CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
901 CVE-2018-12027 264 2018-06-17 2018-10-21
6.5
None Remote Low Single system Partial Partial Partial
An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket.
902 CVE-2018-12021 200 +Info 2018-07-05 2018-09-05
6.8
None Remote Low Single system Complete None None
Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features.
903 CVE-2018-12015 22 Dir. Trav. Bypass 2018-06-07 2018-09-28
6.4
None Remote Low Not required None Partial Partial
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
904 CVE-2018-11946 285 2018-11-27 2018-12-21
6.1
None Local Network Low Not required None Complete None
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, the UPnP daemon should not be running out of box because it enables port forwarding without authentication.
905 CVE-2018-11787 287 2018-09-18 2018-12-06
6.8
None Remote Medium Not required Partial Partial Partial
In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part of the console is a Gogo shell/console that gives access to the command line console of Karaf via a Web browser, and when navigated to it is available at .../system/console/gogo. Trying to go directly to that URL does require authentication. And optional bundle that some applications use is the Pax Web Extender Whiteboard, it is part of the pax-war feature and perhaps others. When it is installed, the Gogo console becomes available at another URL .../gogo/, and that URL is not secured giving access to the Karaf console to unauthenticated users. A mitigation for the issue is to manually stop/uninstall Gogo plugin bundle that is installed with the webconsole feature, although of course this removes the console from the .../system/console application, not only from the unauthenticated endpoint. One could also stop/uninstall the Pax Web Extender Whiteboard, but other components/applications may require it and so their functionality would be reduced/compromised.
906 CVE-2018-11778 119 Overflow 2018-10-05 2019-01-08
6.5
None Remote Low Single system Partial Partial Partial
UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer overflow. Versions prior to 1.2.0 should be upgraded to 1.2.0
907 CVE-2018-11726 119 DoS Overflow 2018-06-19 2018-08-08
6.8
None Remote Medium Not required Partial Partial Partial
The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.
908 CVE-2018-11724 119 DoS Overflow 2018-06-19 2018-08-08
6.8
None Remote Medium Not required Partial Partial Partial
The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.
909 CVE-2018-11718 352 CSRF 2018-08-30 2018-10-22
6.8
None Remote Medium Not required Partial Partial Partial
Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF.
910 CVE-2018-11710 787 DoS 2018-06-04 2018-07-16
6.8
None Remote Medium Not required Partial Partial Partial
soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an invalid write near address 0 in an out-of-memory situation.
911 CVE-2018-11707 119 Overflow 2018-06-19 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 6.2 has a User Mode Read and Execute AV at 0x0057898e, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
912 CVE-2018-11706 119 Overflow 2018-06-19 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578dd8, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
913 CVE-2018-11705 119 Overflow 2018-06-19 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cc4, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
914 CVE-2018-11704 119 Overflow 2018-06-19 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d7d, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
915 CVE-2018-11703 119 Overflow 2018-06-19 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d6a, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
916 CVE-2018-11702 119 Overflow 2018-06-19 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cb3, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
917 CVE-2018-11701 119 Overflow 2018-06-19 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x005cb509, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
918 CVE-2018-11696 476 DoS 2018-06-04 2018-11-12
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Inspect::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
919 CVE-2018-11695 476 DoS 2018-06-04 2018-11-12
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in LibSass through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
920 CVE-2018-11694 476 DoS 2018-06-04 2018-11-12
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
921 CVE-2018-11685 119 Overflow 2018-06-04 2018-06-25
6.8
None Remote Medium Not required Partial Partial Partial
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.
922 CVE-2018-11684 119 Overflow 2018-06-04 2018-06-25
6.8
None Remote Medium Not required Partial Partial Partial
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.
923 CVE-2018-11683 119 Overflow 2018-06-04 2018-06-25
6.8
None Remote Medium Not required Partial Partial Partial
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
924 CVE-2018-11679 352 CSRF 2018-06-02 2018-07-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin.
925 CVE-2018-11671 352 CSRF 2018-06-01 2018-06-29
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin account via index.php?m=admin&c=access&a=adduserhandle.
926 CVE-2018-11670 352 Exec Code CSRF 2018-06-01 2018-06-29
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to execute arbitrary PHP code via the content parameter to index.php?m=admin&c=media&a=fileconnect.
927 CVE-2018-11643 89 Exec Code Sql 2018-07-03 2018-08-31
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to execute arbitrary SQL commands via the filterPattern parameter.
928 CVE-2018-11640 611 DoS 2018-07-03 2018-09-07
6.4
None Remote Low Not required Partial None Partial
XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service (resource consumption).
929 CVE-2018-11636 352 CSRF 2018-07-03 2018-08-31
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions.
930 CVE-2018-11625 119 Overflow 2018-05-31 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file.
931 CVE-2018-11624 416 2018-05-31 2018-06-06
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file.
932 CVE-2018-11623 704 Exec Code 2018-07-31 2018-09-26
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addAdLayer method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6003.
933 CVE-2018-11622 787 Exec Code 2018-07-31 2018-09-26
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-5873.
934 CVE-2018-11619 416 Exec Code 2018-07-31 2018-09-26
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setFocus method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5417.
935 CVE-2018-11618 416 Exec Code 2018-07-31 2018-09-26
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resetForm method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5416.
936 CVE-2018-11617 416 Exec Code 2018-07-31 2018-09-26
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Format events for ComboBox fields. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5415.
937 CVE-2018-11616 77 Exec Code 2018-08-30 2018-11-16
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tencent Foxmail 7.2.9.115. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5543.
938 CVE-2018-11614 264 Exec Code 2018-09-24 2018-11-30
6.5
None Remote Low Single system Partial Partial Partial
This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Intents. The issue lies in the ability to send an Intent that would not otherwise be reachable. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5361.
939 CVE-2018-11595 119 DoS Overflow 2018-05-31 2018-06-08
6.8
None Remote Medium Not required Partial Partial Partial
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Escalation of Privileges with a user crafted input file via a Buffer Overflow during syntax parsing, because strncat is misused.
940 CVE-2018-11577 19 2018-05-30 2018-07-13
6.8
None Remote Medium Not required Partial Partial Partial
Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c.
941 CVE-2018-11571 384 2018-05-30 2018-06-27
6.8
None Remote Medium Not required Partial Partial Partial
ClipperCMS 1.3.3 allows Session Fixation.
942 CVE-2018-11556 787 2018-05-30 2018-06-28
6.8
None Remote Medium Not required Partial Partial Partial
tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file.
943 CVE-2018-11555 787 2018-05-30 2018-06-29
6.8
None Remote Medium Not required Partial Partial Partial
tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file.
944 CVE-2018-11538 352 Bypass CSRF 2018-06-01 2018-07-03
6.8
None Remote Medium Not required Partial Partial Partial
servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.
945 CVE-2018-11529 416 DoS Exec Code 2018-07-11 2018-10-18
6.8
None Remote Medium Not required Partial Partial Partial
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.
946 CVE-2018-11527 352 CSRF 2018-05-29 2018-06-29
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CScms v4.1. A Cross-site request forgery (CSRF) vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator's username and password via /admin.php/sys/editpass_save.
947 CVE-2018-11526 74 2018-06-19 2018-08-14
6.8
None Remote Medium Not required Partial Partial Partial
The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection.
948 CVE-2018-11525 74 2018-06-19 2018-08-14
6.8
None Remote Medium Not required Partial Partial Partial
The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection.
949 CVE-2018-11518 20 2018-05-30 2018-07-20
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller's physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller's earpiece).
950 CVE-2018-11516 119 DoS Overflow 2018-05-28 2018-07-27
6.8
None Remote Medium Not required Partial Partial Partial
The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.