CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2018-20381 2018-12-23 2018-12-23
0.0
None ??? ??? ??? ??? ??? ???
Technicolor DPC2320 dpc2300r2-v202r1244101-150420a-v6 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
352 CVE-2018-20380 2018-12-23 2018-12-23
0.0
None ??? ??? ??? ??? ??? ???
Ambit DDW2600 5.100.1009, DDW2602 5.105.1003, T60C926 4.64.1012, and U10C019 5.66.1026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
353 CVE-2018-20371 Bypass 2018-12-22 2018-12-22
0.0
None ??? ??? ??? ??? ??? ???
PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it easier for remote attackers to bypass intended GET restrictions via a brute-force approach, as demonstrated by "GET /login.html__passwd1" and "GET /login.html__passwd2" and so on.
354 CVE-2018-20367 XSS 2018-12-22 2018-12-22
0.0
None ??? ??? ??? ??? ??? ???
The "mall some commodity details: commodity consultation" component in WSTMart 2.0.8_181212 has stored XSS via the consultContent parameter, as demonstrated by the index.php/home/goodsconsult/add.html URI.
355 CVE-2018-20345 2018-12-21 2018-12-21
0.0
None ??? ??? ??? ??? ??? ???
Incorrect access control in StackStorm API (st2api) in StackStorm before 2.9.2 and 2.10.x before 2.10.1 allows an attacker (who has a StackStorm account and is authenticated against the StackStorm API) to retrieve datastore items for other users by utilizing the /v1/keys "?scope=all" and "?user=<username>" query filter parameters. Enterprise editions with RBAC enabled are not affected.
356 CVE-2018-20342 Exec Code 2018-12-21 2018-12-21
0.0
None ??? ??? ??? ??? ??? ???
The Floureon IP Camera SP012 provides a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges.
357 CVE-2018-20332 2018-12-21 2018-12-21
0.0
None ??? ??? ??? ??? ??? ???
An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download&file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=download&dir= followed by a full pathname. This is related to plugin/controllers/file.py in the e2openplugin-OpenWebif project.
358 CVE-2018-20325 Exec Code 2018-12-21 2018-12-21
0.0
None ??? ??? ??? ??? ??? ???
There is a vulnerability in load() method in definitions/parser.py in the Danijar Hafner definitions package for Python. It can execute arbitrary python commands resulting in command execution.
359 CVE-2018-20307 +Info 2018-12-20 2018-12-20
0.0
None ??? ??? ??? ??? ??? ???
Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1 allow a remote authenticated user to obtain sensitive historical activity information by leveraging incorrect permission validation.
360 CVE-2018-20304 DoS 2018-12-19 2018-12-19
0.0
None ??? ??? ??? ??? ??? ???
wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01 allows attackers to cause a denial of service (SEGV) via a long second argument. NOTE: this is not a Microsoft product.
361 CVE-2018-20303 Dir. Trav. 2018-12-19 2018-12-19
0.0
None ??? ??? ??? ??? ??? ???
In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CVE-2018-18925.
362 CVE-2018-20300 Exec Code 2018-12-19 2018-12-19
0.0
None ??? ??? ??? ??? ??? ???
Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file.
363 CVE-2018-20299 Exec Code Overflow 2018-12-19 2018-12-19
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in several Bosch Smart Home cameras (360 degree indoor camera and Eyes outdoor camera) with firmware before 6.52.4. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface, because there is a buffer overflow in the RCP+ parser of the web server.
364 CVE-2018-20298 2018-12-19 2018-12-19
0.0
None ??? ??? ??? ??? ??? ???
S3 Browser before 8.1.5 contains an XML external entity (XXE) vulnerability, allowing remote attackers to read arbitrary files and obtain NTLMv2 hash values by tricking a user into connecting to a malicious server via the S3 protocol.
365 CVE-2018-20249 2018-12-24 2018-12-26
0.0
None ??? ??? ??? ??? ??? ???
In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref entries using the DAOpenFile or DAOpenFileReadOnly functions may result in an access violation caused by out of bounds memory access.
366 CVE-2018-20248 2018-12-24 2018-12-26
0.0
None ??? ??? ??? ??? ??? ???
In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref table pointers or invalid xref table data using the LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile or DAOpenFileReadOnly functions may result in an access violation caused by out of bounds memory access.
367 CVE-2018-20245 2019-01-23 2019-01-23
0.0
None ??? ??? ??? ??? ??? ???
The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking.
368 CVE-2018-20233 DoS 2019-01-18 2019-01-22
0.0
None ??? ??? ??? ??? ??? ???
The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR.
369 CVE-2018-20231 CSRF 2018-12-19 2019-01-08
0.0
None ??? ??? ??? ??? ??? ???
Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation.
370 CVE-2018-20226 2018-12-21 2018-12-21
0.0
None ??? ??? ??? ??? ??? ???
An organization administrator can add a super administrator in THEHIVE PROJECT Cortex before 2.1.3 due to the lack of overriding the Role.toString method.
371 CVE-2018-20216 2018-12-20 2018-12-25
0.0
None ??? ??? ??? ??? ??? ???
QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled).
372 CVE-2018-20193 2018-12-21 2018-12-25
0.0
None ??? ??? ??? ??? ??? ???
Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (build 7631). This occurs because appropriate controls are not performed. Specifically, it is possible for a readonly user to change the administrator user password by making a local copy of the /dana-admin/user/update.cgi page, changing the "user" value, and saving the changes.
373 CVE-2018-20186 2018-12-17 2018-12-17
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Bento4 1.5.1-627. AP4_Sample::ReadData in Core/Ap4Sample.cpp allows attackers to trigger an attempted excessive memory allocation, related to AP4_DataBuffer::SetDataSize and AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp.
374 CVE-2018-20170 2018-12-17 2018-12-17
0.0
None ??? ??? ??? ??? ??? ???
** DISPUTED ** OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an OpenStack Security Advisory.
375 CVE-2018-20167 Exec Code 2018-12-17 2018-12-17
0.0
None ??? ??? ??? ??? ??? ???
Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types (/usr/share/applications). The control sequence defers unknown file types to the handle_unknown_media() function, which executes xdg-open against the filename specified in the sequence. The use of xdg-open for all unknown file types allows executable file formats with a registered shared MIME type to be executed. An attacker can achieve remote code execution by introducing an executable file and a plain text file containing the control sequence through a fake software project (e.g., in Git or a tarball). When the control sequence is rendered (such as with cat), the executable file will be run.
376 CVE-2018-20166 2019-01-02 2019-01-02
0.0
None ??? ??? ??? ??? ??? ???
A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows the user to upload a background image, and mishandles extension checking. It accepts uploads of PHP content if the first few characters match GIF data, and the filename ends in ".php" with mixed case, such as the .pHp extension.
377 CVE-2018-20161 2018-12-15 2018-12-15
0.0
None ??? ??? ??? ??? ??? ???
A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the Wi-Fi network. (Access to live video from the app also becomes unavailable.)
378 CVE-2018-20145 Bypass 2018-12-13 2018-12-13
0.0
None ??? ??? ??? ??? ??? ???
Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored.
379 CVE-2018-20131 2019-01-02 2019-01-07
0.0
None ??? ??? ??? ??? ??? ???
The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permissive permissions on the /usr/local/crashplan/log directory. This allows a user to manipulate symbolic links to escalate privileges, or show the contents of sensitive files that a regular user would not have access to.
380 CVE-2018-20129 Exec Code 2018-12-13 2018-12-13
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in DedeCMS V5.7 SP2. uploads/include/dialog/select_images_post.php allows remote attackers to upload and execute arbitrary PHP code via a double extension and a modified ".php" substring, in conjunction with the image/jpeg content type, as demonstrated by the filename=1.jpg.p*hp value.
381 CVE-2018-20100 2019-01-02 2019-01-02
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered on August Connect devices. Insecure data transfer between the August app and August Connect during configuration allows attackers to discover home Wi-Fi credentials. This data transfer uses an unencrypted access point for these credentials, and passes them in an HTTP POST, using the AugustWifiDevice class, with data encrypted with a fixed key found obfuscated in the app.
382 CVE-2018-20071 2019-01-09 2019-01-09
0.0
None ??? ??? ??? ??? ??? ???
Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to install a service worker for a domain that can host attacker controled files via a crafted HTML page.
383 CVE-2018-20058 2018-12-11 2018-12-11
0.0
None ??? ??? ??? ??? ??? ???
In Evernote before 7.6 on macOS, there is a local file path traversal issue in attachment previewing, aka MACOSNOTE-28634.
384 CVE-2018-20050 DoS 2018-12-10 2018-12-10
0.0
None ??? ??? ??? ??? ??? ???
Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via the ONVIF GetStreamUri method and GetVideoEncoderConfigurationOptions method.
385 CVE-2018-19991 Bypass 2018-12-09 2018-12-09
0.0
None ??? ??? ??? ??? ??? ???
VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args or get_post_args) to block the API misuse described in CVE-2018-9230.
386 CVE-2018-19983 2018-12-09 2018-12-09
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. An attacker first prepares a Z-Wave frame-transmission program (e.g., Z-Wave PC Controller, OpenZWave, CC1110, etc.). Next, the attacker conducts a DoS attack against the Z-Wave S0 Security version product by continuously sending divided "Nonce Get (0x98 0x81)" frames. The reason for dividing the "Nonce Get" frame is that, in security version S0, when a node receives a "Nonce Get" frame, the node produces a random new nonce and sends it to the Src node of the received "Nonce Get" frame. After the nonce value is generated and transmitted, the node transitions to wait mode. At this time, when "Nonce Get" is received again, the node discards the previous nonce value and generates a random nonce again. Therefore, because the frame is encrypted with previous nonce value, the received normal frame cannot be decrypted.
387 CVE-2018-19982 2018-12-09 2018-12-09
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs because HPKP is not implemented. The communication architecture is APP > Server > Controller (HUB) > Node (products which are controlled by HUB). The prerequisite is that the attacker is on the same network as the target HUB, and can use IP Changer to change destination IP addresses (of all packets whose destination IP address is Server) to a proxy-server IP address. This allows sniffing of cleartext between Server and Controller. The cleartext command data is transmitted to Controller using the proxy server's fake certificate, and it is able to control each Node of the HUB. Also, by operating HUB in Z-Wave Pairing Mode, it is possible to obtain the Z-Wave network key.
388 CVE-2018-19960 +Info 2018-12-07 2018-12-07
0.0
None ??? ??? ??? ??? ??? ???
The debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname.
389 CVE-2018-19922 XSS 2018-12-06 2018-12-06
0.0
None ??? ??? ??? ??? ??? ???
Persistent Cross-Site Scripting (XSS) in the advancedsetup_websiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd' URL parameter in a /urlfilter.cmd POST request.
390 CVE-2018-19911 Exec Code CSRF 2018-12-06 2018-12-06
0.0
None ??? ??? ??? ??? ??? ???
FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?calc URI. This can also be exploited via CSRF. Alternatively, the default password of works for the freeswitch account can sometimes be used.
391 CVE-2018-19908 Exec Code 2018-12-06 2018-12-06
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import.
392 CVE-2018-19876 2018-12-05 2018-12-05
0.0
None ??? ??? ??? ??? ??? ???
cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error.
393 CVE-2018-19863 2018-12-22 2018-12-22
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in 1Password 7.2.3.BETA before 7.2.3.BETA-3 on macOS. A mistake in error logging resulted in instances where sensitive data passed from Safari to 1Password could be logged locally on the user's machine. This data could include usernames and passwords that a user manually entered into Safari.
394 CVE-2018-19854 2018-12-04 2018-12-04
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option).
395 CVE-2018-19853 2018-12-04 2018-12-04
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in hitshop through 2014-07-15. There is an elevation-of-privilege vulnerability (that allows control over the whole web site) via the admin.php/user/add URI because a storekeeper account (which is supposed to have only privileges for commodity management) can add an administrator account.
396 CVE-2018-19836 XSS Bypass 2018-12-03 2018-12-03
0.0
None ??? ??? ??? ??? ??? ???
In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.inc.php allows registering variables from the $_COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such as the Chrome XSS filter.
397 CVE-2018-19829 CSRF 2018-12-18 2018-12-20
0.0
None ??? ??? ??? ??? ??? ???
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.
398 CVE-2018-19795 2018-12-03 2018-12-03
0.0
None ??? ??? ??? ??? ??? ???
ChipsBank UMPTool saves the password to the NAND with a simple substitution cipher, which allows attackers to get full access when having physical access to the device.
399 CVE-2018-19793 Exec Code 2018-12-03 2018-12-03
0.0
None ??? ??? ??? ??? ??? ???
jiacrontab 1.4.5 allows remote attackers to execute arbitrary commands via the crontab/task/edit?addr=localhost%3a20001 command and args parameters, as demonstrated by command=cat&args=/etc/passwd in the POST data.
400 CVE-2018-19792 DoS Overflow 2018-12-03 2018-12-03
0.0
None ??? ??? ??? ??? ??? ???
The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service (buffer overflow) or possibly have unspecified other impact by creating a symlink through which the openlitespeed program can be invoked with a long command name (involving ../ characters), which is mishandled in the LshttpdMain::getServerRootFromExecutablePath function.
Total number of vulnerabilities : 1065   Page : 1 2 3 4 5 6 7 8 (This Page)9 10 11 12 13 14 15 16 17 18 19 20 21 22
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.