CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1351 CVE-2018-12294 416 2018-06-19 2018-10-21
6.8
None Remote Medium Not required Partial Partial Partial
WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object.
1352 CVE-2018-12293 190 Overflow 2018-06-19 2018-10-21
6.8
None Remote Medium Not required Partial Partial Partial
The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content.
1353 CVE-2018-12271 287 Bypass 2018-06-13 2018-08-10
6.9
None Local Medium Not required Complete Complete Complete
** DISPUTED ** An issue was discovered in the com.getdropbox.Dropbox app 100.2 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the kSecAccessControlUserPresence protection mechanism is not used. In other words, an attacker could authenticate with an arbitrary fingerprint. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes iOS devices on which a jailbreak has occurred.
1354 CVE-2018-12265 125 Overflow 2018-06-13 2018-11-25
6.8
None Remote Medium Not required Partial Partial Partial
Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.
1355 CVE-2018-12264 125 Overflow 2018-06-13 2018-11-25
6.8
None Remote Medium Not required Partial Partial Partial
Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.
1356 CVE-2018-12263 434 2018-06-13 2018-08-03
6.5
None Remote Low Single system Partial Partial Partial
portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI.
1357 CVE-2018-12256 434 Exec Code 2018-08-16 2018-10-12
6.5
None Remote Low Single system Partial Partial Partial
admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods&doc=vqmods request.
1358 CVE-2018-12254 89 Sql 2018-06-12 2018-08-02
6.5
None Remote Low Single system Partial Partial Partial
router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for Joomla! allows SQL Injection via the PATH_INFO to a home/requested_user/Sent%20interest/ URI.
1359 CVE-2018-12245 426 2018-11-29 2018-12-28
6.8
None Remote Medium Not required Partial Partial Partial
Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker. Note that this particular type of exploit only manifests at install time; no remediation is required for software that has already been installed. This issue only impacted the Trialware media for Symantec Endpoint Protection, which has since been updated.
1360 CVE-2018-12244 20 2019-04-25 2019-05-02
6.8
None Remote Medium Not required Partial Partial Partial
SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files.
1361 CVE-2018-12233 119 Overflow Mem. Corr. 2018-06-12 2018-08-29
6.8
None Remote Medium Not required Partial Partial Partial
In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr.
1362 CVE-2018-12228 287 2018-06-12 2018-08-14
6.8
None Remote Low Single system None None Complete
An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable.
1363 CVE-2018-12180 119 DoS Overflow 2019-03-27 2019-05-08
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.
1364 CVE-2018-12178 119 DoS Overflow 2019-03-27 2019-04-10
6.4
None Remote Low Not required None Partial Partial
Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.
1365 CVE-2018-12163 264 2018-09-12 2018-10-19
6.8
None Remote Medium Not required Partial Partial Partial
A DLL injection vulnerability in the Intel IoT Developers Kit 4.0 installer may allow an authenticated user to potentially escalate privileges using file modification via local access.
1366 CVE-2018-12148 264 Exec Code 2018-09-12 2018-11-19
6.8
None Local Low Single system Complete Complete Complete
Privilege escalation in file permissions in Intel Driver and Support Assistant before 3.5.0.1 may allow an authenticated user to potentially execute code as administrator via local access.
1367 CVE-2018-12120 254 2018-11-28 2018-12-28
6.8
None Remote Medium Not required Partial Partial Partial
Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as `node --debug=localhost`. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable.
1368 CVE-2018-12114 352 CSRF 2018-06-14 2018-08-03
6.8
None Remote Medium Not required Partial Partial Partial
Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.
1369 CVE-2018-12112 119 DoS Overflow 2018-06-11 2018-07-27
6.8
None Remote Medium Not required Partial Partial Partial
md_build_attribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact via a crafted file.
1370 CVE-2018-12110 89 Sql 2018-06-11 2018-07-27
6.5
None Remote Low Single system Partial Partial Partial
portfolioCMS 1.0.5 has SQL Injection via the admin/portfolio.php preview parameter.
1371 CVE-2018-12109 119 DoS Overflow 2018-06-11 2018-08-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The TransformPaletteC<FileIO>::process function in transform/palette_C.hpp allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PAM image file.
1372 CVE-2018-12085 119 Overflow 2018-06-09 2019-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
1373 CVE-2018-12053 22 Dir. Trav. 2018-06-08 2018-07-17
6.4
None Remote Low Not required None Partial Partial
Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal.
1374 CVE-2018-12036 22 Dir. Trav. 2018-06-07 2018-07-27
6.8
None Remote Medium Not required Partial Partial Partial
OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames.
1375 CVE-2018-12035 787 Exec Code 2018-06-15 2018-08-01
6.8
None Remote Medium Not required Partial Partial Partial
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c.
1376 CVE-2018-12034 125 Exec Code 2018-06-15 2018-08-01
6.8
None Remote Medium Not required Partial Partial Partial
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c.
1377 CVE-2018-12028 284 2018-06-17 2018-10-21
6.8
None Remote Medium Not required Partial Partial Partial
An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an error, it would cause Passenger's process manager to kill said reported arbitrary PID.
1378 CVE-2018-12027 264 2018-06-17 2018-10-21
6.5
None Remote Low Single system Partial Partial Partial
An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket.
1379 CVE-2018-12021 200 +Info 2018-07-05 2019-05-16
6.8
None Remote Low Single system Complete None None
Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features.
1380 CVE-2018-12015 22 Dir. Trav. Bypass 2018-06-07 2019-03-29
6.4
None Remote Low Not required None Partial Partial
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
1381 CVE-2018-11946 285 2018-11-27 2018-12-21
6.1
None Local Network Low Not required None Complete None
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, the UPnP daemon should not be running out of box because it enables port forwarding without authentication.
1382 CVE-2018-11787 287 2018-09-18 2018-12-06
6.8
None Remote Medium Not required Partial Partial Partial
In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part of the console is a Gogo shell/console that gives access to the command line console of Karaf via a Web browser, and when navigated to it is available at .../system/console/gogo. Trying to go directly to that URL does require authentication. And optional bundle that some applications use is the Pax Web Extender Whiteboard, it is part of the pax-war feature and perhaps others. When it is installed, the Gogo console becomes available at another URL .../gogo/, and that URL is not secured giving access to the Karaf console to unauthenticated users. A mitigation for the issue is to manually stop/uninstall Gogo plugin bundle that is installed with the webconsole feature, although of course this removes the console from the .../system/console application, not only from the unauthenticated endpoint. One could also stop/uninstall the Pax Web Extender Whiteboard, but other components/applications may require it and so their functionality would be reduced/compromised.
1383 CVE-2018-11778 119 Overflow 2018-10-05 2019-01-08
6.5
None Remote Low Single system Partial Partial Partial
UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer overflow. Versions prior to 1.2.0 should be upgraded to 1.2.0
1384 CVE-2018-11726 119 DoS Overflow 2018-06-19 2018-08-08
6.8
None Remote Medium Not required Partial Partial Partial
The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.
1385 CVE-2018-11724 119 DoS Overflow 2018-06-19 2018-08-08
6.8
None Remote Medium Not required Partial Partial Partial
The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.
1386 CVE-2018-11718 352 CSRF 2018-08-30 2018-10-22
6.8
None Remote Medium Not required Partial Partial Partial
Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF.
1387 CVE-2018-11710 787 DoS 2018-06-04 2018-07-16
6.8
None Remote Medium Not required Partial Partial Partial
soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an invalid write near address 0 in an out-of-memory situation.
1388 CVE-2018-11707 119 Overflow 2018-06-19 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 6.2 has a User Mode Read and Execute AV at 0x0057898e, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
1389 CVE-2018-11706 119 Overflow 2018-06-19 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578dd8, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
1390 CVE-2018-11705 119 Overflow 2018-06-19 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cc4, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
1391 CVE-2018-11704 119 Overflow 2018-06-19 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d7d, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
1392 CVE-2018-11703 119 Overflow 2018-06-19 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d6a, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
1393 CVE-2018-11702 119 Overflow 2018-06-19 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cb3, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
1394 CVE-2018-11701 119 Overflow 2018-06-19 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x005cb509, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
1395 CVE-2018-11696 476 DoS 2018-06-04 2018-11-12
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Inspect::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
1396 CVE-2018-11695 476 DoS 2018-06-04 2018-11-12
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in LibSass through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
1397 CVE-2018-11694 476 DoS 2018-06-04 2018-11-12
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
1398 CVE-2018-11685 119 Overflow 2018-06-04 2019-04-19
6.8
None Remote Medium Not required Partial Partial Partial
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.
1399 CVE-2018-11684 119 Overflow 2018-06-04 2019-04-19
6.8
None Remote Medium Not required Partial Partial Partial
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.
1400 CVE-2018-11683 119 Overflow 2018-06-04 2019-04-22
6.8
None Remote Medium Not required Partial Partial Partial
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.