# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
13351 |
CVE-2018-7250 |
200 |
|
+Info |
2018-02-26 |
2018-03-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. An uninitialized kernel pool allocation in IOCTL 0xCA002813 allows a local unprivileged attacker to leak 16 bits of uninitialized kernel PagedPool data. |
13352 |
CVE-2018-7249 |
416 |
|
|
2018-02-26 |
2018-03-22 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Two carefully timed calls to IOCTL 0xCA002813 can cause a race condition that leads to a use-after-free. When exploited, an unprivileged attacker can run arbitrary code in the kernel. |
13353 |
CVE-2018-7248 |
|
|
|
2018-05-11 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or 'null' if it does not. |
13354 |
CVE-2018-7246 |
319 |
|
|
2018-04-18 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow remote attackers to discover an administrative account. If default on device, it is not using a SSL in settings and if multiple request of the page "Access Control" (IP-address device/ups/pas_cont.htm) account data will be sent in cleartext |
13355 |
CVE-2018-7245 |
863 |
|
|
2018-04-18 |
2019-10-02 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to change UPS control and shutdown parameters or other critical settings without authorization. |
13356 |
CVE-2018-7244 |
200 |
|
+Info |
2018-04-18 |
2018-05-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An information disclosure vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to obtain sensitive device information if network access was obtained. |
13357 |
CVE-2018-7242 |
326 |
|
|
2018-04-18 |
2018-12-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks. |
13358 |
CVE-2018-7240 |
787 |
|
DoS Exec Code |
2018-04-18 |
2019-10-02 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware. |
13359 |
CVE-2018-7239 |
426 |
|
Exec Code |
2018-03-09 |
2018-03-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code. |
13360 |
CVE-2018-7237 |
20 |
|
|
2018-03-09 |
2018-03-27 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow a remote attacker to delete arbitrary system file due to lack of validation of the /login/bin/set_param to the file name with the value of 'system.delete.sd_file' |
13361 |
CVE-2018-7236 |
287 |
|
|
2018-03-09 |
2018-03-27 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could enable SSH service due to lack of authentication for /login/bin/set_param could enable SSH service. |
13362 |
CVE-2018-7230 |
611 |
|
|
2018-03-09 |
2018-03-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A XML external entity (XXE) vulnerability exists in the import.cgi of the web interface component of the Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67. |
13363 |
CVE-2018-7227 |
200 |
|
+Info |
2018-03-09 |
2018-03-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow retrieving of specially crafted URLs without authentication that can reveal sensitive information to an attacker. |
13364 |
CVE-2018-7219 |
352 |
|
CSRF |
2018-02-19 |
2018-03-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request. |
13365 |
CVE-2018-7217 |
434 |
|
|
2018-02-18 |
2018-03-18 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application either on the client or the server side. An attacker can take advantage of this vulnerability and upload malicious executable files to compromise the application, as demonstrated by an esop/evm/OPPreliminaryForms.do?formId=857 request. |
13366 |
CVE-2018-7216 |
352 |
|
CSRF |
2018-02-18 |
2018-03-16 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in esop/toolkit/profile/regData.do in Bravo Tejari Procurement Portal allows remote authenticated users to hijack the authentication of application users for requests that modify their personal data by leveraging lack of anti-CSRF tokens. |
13367 |
CVE-2018-7213 |
287 |
|
Bypass |
2018-03-11 |
2018-04-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The Password Manager Extension in Abine Blur 7.8.242* before 7.8.2428 allows attackers to bypass the Multi-Factor Authentication and macOS disk-encryption protection mechanisms, and consequently exfiltrate secured data, because the right-click context menu is not secured. |
13368 |
CVE-2018-7212 |
22 |
|
Dir. Trav. |
2018-02-18 |
2018-03-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters. |
13369 |
CVE-2018-7211 |
200 |
|
+Info |
2018-02-17 |
2018-03-14 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An issue was discovered in iDashboards 9.6b. The SSO implementation is affected by a weak obfuscation library, allowing man-in-the-middle attackers to discover credentials. |
13370 |
CVE-2018-7210 |
200 |
|
+Info |
2018-02-17 |
2018-03-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in iDashboards 9.6b. It allows remote attackers to obtain sensitive information via a direct request for the idb/config?CMD=installLicense URI, as demonstrated by intranet IP addresses and names of guest accounts. |
13371 |
CVE-2018-7209 |
200 |
|
+Info |
2018-02-17 |
2018-03-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in iDashboards 9.6b. It allows remote attackers to obtain sensitive information via a direct request for the idashboards/config.xml URI, as demonstrated by intranet URLs for reports. |
13372 |
CVE-2018-7208 |
20 |
|
DoS |
2018-02-17 |
2019-04-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object. |
13373 |
CVE-2018-7206 |
|
|
|
2018-02-17 |
2019-10-02 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. When using JupyterHub with GitLab group whitelisting for access control, group membership was not checked correctly, allowing members not in the whitelisted groups to create accounts on the Hub. (Users were not allowed to access other users' accounts, but could create their own accounts on the Hub linked to their GitLab account. GitLab authentication not using gitlab_group_whitelist is unaffected. No other Authenticators are affected.) |
13374 |
CVE-2018-7205 |
79 |
|
Exec Code XSS |
2018-02-20 |
2018-10-09 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
** DISPUTED ** Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages -> Edit template properties -> Device Layouts -> Create device layout (and edit created device layout) -> Design" screens. NOTE: the vendor has responded that there is intended functionality for authorized users to edit and update ascx code layout. |
13375 |
CVE-2018-7204 |
532 |
|
|
2018-03-07 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for WordPress logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If a user edits the wp-config.php file using this plugin, the wp-config.php contents get added to log.txt, which is not protected and contains database credentials, salts, etc. These files have been indexed by Google and a simple dork will find affected sites. |
13376 |
CVE-2018-7203 |
79 |
|
XSS |
2018-03-30 |
2018-04-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all. |
13377 |
CVE-2018-7202 |
79 |
|
XSS |
2019-05-22 |
2019-05-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in ProjectSend before r1053. XSS exists in the "Name" field on the My Account page. |
13378 |
CVE-2018-7201 |
74 |
|
|
2019-05-22 |
2019-05-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel. |
13379 |
CVE-2018-7198 |
79 |
|
XSS |
2018-02-17 |
2018-03-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page. |
13380 |
CVE-2018-7197 |
79 |
|
XSS |
2018-02-17 |
2018-03-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in Pluck through 4.7.4. A stored cross-site scripting (XSS) vulnerability allows remote unauthenticated users to inject arbitrary web script or HTML into admin/blog Reaction Comments via a crafted URL. |
13381 |
CVE-2018-7196 |
79 |
|
XSS |
2018-03-27 |
2018-04-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter. |
13382 |
CVE-2018-7195 |
|
|
|
2018-03-27 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number. |
13383 |
CVE-2018-7194 |
190 |
|
|
2018-03-27 |
2018-04-17 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
Integer format vulnerability in the ticket number generator in Enhancesoft osTicket before 1.10.2 allows remote attackers to cause a denial-of-service (preventing the creation of new tickets) via a large number of digits in the ticket number format setting. |
13384 |
CVE-2018-7193 |
79 |
|
XSS |
2018-03-27 |
2018-04-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "order" parameter. |
13385 |
CVE-2018-7192 |
79 |
|
XSS |
2018-03-27 |
2018-04-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter. |
13386 |
CVE-2018-7191 |
476 |
|
DoS |
2019-05-17 |
2019-05-31 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. |
13387 |
CVE-2018-7188 |
79 |
|
+Priv XSS |
2018-02-16 |
2018-03-13 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php. |
13388 |
CVE-2018-7185 |
20 |
|
DoS |
2018-03-06 |
2019-01-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association. |
13389 |
CVE-2018-7184 |
20 |
|
DoS |
2018-03-06 |
2018-10-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704. |
13390 |
CVE-2018-7182 |
125 |
|
DoS |
2018-03-06 |
2018-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10. |
13391 |
CVE-2018-7176 |
352 |
|
CSRF |
2018-02-15 |
2018-03-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page). |
13392 |
CVE-2018-7175 |
476 |
|
DoS |
2018-02-15 |
2018-03-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components. |
13393 |
CVE-2018-7174 |
835 |
|
DoS |
2018-02-15 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams. |
13394 |
CVE-2018-7173 |
172 |
|
DoS |
2018-02-15 |
2018-03-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding. |
13395 |
CVE-2018-7172 |
22 |
|
Dir. Trav. |
2018-02-27 |
2018-03-23 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
In index.php in WonderCMS before 2.4.1, remote attackers can delete arbitrary files via directory traversal. |
13396 |
CVE-2018-7171 |
22 |
|
Dir. Trav. |
2018-03-30 |
2018-04-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to share the contents of arbitrary directories via a .. (dot dot) in the contentbase parameter to rpc/set_all. |
13397 |
CVE-2018-7170 |
|
|
|
2018-03-06 |
2019-10-02 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549. |
13398 |
CVE-2018-7169 |
732 |
|
|
2018-02-15 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation. |
13399 |
CVE-2018-7167 |
119 |
|
DoS Overflow |
2018-06-13 |
2019-01-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in these cases. All versions of Node.js 6.x (LTS "Boron"), 8.x (LTS "Carbon"), and 9.x are vulnerable. All versions of Node.js 10.x (Current) are NOT vulnerable. |
13400 |
CVE-2018-7166 |
119 |
|
Overflow |
2018-08-21 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer's` internal "fill" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information. |