CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2018-1000211 732 2018-07-13 2019-10-03
5.0
None Remote Low Not required Partial None None
Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry.
52 CVE-2018-1000210 502 Exec Code 2018-07-13 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);" and blindly instantiates them. that can result in Code execution in the context of the running process. This attack appear to be exploitable via Victim must parse a specially-crafted YAML file. This vulnerability appears to have been fixed in 5.0.0.
53 CVE-2018-1000209 732 Exec Code 2018-07-13 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Sensu, Inc. Sensu Core version Before version 1.4.2-3 contains a Insecure Permissions vulnerability in Sensu Core on Windows platforms that can result in Unprivileged users may execute code in context of Sensu service account. This attack appear to be exploitable via Unprivileged user may place an arbitrary DLL in the c:\opt\sensu\embedded\bin directory in order to exploit standard Windows DLL load order behavior. This vulnerability appears to have been fixed in 1.4.2-3 and later.
54 CVE-2018-1000208 22 Dir. Trav. 2018-07-13 2018-09-07
6.4
None Remote Low Not required None Partial Partial
MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have been fixed in pull 13980.
55 CVE-2018-1000207 732 2018-07-13 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appears to have been fixed in commit 06bc94257408f6a575de20ddb955aca505ef6e68.
56 CVE-2018-1000206 352 CSRF 2018-07-13 2019-06-03
6.8
None Remote Medium Not required Partial Partial Partial
JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1.
57 CVE-2018-14767 20 DoS Exec Code 2018-07-31 2018-10-04
7.5
None Remote Low Not required Partial Partial Partial
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "build_res_buf_from_sip_req" core function. This could result in denial of service and potentially the execution of arbitrary code.
58 CVE-2018-14744 416 2018-07-30 2018-09-26
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A use-after-free can occur in _pbcM_sp_query in map.c.
59 CVE-2018-14743 119 Overflow 2018-07-30 2018-09-26
5.0
None Remote Low Not required None None Partial
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in wiretype_decode in context.c.
60 CVE-2018-14742 119 Overflow 2018-07-30 2018-09-26
5.0
None Remote Low Not required None None Partial
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c during a memcpy.
61 CVE-2018-14741 119 Overflow 2018-07-30 2018-09-26
5.0
None Remote Low Not required None None Partial
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_pattern_pack in pattern.c.
62 CVE-2018-14740 119 Overflow 2018-07-30 2018-09-26
5.0
None Remote Low Not required None None Partial
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c while making a query.
63 CVE-2018-14739 119 Overflow 2018-07-30 2018-09-26
5.0
None Remote Low Not required None None Partial
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_pattern_set_default in pattern.c.
64 CVE-2018-14738 119 Overflow 2018-07-30 2018-09-26
5.0
None Remote Low Not required None None Partial
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_rmessage_message in rmessage.c.
65 CVE-2018-14737 476 2018-07-30 2018-09-26
5.0
None Remote Low Not required None None Partial
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A NULL pointer dereference can occur in pbc_wmessage_string in wmessage.c.
66 CVE-2018-14736 125 2018-07-30 2018-09-26
5.0
None Remote Low Not required None None Partial
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A buffer over-read can occur in pbc_wmessage_string in wmessage.c for PTYPE_ENUM.
67 CVE-2018-14734 416 DoS 2018-07-29 2019-04-23
6.1
None Local Low Not required Partial Partial Complete
drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).
68 CVE-2018-14686 79 XSS 2018-07-28 2018-09-28
4.3
None Remote Medium Not required None Partial None
system/edit_book.php in XYCMS 1.7 has stored XSS via a crafted add_do.php request, related to add_book.php.
69 CVE-2018-14685 200 +Info 2018-07-28 2018-09-28
5.0
None Remote Low Not required Partial None None
The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in Gxlcms v1.1.4 allows remote attackers to read arbitrary files via a crafted index.php?s=Admin-Tpl-ADD-id request, related to Lib/Common/Admin/function.php.
70 CVE-2018-14682 193 2018-07-28 2021-04-26
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.
71 CVE-2018-14681 787 2018-07-28 2021-04-26
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
72 CVE-2018-14680 20 2018-07-28 2021-04-26
4.3
None Remote Medium Not required None None Partial
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
73 CVE-2018-14679 193 DoS 2018-07-28 2021-04-26
4.3
None Remote Medium Not required None None Partial
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
74 CVE-2018-14678 665 DoS +Priv 2018-07-28 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges.
75 CVE-2018-14617 476 2018-07-27 2019-08-13
7.1
None Remote Medium Not required None None Complete
An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory.
76 CVE-2018-14616 476 2018-07-27 2019-04-03
7.1
None Remote Medium Not required None None Complete
An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference in fscrypt_do_page_crypto() in fs/crypto/crypto.c when operating on a file in a corrupted f2fs image.
77 CVE-2018-14615 119 Overflow 2018-07-27 2019-08-13
7.1
None Remote Medium Not required None None Complete
An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative.
78 CVE-2018-14614 476 2018-07-27 2019-04-03
7.1
None Remote Medium Not required None None Complete
An issue was discovered in the Linux kernel through 4.17.10. There is an out-of-bounds access in __remove_dirty_segment() in fs/f2fs/segment.c when mounting an f2fs image.
79 CVE-2018-14613 476 2018-07-27 2021-06-14
7.1
None Remote Medium Not required None None Complete
An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btrfs/tree-checker.c.
80 CVE-2018-14612 476 2018-07-27 2020-06-10
7.1
None Remote Medium Not required None None Complete
An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfs_read_block_groups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks in check_leaf in fs/btrfs/tree-checker.c.
81 CVE-2018-14611 416 2018-07-27 2020-06-10
7.1
None Remote Medium Not required None None Complete
An issue was discovered in the Linux kernel through 4.17.10. There is a use-after-free in try_merge_free_space() when mounting a crafted btrfs image, because of a lack of chunk type flag checks in btrfs_check_chunk_valid in fs/btrfs/volumes.c.
82 CVE-2018-14610 125 2018-07-27 2020-06-10
7.1
None Remote Medium Not required None None Complete
An issue was discovered in the Linux kernel through 4.17.10. There is out-of-bounds access in write_extent_buffer() when mounting and operating a crafted btrfs image, because of a lack of verification that each block group has a corresponding chunk at mount time, within btrfs_read_block_groups in fs/btrfs/extent-tree.c.
83 CVE-2018-14609 476 2018-07-27 2019-08-13
7.1
None Remote Medium Not required None None Complete
An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not been initialized.
84 CVE-2018-14608 311 Bypass 2018-07-26 2019-10-03
5.0
None Remote Low Not required Partial None None
Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level of protection might be inconsistent with some customers' expectations because the data is directly accessible in cleartext. Specifically, it stores customer data in unique directories (%install_path%\WinCSI\UT17DATA\client_ID\file_name.XX17) that can be bypassed without authentication by examining the strings of the .XX17 file. The strings stored in the .XX17 file contain each customer's: Full Name, Spouse's Name, Social Security Number, Date of Birth, Occupation, Home Address, Daytime Phone Number, Home Phone Number, Spouse's Address, Spouse's Daytime Phone Number, Spouse's Social Security Number, Spouse's Home Phone Number, Spouse's Occupation, Spouse's Date of Birth, and Spouse's Filing Status.
85 CVE-2018-14607 311 +Info 2018-07-26 2019-10-03
5.0
None Remote Low Not required Partial None None
Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer record transferred in cleartext contains: Client ID, Full Name, Spouse's Full Name, Social Security Number, Spouse's Social Security Number, Occupation, Spouse's Occupation, Daytime Phone, Home Phone, Tax Preparer, Federal and State Taxes to File, Bank Name, Bank Account Number, and possibly other sensitive information.
86 CVE-2018-14606 79 XSS 2018-07-27 2018-09-18
3.5
None Remote Medium ??? None Partial None
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion.
87 CVE-2018-14605 79 XSS 2018-07-27 2018-09-18
3.5
None Remote Medium ??? None Partial None
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit.
88 CVE-2018-14604 79 XSS 2018-07-27 2018-09-18
4.3
None Remote Medium Not required None Partial None
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline.
89 CVE-2018-14603 352 CSRF 2018-07-27 2018-09-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component.
90 CVE-2018-14602 200 +Info 2018-07-27 2018-09-18
5.0
None Remote Low Not required Partial None None
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. Information Disclosure can occur because the Prometheus metrics feature discloses private project pathnames.
91 CVE-2018-14601 DoS 2018-07-27 2019-10-03
5.0
None Remote Low Not required None None Partial
An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of Service can occur because Markdown rendering times are slow.
92 CVE-2018-14596 400 DoS 2018-07-25 2019-10-03
5.0
None Remote Low Not required None None Partial
wancms 1.0 through 5.0 allows remote attackers to cause a denial of service (resource consumption) via a checkcode (aka verification code) URI in which the values of font_size, width, and height are large numbers.
93 CVE-2018-14590 119 Overflow 2018-07-24 2018-09-07
5.0
None Remote Low Not required None None Partial
An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in AP4_Processor::ProcessFragments in Core/Ap4Processor.cpp.
94 CVE-2018-14589 125 2018-07-24 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue has been discovered in Bento4 1.5.1-624. AP4_Mp4AudioDsiParser::ReadBits in Codecs/Ap4Mp4AudioInfo.cpp has a heap-based buffer over-read.
95 CVE-2018-14588 476 2018-07-24 2019-10-03
5.0
None Remote Low Not required None None Partial
An issue has been discovered in Bento4 1.5.1-624. A NULL pointer dereference can occur in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp.
96 CVE-2018-14587 125 2018-07-24 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue has been discovered in Bento4 1.5.1-624. AP4_MemoryByteStream::WritePartial in Core/Ap4ByteStream.cpp has a buffer over-read.
97 CVE-2018-14586 119 Overflow 2018-07-24 2018-09-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in AP4_Mpeg2TsAudioSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp, a different vulnerability than CVE-2018-14532.
98 CVE-2018-14585 125 2018-07-24 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue has been discovered in Bento4 1.5.1-624. AP4_BytesToUInt16BE in Core/Ap4Utils.h has a heap-based buffer over-read after a call from the AP4_Stz2Atom class.
99 CVE-2018-14584 125 2018-07-24 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue has been discovered in Bento4 1.5.1-624. AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp has a heap-based buffer over-read.
100 CVE-2018-14583 352 CSRF 2018-07-24 2018-09-18
6.8
None Remote Medium Not required Partial Partial Partial
xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account.
Total number of vulnerabilities : 2175   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.