CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1301 CVE-2018-12693 119 DoS Overflow 2018-06-23 2018-08-24
6.8
None Remote Low Single system None None Complete
Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to cause a denial of service (outage) via a long type parameter to /data/syslog.filter.json.
1302 CVE-2018-12692 77 Exec Code 2018-06-23 2018-08-24
6.5
None Remote Low Single system Partial Partial Partial
TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wps_setup_pin parameter to /data/wps.setup.json.
1303 CVE-2018-12669 285 2018-10-19 2019-01-09
6.5
None Remote Low Single system Partial Partial Partial
SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow remote authenticated users to reset arbitrary accounts via a request to web/cgi-bin/hi3510/param.cgi.
1304 CVE-2018-12659 352 Bypass CSRF 2018-06-22 2018-08-08
6.8
None Remote Medium Not required Partial Partial Partial
SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protection mechanism and obtain admin access by omitting the csrf_token parameter.
1305 CVE-2018-12636 89 Sql 2018-06-22 2018-08-13
6.5
None Remote Low Single system Partial Partial Partial
The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page.
1306 CVE-2018-12633 362 DoS +Info 2018-06-21 2018-08-21
6.3
None Local Medium Not required Complete None Complete
An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the critical variables (hdr.size_in and hdr.size_out) in the header between the two fetches because of a race condition, leading to severe kernel errors, such as buffer over-accesses. This bug can cause a local denial of service and information leakage.
1307 CVE-2018-12613 287 Exec Code Bypass 2018-06-21 2019-04-26
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication).
1308 CVE-2018-12603 352 CSRF 2018-06-25 2018-08-27
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114.
1309 CVE-2018-12602 352 CSRF 2018-06-25 2018-08-27
6.8
None Remote Medium Not required Partial Partial Partial
A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitrarily.
1310 CVE-2018-12600 787 2018-06-20 2018-08-09
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.
1311 CVE-2018-12599 787 2018-06-20 2018-08-09
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.
1312 CVE-2018-12589 426 Exec Code 2018-06-28 2018-08-20
6.8
None Remote Medium Not required Partial Partial Partial
Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkproresenu.dll file in the current working directory.
1313 CVE-2018-12585 611 DoS 2018-09-14 2018-11-27
6.4
None Remote Low Not required Partial None Partial
An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service.
1314 CVE-2018-12582 352 CSRF 2018-06-19 2018-08-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in AKCMS 6.1. CSRF can add an admin account via a /index.php?file=account&action=manageaccounts&job=newaccount URI.
1315 CVE-2018-12579 640 2018-08-20 2018-11-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0. An attacker could gain access to the admin panel or a customer account when using the password reset function. To do so, it is required to own a domain name similar to the one the victim uses for their e-mail accounts.
1316 CVE-2018-12577 77 2018-07-02 2018-09-04
6.5
None Remote Low Single system Partial Partial Partial
The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection.
1317 CVE-2018-12574 352 CSRF 2018-07-02 2018-09-04
6.8
None Remote Medium Not required Partial Partial Partial
CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices.
1318 CVE-2018-12565 20 Exec Code 2018-06-19 2018-08-10
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur.
1319 CVE-2018-12561 20 2018-06-19 2018-08-10
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as file_mode= by manipulating (for example) the domain parameter of the samba URL.
1320 CVE-2018-12559 22 Dir. Trav. Bypass 2018-06-19 2018-08-10
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient. A regular user can consequently mount a CIFS filesystem anywhere (e.g., outside of the /home directory tree) by passing directory traversal sequences such as a home/../usr substring.
1321 CVE-2018-12551 287 2019-03-27 2019-03-28
6.8
None Remote Medium Not required Partial Partial Partial
When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability.
1322 CVE-2018-12550 284 2019-03-27 2019-03-28
6.8
None Remote Medium Not required Partial Partial Partial
When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected.
1323 CVE-2018-12540 352 CSRF 2018-07-12 2018-09-11
6.8
None Remote Medium Not required Partial Partial Partial
In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.
1324 CVE-2018-12538 384 2018-06-22 2018-10-16
6.5
None Remote Low Single system Partial Partial Partial
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.
1325 CVE-2018-12529 352 CSRF 2018-07-02 2018-09-05
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF injection point vulnerabilities including changing user passwords and router settings.
1326 CVE-2018-12520 264 2018-07-05 2018-09-04
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and standard library in use by the host running the service and the username of the user whose session they're targeting can abuse the deterministic random number generation in order to hijack the user's session, thus escalating their access.
1327 CVE-2018-12492 20 2018-06-15 2018-07-27
6.4
None Remote Low Not required None Partial Partial
PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php.
1328 CVE-2018-12482 89 Sql 2018-08-03 2018-09-30
6.5
None Remote Low Single system Partial Partial Partial
OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues.
1329 CVE-2018-12477 93 2018-10-09 2019-01-11
6.4
None Remote Low Not required None Partial Partial
A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5367767efc989446fe4b5e4609cce.
1330 CVE-2018-12472 287 2018-10-04 2018-11-27
6.4
None Remote Low Not required Partial Partial None
A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
1331 CVE-2018-12471 611 2018-10-04 2018-10-17
6.4
None Remote Low Not required Partial None Partial
A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
1332 CVE-2018-12468 434 Exec Code 2018-08-01 2018-10-11
6.5
None Remote Low Single system Partial Partial Partial
A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code execution.
1333 CVE-2018-12457 264 2018-06-15 2018-08-01
6.5
None Remote Low Single system Partial Partial Partial
expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header.
1334 CVE-2018-12456 352 CSRF 2018-10-10 2018-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access.
1335 CVE-2018-12449 426 2018-10-11 2018-11-20
6.8
None Remote Medium Not required Partial Partial Partial
The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking.
1336 CVE-2018-12447 190 Exec Code Overflow 2018-06-15 2018-08-02
6.8
None Remote Medium Not required Partial Partial Partial
The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.8 and other products, has an integer overflow that leads to a heap-based buffer overflow and remote code execution.
1337 CVE-2018-12387 20 2018-10-18 2018-12-06
6.4
None Remote Low Not required Partial None Partial
A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.
1338 CVE-2018-12375 119 Overflow Mem. Corr. 2018-10-18 2018-12-06
6.8
None Remote Medium Not required Partial Partial Partial
Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62.
1339 CVE-2018-12370 352 Bypass CSRF 2018-10-18 2018-12-06
6.8
None Remote Medium Not required Partial Partial Partial
In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox < 61.
1340 CVE-2018-12364 352 Bypass CSRF 2018-10-18 2018-12-03
6.8
None Remote Medium Not required Partial Partial Partial
NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
1341 CVE-2018-12363 416 2018-10-18 2018-12-03
6.8
None Remote Medium Not required Partial Partial Partial
A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
1342 CVE-2018-12362 190 Overflow 2018-10-18 2018-12-03
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
1343 CVE-2018-12361 190 Overflow 2018-10-18 2018-12-06
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.
1344 CVE-2018-12360 416 2018-10-18 2018-12-03
6.8
None Remote Medium Not required Partial Partial Partial
A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
1345 CVE-2018-12359 119 Overflow 2018-10-18 2018-12-06
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
1346 CVE-2018-12354 352 CSRF 2018-06-13 2018-07-27
6.8
None Remote Medium Not required Partial Partial Partial
Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-services/2.0/analyticalDrivers/ POST request.
1347 CVE-2018-12334 310 2018-06-17 2018-08-10
6.5
None Remote Low Single system Partial Partial Partial
Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a virtualization attack.
1348 CVE-2018-12333 284 Exec Code 2018-06-17 2018-08-09
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to manipulate security relevant configurations and execute malicious code.
1349 CVE-2018-12321 125 2018-06-13 2018-08-02
6.8
None Remote Medium Not required Partial Partial Partial
There is a heap out of bounds read in radare2 2.6.0 in java_switch_op() in libr/anal/p/anal_java.c via a crafted Java binary file.
1350 CVE-2018-12320 416 2018-06-13 2018-08-02
6.8
None Remote Medium Not required Partial Partial Partial
There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr/anal/bb.c via a crafted Java binary file.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.