CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2551 CVE-2018-10659 119 DoS Overflow Mem. Corr. 2018-06-26 2018-08-20
5.0
None Remote Low Not required None None Partial
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction.
2552 CVE-2018-10658 119 DoS Overflow Mem. Corr. 2018-06-26 2018-08-20
5.0
None Remote Low Not required None None Partial
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or similar.
2553 CVE-2018-10657 20 DoS 2018-05-02 2018-06-07
5.0
None Remote Low Not required None None Partial
Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018.
2554 CVE-2018-10652 200 +Info 2018-05-23 2018-06-25
5.0
None Remote Low Not required Partial None None
There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3.
2555 CVE-2018-10651 601 2018-05-23 2018-06-25
5.8
None Remote Medium Not required Partial Partial None
There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
2556 CVE-2018-10632 400 2018-07-24 2018-09-21
5.0
None Remote Low Not required None None Partial
In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and prior, the amount of resources requested by a malicious actor are not restricted, allowing for a denial-of-service condition.
2557 CVE-2018-10618 310 2018-08-01 2018-10-11
5.0
None Remote Low Not required Partial None None
Davolink DVW-3200N all version prior to Version 1.00.06. The device generates a weak password hash that is easily cracked, allowing a remote attacker to obtain the password for the device.
2558 CVE-2018-10613 611 2018-06-04 2018-07-31
5.0
None Remote Low Not required Partial None None
Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior.
2559 CVE-2018-10607 400 DoS 2018-07-31 2018-10-01
5.0
None Remote Low Not required None None Partial
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel.
2560 CVE-2018-10601 119 Overflow 2018-06-05 2018-07-31
5.4
None Local Network Medium Not required Partial Partial Partial
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that exposes an "echo" service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the stack with no boundary checks, hence resulting in stack overflow.
2561 CVE-2018-10598 125 Exec Code +Priv 2018-08-13 2018-10-15
5.8
None Remote Medium Not required Partial None Partial
CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has two out-of-bounds read vulnerabilities could cause the software to crash due to lacking user input validation for processing project files. Which may allow an attacker to gain remote code execution with administrator privileges if exploited.
2562 CVE-2018-10597 287 2018-06-05 2018-07-31
5.4
None Local Network Medium Not required Partial Partial Partial
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory ("write-what-where") from an attacker-chosen device address within the same subnet.
2563 CVE-2018-10596 200 +Info 2018-07-02 2018-09-11
5.2
None Local Network Low Single system Partial Partial Partial
Medtronic 2090 CareLink Programmer all versions The affected product uses a virtual private network connection to securely download updates. The product does not verify it is still connected to this virtual private network before downloading updates. An attacker with local network access to the programmer could influence these communications.
2564 CVE-2018-10590 538 2018-05-15 2018-06-15
5.0
None Remote Low Not required Partial None None
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible.
2565 CVE-2018-10583 200 +Info 2018-05-01 2018-10-31
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.
2566 CVE-2018-10581 200 +Info 2018-05-01 2018-06-13
5.5
None Remote Low Single system Partial Partial None
In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs in situations where this authenticated user also belongs to multiple teams, where one of the Teams has the VariableEdit permission or VariableView permissions for the Environment.
2567 CVE-2018-10550 284 2018-04-30 2018-06-12
5.0
None Remote Low Not required Partial None None
In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to.
2568 CVE-2018-10548 476 DoS 2018-04-29 2019-08-19
5.0
None Remote Low Not required None None Partial
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.
2569 CVE-2018-10546 400 2018-04-29 2019-08-19
5.0
None Remote Low Not required None None Partial
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.
2570 CVE-2018-10544 287 2018-05-02 2018-06-13
5.0
None Remote Low Not required Partial None None
Meross MSS110 devices through 1.1.24 contain an unauthenticated admin.htm administrative interface.
2571 CVE-2018-10531 20 2019-07-10 2019-07-17
5.0
None Remote Low Not required None None Partial
An issue was discovered in the America's Army Proving Grounds platform for the Unreal Engine. With a false packet sent via UDP, the application server responds with several bytes, giving the possibility of DoS amplification, even being able to be used in DDoS attacks.
2572 CVE-2018-10523 200 +Info 2018-04-27 2018-05-24
5.0
None Remote Low Not required Partial None None
CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileManager/untgz.php.
2573 CVE-2018-10516 200 +Info 2018-04-27 2018-05-24
5.5
None Remote Low Single system Partial None Partial
In CMS Made Simple (CMSMS) through 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause DoS by moving config.php to the upload/ directory.
2574 CVE-2018-10512 284 2018-08-15 2018-10-12
5.0
None Remote Low Not required None None Partial
A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS).
2575 CVE-2018-10505 264 Exec Code 2018-06-08 2018-07-27
5.4
None Local Medium Not required None Partial Complete
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220008 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
2576 CVE-2018-10470 347 2018-06-12 2018-08-08
5.0
None Remote Low Not required None Partial None
Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid.
2577 CVE-2018-10468 20 2018-04-28 2018-06-12
5.0
None Remote Low Not required Partial None None
The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect, as exploited in the wild starting in December 2017, aka the "transferFlaw" issue.
2578 CVE-2018-10393 119 Overflow 2018-04-26 2018-05-25
5.0
None Remote Low Not required None None Partial
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.
2579 CVE-2018-10376 190 Overflow 2018-04-25 2018-06-13
5.0
None Remote Low Not required None Partial None
An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (aka SMT), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _fee and _value parameters, as exploited in the wild in April 2018, aka the "proxyOverflow" issue.
2580 CVE-2018-10363 20 2018-06-13 2018-08-09
5.0
None Remote Low Not required None Partial None
An issue was discovered in the WpDevArt "Booking calendar, Appointment Booking System" plugin 2.2.2 for WordPress. Multiple parameters allow remote attackers to manipulate the values to change data such as prices.
2581 CVE-2018-10362 287 2018-04-25 2018-06-13
5.0
None Remote Low Not required Partial None None
An issue was discovered in phpLiteAdmin 1.9.5 through 1.9.7.1. Due to loose comparison with '==' instead of '===' in classes/Authorization.php for the user-provided login password, it is possible to login with a simpler password if the password has the form of a power in scientific notation (like '2e2' for '200' or '0e1234' for '0'). This is possible because, in the loose comparison case, PHP interprets the string as a number in scientific notation, and thus converts it to a number. After that, the comparison with '==' casts the user input (e.g., the string '200' or '0') to a number, too. Hence the attacker can login with just a '0' or a simple number he has to brute force. Strong comparison with '===' prevents the cast into numbers.
2582 CVE-2018-10359 264 Exec Code 2018-06-08 2018-07-27
5.4
None Local Medium Not required None Partial Complete
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220078 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
2583 CVE-2018-10358 264 Exec Code 2018-06-08 2018-07-27
5.4
None Local Medium Not required None Partial Complete
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x2200B4 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
2584 CVE-2018-10299 190 Overflow 2018-04-23 2018-08-29
5.0
None Remote Low Not required None Partial None
An integer overflow in the batchTransfer function of a smart contract implementation for Beauty Ecosystem Coin (BEC), the Ethereum ERC20 token used in the Beauty Chain economic system, allows attackers to accomplish an unauthorized increase of digital assets by providing two _receivers arguments in conjunction with a large _value argument, as exploited in the wild in April 2018, aka the "batchOverflow" issue.
2585 CVE-2018-10253 119 Overflow 2018-04-20 2018-05-22
5.0
None Remote Low Not required None None Partial
Paessler PRTG Network Monitor before 18.1.39.1648 mishandles stack memory during unspecified API calls.
2586 CVE-2018-10248 352 CSRF 2018-04-20 2018-05-21
5.8
None Remote Medium Not required None Partial Partial
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can delete any article via index.php?m=content&f=content&v=recycle_delete.
2587 CVE-2018-10245 200 +Info 2018-04-20 2018-05-18
5.0
None Remote Low Not required Partial None None
A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update parameters.
2588 CVE-2018-10242 125 2019-04-04 2019-05-06
5.0
None Remote Low Not required Partial None None
Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to read beyond the allocated data because SSHParseBanner in app-layer-ssh.c lacks a length check.
2589 CVE-2018-10240 331 2018-05-16 2018-06-25
5.0
None Remote Low Not required Partial None None
SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. This session token's value can be brute-forced by an attacker to obtain the corresponding session cookie and hijack the user's session.
2590 CVE-2018-10229 254 2018-05-04 2018-06-13
5.8
None Remote Medium Not required Partial Partial None
A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API.
2591 CVE-2018-10219 200 +Info 2018-04-19 2018-05-22
5.0
None Remote Low Not required Partial None None
baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request.
2592 CVE-2018-10212 285 2018-04-25 2018-05-24
5.5
None Remote Low Single system Partial Partial None
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization leading to creation of folders within another account via a modified device value.
2593 CVE-2018-10211 285 2018-04-25 2018-05-24
5.0
None Remote Low Not required Partial None None
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization when listing the history of another user via a modified "vaultize_session_id" value in a cookie.
2594 CVE-2018-10210 640 2018-04-25 2018-05-25
5.0
None Remote Low Not required Partial None None
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is possible through the password-reset feature.
2595 CVE-2018-10207 285 2018-04-25 2018-05-24
5.0
None Remote Low Not required Partial None None
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. An attacker can exploit Missing Authorization on the FlexPaperViewer SWF reader, and export files that should have been restricted, via vectors involving page-by-page access to a document in SWF format.
2596 CVE-2018-10205 399 2018-04-19 2018-05-24
5.0
None Remote Low Not required None None Partial
hyperstart 1.0.0 in HyperHQ Hyper has memory leaks in the container_setup_modules and hyper_rescan_scsi functions in container.c, related to runV 1.0.0 for Docker.
2597 CVE-2018-10201 22 Dir. Trav. 2018-04-20 2018-05-15
5.0
None Remote Low Not required Partial None None
An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials, with .../ or ...\ or ..../ or ....\ as a directory-traversal pattern to TCP port 8667.
2598 CVE-2018-10193 399 DoS 2018-04-17 2018-07-18
5.0
None Remote Low Not required None None Partial
LogMeIn LastPass through 4.15.0 allows remote attackers to cause a denial of service (browser hang) via an HTML document because the resource consumption of onloadwff.js grows with the number of INPUT elements.
2599 CVE-2018-10189 200 +Info 2018-04-17 2018-05-23
5.0
None Remote Low Not required Partial None None
An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each contact in Mautic. It is then possible to retrieve information about the contact through forms that have progressive profiling enabled.
2600 CVE-2018-10184 119 Exec Code Overflow 2018-05-09 2018-06-18
5.0
None Remote Low Not required None None Partial
An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain.
Total number of vulnerabilities : 22537   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 (This Page)53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.