CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2018-16545 284 Exec Code 2018-09-05 2018-11-06
6.8
None Remote Medium Not required Partial Partial Partial
Kaizen Asset Manager (Enterprise Edition) and Training Manager (Enterprise Edition) allow a remote attacker to achieve arbitrary code execution via file impersonation. For example, a malicious dynamic-link library (dll) assumed the identity of a temporary (tmp) file (isxdl.dll) and an executable file assumed the identity of a temporary file (996E.temp).
452 CVE-2018-16543 2018-09-05 2018-11-25
6.8
None Remote Medium Not required Partial Partial Partial
In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an unspecified impact.
453 CVE-2018-16540 416 2018-09-05 2018-11-25
6.8
None Remote Medium Not required Partial Partial Partial
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.
454 CVE-2018-16526 119 Exec Code Overflow +Info 2018-12-06 2019-01-03
6.8
None Remote Medium Not required Partial Partial Partial
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to leak information or execute arbitrary code because of a Buffer Overflow during generation of a protocol checksum in usGenerateProtocolChecksum and prvProcessIPPacket.
455 CVE-2018-16525 119 Exec Code Overflow +Info 2018-12-06 2019-01-03
6.8
None Remote Medium Not required Partial Partial Partial
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to execute arbitrary code or leak information because of a Buffer Overflow during parsing of DNS\LLMNR packets in prvParseDNSReply.
456 CVE-2018-16522 416 2018-12-06 2019-01-03
6.8
None Remote Medium Not required Partial Partial Partial
Amazon Web Services (AWS) FreeRTOS through 1.3.1 has an uninitialized pointer free in SOCKETS_SetSockOpt.
457 CVE-2018-16513 704 2018-09-05 2018-11-25
6.8
None Remote Medium Not required Partial Partial Partial
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact.
458 CVE-2018-16511 704 2018-09-05 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.
459 CVE-2018-16510 119 Overflow 2018-09-05 2018-11-25
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact.
460 CVE-2018-16448 352 CSRF 2018-09-04 2018-10-24
6.8
None Remote Medium Not required Partial Partial Partial
Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save.
461 CVE-2018-16447 352 CSRF 2018-09-04 2018-12-31
6.8
None Remote Medium Not required Partial Partial Partial
Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF.
462 CVE-2018-16446 22 Dir. Trav. 2018-09-04 2018-10-24
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in SeaCMS through 6.61. adm1n/admin_database.php allows remote attackers to delete arbitrary files via directory traversal sequences in the bakfiles parameter. This can allow the product to be reinstalled by deleting install_lock.txt.
463 CVE-2018-16444 918 2018-09-04 2018-10-24
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter.
464 CVE-2018-16438 125 2018-09-03 2018-10-26
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c.
465 CVE-2018-16436 89 Sql 2018-09-05 2018-11-05
6.5
None Remote Low Single system Partial Partial Partial
Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an administrator.
466 CVE-2018-16431 352 CSRF 2018-09-03 2018-11-02
6.8
None Remote Medium Not required Partial Partial Partial
admin/admin/adminsave.html in YFCMF v3.0 allows CSRF to add an administrator account.
467 CVE-2018-16430 125 2018-09-03 2018-10-25
6.8
None Remote Medium Not required Partial Partial Partial
GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c.
468 CVE-2018-16416 352 CSRF 2018-09-03 2018-10-25
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password.
469 CVE-2018-16413 119 Overflow 2018-09-03 2018-10-25
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function.
470 CVE-2018-16412 119 Overflow 2018-09-03 2018-10-25
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function.
471 CVE-2018-16396 254 2018-11-16 2018-12-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
472 CVE-2018-16388 434 Exec Code 2018-09-12 2018-11-02
6.5
None Remote Low Single system Partial Partial Partial
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.
473 CVE-2018-16387 352 CSRF 2018-09-02 2018-10-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF vulnerability that can add an account via user/add.
474 CVE-2018-16380 352 CSRF 2018-09-02 2018-11-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF vulnerability in users.php?action=createnew that can add an admin account.
475 CVE-2018-16376 787 DoS Overflow 2018-09-02 2018-10-31
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.
476 CVE-2018-16375 119 Overflow 2018-09-02 2018-11-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.
477 CVE-2018-16366 352 CSRF 2018-09-02 2018-10-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF.
478 CVE-2018-16365 352 CSRF 2018-09-02 2018-10-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF.
479 CVE-2018-16345 352 CSRF 2018-09-02 2018-11-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent.
480 CVE-2018-16344 22 Dir. Trav. 2018-09-02 2018-11-13
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock.
481 CVE-2018-16343 94 Exec Code 2018-09-02 2018-11-13
6.5
None Remote Low Single system Partial Partial Partial
SeaCMS 6.61 allows remote attackers to execute arbitrary code because parseIf() in include/main.class.php does not block use of $GLOBALS.
482 CVE-2018-16339 352 CSRF 2018-09-02 2018-10-25
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser.
483 CVE-2018-16338 352 CSRF 2018-09-02 2018-10-25
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic.
484 CVE-2018-16335 119 DoS Overflow 2018-09-01 2018-12-01
6.8
None Remote Medium Not required Partial Partial Partial
newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209.
485 CVE-2018-16332 352 CSRF 2018-09-01 2018-10-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability.
486 CVE-2018-16331 352 CSRF 2018-09-01 2018-10-23
6.8
None Remote Medium Not required Partial Partial Partial
admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password.
487 CVE-2018-16320 22 Exec Code Dir. Trav. 2018-09-01 2018-11-02
6.5
None Remote Low Single system Partial Partial Partial
idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file.
488 CVE-2018-16314 352 Bypass CSRF 2018-09-01 2018-11-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header.
489 CVE-2018-16310 254 DoS 2018-09-06 2018-10-26
6.1
None Local Network Low Not required None None Complete
** DISPUTED ** Technicolor TG588V V2 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-15907. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions.
490 CVE-2018-16308 74 2018-09-01 2018-11-06
6.8
None Remote Medium Not required Partial Partial Partial
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.
491 CVE-2018-16297 416 Exec Code 2018-10-08 2018-11-21
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, and CVE-2018-16296. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
492 CVE-2018-16296 416 Exec Code 2018-10-08 2018-11-21
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
493 CVE-2018-16295 416 Exec Code 2018-10-08 2018-11-21
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
494 CVE-2018-16294 416 Exec Code 2018-10-08 2018-11-21
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
495 CVE-2018-16293 416 Exec Code 2018-10-08 2018-11-21
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16294, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
496 CVE-2018-16292 416 Exec Code 2018-10-08 2018-11-21
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
497 CVE-2018-16291 416 Exec Code 2018-10-08 2018-11-21
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
498 CVE-2018-16275 74 2018-08-31 2018-11-13
6.8
None Remote Medium Not required Partial Partial Partial
OPSWAT MetaDefender before v4.11.2 allows CSV injection.
499 CVE-2018-16238 20 Exec Code 2018-08-30 2018-10-19
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html file.
500 CVE-2018-16232 77 Exec Code 2018-10-17 2018-12-11
6.5
None Remote Low Single system Partial Partial Partial
An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.