CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2251 CVE-2018-14947 119 Overflow 2018-08-05 2018-10-04
6.8
None Remote Medium Not required Partial Partial Partial
An issue has been found in PDF2JSON 0.69. XmlFontAccu::CSStyle in XmlFonts.cc has Mismatched Memory Management Routines (operator new [] versus operator delete).
2252 CVE-2018-14946 119 Overflow 2018-08-05 2018-10-04
6.8
None Remote Medium Not required Partial Partial Partial
An issue has been found in PDF2JSON 0.69. The HtmlString class in ImgOutputDev.cc has Mismatched Memory Management Routines (malloc versus operator delete).
2253 CVE-2018-14945 119 Overflow 2018-08-05 2018-10-04
6.8
None Remote Medium Not required Partial Partial Partial
An issue has been found in jpeg_encoder through 2015-11-27. It is a heap-based buffer overflow in the function readFromBMP in jpeg_encoder.cpp.
2254 CVE-2018-14944 787 2018-08-05 2018-10-04
6.8
None Remote Medium Not required Partial Partial Partial
An issue has been found in jpeg_encoder through 2015-11-27. It is a SEGV in the function readFromBMP in jpeg_encoder.cpp. The signal is caused by an out-of-bounds write.
2255 CVE-2018-14938 125 DoS Overflow 2018-08-04 2019-05-06
6.4
None Remote Low Not required Partial None Partial
An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds read and may allow access to sensitive memory (or a denial of service).
2256 CVE-2018-14930 352 CSRF 2019-04-30 2019-05-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. CSRF can occur via a /CollatWebApp/gcmsRefInsert?name=SUPP URI.
2257 CVE-2018-14926 352 CSRF 2018-08-03 2018-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Matera Banco 1.0.0 allows CSRF, as demonstrated by a /contingency/web/messageSend/messageSendHandler.jsp request.
2258 CVE-2018-14911 434 Bypass 2018-08-03 2018-10-10
6.5
None Remote Low Single system Partial Partial Partial
A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vulnerability is due to the system not strictly filtering the file upload type. An attacker can exploit the vulnerability to upload a script Trojan to admin.php/admin/configset/index/group/upload.html to gain server control by composing a request for a .txt upload and then changing it to a .php upload. The attacker must have admin access to change the upload_file_ext (aka "Allow upload file suffix") setting, and must use "php,php" in this setting to bypass the "php" restriction.
2259 CVE-2018-14910 94 Exec Code CSRF 2018-08-03 2018-10-02
6.8
None Remote Medium Not required Partial Partial Partial
SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php). The code is executed by visiting adm1n/admin_ip.php or data/admin/ip.php. This can also be exploited through CSRF.
2260 CVE-2018-14908 352 CSRF 2018-08-03 2018-09-27
6.8
None Remote Medium Not required Partial Partial Partial
Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action.
2261 CVE-2018-14892 352 CSRF 2018-11-27 2018-12-26
6.8
None Remote Medium Not required Partial Partial Partial
Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms.
2262 CVE-2018-14878 502 Exec Code 2018-08-13 2018-10-12
6.8
None Remote Medium Not required Partial Partial Partial
JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data.
2263 CVE-2018-14874 89 Sql 2019-04-30 2019-05-03
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. Input passed through the code parameter in three pages as collaterals/colexe3t.jsp and /references/refsuppu.jsp and /references/refbranu.jsp is mishandled before being used in SQL queries, allowing SQL injection with an authenticated session.
2264 CVE-2018-14857 434 Exec Code +Priv 2018-08-06 2018-10-10
6.5
None Remote Low Single system Partial Partial Partial
Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted.
2265 CVE-2018-14825 732 +Priv +Info 2018-09-24 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40 running Android OS 7.1, CK75 running Android OS 6.0, CN75 running Android OS 6.0, CN75e running Android OS 6.0, CT50 running Android OS 6.0, D75e running Android OS 6.0, CT50 running Android OS 4.4, D75e running Android OS 4.4, CN51 running Android OS 6.0, EDA50k running Android 4.4, EDA50 running Android OS 7.1, EDA50k running Android OS 7.1, EDA70 running Android OS 7.1, EDA60k running Android OS 7.1, and EDA51 running Android OS 8.1), a skilled attacker with advanced knowledge of the target system could exploit this vulnerability by creating an application that would successfully bind to the service and gain elevated system privileges. This could enable the attacker to obtain access to keystrokes, passwords, personal identifiable information, photos, emails, or business-critical documents.
2266 CVE-2018-14820 20 2018-10-23 2019-10-09
6.4
None Remote Low Not required None Partial Partial
Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing.
2267 CVE-2018-14812 427 2018-10-24 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
An uncontrolled search path element (DLL Hijacking) vulnerability has been identified in Fuji Electric Energy Savings Estimator versions V.1.0.2.0 and prior. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL.
2268 CVE-2018-14800 125 Exec Code 2018-10-03 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, by opening a crafted file, to cause the application to read past the boundary allocated to a stack object, which could allow execution of code under the context of the application.
2269 CVE-2018-14797 427 Exec Code 2018-08-23 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution.
2270 CVE-2018-14795 22 Dir. Trav. 2018-08-21 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files.
2271 CVE-2018-14792 119 Exec Code Overflow 2018-09-19 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
WECON PLC Editor version 1.3.3U may allow an attacker to execute code under the current process when processing project files.
2272 CVE-2018-14783 352 CSRF 2018-08-10 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. A cross-site request forgery condition can occur, allowing an attacker to change passwords of the device remotely.
2273 CVE-2018-14769 352 CSRF 2018-09-05 2018-11-13
6.8
None Remote Medium Not required Partial Partial Partial
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF.
2274 CVE-2018-14734 416 DoS 2018-07-29 2019-04-23
6.1
None Local Low Not required Partial Partial Complete
drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).
2275 CVE-2018-14682 682 2018-07-28 2019-03-28
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.
2276 CVE-2018-14681 787 2018-07-28 2019-03-28
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
2277 CVE-2018-14668 352 2019-08-15 2019-08-29
6.8
None Remote Medium Not required Partial Partial Partial
In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks.
2278 CVE-2018-14666 863 2019-01-22 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organization the host belongs to. This flaw affects all Red Hat Satellite 6 versions.
2279 CVE-2018-14653 119 DoS Overflow 2018-10-31 2019-04-02
6.5
None Remote Low Single system Partial Partial Partial
The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact.
2280 CVE-2018-14651 59 DoS Exec Code 2018-10-31 2019-04-02
6.5
None Remote Low Single system Partial Partial Partial
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.
2281 CVE-2018-14637 287 2018-11-30 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack.
2282 CVE-2018-14630 94 Exec Code 2018-09-17 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy 'drag and drop into text' (ddwtos) type quiz questions, it was possible to inject and execute PHP code from within the imported questions, either intentionally or by importing questions from an untrusted source.
2283 CVE-2018-14603 352 CSRF 2018-07-26 2018-09-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component.
2284 CVE-2018-14593 2018-08-03 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent may escalate their privileges by accessing a specially crafted URL.
2285 CVE-2018-14589 125 2018-07-24 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
An issue has been discovered in Bento4 1.5.1-624. AP4_Mp4AudioDsiParser::ReadBits in Codecs/Ap4Mp4AudioInfo.cpp has a heap-based buffer over-read.
2286 CVE-2018-14587 125 2018-07-24 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
An issue has been discovered in Bento4 1.5.1-624. AP4_MemoryByteStream::WritePartial in Core/Ap4ByteStream.cpp has a buffer over-read.
2287 CVE-2018-14586 119 Overflow 2018-07-24 2018-09-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in AP4_Mpeg2TsAudioSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp, a different vulnerability than CVE-2018-14532.
2288 CVE-2018-14585 125 2018-07-24 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
An issue has been discovered in Bento4 1.5.1-624. AP4_BytesToUInt16BE in Core/Ap4Utils.h has a heap-based buffer over-read after a call from the AP4_Stz2Atom class.
2289 CVE-2018-14584 125 2018-07-24 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
An issue has been discovered in Bento4 1.5.1-624. AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp has a heap-based buffer over-read.
2290 CVE-2018-14583 352 CSRF 2018-07-24 2018-09-18
6.8
None Remote Medium Not required Partial Partial Partial
xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account.
2291 CVE-2018-14582 352 CSRF 2018-07-24 2018-09-18
6.8
None Remote Medium Not required Partial Partial Partial
index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account.
2292 CVE-2018-14581 20 Exec Code 2018-07-31 2018-10-05
6.8
None Remote Medium Not required Partial Partial Partial
Redgate .NET Reflector before 10.0.7.774 and SmartAssembly before 6.12.5 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific embedded resource file.
2293 CVE-2018-14572 78 Exec Code 2018-08-28 2018-11-23
6.8
None Remote Medium Not required Partial Partial Partial
In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.
2294 CVE-2018-14570 434 Exec Code 2018-07-23 2018-09-20
6.5
None Remote Low Single system Partial Partial Partial
A file upload vulnerability in application/shop/controller/member.php in Niushop B2B2C Multi-business basic version V1.11 allows any remote member to upload a .php file to the web server via a profile avatar field, by using an image Content-Type (e.g., image/jpeg) with a modified filename and file content. This results in arbitrary code execution by requesting that .php file.
2295 CVE-2018-14550 119 Overflow 2019-07-10 2019-08-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.
2296 CVE-2018-14523 125 2018-07-23 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes.
2297 CVE-2018-14522 119 Overflow 2018-07-23 2019-04-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.
2298 CVE-2018-14521 119 Overflow 2018-07-23 2018-09-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_source_avcodec_readframe in io/source_avcodec.c, as demonstrated by aubiomfcc.
2299 CVE-2018-14505 20 2018-07-22 2018-09-18
6.8
None Remote Medium Not required Partial Partial Partial
mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to tools/web/app.py.
2300 CVE-2018-14473 611 DoS 2018-08-03 2018-09-30
6.4
None Remote Low Not required Partial None Partial
OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate information or cause a Denial of Service.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.