CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2018 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-1002150 732 2018-04-04 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1.
2 CVE-2018-1000167 502 Exec Code 2018-04-18 2018-05-22
9.3
None Remote Medium Not required Complete Complete Complete
OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insecure yaml.load-Function as used in the following files: config.py:136, config.py:142, sources.py:99 and sources.py:131. The "list-sources"-command is affected by this bug. that can result in Remote Code Execution(even as root if suricata-update is called by root). This attack appears to be exploitable via a specially crafted yaml-file at https://www.openinfosecfoundation.org/rules/index.yaml. This vulnerability appears to have been fixed in 1.0.0b1.
3 CVE-2018-1000156 20 Exec Code 2018-04-06 2019-07-30
6.8
None Remote Medium Not required Partial Partial Partial
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.
4 CVE-2018-1000153 352 DoS CSRF 2018-04-05 2018-05-15
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java, PowerOn.java, Reconfigure.java, Rename.java, RenameSnapshot.java, RevertToSnapshot.java, SuspendVm.java, TakeSnapshot.java, VSphereBuildStepContainer.java, vSphereCloudProvisionedSlave.java, vSphereCloudSlave.java, vSphereCloudSlaveTemplate.java, VSphereConnectionConfig.java, vSphereStep.java that allows attackers to perform form validation related actions, including sending numerous requests to the configured vSphere server, potentially resulting in denial of service, or send credentials stored in Jenkins with known ID to an attacker-specified server ("test connection").
5 CVE-2018-1000152 863 DoS 2018-04-05 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
An improper authorization vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java, PowerOn.java, Reconfigure.java, Rename.java, RenameSnapshot.java, RevertToSnapshot.java, SuspendVm.java, TakeSnapshot.java, VSphereBuildStepContainer.java, vSphereCloudProvisionedSlave.java, vSphereCloudSlave.java, vSphereCloudSlaveTemplate.java, VSphereConnectionConfig.java, vSphereStep.java that allows attackers to perform form validation related actions, including sending numerous requests to the configured vSphere server, potentially resulting in denial of service, or send credentials stored in Jenkins with known ID to an attacker-specified server ("test connection").
6 CVE-2018-1000151 295 2018-04-05 2018-05-15
6.8
None Remote Medium Not required Partial Partial Partial
A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java that disables SSL/TLS certificate validation by default.
7 CVE-2018-1000149 2018-04-05 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java, AnsibleContext.java, AnsibleJobDslExtension.java, AnsiblePlaybookBuilder.java, AnsiblePlaybookStep.java that disables host key verification by default.
8 CVE-2018-1000146 Exec Code 2018-04-05 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM.
9 CVE-2018-10575 798 2018-04-30 2018-09-16
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false.
10 CVE-2018-10574 94 Exec Code 2018-04-30 2018-06-07
7.5
None Remote Low Not required Partial Partial Partial
site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files.
11 CVE-2018-10573 Bypass 2018-04-30 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
interface/fax/fax_dispatch.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the scan parameter.
12 CVE-2018-10549 125 2018-04-29 2019-08-19
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character.
13 CVE-2018-10537 119 Overflow 2018-04-29 2019-12-20
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks.
14 CVE-2018-10536 787 2018-04-29 2019-12-20
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.
15 CVE-2018-10529 125 2018-04-29 2018-06-04
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp.
16 CVE-2018-10528 787 Overflow 2018-04-29 2020-10-15
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp.
17 CVE-2018-10520 732 2018-04-27 2019-10-03
8.5
None Remote Low ??? None Complete Complete
In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories.
18 CVE-2018-10519 732 2018-04-27 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because files in the tmp/ directory are accessible through HTTP requests. NOTE: this vulnerability exists because of an incorrect fix for CVE-2018-10084.
19 CVE-2018-10518 732 2018-04-27 2019-10-03
8.5
None Remote Low ??? None Complete Complete
In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories.
20 CVE-2018-10517 94 Exec Code 2018-04-27 2019-03-15
6.5
None Remote Low ??? Partial Partial Partial
In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element.
21 CVE-2018-10515 94 Exec Code 2018-04-27 2018-05-24
6.5
None Remote Low ??? Partial Partial Partial
In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be present in the extracted ZIP archive.
22 CVE-2018-10504 1236 2018-04-27 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection.
23 CVE-2018-10503 352 CSRF 2018-04-27 2019-12-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser.
24 CVE-2018-10469 434 2018-04-27 2018-06-04
7.5
None Remote Low Not required Partial Partial Partial
b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name[] parameter to the /upload URI.
25 CVE-2018-10431 78 Exec Code 2018-04-26 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen.
26 CVE-2018-10429 94 Exec Code 2018-04-26 2018-06-13
7.5
None Remote Low Not required Partial Partial Partial
Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php.
27 CVE-2018-10392 125 DoS Overflow 2018-04-26 2021-11-30
6.8
None Remote Medium Not required Partial Partial Partial
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.
28 CVE-2018-10381 732 Exec Code 2018-04-26 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect" method accepts a server list argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user.
29 CVE-2018-10375 434 Exec Code 2018-04-25 2018-06-13
7.5
None Remote Low Not required Partial Partial Partial
A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2, which can be utilized by attackers to upload and execute arbitrary PHP code via the /dede/archives_do.php?dopost=uploadLitpic litpic parameter when "Content-Type: image/jpeg" is sent, but the filename ends in .php and contains PHP code.
30 CVE-2018-10361 668 +Priv 2018-04-25 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one user (who has an unprivileged account but is also able to authenticate as root) writes a text file using Kate into a directory owned by a another unprivileged user. The latter unprivileged user conducts a symlink attack to achieve privilege escalation.
31 CVE-2018-10312 352 CSRF 2018-04-24 2018-05-24
6.8
None Remote Medium Not required Partial Partial Partial
index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member.
32 CVE-2018-10305 Bypass 2018-04-24 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions.
33 CVE-2018-10303 416 Exec Code 2018-04-23 2018-05-25
6.8
None Remote Medium Not required Partial Partial Partial
A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-y0nqfutlf3.
34 CVE-2018-10302 416 Exec Code 2018-04-23 2018-05-25
6.8
None Remote Medium Not required Partial Partial Partial
A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-jyb51g3mv9.
35 CVE-2018-10295 352 CSRF 2018-04-22 2018-05-25
6.8
None Remote Medium Not required Partial Partial Partial
ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add an administrator account.
36 CVE-2018-10285 732 Bypass 2018-04-22 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the app does not use any sort of session ID, an attacker might bypass authentication.
37 CVE-2018-10284 89 Sql 2018-04-21 2018-06-13
7.5
None Remote Low Not required Partial Partial Partial
Adaltech G-Ticket v70 EME104 has SQL Injection via the mobile-loja/mensagem.asp eve_cod parameter.
38 CVE-2018-10283 89 Sql 2018-04-21 2018-06-13
7.5
None Remote Low Not required Partial Partial Partial
CliqueMania loja virtual 14 has SQL Injection via the patch/remote.php id parameter in a recomendar action.
39 CVE-2018-10267 352 CSRF 2018-04-22 2018-05-25
6.8
None Remote Medium Not required Partial Partial Partial
WTCMS 1.0 has a CSRF vulnerability to add an administrator account via the index.php?admin&m=user&a=add_post URI.
40 CVE-2018-10266 352 CSRF 2018-04-22 2018-05-25
6.8
None Remote Medium Not required Partial Partial Partial
BEESCMS 4.0 has a CSRF vulnerability to add an administrator account via the admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user URI.
41 CVE-2018-10265 352 CSRF 2018-04-22 2018-05-25
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in HongCMS v3.0.0. There is a CSRF vulnerability that can add an administrator account via the admin/index.php/users/save URI.
42 CVE-2018-10254 125 DoS 2018-04-21 2020-07-13
6.8
None Remote Medium Not required Partial Partial Partial
Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file.
43 CVE-2018-10249 352 CSRF 2018-04-20 2018-05-22
6.8
None Remote Medium Not required Partial Partial Partial
baijiacms V3 has CSRF via index.php?mod=site&op=edituser&name=manager&do=user to add an administrator account.
44 CVE-2018-10238 119 Overflow 2018-04-20 2019-10-07
7.5
None Remote Low Not required Partial Partial Partial
bvlc.c in skarg BACnet Protocol Stack bacserv 0.9.1 and 0.8.5 is affected by a Buffer Overflow because of a lack of packet-size validation. The affected component is bacserv BACnet/IP BVLC forwarded NPDU. The function bvlc_bdt_forward_npdu() calls bvlc_encode_forwarded_npdu() which copies the content from the request into a local in the bvlc_bdt_forward_npdu() stack frame and clobbers the canary. The attack vector is: A BACnet/IP device with BBMD enabled based on this library connected to IP network. The fixed version is: 0.8.6.
45 CVE-2018-10236 94 Exec Code 2018-04-19 2018-05-22
6.5
None Remote Low ??? Partial Partial Partial
POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP code via the diy\dayrui\controllers\admin\Syscontroller.php 'add' function because an attacker can control the value of $data['name'] with no restrictions, and this value is written to the FCPATH.$file file.
46 CVE-2018-10235 94 Exec Code 2018-04-19 2018-05-22
6.5
None Remote Low ??? Partial Partial Partial
POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of $cache['setting']['ucssocfg'] in diy\module\member\models\Member_model.php and write this code into the api/ucsso/config.php file.
47 CVE-2018-10233 352 CSRF 2018-04-23 2019-10-06
6.8
None Remote Medium Not required Partial Partial Partial
The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin.
48 CVE-2018-10225 89 Sql 2018-04-19 2018-05-17
7.5
None Remote Low Not required Partial Partial Partial
thinkphp 3.1.3 has SQL Injection via the index.php s parameter.
49 CVE-2018-10224 352 CSRF 2018-04-19 2018-05-17
6.0
None Remote Medium ??? Partial Partial Partial
An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add a tag via /index.php/admin/tag/add.html.
50 CVE-2018-10223 352 CSRF 2018-04-19 2018-05-17
6.0
None Remote Medium ??? Partial Partial Partial
An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add an admin account via /index.php/admin/admin_manage/add.html.
Total number of vulnerabilities : 837   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.