Low Single system Partial Partial Partial
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.
1906 CVE-2018-12529 352 CSRF 2018-07-02 2018-09-05
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF injection point vulnerabilities including changing user passwords and router settings.
1907 CVE-2018-12520 264 2018-07-05 2018-09-04
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and standard library in use by the host running the service and the username of the user whose session they're targeting can abuse the deterministic random number generation in order to hijack the user's session, thus escalating their access.
1908 CVE-2018-12492 20 2018-06-15 2018-07-27
6.4
None Remote Low Not required None Partial Partial
PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php.
1909 CVE-2018-12482 89 Sql 2018-08-03 2018-09-30
6.5
None Remote Low Single system Partial Partial Partial
OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues.
1910 CVE-2018-12477 93 2018-10-09 2019-06-11
6.4
None Remote Low Not required None Partial Partial
A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5367767efc989446fe4b5e4609cce.
1911 CVE-2018-12472 287 2018-10-04 2018-11-27
6.4
None Remote Low Not required Partial Partial None
A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
1912 CVE-2018-12471 611 2018-10-04 2018-10-17
6.4
None Remote Low Not required Partial None Partial
A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
1913 CVE-2018-12468 434 Exec Code 2018-08-01 2018-10-11
6.5
None Remote Low Single system Partial Partial Partial
A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code execution.
1914 CVE-2018-12457 264 2018-06-15 2018-08-01
6.5
None Remote Low Single system Partial Partial Partial
expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header.
1915 CVE-2018-12456 352 CSRF 2018-10-10 2018-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access.
1916 CVE-2018-12449 426 2018-10-11 2018-11-20
6.8
None Remote Medium Not required Partial Partial Partial
The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking.
1917 CVE-2018-12447 190 Exec Code Overflow 2018-06-15 2018-08-02
6.8
None Remote Medium Not required Partial Partial Partial
The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.8 and other products, has an integer overflow that leads to a heap-based buffer overflow and remote code execution.
1918 CVE-2018-12387 20 2018-10-18 2018-12-06
6.4
None Remote Low Not required Partial None Partial
A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.
1919 CVE-2018-12375 119 Overflow Mem. Corr. 2018-10-18 2018-12-06
6.8
None Remote Medium Not required Partial Partial Partial
Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62.
1920 CVE-2018-12370 352 Bypass CSRF 2018-10-18 2018-12-06
6.8
None Remote Medium Not required Partial Partial Partial
In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox < 61.
1921 CVE-2018-12364 352 Bypass CSRF 2018-10-18 2018-12-03
6.8
None Remote Medium Not required Partial Partial Partial
NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
1922 CVE-2018-12363 416 2018-10-18 2018-12-03
6.8
None Remote Medium Not required Partial Partial Partial
A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
1923 CVE-2018-12362 190 Overflow 2018-10-18 2018-12-03
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
1924 CVE-2018-12361 190 Overflow 2018-10-18 2018-12-06
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.
1925 CVE-2018-12360 416 2018-10-18 2018-12-03
6.8
None Remote Medium Not required Partial Partial Partial
A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
1926 CVE-2018-12359 119 Overflow 2018-10-18 2018-12-06
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
1927 CVE-2018-12354 352 CSRF 2018-06-13 2018-07-27
6.8
None Remote Medium Not required Partial Partial Partial
Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-services/2.0/analyticalDrivers/ POST request.
1928 CVE-2018-12334 310 2018-06-17 2018-08-10
6.5
None Remote Low Single system Partial Partial Partial
Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a virtualization attack.
1929 CVE-2018-12333 284 Exec Code 2018-06-17 2018-08-09
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to manipulate security relevant configurations and execute malicious code.
1930 CVE-2018-12321 125 2018-06-13 2018-08-02
6.8
None Remote Medium Not required Partial Partial Partial
There is a heap out of bounds read in radare2 2.6.0 in java_switch_op() in libr/anal/p/anal_java.c via a crafted Java binary file.
1931 CVE-2018-12320 416 2018-06-13 2018-08-02
6.8
None Remote Medium Not required Partial Partial Partial
There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr/anal/bb.c via a crafted Java binary file.
1932 CVE-2018-12294 416 2018-06-19 2018-10-21
6.8
None Remote Medium Not required Partial Partial Partial
WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object.
1933 CVE-2018-12293 190 Overflow 2018-06-19 2018-10-21
6.8
None Remote Medium Not required Partial Partial Partial
The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content.
1934 CVE-2018-12271 287 Bypass 2018-06-13 2018-08-10
6.9
None Local Medium Not required Complete Complete Complete
** DISPUTED ** An issue was discovered in the com.getdropbox.Dropbox app 100.2 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the kSecAccessControlUserPresence protection mechanism is not used. In other words, an attacker could authenticate with an arbitrary fingerprint. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes iOS devices on which a jailbreak has occurred.
1935 CVE-2018-12265 125 Overflow 2018-06-13 2019-08-06
6.8
None Remote Medium Not required Partial Partial Partial
Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.
1936 CVE-2018-12264 125 Overflow 2018-06-13 2019-08-06
6.8
None Remote Medium Not required Partial Partial Partial
Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.
1937 CVE-2018-12263 434 2018-06-13 2018-08-03
6.5
None Remote Low Single system Partial Partial Partial
portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI.
1938 CVE-2018-12256 434 Exec Code 2018-08-16 2018-10-12
6.5
None Remote Low Single system Partial Partial Partial
admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods&doc=vqmods request.
1939 CVE-2018-12254 89 Sql 2018-06-12 2018-08-02
6.5
None Remote Low Single system Partial Partial Partial
router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for Joomla! allows SQL Injection via the PATH_INFO to a home/requested_user/Sent%20interest/ URI.
1940 CVE-2018-12250 89 Sql 2019-07-03 2019-07-05
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in Elite CMS Pro 2.01. In /admin/add_sidebar.php, the ?page= parameter is vulnerable to SQL injection.
1941 CVE-2018-12245 426 2018-11-29 2018-12-28
6.8
None Remote Medium Not required Partial Partial Partial
Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker. Note that this particular type of exploit only manifests at install time; no remediation is required for software that has already been installed. This issue only impacted the Trialware media for Symantec Endpoint Protection, which has since been updated.
1942 CVE-2018-12244 20 2019-04-25 2019-05-02
6.8
None Remote Medium Not required Partial Partial Partial
SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files.
1943 CVE-2018-12233 119 Overflow Mem. Corr. 2018-06-12 2018-08-29
6.8
None Remote Medium Not required Partial Partial Partial
In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr.
1944 CVE-2018-12228 287 2018-06-12 2018-08-14
6.8
None Remote Low Single system None None Complete
An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable.
1945 CVE-2018-12180 119 DoS Overflow 2019-03-27 2019-05-08
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.
1946 CVE-2018-12178 119 DoS Overflow 2019-03-27 2019-04-10
6.4
None Remote Low Not required None Partial Partial
Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.
1947 CVE-2018-12163 264 2018-09-12 2018-10-19
6.8
None Remote Medium Not required Partial Partial Partial
A DLL injection vulnerability in the Intel IoT Developers Kit 4.0 installer may allow an authenticated user to potentially escalate privileges using file modification via local access.
1948 CVE-2018-12120 254 2018-11-28 2018-12-28
6.8
None Remote Medium Not required Partial Partial Partial
Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as `node --debug=localhost`. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable.
1949 CVE-2018-12114 352 CSRF 2018-06-14 2018-08-03
6.8
None Remote Medium Not required Partial Partial Partial
Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.
1950 CVE-2018-12112 119 DoS Overflow 2018-06-11 2018-07-27
6.8
None Remote Medium Not required Partial Partial Partial
md_build_attribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact via a crafted file.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.