CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2951 CVE-2018-18059 125 2019-05-24 2019-05-29
2.6
None Remote High Not required None None Partial
An issue was discovered in Bitdefender Engines before 7.76675. A vulnerability has been discovered in the rar.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. Paired with other vulnerabilities, this can result in denial-of-service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
2952 CVE-2018-18058 369 2019-05-24 2019-05-29
2.6
None Remote High Not required None None Partial
An issue was discovered in Bitdefender Engines before 7.76662. A vulnerability has been discovered in the iso.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a division-by-zero circumstance. Paired with other vulnerabilities, this can result in denial-of-service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
2953 CVE-2018-18056 200 Exec Code +Info 2019-08-20 2019-09-12
2.1
None Local Low Not required Partial None None
An issue was discovered in the Texas Instruments (TI) TM4C, MSP432E and MSP432P microcontroller series. The eXecute-Only-Memory (XOM) implementation prevents code read-outs on protected memory by generating bus faults. However, single-stepping and using breakpoints is allowed in XOM-protected flash memory. As a consequence, it is possible to execute single instructions with arbitrary system states (e.g., registers, status flags, and SRAM content) and observe the state changes produced by the unknown instruction. An attacker could exploit this vulnerability by executing protected and unknown instructions with specific system states and observing the state changes. Based on the gathered information, it is possible to reverse-engineer the executed instructions. The processor acts as a kind of "instruction oracle."
2954 CVE-2018-17957 287 2018-12-26 2019-10-09
2.1
None Local Low Not required Partial None None
The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database.
2955 CVE-2018-17956 200 +Info 2019-03-15 2020-09-18
2.1
None Local Low Not required Partial None None
In yast2-samba-provision up to and including version 1.0.1 the password for samba shares was provided on the command line to tools used by yast2-samba-provision, allowing local attackers to read them in the process list
2956 CVE-2018-17766 732 Bypass 2020-09-09 2020-11-24
2.1
None Local Low Not required Partial None None
Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrictions via the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N.
2957 CVE-2018-17502 200 +Info 2019-03-21 2019-10-09
2.1
None Local Low Not required Partial None None
The Receptionist for iPad could allow a local attacker to obtain sensitive information, caused by an error in the contact.json file. An attacker could exploit this vulnerability to obtain the contact names, phone numbers and emails.
2958 CVE-2018-17500 522 +Info 2019-03-21 2020-08-24
2.1
None Local Low Not required Partial None None
Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker could exploit this vulnerability to obtain sensitive information.
2959 CVE-2018-17499 532 +Info 2019-03-21 2019-10-09
2.1
None Local Low Not required Partial None None
Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could exploit this vulnerability to obtain two API keys, a token and other sensitive information.
2960 CVE-2018-17497 1188 2019-03-21 2020-08-24
2.1
None Local Low Not required Partial None None
eVisitorPass contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.
2961 CVE-2018-17492 798 2019-03-21 2019-10-09
2.1
None Local Low Not required Partial None None
EasyLobby Solo contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.
2962 CVE-2018-17489 312 +Info 2019-03-21 2019-10-09
2.1
None Local Low Not required Partial None None
EasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the storing of the social security number in plaintext. By visiting the kiosk and viewing the Visitor table of the database, an attacker could exploit this vulnerability to view stored social security numbers.
2963 CVE-2018-17485 1188 2019-03-21 2020-08-24
2.1
None Local Low Not required Partial None None
Lobby Track Desktop contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.
2964 CVE-2018-17483 200 +Info 2019-03-21 2019-10-09
2.1
None Local Low Not required Partial None None
Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and viewing the driver's license column, an attacker could exploit this vulnerability to view the driver's license number and other personal information.
2965 CVE-2018-17482 200 +Info 2019-03-21 2019-10-09
2.1
None Local Low Not required Partial None None
Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and clicking on reports, an attacker could exploit this vulnerability to gain access to all visitor records and obtain sensitive information.
2966 CVE-2018-17404 200 +Info 2018-09-23 2018-11-27
2.6
None Remote High Not required Partial None None
The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow an attacker to sniff private information such as mobile number, PAN number (from a government-issued ID), and date of birth.
2967 CVE-2018-17402 200 +Info 2018-09-23 2018-11-08
2.6
None Remote High Not required Partial None None
** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to discover the Credit/Debit card number, expiration date, and CVV number. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots.
2968 CVE-2018-17178 Exec Code 2018-09-18 2021-06-17
2.9
None Local Network Medium Not required None Partial None
An issue was discovered on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands (sent to /bin/webserver on port 8081) if they already have an active session. Commands like forward, back, arc-left, arc-right, pivot-left, and pivot-right are executed even though the web socket replies with { "message" : "invalid authorization header" }. Without an active session, commands are still interpreted, but (except for eco-on and eco-off) have no effect, since without active driving, a driving direction does not change anything.
2969 CVE-2018-17177 326 2018-09-18 2021-06-17
2.1
None Local Low Not required Partial None None
An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called "black box" logs (event logs and core dumps) to a USB stick. These logs are RC4-encrypted with a 9-character password of *^JEd4W!I that is obfuscated by hiding it within a custom /bin/rc4_crypt binary.
2970 CVE-2018-17155 200 +Info 2018-09-28 2018-11-23
2.1
None Local Low Not required Partial None None
In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts privileged kernel data.
2971 CVE-2018-16883 200 +Info 2018-12-19 2019-10-09
2.1
None Local Low Not required Partial None None
sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.
2972 CVE-2018-16878 400 2019-04-18 2021-01-07
2.1
None Local Low Not required None None Partial
A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS
2973 CVE-2018-16866 125 2019-01-11 2019-05-13
2.1
None Local Low Not required Partial None None
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.
2974 CVE-2018-16862 200 +Info 2018-11-26 2019-04-01
2.1
None Local Low Not required Partial None None
A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.
2975 CVE-2018-16859 532 2018-11-29 2019-04-03
2.1
None Local Low Not required Partial None None
Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.
2976 CVE-2018-16837 311 2018-10-23 2019-10-03
2.1
None Local Low Not required Partial None None
Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.
2977 CVE-2018-16514 79 XSS 2019-06-20 2019-06-21
2.6
None Remote High Not required None Partial None
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filter_edit_page.php) in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-13055.
2978 CVE-2018-16498 312 2021-05-26 2021-06-07
2.1
None Local Low Not required Partial None None
In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL and Trust keystores.
2979 CVE-2018-16427 125 2018-09-04 2019-08-06
2.1
None Local Low Not required None None Partial
Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.
2980 CVE-2018-16426 674 2018-09-04 2019-10-03
2.1
None Local Low Not required None None Partial
Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs.
2981 CVE-2018-16252 611 2018-09-05 2018-12-04
2.1
None Local Low Not required Partial None None
FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection.
2982 CVE-2018-16242 294 Bypass 2018-09-14 2019-10-03
2.9
None Local Network Medium Not required None Partial None
oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable nonce used in the locking protocol.
2983 CVE-2018-16222 522 2018-11-20 2019-10-03
2.1
None Local Low Not required Partial None None
Cleartext Storage of credentials in the iSmartAlarmData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password.
2984 CVE-2018-16079 362 2019-01-09 2019-01-15
2.6
None Remote High Not required None Partial None
A race condition between permission prompts and navigations in Prompts in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
2985 CVE-2018-16075 2019-06-27 2020-08-24
2.6
None Remote High Not required Partial None None
Insufficient file type enforcement in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain local file data via a crafted HTML page.
2986 CVE-2018-15864 476 2018-08-25 2019-08-06
2.1
None Local Low Not required None None Partial
Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created.
2987 CVE-2018-15863 476 2018-08-25 2019-08-06
2.1
None Local Low Not required None None Partial
Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression.
2988 CVE-2018-15862 476 2018-08-25 2019-08-06
2.1
None Local Low Not required None None Partial
Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers.
2989 CVE-2018-15861 476 2018-08-25 2019-08-06
2.1
None Local Low Not required None None Partial
Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure.
2990 CVE-2018-15859 476 2018-08-25 2019-08-06
2.1
None Local Low Not required None None Partial
Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled.
2991 CVE-2018-15858 476 2018-08-25 2019-03-19
2.1
None Local Low Not required None None Partial
Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file.
2992 CVE-2018-15856 835 DoS 2018-08-25 2019-10-03
2.1
None Local Low Not required None None Partial
An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files.
2993 CVE-2018-15855 476 2018-08-25 2019-08-06
2.1
None Local Low Not required None None Partial
Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled.
2994 CVE-2018-15854 476 2018-08-25 2019-08-06
2.1
None Local Low Not required None None Partial
Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly.
2995 CVE-2018-15853 400 2018-08-25 2019-08-06
2.1
None Local Low Not required None None Partial
Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation.
2996 CVE-2018-15809 732 2018-08-23 2020-08-24
2.1
None Local Low Not required None Partial None
AccuPOS 2017.8 is installed with the insecure "Authenticated Users: Modify" permission for files within the installation path. This may allow local attackers to compromise the integrity of critical resource and executable files.
2997 CVE-2018-15765 200 Exec Code +Info 2018-10-18 2019-10-09
2.1
None Local Low Not required Partial None None
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks.
2998 CVE-2018-15749 134 2018-09-06 2020-05-11
2.1
None Local Low Not required Partial None None
The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability.
2999 CVE-2018-15746 DoS 2018-08-29 2020-09-10
2.1
None Local Low Not required None None Partial
qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.
3000 CVE-2018-15738 20 2019-07-09 2019-07-15
2.1
None Local Low Not required None Partial None
An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x8000205F.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.