CVE-2019-6294 CVSS:6.8
An issue was discovered in EasyCMS 1.5. There is CSRF via the index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent URI. (Last Update:2019-01-16) (Publish Update:2019-01-15)
CVE-2019-6259 CVSS:7.5
An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter. (Last Update:2019-01-16) (Publish Update:2019-01-14)
CVE-2018-1969 CVSS:6.5
IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 153750. (Last Update:2019-01-16) (Publish Update:2019-01-14)
CVE-2019-6249 CVSS:6.8
An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=edit_info&act_type=add. (Last Update:2019-01-16) (Publish Update:2019-01-13)
CVE-2018-4262 CVSS:6.8
In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling. (Last Update:2019-01-16) (Publish Update:2019-01-11)
CVE-2018-4258 CVSS:10.0
In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved bounds checking. (Last Update:2019-01-16) (Publish Update:2019-01-11)
CVE-2018-4257 CVSS:10.0
In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved size validation. (Last Update:2019-01-16) (Publish Update:2019-01-11)
CVE-2018-4254 CVSS:10.0
In macOS High Sierra before 10.13.5, an input validation issue existed in the kernel. This issue was addressed with improved input validation. (Last Update:2019-01-16) (Publish Update:2019-01-11)
CVE-2018-4213 CVSS:6.8
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. (Last Update:2019-01-16) (Publish Update:2019-01-11)
CVE-2018-4212 CVSS:6.8
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. (Last Update:2019-01-16) (Publish Update:2019-01-11)
CVE-2018-4210 CVSS:6.8
In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks. (Last Update:2019-01-16) (Publish Update:2019-01-11)
CVE-2018-4183 CVSS:7.2
In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions. (Last Update:2019-01-16) (Publish Update:2019-01-11)
CVE-2018-4182 CVSS:7.2
In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS. (Last Update:2019-01-16) (Publish Update:2019-01-11)
CVE-2018-5412 CVSS:7.2
Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode. (Last Update:2019-01-16) (Publish Update:2019-01-10)
CVE-2018-4047 CVSS:6.6
An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. (Last Update:2019-01-16) (Publish Update:2019-01-10)
CVE-2018-4045 CVSS:6.6
An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. (Last Update:2019-01-16) (Publish Update:2019-01-10)
CVE-2018-4044 CVSS:6.6
An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. (Last Update:2019-01-16) (Publish Update:2019-01-10)
CVE-2018-4042 CVSS:6.6
An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. (Last Update:2019-01-16) (Publish Update:2019-01-10)
CVE-2018-4041 CVSS:6.6
An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. (Last Update:2019-01-16) (Publish Update:2019-01-10)
CVE-2018-4037 CVSS:6.6
The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access can use this vulnerability to modify the file system as root. (Last Update:2019-01-16) (Publish Update:2019-01-10)
CVE-2018-4036 CVSS:6.6
The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the running kernel extensions on the system. (Last Update:2019-01-16) (Publish Update:2019-01-10)
CVE-2018-4035 CVSS:6.6
The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. (Last Update:2019-01-16) (Publish Update:2019-01-10)
CVE-2018-4034 CVSS:6.6
The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. (Last Update:2019-01-16) (Publish Update:2019-01-10)
CVE-2018-6151 CVSS:6.8
Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. (Last Update:2019-01-15) (Publish Update:2019-01-09)
CVE-2018-6126 CVSS:6.8
A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Last Update:2019-01-15) (Publish Update:2019-01-09)
CVE-2018-6120 CVSS:6.8
An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Last Update:2019-01-15) (Publish Update:2019-01-09)
CVE-2018-20066 CVSS:6.8
Incorrect object lifecycle in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Last Update:2019-01-15) (Publish Update:2019-01-09)
CVE-2018-20065 CVSS:6.8
Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to initiate potentially unsafe navigations without a user gesture via a crafted PDF file. (Last Update:2019-01-15) (Publish Update:2019-01-09)
CVE-2018-16168 CVSS:7.5
LogonTracer 1.2.0 and earlier allows remote attackers to conduct Python code injection attacks via unspecified vectors. (Last Update:2019-01-15) (Publish Update:2019-01-09)
CVE-2018-16167 CVSS:10.0
LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. (Last Update:2019-01-15) (Publish Update:2019-01-09)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com