CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2201 CVE-2018-19994 89 Exec Code Sql 2019-01-03 2019-01-09
6.5
None Remote Low Single system Partial Partial Partial
An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter.
2202 CVE-2018-19983 330 2018-12-09 2019-10-02
6.1
None Local Network Low Not required None None Complete
An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. An attacker first prepares a Z-Wave frame-transmission program (e.g., Z-Wave PC Controller, OpenZWave, CC1110, etc.). Next, the attacker conducts a DoS attack against the Z-Wave S0 Security version product by continuously sending divided "Nonce Get (0x98 0x81)" frames. The reason for dividing the "Nonce Get" frame is that, in security version S0, when a node receives a "Nonce Get" frame, the node produces a random new nonce and sends it to the Src node of the received "Nonce Get" frame. After the nonce value is generated and transmitted, the node transitions to wait mode. At this time, when "Nonce Get" is received again, the node discards the previous nonce value and generates a random nonce again. Therefore, because the frame is encrypted with previous nonce value, the received normal frame cannot be decrypted.
2203 CVE-2018-19969 352 CSRF 2018-12-11 2019-04-22
6.8
None Remote Medium Not required Partial Partial Partial
phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc.
2204 CVE-2018-19963 617 DoS +Priv 2018-12-07 2019-10-02
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because x86 IOREQ server resource accounting (for external emulators) was mishandled.
2205 CVE-2018-19962 200 +Priv +Info 2018-12-07 2019-10-02
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.
2206 CVE-2018-19961 459 +Priv 2018-12-07 2019-10-02
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.
2207 CVE-2018-19931 119 Overflow 2018-12-07 2019-08-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.
2208 CVE-2018-19923 352 CSRF 2018-12-06 2019-01-11
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is member/member_email.php?action=edit CSRF.
2209 CVE-2018-19907 78 Exec Code 2018-12-06 2018-12-26
6.5
None Remote Low Single system Partial Partial Partial
A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. Attackers with developer privileges may execute OS commands by Creating/Editing a template file (.ftl filetype) that triggers a call to freemarker.template.utility.Execute in the FreeMarker library during rendering of a web page.
2210 CVE-2018-19898 89 Sql 2018-12-05 2018-12-26
6.5
None Remote Low Single system Partial Partial Partial
ThinkCMF X2.2.2 has SQL Injection via the method edit_post in ArticleController.class.php and is exploitable by normal authenticated users via the post[id][1] parameter in an article edit_post action.
2211 CVE-2018-19897 89 Sql 2018-12-05 2018-12-26
6.5
None Remote Low Single system Partial Partial Partial
ThinkCMF X2.2.2 has SQL Injection via the function _listorders() in AdminbaseController.class.php and is exploitable with the manager privilege via the listorders[key][1] parameter in a Link listorders action.
2212 CVE-2018-19896 89 Sql 2018-12-05 2018-12-26
6.5
None Remote Low Single system Partial Partial Partial
ThinkCMF X2.2.2 has SQL Injection via the function delete() in SlideController.class.php and is exploitable with the manager privilege via the ids[] parameter in a slide action.
2213 CVE-2018-19895 89 Sql 2018-12-05 2018-12-26
6.5
None Remote Low Single system Partial Partial Partial
ThinkCMF X2.2.2 has SQL Injection via the function edit_post() in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action.
2214 CVE-2018-19894 89 Sql 2018-12-05 2018-12-26
6.5
None Remote Low Single system Partial Partial Partial
ThinkCMF X2.2.2 has SQL Injection via the functions check() and delete() in CommentadminController.class.php and is exploitable with the manager privilege via the ids[] parameter in a commentadmin action.
2215 CVE-2018-19878 416 2019-06-19 2019-06-21
6.8
None Remote Low Single system None None Complete
An issue was discovered on Teltonika RTU950 R_31.04.89 devices. The application allows a user to login without limitation. For every successful login request, the application saves a session. A user can re-login without logging out, causing the application to store the session in memory. Exploitation of this vulnerability will increase memory use and consume free space.
2216 CVE-2018-19870 476 2018-12-26 2019-06-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.
2217 CVE-2018-19857 824 DoS 2018-12-05 2019-07-25
6.4
None Remote Low Not required Partial None Partial
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.
2218 CVE-2018-19853 269 2018-12-04 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in hitshop through 2014-07-15. There is an elevation-of-privilege vulnerability (that allows control over the whole web site) via the admin.php/user/add URI because a storekeeper account (which is supposed to have only privileges for commodity management) can add an administrator account.
2219 CVE-2018-19827 416 DoS 2018-12-03 2019-07-23
6.8
None Remote Medium Not required Partial Partial Partial
In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.
2220 CVE-2018-19793 Exec Code 2018-12-03 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
jiacrontab 1.4.5 allows remote attackers to execute arbitrary commands via the crontab/task/edit?addr=localhost%3a20001 command and args parameters, as demonstrated by command=cat&args=/etc/passwd in the POST data.
2221 CVE-2018-19762 119 DoS Overflow 2018-11-29 2018-12-26
6.8
None Remote Medium Not required Partial Partial Partial
There is a heap-based buffer overflow at fromsixel.c (function: image_buffer_resize) in libsixel 1.8.2 that will cause a denial of service or possibly unspecified other impact.
2222 CVE-2018-19760 772 2018-11-29 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak.
2223 CVE-2018-19754 290 Bypass 2018-12-05 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Tarantella Enterprise before 3.11 allows bypassing Access Control.
2224 CVE-2018-19616 668 2018-12-26 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. An unauthenticated user can add/edit/remove administrators because access control is implemented on the client side via a disabled attribute for a BUTTON element.
2225 CVE-2018-19612 434 Exec Code 2019-05-24 2019-05-28
6.5
None Remote Low Single system Partial Partial Partial
The /uploadfile? functionality in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allows remote users to upload malicious file types and execute ASP code.
2226 CVE-2018-19601 918 2019-01-03 2019-01-10
6.5
None Remote Low Single system Partial Partial Partial
Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload.
2227 CVE-2018-19576 284 2019-07-10 2019-07-11
6.4
None Remote Low Not required None Partial Partial
GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential.
2228 CVE-2018-19569 285 2019-07-10 2019-07-11
6.5
None Remote Low Single system Partial Partial Partial
GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope.
2229 CVE-2018-19562 434 Exec Code 2018-11-26 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive.
2230 CVE-2018-19561 352 CSRF 2018-11-26 2018-12-18
6.8
None Remote Medium Not required Partial Partial Partial
sikcms 1.1 has CSRF via admin.php?m=Admin&c=Users&a=userAdd to add an administrator account.
2231 CVE-2018-19555 352 CSRF 2018-11-26 2018-12-18
6.8
None Remote Medium Not required Partial Partial Partial
tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password.
2232 CVE-2018-19553 89 Sql 2018-11-26 2018-12-18
6.5
None Remote Low Single system Partial Partial Partial
Interspire Email Marketer through 6.1.6 has SQL Injection via an updateblock sortorder request to Dynamiccontenttags.php
2233 CVE-2018-19552 89 Sql 2018-11-26 2018-12-18
6.5
None Remote Low Single system Partial Partial Partial
Interspire Email Marketer through 6.1.6 has SQL Injection via a deleteblock blockid[] request to Dynamiccontenttags.php.
2234 CVE-2018-19551 89 Sql 2018-11-26 2018-12-18
6.5
None Remote Low Single system Partial Partial Partial
Interspire Email Marketer through 6.1.6 has SQL Injection via a checkduplicatetags tagname request to Dynamiccontenttags.php.
2235 CVE-2018-19550 434 2018-11-26 2019-05-23
6.5
None Remote Low Single system Partial Partial Partial
Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI.
2236 CVE-2018-19549 89 Sql 2018-11-26 2018-12-18
6.5
None Remote Low Single system Partial Partial Partial
Interspire Email Marketer through 6.1.6 has SQL Injection via a tagids Delete action to Dynamiccontenttags.php.
2237 CVE-2018-19546 352 XSS CSRF 2018-11-26 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter.
2238 CVE-2018-19545 352 CSRF 2018-11-26 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user.
2239 CVE-2018-19543 125 2018-11-25 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.
2240 CVE-2018-19541 125 2018-11-25 2019-10-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c.
2241 CVE-2018-19540 119 Overflow 2018-11-25 2019-10-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c.
2242 CVE-2018-19532 476 DoS 2018-11-25 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service.
2243 CVE-2018-19504 125 2018-11-23 2019-09-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There is a NULL pointer dereference in ifilter_bank() in libfaad/filtbank.c.
2244 CVE-2018-19503 119 Overflow 2018-11-23 2019-09-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a stack-based buffer overflow in the function calculate_gain() in libfaad/sbr_hfadj.c.
2245 CVE-2018-19502 119 Overflow 2018-11-23 2019-08-28
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a heap-based buffer overflow in the function excluded_channels() in libfaad/syntax.c.
2246 CVE-2018-19499 502 Exec Code 2018-11-23 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class.
2247 CVE-2018-19492 119 Overflow 2018-11-23 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend.
2248 CVE-2018-19491 119 Overflow 2018-11-23 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot postscript terminal is used as a backend.
2249 CVE-2018-19490 119 Overflow 2018-11-23 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function.
2250 CVE-2018-19477 704 Bypass 2018-11-23 2019-04-25
6.8
None Remote Medium Not required Partial Partial Partial
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.