CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1601 CVE-2018-20452 119 DoS Overflow 2018-12-25 2019-01-11
6.8
None Remote Medium Not required Partial Partial Partial
The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid free that allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, because of inconsistent memory management (new versus free) in ole2_read_header in ole.c.
1602 CVE-2018-20429 476 2018-12-24 2019-01-04
6.8
None Remote Medium Not required Partial Partial Partial
libming 0.4.8 has a NULL pointer dereference in the getName function of the decompile.c file, a different vulnerability than CVE-2018-7872 and CVE-2018-9165.
1603 CVE-2018-20428 476 2018-12-24 2019-01-04
6.8
None Remote Medium Not required Partial Partial Partial
libming 0.4.8 has a NULL pointer dereference in the strlenext function of the decompile.c file, a different vulnerability than CVE-2018-7874.
1604 CVE-2018-20427 476 2018-12-24 2019-01-04
6.8
None Remote Medium Not required Partial Partial Partial
libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file, a different vulnerability than CVE-2018-9132.
1605 CVE-2018-20426 476 2018-12-24 2019-01-04
6.8
None Remote Medium Not required Partial Partial Partial
libming 0.4.8 has a NULL pointer dereference in the newVar3 function of the decompile.c file, a different vulnerability than CVE-2018-7866.
1606 CVE-2018-20425 476 2018-12-24 2019-01-04
6.8
None Remote Medium Not required Partial Partial Partial
libming 0.4.8 has a NULL pointer dereference in the pushdup function of the decompile.c file.
1607 CVE-2018-20423 Bypass 2018-12-23 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string.
1608 CVE-2018-20422 287 Bypass 2018-12-23 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which account will be accessed).
1609 CVE-2018-20419 352 CSRF 2018-12-23 2019-01-11
6.8
None Remote Medium Not required Partial Partial Partial
DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account.
1610 CVE-2018-20402 1188 2018-12-23 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Safe Software FME Server through 2018.1 creates and enables three additional accounts in addition to the initial administrator account. The passwords to the three accounts are the same as the usernames, which are guest, user, and author. Logging in with these accounts will grant any user the default privilege roles that were also created for each of the accounts.
1611 CVE-2018-20352 416 DoS Exec Code 2019-06-10 2019-06-11
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the mg_cgi_ev_handler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.
1612 CVE-2018-20346 190 Exec Code Overflow 2018-12-21 2019-06-19
6.8
None Remote Medium Not required Partial Partial Partial
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
1613 CVE-2018-20337 119 DoS Overflow 2018-12-21 2019-05-21
6.8
None Remote Medium Not required Partial Partial Partial
There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.
1614 CVE-2018-20330 190 Overflow 2018-12-21 2019-01-08
6.8
None Remote Medium Not required Partial Partial Partial
The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench.
1615 CVE-2018-20253 787 Exec Code 2019-02-12 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZH archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1616 CVE-2018-20252 787 Exec Code 2019-02-05 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1617 CVE-2018-20250 22 Dir. Trav. 2019-02-05 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.
1618 CVE-2018-20249 119 Overflow 2018-12-24 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref entries using the DAOpenFile or DAOpenFileReadOnly functions may result in an access violation caused by out of bounds memory access.
1619 CVE-2018-20247 119 Overflow 2018-12-24 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing a recursive page tree structure using the LoadFromFile, LoadFromString or LoadFromStream functions results in a stack overflow.
1620 CVE-2018-20230 119 DoS Overflow 2018-12-19 2019-01-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
1621 CVE-2018-20228 352 CSRF 2018-12-19 2019-01-24
6.0
None Remote Medium Single system Partial Partial Partial
Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF.
1622 CVE-2018-20227 22 Dir. Trav. 2018-12-19 2019-01-07
6.4
None Remote Low Not required None Partial Partial
RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP archive.
1623 CVE-2018-20226 2018-12-21 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
An organization administrator can add a super administrator in THEHIVE PROJECT Cortex before 2.1.3 due to the lack of overriding the Role.toString method.
1624 CVE-2018-20211 427 +Priv 2019-01-02 2019-01-11
6.8
None Remote Medium Not required Partial Partial Partial
ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\par-%username%\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an obsolete version from 2010 (9.x was released starting in 2012, and 10.x was released starting in 2015).
1625 CVE-2018-20201 125 DoS 2018-12-18 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
There is a stack-based buffer over-read in the jsfNameFromString function of jsflash.c in Espruino 2V00, leading to a denial of service or possibly unspecified other impact via a crafted js file.
1626 CVE-2018-20197 787 DoS 2018-12-17 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max > G case.
1627 CVE-2018-20196 119 DoS Overflow 2018-12-17 2019-08-28
6.8
None Remote Medium Not required Partial Partial Partial
There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.
1628 CVE-2018-20194 787 DoS 2018-12-17 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max <= G case.
1629 CVE-2018-20188 352 CSRF 2018-12-17 2019-01-07
6.8
None Remote Medium Not required Partial Partial Partial
FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account.
1630 CVE-2018-20167 74 Exec Code 2018-12-17 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types (/usr/share/applications). The control sequence defers unknown file types to the handle_unknown_media() function, which executes xdg-open against the filename specified in the sequence. The use of xdg-open for all unknown file types allows executable file formats with a registered shared MIME type to be executed. An attacker can achieve remote code execution by introducing an executable file and a plain text file containing the control sequence through a fake software project (e.g., in Git or a tarball). When the control sequence is rendered (such as with cat), the executable file will be run.
1631 CVE-2018-20159 20 Exec Code 2018-12-15 2019-01-07
6.5
None Remote Low Single system Partial Partial Partial
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a ".zip" file because a ZIP archive is accepted by /admin/?req=modules&action=add as a plugin, and extracted to the main directory. In order for the ".zip" file to be accepted, it must also contain a package.json file.
1632 CVE-2018-20156 20 Exec Code 2018-12-14 2019-01-07
6.5
None Remote Low Single system Partial Partial Partial
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network.
1633 CVE-2018-20135 295 Exec Code 2019-06-07 2019-06-11
6.8
None Remote Medium Not required Partial Partial Partial
Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostname used for load balancing on installations of applications through a man-in-the-middle attack. An attacker may trick Galaxy Apps into using an arbitrary hostname for which the attacker can provide a valid SSL certificate, and emulate the API of the app store to modify existing apps at installation time. The specific flaw involves an HTTP method to obtain the load-balanced hostname that enforces SSL only after obtaining a hostname from the load balancer, and a missing app signature validation in the application XML. An attacker can exploit this vulnerability to achieve Remote Code Execution on the device. The Samsung ID is SVE-2018-12071.
1634 CVE-2018-20128 22 Dir. Trav. 2018-12-13 2019-01-04
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in UsualToolCMS v8.0. cmsadmin\a_sqlback.php allows remote attackers to delete arbitrary files via a backname[] directory-traversal pathname followed by a crafted substring.
1635 CVE-2018-20127 20 2018-12-13 2019-01-04
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in zzzphp cms 1.5.8. del_file in /admin/save.php allows remote attackers to delete arbitrary files via a mixed-case extension and an extra '.' character, because (for example) "php" is blocked but path=F:/1.phP. succeeds.
1636 CVE-2018-20091 89 Sql 2019-06-07 2019-06-10
6.5
None Remote Low Single system Partial Partial Partial
An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encrypted CDSW passwords (in the case of local authentication), API keys, and stored Kerberos keytabs.
1637 CVE-2018-20066 416 2019-01-09 2019-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect object lifecycle in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1638 CVE-2018-20065 20 2019-01-09 2019-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to initiate potentially unsafe navigations without a user gesture via a crafted PDF file.
1639 CVE-2018-20015 352 CSRF 2018-12-10 2019-01-03
6.8
None Remote Medium Not required Partial Partial Partial
YzmCMS v5.2 has admin/role/add.html CSRF.
1640 CVE-2018-20004 119 Overflow 2018-12-10 2019-04-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<order type="real">' substring, as demonstrated by testmxml.
1641 CVE-2018-19998 89 Exec Code Sql 2019-01-03 2019-01-11
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter.
1642 CVE-2018-19994 89 Exec Code Sql 2019-01-03 2019-01-09
6.5
None Remote Low Single system Partial Partial Partial
An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter.
1643 CVE-2018-19983 330 2018-12-09 2019-10-02
6.1
None Local Network Low Not required None None Complete
An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. An attacker first prepares a Z-Wave frame-transmission program (e.g., Z-Wave PC Controller, OpenZWave, CC1110, etc.). Next, the attacker conducts a DoS attack against the Z-Wave S0 Security version product by continuously sending divided "Nonce Get (0x98 0x81)" frames. The reason for dividing the "Nonce Get" frame is that, in security version S0, when a node receives a "Nonce Get" frame, the node produces a random new nonce and sends it to the Src node of the received "Nonce Get" frame. After the nonce value is generated and transmitted, the node transitions to wait mode. At this time, when "Nonce Get" is received again, the node discards the previous nonce value and generates a random nonce again. Therefore, because the frame is encrypted with previous nonce value, the received normal frame cannot be decrypted.
1644 CVE-2018-19969 352 CSRF 2018-12-11 2019-04-22
6.8
None Remote Medium Not required Partial Partial Partial
phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc.
1645 CVE-2018-19963 617 DoS +Priv 2018-12-07 2019-10-02
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because x86 IOREQ server resource accounting (for external emulators) was mishandled.
1646 CVE-2018-19962 200 +Priv +Info 2018-12-07 2019-10-02
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.
1647 CVE-2018-19961 459 +Priv 2018-12-07 2019-10-02
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.
1648 CVE-2018-19931 119 Overflow 2018-12-07 2019-08-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.
1649 CVE-2018-19923 352 CSRF 2018-12-06 2019-01-11
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is member/member_email.php?action=edit CSRF.
1650 CVE-2018-19907 78 Exec Code 2018-12-06 2018-12-26
6.5
None Remote Low Single system Partial Partial Partial
A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. Attackers with developer privileges may execute OS commands by Creating/Editing a template file (.ftl filetype) that triggers a call to freemarker.template.utility.Execute in the FreeMarker library during rendering of a web page.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.