CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2601 CVE-2018-16770 20 DoS 2018-09-10 2018-11-01
6.8
None Remote Medium Not required Partial Partial Partial
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because a certain new_allocator allocate call fails.
2602 CVE-2018-16769 20 DoS 2018-09-10 2018-11-01
6.8
None Remote Medium Not required Partial Partial Partial
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because libRuntime.so!llvm::InstructionCombiningPass::runOnFunction is mishandled.
2603 CVE-2018-16768 119 DoS Overflow 2018-09-10 2018-11-01
6.8
None Remote Medium Not required Partial Partial Partial
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in IR::FunctionValidationContext::end.
2604 CVE-2018-16767 119 DoS Overflow 2018-09-10 2018-11-01
6.8
None Remote Medium Not required Partial Partial Partial
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::popAndValidateOperand.
2605 CVE-2018-16766 20 DoS 2018-09-10 2018-11-01
6.8
None Remote Medium Not required Partial Partial Partial
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because Errors::unreachable() is reached.
2606 CVE-2018-16765 119 DoS Overflow 2018-09-10 2018-10-31
6.8
None Remote Medium Not required Partial Partial Partial
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::else_.
2607 CVE-2018-16764 125 DoS 2018-09-10 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an IR::FunctionValidationContext::catch_all heap-based buffer over-read.
2608 CVE-2018-16732 352 CSRF 2018-09-08 2018-10-19
6.8
None Remote Medium Not required Partial Partial Partial
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save.
2609 CVE-2018-16715 732 2018-09-08 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security permissions on the %ProgramData%\CTES folder and sub-folders may allow write access to low-privileged user accounts. This allows unauthorized replacement of service program executable (EXE) or dynamically loadable library (DLL) files, causing elevated (SYSTEM) user access. Configuration control files or data files under this folder could also be similarly modified to affect service process behavior.
2610 CVE-2018-16713 119 Overflow 2018-09-26 2018-12-27
6.8
None Remote Low Single system Complete None None
IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402084) with a buffer containing user defined content. The driver's subroutine will execute a rdmsr instruction with the user's buffer for input, and provide output from the instruction.
2611 CVE-2018-16712 200 +Info 2018-09-26 2018-12-27
6.8
None Remote Low Single system Complete None None
IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send a specially crafted IOCTL 0x9C406104 to read physical memory.
2612 CVE-2018-16711 119 Overflow 2018-09-26 2018-12-11
6.5
None Remote Low Single system Partial Partial Partial
IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402088) with a buffer containing user defined content. The driver's subroutine will execute a wrmsr instruction with the user's buffer for input.
2613 CVE-2018-16710 200 DoS +Info 2018-09-07 2018-11-14
6.4
None Remote Low Not required Partial None Partial
** DISPUTED ** OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with "blind port forwarding ... Putting OctoPrint onto the public internet is a terrible idea, and I really can't emphasize that enough."
2614 CVE-2018-16650 352 CSRF 2018-09-07 2018-11-02
6.8
None Remote Medium Not required Partial Partial Partial
phpMyFAQ before 2.9.11 allows CSRF.
2615 CVE-2018-16634 352 CSRF 2018-12-04 2018-12-27
6.8
None Remote Medium Not required Partial Partial Partial
Pluck v4.7.7 allows CSRF via admin.php?action=settings.
2616 CVE-2018-16621 94 2018-11-15 2019-01-24
6.5
None Remote Low Single system Partial Partial Partial
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.
2617 CVE-2018-16604 94 Exec Code 2018-09-06 2018-11-14
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in Nibbleblog v4.0.5. With an admin's username and password, an attacker can execute arbitrary PHP code by changing the username because the username is surrounded by double quotes (e.g., "${phpinfo()}").
2618 CVE-2018-16601 191 DoS Exec Code 2018-12-06 2019-01-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly remote code execution.
2619 CVE-2018-16585 119 Overflow Mem. Corr. 2018-09-06 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Note: A reputable source believes that the CVE is potentially a duplicate of CVE-2018-15910 as explained in Red Hat bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1626193).
2620 CVE-2018-16554 134 2018-09-15 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT handling.
2621 CVE-2018-16553 284 Exec Code 2019-06-20 2019-06-21
6.5
None Remote Low Single system Partial Partial Partial
In Jspxcms 9.0.0, a vulnerable URL routing implementation allows remote code execution after logging in as web admin.
2622 CVE-2018-16552 352 CSRF 2018-09-05 2018-10-25
6.8
None Remote Medium Not required Partial Partial Partial
MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/edit/, and /accounts/##/delete/ URIs.
2623 CVE-2018-16545 732 Exec Code 2018-09-05 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Kaizen Asset Manager (Enterprise Edition) and Training Manager (Enterprise Edition) allow a remote attacker to achieve arbitrary code execution via file impersonation. For example, a malicious dynamic-link library (dll) assumed the identity of a temporary (tmp) file (isxdl.dll) and an executable file assumed the identity of a temporary file (996E.temp).
2624 CVE-2018-16543 2018-09-05 2018-11-25
6.8
None Remote Medium Not required Partial Partial Partial
In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an unspecified impact.
2625 CVE-2018-16540 416 2018-09-05 2019-04-25
6.8
None Remote Medium Not required Partial Partial Partial
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.
2626 CVE-2018-16526 Exec Code Overflow +Info 2018-12-06 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to leak information or execute arbitrary code because of a Buffer Overflow during generation of a protocol checksum in usGenerateProtocolChecksum and prvProcessIPPacket.
2627 CVE-2018-16525 Exec Code Overflow +Info 2018-12-06 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to execute arbitrary code or leak information because of a Buffer Overflow during parsing of DNS\LLMNR packets in prvParseDNSReply.
2628 CVE-2018-16522 416 2018-12-06 2019-01-03
6.8
None Remote Medium Not required Partial Partial Partial
Amazon Web Services (AWS) FreeRTOS through 1.3.1 has an uninitialized pointer free in SOCKETS_SetSockOpt.
2629 CVE-2018-16515 347 2018-09-18 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
2630 CVE-2018-16513 704 2018-09-05 2019-04-25
6.8
None Remote Medium Not required Partial Partial Partial
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact.
2631 CVE-2018-16511 704 2018-09-05 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.
2632 CVE-2018-16510 119 Overflow 2018-09-05 2018-11-25
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact.
2633 CVE-2018-16483 269 2019-02-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.
2634 CVE-2018-16448 352 CSRF 2018-09-04 2018-10-24
6.8
None Remote Medium Not required Partial Partial Partial
Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save.
2635 CVE-2018-16447 352 CSRF 2018-09-04 2018-12-31
6.8
None Remote Medium Not required Partial Partial Partial
Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF.
2636 CVE-2018-16446 22 Dir. Trav. 2018-09-04 2018-10-24
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in SeaCMS through 6.61. adm1n/admin_database.php allows remote attackers to delete arbitrary files via directory traversal sequences in the bakfiles parameter. This can allow the product to be reinstalled by deleting install_lock.txt.
2637 CVE-2018-16444 918 2018-09-04 2018-10-24
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter.
2638 CVE-2018-16438 125 2018-09-03 2018-10-26
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c.
2639 CVE-2018-16436 89 Sql 2018-09-05 2018-11-05
6.5
None Remote Low Single system Partial Partial Partial
Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an administrator.
2640 CVE-2018-16431 352 CSRF 2018-09-03 2018-11-02
6.8
None Remote Medium Not required Partial Partial Partial
admin/admin/adminsave.html in YFCMF v3.0 allows CSRF to add an administrator account.
2641 CVE-2018-16430 125 2018-09-03 2018-10-25
6.8
None Remote Medium Not required Partial Partial Partial
GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c.
2642 CVE-2018-16416 352 CSRF 2018-09-03 2018-10-25
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password.
2643 CVE-2018-16413 125 2018-09-03 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function.
2644 CVE-2018-16412 125 2018-09-03 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function.
2645 CVE-2018-16396 2018-11-16 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
2646 CVE-2018-16388 434 Exec Code 2018-09-12 2018-11-02
6.5
None Remote Low Single system Partial Partial Partial
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.
2647 CVE-2018-16387 352 CSRF 2018-09-02 2018-10-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF vulnerability that can add an account via user/add.
2648 CVE-2018-16380 352 CSRF 2018-09-02 2019-09-23
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF vulnerability in users.php?action=createnew that can add an admin account.
2649 CVE-2018-16376 787 DoS Overflow 2018-09-02 2018-10-31
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.
2650 CVE-2018-16375 119 Overflow 2018-09-02 2018-11-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.