CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2018-18531 Bypass 2018-10-19 2018-10-19
0.0
None ??? ??? ??? ??? ??? ???
text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random (rather than SecureRandom) function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force approach.
452 CVE-2018-18520 DoS 2018-10-19 2018-10-19
0.0
None ??? ??? ??? ??? ??? ???
An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.
453 CVE-2018-18467 2018-10-23 2018-10-23
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Daniel Gultsch Conversations 2.3.4. It is possible to spoof a custom message to an existing opened conversation by sending an intent.
454 CVE-2018-18442 2018-12-20 2018-12-20
0.0
None ??? ??? ??? ??? ??? ???
D-Link DCS-825L devices with firmware 1.08 do not employ a suitable mechanism to prevent denial-of-service (DoS) attacks. An attacker can harm the device availability (i.e., live-online video/audio streaming) by using the hping3 tool to perform an IPv4 flood attack. Verified attacks includes SYN flooding, UDP flooding, ICMP flooding, and SYN-ACK flooding.
455 CVE-2018-18441 2018-12-20 2018-12-20
0.0
None ??? ??? ??? ??? ??? ???
D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: <Camera-IP>/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings.
456 CVE-2018-18428 2018-10-19 2018-10-19
0.0
None ??? ??? ??? ??? ??? ???
TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream access, as demonstrated by a /jpg/image.jpg URI.
457 CVE-2018-18397 2018-12-12 2018-12-12
0.0
None ??? ??? ??? ??? ??? ???
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.
458 CVE-2018-18385 DoS 2018-10-16 2018-10-23
0.0
None ??? ??? ??? ??? ??? ???
Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service (infinite loop). The loop was caused by the fact that Parser.next_block was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detects any list was not agreeing with the regular expression that detects a specific list type. So the line kept getting pushed back onto the reader, hence causing the loop.
459 CVE-2018-18382 Exec Code 2018-10-16 2018-10-16
0.0
None ??? ??? ??? ??? ??? ???
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
460 CVE-2018-18380 2018-10-19 2018-10-30
0.0
None ??? ??? ??? ??? ??? ???
A Session Fixation issue was discovered in Bigtree before 4.2.24. admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The Session Fixation could allow an attacker to hijack an admin session.
461 CVE-2018-18332 2018-12-21 2018-12-21
0.0
None ??? ??? ??? ??? ??? ???
A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations.
462 CVE-2018-18331 2018-12-21 2018-12-21
0.0
None ??? ??? ??? ??? ??? ???
A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerable installations.
463 CVE-2018-18318 DoS 2018-10-15 2018-10-15
0.0
None ??? ??? ??? ??? ??? ???
The /dev/block/mmcblk0rpmb driver kernel module on Qiku 360 Phone N6 Pro 1801-A01 devices allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted 0xc0d8b300 ioctl call.
464 CVE-2018-18287 2018-10-14 2018-10-14
0.0
None ??? ??? ??? ??? ??? ???
On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers can discover hostnames and IP addresses by reading dhcpLeaseInfo data in the HTML source code of the Main_Login.asp page.
465 CVE-2018-18281 2018-10-30 2019-01-10
0.0
None ??? ??? ??? ??? ??? ???
Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19.
466 CVE-2018-18264 Bypass 2019-01-02 2019-01-11
0.0
None ??? ??? ??? ??? ??? ???
Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.
467 CVE-2018-18224 +Info 2018-10-19 2018-12-21
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability exists in the file reading procedure in Open Design Alliance Drawings SDK 2019Update1 on non-Windows platforms in which attackers could perform read operations past the end, or before the beginning, of the intended buffer. This can allow attackers to obtain sensitive information from process memory or cause a crash.
468 CVE-2018-18223 +Info 2018-10-19 2018-12-21
0.0
None ??? ??? ??? ??? ??? ???
Open Design Alliance Drawings SDK 2019Update1 has a vulnerability during the reading of malformed files, allowing attackers to obtain sensitive information from process memory or cause a crash.
469 CVE-2018-18203 Exec Code 2018-11-28 2018-11-28
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability in the update mechanism of Subaru StarLink Harman head units 2017, 2018, and 2019 may give an attacker (with physical access to the vehicle's USB ports) the ability to rewrite the firmware of the head unit. This occurs because the device accepts modified QNX6 filesystem images (as long as the attacker obtains access to certain Harman decryption/encryption code) as a consequence of a bug where unsigned images pass a validity check. An attacker could potentially install persistent malicious head unit firmware and execute arbitrary code as the root user.
470 CVE-2018-18098 2019-01-10 2019-01-10
0.0
None ??? ??? ??? ??? ??? ???
Improper file verification in install routine for Intel(R) SGX SDK and Platform Software for Windows before 2.2.100 may allow an escalation of privilege via local access.
471 CVE-2018-18093 +Priv 2018-12-13 2018-12-13
0.0
None ??? ??? ??? ??? ??? ???
Improper file permissions in the installer for Intel VTune Amplifier 2018 Update 3 and before may allow unprivileged user to potentially gain privileged access via local access.
472 CVE-2018-18014 Exec Code 2018-10-24 2018-10-24
0.0
None ??? ??? ??? ??? ??? ???
** DISPUTED *** Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost."
473 CVE-2018-18013 Exec Code 2018-10-24 2018-10-24
0.0
None ??? ??? ??? ??? ??? ???
** DISPUTED *** Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost."
474 CVE-2018-18009 2018-12-21 2018-12-28
0.0
None ??? ??? ??? ??? ??? ???
dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials.
475 CVE-2018-18008 2018-12-21 2018-12-29
0.0
None ??? ??? ??? ??? ??? ???
spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials.
476 CVE-2018-18007 2018-12-21 2018-12-28
0.0
None ??? ??? ??? ??? ??? ???
atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials.
477 CVE-2018-17987 2018-12-26 2018-12-26
0.0
None ??? ??? ??? ??? ??? ???
The determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum game, uses a certain blockhash value in an attempt to generate a random number for the case where NUM_TILES equals the number of people who purchased a tile, which allows an attacker to control the awarding of the prize by being the last person to purchase a tile.
478 CVE-2018-17980 Exec Code +Priv 2018-10-15 2018-10-17
0.0
None ??? ??? ??? ??? ??? ???
NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file, as demonstrated by a scenario where the .nxs file and the DLL are in the current working directory, and the Trojan horse code is executed. (The directory could, in general, be on a local filesystem or a network share.).
479 CVE-2018-17975 2018-12-04 2018-12-04
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the GFM markdown API.
480 CVE-2018-17957 2018-12-26 2018-12-26
0.0
None ??? ??? ??? ??? ??? ???
The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database.
481 CVE-2018-17950 2018-12-12 2018-12-12
0.0
None ??? ??? ??? ??? ??? ???
Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2
482 CVE-2018-17939 2018-12-04 2018-12-04
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the merge request JSON endpoint.
483 CVE-2018-17935 2018-10-24 2018-10-26
0.0
None ??? ??? ??? ??? ??? ???
All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state.
484 CVE-2018-17929 Exec Code Overflow 2018-10-11 2018-10-23
0.0
None ??? ??? ??? ??? ??? ???
In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files lacking user input validation before copying data from project files onto the stack and may allow an attacker to remotely execute arbitrary code.
485 CVE-2018-17927 Exec Code 2018-10-11 2018-10-23
0.0
None ??? ??? ??? ??? ??? ???
In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files lacking user input validation, which may cause the system to write outside the intended buffer area and may allow remote code execution.
486 CVE-2018-17923 2018-10-24 2018-10-26
0.0
None ??? ??? ??? ??? ??? ???
SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it.
487 CVE-2018-17921 2018-10-24 2018-10-26
0.0
None ??? ??? ??? ??? ??? ???
SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction.
488 CVE-2018-17912 2018-11-02 2018-11-05
0.0
None ??? ??? ??? ??? ??? ???
An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when processing parameter entities, which may allow remote file disclosure.
489 CVE-2018-17906 2018-11-19 2018-11-20
0.0
None ??? ??? ??? ??? ??? ???
Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system.
490 CVE-2018-17904 2018-10-25 2018-10-26
0.0
None ??? ??? ??? ??? ??? ???
Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerability could allow an unauthorized attacker to inject arbitrary code.
491 CVE-2018-17903 2018-10-24 2018-10-26
0.0
None ??? ??? ??? ??? ??? ???
SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery.
492 CVE-2018-17873 2018-10-23 2018-10-23
0.0
None ??? ??? ??? ??? ??? ???
An incorrect access control vulnerability in the FTP configuration of WiFiRanger devices with firmware version 7.0.8rc3 and earlier allows an attacker with adjacent network access to read the SSH Private Key and log in to the root account.
493 CVE-2018-17854 DoS 2018-10-01 2018-10-01
0.0
None ??? ??? ??? ??? ??? ???
SIMDComp before 0.1.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) because it can read (and then discard) extra bytes. NOTE: this issue exists because of an incomplete fix for CVE-2018-17427.
494 CVE-2018-17851 DoS 2018-10-01 2018-10-01
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in JsonCpp 1.8.4. An unhandled exception vulnerability exists in Json::OurReader::readValue() in json_reader.cpp after throwing an instance of "Json::RuntimeError what(): Exceeded stackLimit." Specially crafted JSON requests can cause an unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnerability.
495 CVE-2018-17850 DoS 2018-10-01 2018-10-01
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in JsonCpp 1.8.4. An unhandled exception vulnerability exists in Json::Value::clear() in json_value.cpp after throwing an instance of "Json::LogicError what(): requires complex value." Specially crafted JSON requests can cause an unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnerability.
496 CVE-2018-17777 Bypass 2018-12-18 2018-12-18
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. The attacker will have access to the router control panel with administrator privileges.
497 CVE-2018-17614 Exec Code 2018-11-13 2018-11-13
0.0
None ??? ??? ??? ??? ??? ???
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Losant Arduino MQTT Client prior to V2.7. User interaction is not required to exploit this vulnerability. The specific flaw exists within the parsing of MQTT PUBLISH packets. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6436.
498 CVE-2018-17612 2018-11-09 2018-11-30
0.0
None ??? ??? ??? ??? ??? ???
Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software distribution, which allows remote attackers to spoof arbitrary web sites or software publishers for several years, even if the HeadSetup product is uninstalled. NOTE: a vulnerability-assessment approach must check all Windows systems for CA certificates with a CN of 127.0.0.1 or SennComRootCA, and determine whether those certificates are unwanted.
499 CVE-2018-17539 DoS 2018-12-28 2019-01-01
0.0
None ??? ??? ??? ??? ??? ???
The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and all OcNOS versions to 1.3.3.145 allow remote attackers to cause a denial of service attack via an autonomous system (AS) path containing 8 or more autonomous system number (ASN) elements.
500 CVE-2018-17459 2019-01-09 2019-01-10
0.0
None ??? ??? ??? ??? ??? ???
Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Total number of vulnerabilities : 1203   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.