CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1001 CVE-2018-12763 125 2018-07-20 2019-08-21
5.0
None Remote Low Not required Partial None None
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
1002 CVE-2018-12762 125 2018-07-20 2019-08-21
5.0
None Remote Low Not required Partial None None
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
1003 CVE-2018-12761 125 2018-07-20 2019-08-21
4.3
None Remote Medium Not required Partial None None
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
1004 CVE-2018-12760 787 Exec Code 2018-07-20 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1005 CVE-2018-12758 787 Exec Code 2018-07-20 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1006 CVE-2018-12757 125 2018-07-20 2019-08-21
5.0
None Remote Low Not required Partial None None
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
1007 CVE-2018-12756 416 Exec Code 2018-07-20 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1008 CVE-2018-12755 787 Exec Code 2018-07-20 2020-02-24
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1009 CVE-2018-12754 787 Exec Code 2018-07-20 2020-02-24
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1010 CVE-2018-12739 352 CSRF 2018-07-05 2018-08-27
6.8
None Remote Medium Not required Partial Partial Partial
In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266.
1011 CVE-2018-12691 362 Bypass 2018-07-05 2018-09-04
4.3
None Remote Medium Not required None Partial None
Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection.
1012 CVE-2018-12584 119 DoS Exec Code Overflow 2018-07-16 2021-12-29
7.5
None Remote Low Not required Partial Partial Partial
The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service (buffer overflow) or possibly execute arbitrary code when TLS communication is enabled.
1013 CVE-2018-12577 78 2018-07-02 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection.
1014 CVE-2018-12576 1021 2018-07-02 2019-10-03
4.3
None Remote Medium Not required None Partial None
TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking.
1015 CVE-2018-12575 287 Bypass 2018-07-02 2018-09-04
7.5
None Remote Low Not required Partial Partial Partial
On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request.
1016 CVE-2018-12574 352 CSRF 2018-07-02 2018-09-04
6.8
None Remote Medium Not required Partial Partial Partial
CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices.
1017 CVE-2018-12571 918 2018-07-05 2018-09-04
7.5
None Remote Low Not required Partial Partial Partial
uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome.
1018 CVE-2018-12540 352 CSRF 2018-07-12 2020-09-08
6.8
None Remote Medium Not required Partial Partial Partial
In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.
1019 CVE-2018-12529 352 CSRF 2018-07-02 2018-09-05
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF injection point vulnerabilities including changing user passwords and router settings.
1020 CVE-2018-12528 434 2018-07-02 2018-09-05
7.5
None Remote Low ??? None Partial Complete
An issue was discovered on Intex N150 devices. The backup/restore option does not check the file extension uploaded for importing a configuration files backup, which can lead to corrupting the router firmware settings or even the uploading of malicious files. In order to exploit the vulnerability, an attacker can upload any malicious file and force reboot the router with it.
1021 CVE-2018-12520 335 2018-07-05 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and standard library in use by the host running the service and the username of the user whose session they're targeting can abuse the deterministic random number generation in order to hijack the user's session, thus escalating their access.
1022 CVE-2018-12499 295 2018-07-02 2018-09-07
5.8
None Remote Medium Not required Partial Partial None
The Motorola MBP853 firmware does not correctly validate server certificates. This allows for a Man in The Middle (MiTM) attack to take place between a Motorola MBP853 camera and the servers it communicates with. In one such instance, it was identified that the device was downloading what appeared to be a client certificate.
1023 CVE-2018-12463 611 2018-07-12 2020-09-16
7.5
None Remote Low Not required Partial Partial Partial
An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
1024 CVE-2018-12462 79 XSS 2018-07-10 2019-10-09
4.3
None Remote Medium Not required None Partial None
NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities.
1025 CVE-2018-12461 295 2018-07-10 2019-10-09
5.0
None Remote Low Not required None Partial None
Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation.
1026 CVE-2018-12429 79 XSS 2018-07-18 2018-09-14
3.5
None Remote Medium ??? None Partial None
JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie.
1027 CVE-2018-12426 434 Exec Code 2018-07-02 2021-07-20
7.5
None Remote Low Not required Partial Partial Partial
The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jpeg content type.
1028 CVE-2018-12255 79 XSS 2018-07-03 2018-08-30
4.3
None Remote Medium Not required None Partial None
An XSS issue was discovered in InvoicePlane 1.5.10 via the "Quote PDF Password(Optional)" field.
1029 CVE-2018-12230 191 2018-07-10 2018-09-11
5.0
None Remote Low Not required None Partial None
An wrong logical check identified in the transferFrom function of a smart contract implementation for RemiCoin (RMC), an Ethereum ERC20 token, allows the attacker to steal tokens or conduct resultant integer underflow attacks.
1030 CVE-2018-12113 119 Exec Code Overflow 2018-07-05 2018-08-28
7.5
None Remote Low Not required Partial Partial Partial
Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a DoS or remote code execution via a PASV response.
1031 CVE-2018-12103 863 2018-07-05 2019-10-03
3.3
None Local Network Low Not required None Partial None
An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unauthorized login attempts to the access point.
1032 CVE-2018-12021 200 +Info 2018-07-05 2019-05-16
6.8
None Remote Low ??? Complete None None
Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features.
1033 CVE-2018-12018 129 DoS 2018-07-05 2018-09-04
5.0
None Remote Low Not required None None Partial
The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers to launch a Denial of Service attack by sending a packet with a -1 query.Skip value. The vulnerable remote node would be crashed by such an attack immediately, aka the EPoD (Ethereum Packet of Death) issue.
1034 CVE-2018-11757 2018-07-23 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation.
1035 CVE-2018-11756 2018-07-23 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation.
1036 CVE-2018-11746 522 2018-07-03 2020-12-16
5.0
None Remote Low Not required Partial None None
In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery.
1037 CVE-2018-11717 532 +Info 2018-07-16 2018-09-19
5.0
None Remote Low Not required Partial None None
An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependent attacker can obtain (depending on the modules configured) the Base64 encoded Password/Username of AD accounts, the cleartext Password/Username and mail settings of the EAS account (an AD account used to send mail), the cleartext password of recovery_password of Android devices, the cleartext password of account "set", the location of devices enrolled in the platform (with UUID and information related to the name of the person at the location), critical information about all enrolled devices such as Serial Number, UUID, Model, Name, and auth_session_token (usable to spoof a terminal identity on the platform), etc.
1038 CVE-2018-11716 532 2018-07-16 2018-09-17
5.0
None Remote Low Not required Partial None None
An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information (private information such as location of enrolled devices, cleartext passwords, patching level, etc.) via a GET request on port 8022, 8443, or 8444.
1039 CVE-2018-11643 89 Exec Code Sql 2018-07-03 2018-08-31
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to execute arbitrary SQL commands via the filterPattern parameter.
1040 CVE-2018-11642 732 Exec Code 2018-07-03 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user.
1041 CVE-2018-11641 798 2018-07-03 2018-09-04
7.5
None Remote Low Not required Partial Partial Partial
Use of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to interact with a web service.
1042 CVE-2018-11640 611 DoS 2018-07-03 2018-09-07
6.4
None Remote Low Not required Partial None Partial
XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service (resource consumption).
1043 CVE-2018-11639 522 2018-07-03 2019-10-03
4.3
None Remote Medium Not required Partial None None
Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to access a user's password in cleartext.
1044 CVE-2018-11638 434 Exec Code 2018-07-03 2018-09-05
9.0
None Remote Low ??? Complete Complete Complete
Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to gain code execution.
1045 CVE-2018-11637 59 +Info 2018-07-03 2020-08-24
5.0
None Remote Low Not required Partial None None
Information leakage vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to read arbitrary files from the /var/ directory because a symlink exists under the web root.
1046 CVE-2018-11636 352 CSRF 2018-07-03 2018-08-31
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions.
1047 CVE-2018-11635 798 Bypass 2018-07-03 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication.
1048 CVE-2018-11634 522 2018-07-03 2019-10-03
2.1
None Local Low Not required Partial None None
Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading /var/www/xms/xmsdb/default.db.
1049 CVE-2018-11623 704 Exec Code 2018-07-31 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addAdLayer method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6003.
1050 CVE-2018-11622 787 Exec Code 2018-07-31 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-5873.
Total number of vulnerabilities : 2175   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 (This Page)22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.