CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2018-6844 79 XSS 2018-02-08 2018-02-26
3.5
None Remote Medium ??? None Partial None
MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen.
252 CVE-2018-6836 763 DoS 2018-02-08 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
253 CVE-2018-6835 20 Bypass 2018-02-08 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions.
254 CVE-2018-6834 79 XSS 2018-02-08 2018-02-26
4.3
None Remote Medium Not required None Partial None
static/js/pad_utils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href.
255 CVE-2018-6829 327 +Info 2018-02-07 2020-01-15
5.0
None Remote Low Not required Partial None None
cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.
256 CVE-2018-6827 295 Exec Code +Info 2018-02-09 2018-03-08
6.8
None Remote Medium Not required Partial Partial Partial
VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information, and consequently execute arbitrary code, via a crafted certificate, as demonstrated by leveraging a hardcoded --no-check-certificate Wget option.
257 CVE-2018-6826 Exec Code 2018-02-09 2019-10-03
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered on VOBOT CLOCK before 0.99.30 devices. Cleartext HTTP is used to download a breakout program, and therefore man-in-the-middle attackers can execute arbitrary code by watching for a local user to launch the Breakout Easter Egg feature, and then sending a crafted HTTP response.
258 CVE-2018-6825 798 2018-02-09 2018-03-08
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH server exists with a hardcoded vobot account that has root access.
259 CVE-2018-6824 79 XSS 2018-02-07 2018-02-27
4.3
None Remote Medium Not required None Partial None
Cozy version 2 has XSS allowing remote attackers to obtain administrative access via JavaScript code in the url parameter to the /api/proxy URI, as demonstrated by an XMLHttpRequest call with an 'email:"attacker@example.com"' request, which can be followed by a password reset.
260 CVE-2018-6823 2018-02-07 2020-05-11
10.0
None Remote Low Not required Complete Complete Complete
In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root.
261 CVE-2018-6822 Exec Code 2018-02-07 2020-05-11
10.0
None Remote Low Not required Complete Complete Complete
In PureVPN 6.0.1 on macOS, HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root.
262 CVE-2018-6806 200 +Info 2018-02-07 2019-09-11
4.3
None Remote Medium Not required Partial None None
Marked 2 through 2.5.11 allows remote attackers to read arbitrary files via a crafted HTML document that triggers a redirect to an x-marked://preview?text= URL. The value of the text parameter can include arbitrary JavaScript code, e.g., making XMLHttpRequest calls.
263 CVE-2018-6799 119 DoS Overflow 2018-02-07 2019-06-30
6.8
None Remote Medium Not required Partial Partial Partial
The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used.
264 CVE-2018-6796 79 XSS 2018-02-07 2018-02-26
3.5
None Remote Medium ??? None Partial None
PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored XSS via every profile input field.
265 CVE-2018-6795 79 XSS 2018-02-07 2018-03-01
3.5
None Remote Medium ??? None Partial None
PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every profile input field.
266 CVE-2018-6794 693 Bypass 2018-02-07 2019-03-01
5.0
None Remote Low Not required None Partial None
Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content; signatures for TCP packets will inspect such network traffic as usual.
267 CVE-2018-6792 89 Exec Code Sql 2018-02-07 2018-03-01
6.5
None Remote Low ??? Partial Partial Partial
Multiple SQL injection vulnerabilities in Saifor CVMS HUB 1.3.1 allow an authenticated user to execute arbitrary SQL commands via multiple parameters to the /cvms-hub/privado/seccionesmib/secciones.xhtml resource. The POST parameters are j_idt118, j_idt120, j_idt122, j_idt124, j_idt126, j_idt128, and j_idt130 under formularioGestionarSecciones:tablaSeccionesMib:*:filter. The GET parameter is nombreAgente.
268 CVE-2018-6791 78 Exec Code 2018-02-07 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is "$(touch b)" -- this will create a file called b in the home folder.
269 CVE-2018-6790 200 +Info 2018-02-07 2019-08-06
5.0
None Remote Low Not required Partial None None
An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element.
270 CVE-2018-6789 119 Exec Code Overflow 2018-02-08 2021-06-03
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
271 CVE-2018-6788 20 DoS 2018-02-06 2018-02-22
6.1
None Local Low Not required Partial Partial Complete
In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x2208C0.
272 CVE-2018-6787 20 DoS 2018-02-06 2018-02-22
6.1
None Local Low Not required Partial Partial Complete
In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x221808.
273 CVE-2018-6786 20 DoS 2018-02-06 2018-02-22
6.1
None Local Low Not required Partial Partial Complete
In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220840.
274 CVE-2018-6785 20 DoS 2018-02-06 2018-02-22
6.1
None Local Low Not required Partial Partial Complete
In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008254.
275 CVE-2018-6784 20 DoS 2018-02-06 2018-02-22
6.1
None Local Low Not required Partial Partial Complete
In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A00824C.
276 CVE-2018-6783 20 DoS 2018-02-06 2018-02-22
6.1
None Local Low Not required Partial Partial Complete
In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A00825C.
277 CVE-2018-6782 20 DoS 2018-02-06 2018-02-22
6.1
None Local Low Not required Partial Partial Complete
In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A0081DC.
278 CVE-2018-6781 20 DoS 2018-02-06 2018-02-22
6.1
None Local Low Not required Partial Partial Complete
In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008264.
279 CVE-2018-6780 20 DoS 2018-02-06 2018-02-22
6.1
None Local Low Not required Partial Partial Complete
In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A0081E4.
280 CVE-2018-6779 20 DoS 2018-02-06 2018-02-22
6.1
None Local Low Not required Partial Partial Complete
In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008240.
281 CVE-2018-6778 20 DoS 2018-02-06 2018-02-22
6.1
None Local Low Not required Partial Partial Complete
In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008268.
282 CVE-2018-6777 20 DoS 2018-02-06 2018-02-22
6.1
None Local Low Not required Partial Partial Complete
In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220400.
283 CVE-2018-6776 20 DoS 2018-02-06 2018-02-22
6.1
None Local Low Not required Partial Partial Complete
In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A00813C.
284 CVE-2018-6775 20 DoS 2018-02-06 2018-02-22
6.1
None Local Low Not required Partial Partial Complete
In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x990081C8.
285 CVE-2018-6774 20 DoS 2018-02-06 2018-02-22
6.1
None Local Low Not required Partial Partial Complete
In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008088.
286 CVE-2018-6773 20 DoS 2018-02-06 2018-02-22
6.1
None Local Low Not required Partial Partial Complete
In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008084.
287 CVE-2018-6772 20 DoS 2018-02-06 2018-02-22
6.1
None Local Low Not required Partial Partial Complete
In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x99008208.
288 CVE-2018-6771 20 DoS 2018-02-06 2018-02-22
6.1
None Local Low Not required Partial Partial Complete
In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x99008224.
289 CVE-2018-6770 20 DoS 2018-02-06 2018-02-22
6.1
None Local Low Not required Partial Partial Complete
In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x99008210.
290 CVE-2018-6769 20 DoS 2018-02-06 2018-02-22
6.1
None Local Low Not required Partial Partial Complete
In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x99008020.
291 CVE-2018-6768 20 DoS 2018-02-06 2018-02-22
6.1
None Local Low Not required Partial Partial Complete
In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008090.
292 CVE-2018-6767 125 2018-02-06 2019-12-20
6.8
None Remote Medium Not required Partial Partial Partial
A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.
293 CVE-2018-6764 346 Exec Code Bypass 2018-02-23 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.
294 CVE-2018-6759 20 DoS 2018-02-06 2019-10-31
4.3
None Remote Medium Not required None None Partial
The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.
295 CVE-2018-6758 787 Overflow 2018-02-06 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.
296 CVE-2018-6656 352 CSRF 2018-02-06 2018-03-13
5.8
None Remote Medium Not required None Partial Partial
Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as demonstrated by deleting files and directories.
297 CVE-2018-6655 79 XSS 2018-02-07 2018-02-26
3.5
None Remote Medium ??? None Partial None
PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an arbitrary profile field.
298 CVE-2018-6654 346 2018-02-06 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover authentication tokens via an 'action: "user"' request to iframe.gr_-ifr, because the exposure of these tokens is not restricted to any specific web site.
299 CVE-2018-6651 352 Bypass 2018-02-05 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, insufficient Origin header validation (accepting an arbitrary substring match) for WebSocket API requests allows remote attackers to bypass intended access restrictions. In Parsec, this means full control over the victim's computer.
300 CVE-2018-6644 476 2018-02-08 2018-02-27
5.0
None Remote Low Not required None None Partial
SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null pointer (DoS) vulnerability via a crafted POST request to the /cimom URI.
Total number of vulnerabilities : 1328   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.