CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2018-14029 352 CSRF 2018-07-13 2018-09-06
6.8
None Remote Medium Not required Partial Partial Partial
CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account, as demonstrated by modifying the account's email field.
352 CVE-2018-14017 125 DoS 2018-07-12 2020-10-15
4.3
None Remote Medium Not required None None Partial
The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted .class file because of missing input validation in r_bin_java_line_number_table_attr_new.
353 CVE-2018-14016 125 DoS 2018-07-12 2020-10-15
4.3
None Remote Medium Not required None None Partial
The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Mini Crash Dump file.
354 CVE-2018-14015 119 DoS Overflow 2018-07-12 2020-10-15
4.3
None Remote Medium Not required None None Partial
The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file because of missing input validation in r_bin_dwarf_parse_comp_unit in libr/bin/dwarf.c.
355 CVE-2018-14014 352 CSRF 2018-07-12 2018-09-06
6.8
None Remote Medium Not required Partial Partial Partial
In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.php?m=Member&a=adminadd.
356 CVE-2018-14012 89 Sql 2018-07-12 2018-09-05
7.5
None Remote Low Not required Partial Partial Partial
WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the default URI.
357 CVE-2018-14010 78 Exec Code 2018-07-15 2018-09-12
10.0
None Remote Low Not required Complete Complete Complete
OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.
358 CVE-2018-14009 20 Exec Code 2018-07-12 2021-03-31
10.0
None Remote Low Not required Complete Complete Complete
Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.
359 CVE-2018-14006 190 Overflow 2018-07-12 2019-11-25
5.0
None Remote Low Not required None Partial None
An integer overflow vulnerability exists in the function multipleTransfer of Neo Genesis Token (NGT), an Ethereum token smart contract. An attacker could use it to set any user's balance.
360 CVE-2018-14005 190 Overflow 2018-07-12 2019-11-26
5.0
None Remote Low Not required None Partial None
An integer overflow vulnerability exists in the function transferAny of Malaysia coins (Xmc), an Ethereum token smart contract. An attacker could use it to set any user's balance.
361 CVE-2018-14004 190 Overflow 2018-07-12 2018-08-13
5.0
None Remote Low Not required None Partial None
An integer overflow vulnerability exists in the function transfer_tokens_after_ICO of GlobeCoin (GLB), an Ethereum token smart contract. An attacker could use it to set any user's balance.
362 CVE-2018-14003 190 Overflow 2018-07-12 2019-10-11
5.0
None Remote Low Not required None Partial None
An integer overflow vulnerability exists in the function batchTransfer of WeMediaChain (WMC), an Ethereum token smart contract. An attacker could use it to set any user's balance.
363 CVE-2018-14002 190 Overflow 2018-07-12 2018-08-13
5.0
None Remote Low Not required None Partial None
An integer overflow vulnerability exists in the function distribute of MP3 Coin (MP3), an Ethereum token smart contract. An attacker could use it to set any user's balance.
364 CVE-2018-14001 190 Overflow 2018-07-12 2018-07-17
5.0
None Remote Low Not required None Partial None
An integer overflow vulnerability exists in the function batchTransfer of SHARKTECH (SKT), an Ethereum token smart contract. An attacker could use it to set any user's balance.
365 CVE-2018-13999 79 XSS 2018-07-12 2018-09-04
3.5
None Remote Medium ??? None Partial None
Catfish CMS v4.7.9 allows XSS via the admin/Index/write.html editorValue parameter (aka an article posted by an administrator).
366 CVE-2018-13998 79 XSS 2018-07-12 2018-09-04
3.5
None Remote Medium ??? None Partial None
ClipperCMS 1.3.3 has stored XSS via the Full Name field of (1) Security -> Manager Users or (2) Security -> Web Users.
367 CVE-2018-13997 119 Overflow 2018-07-12 2018-09-05
5.0
None Remote Low Not required None None Partial
Genann through 2018-07-08 has a SEGV in genann_run in genann.c.
368 CVE-2018-13996 125 2018-07-12 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
Genann through 2018-07-08 has a stack-based buffer over-read in genann_train in genann.c.
369 CVE-2018-13989 352 CSRF 2018-07-11 2018-09-06
8.3
None Remote Medium Not required Partial Partial Complete
Grundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks via a POST request to TCP port 8085 containing a predictable ID value, as demonstrated by a /sendrcpackage?keyid=-2544&keysymbol=-4081 request to shut off the device.
370 CVE-2018-13988 125 DoS Mem. Corr. 2018-07-25 2019-04-25
4.3
None Remote Medium Not required None None Partial
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.
371 CVE-2018-13981 434 Exec Code 2018-07-16 2018-09-12
7.5
None Remote Low Not required Partial Partial Partial
The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated remote code execution due to a default component that permits arbitrary upload of PHP files, because the formmailer widget blocks .php files but not .php5 or .phtml files. This is related to /assets/php/formmailer/SendEmail.php and /assets/php/formmailer/functions.php.
372 CVE-2018-13980 22 Dir. Trav. 2018-07-16 2020-09-16
2.1
None Local Low Not required Partial None None
The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated file disclosure if the plugin "filebrowser" is installed, because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal.
373 CVE-2018-13879 79 XSS 2018-07-11 2018-09-05
3.5
None Remote Medium ??? None Partial None
A reflected XSS issue was discovered in the registration form in Rocket.Chat before 0.66. When one creates an account, the next step will ask for a username. This field will not save HTML control characters but an error will be displayed that shows the attempted username unescaped via packages/rocketchat-ui-login/client/username/username.js in packages/rocketchat-ui-login/client/username/username.html.
374 CVE-2018-13878 79 XSS 2018-07-11 2018-09-05
4.3
None Remote Medium Not required None Partial None
An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js in Rocket.Chat before 0.65. The real name of a username is displayed unescaped when the user is mentioned (using the @ symbol) in a channel or private chat. Consequently, it is possible to exfiltrate the secret token of every user and also admins in the channel.
375 CVE-2018-13876 787 Overflow 2018-07-10 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDread.
376 CVE-2018-13875 125 2018-07-10 2018-09-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the HDF HDF5 1.8.20 library. There is an out-of-bounds read in the function H5VM_memcpyvv in H5VM.c.
377 CVE-2018-13874 787 Overflow 2018-07-10 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDmemset.
378 CVE-2018-13873 125 2018-07-10 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the HDF HDF5 1.8.20 library. There is a buffer over-read in H5O_chunk_deserialize in H5Ocache.c.
379 CVE-2018-13872 787 Overflow 2018-07-10 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5G_ent_decode in H5Gent.c.
380 CVE-2018-13871 787 Overflow 2018-07-10 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5FL_blk_malloc in H5FL.c.
381 CVE-2018-13870 125 2018-07-10 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_link_decode in H5Olink.c.
382 CVE-2018-13869 119 Overflow 2018-07-10 2018-08-31
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5O_link_decode in H5Olink.c.
383 CVE-2018-13868 125 2018-07-10 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_fill_old_decode in H5Ofill.c.
384 CVE-2018-13867 125 2018-07-10 2018-08-28
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5F__accum_read in H5Faccum.c.
385 CVE-2018-13866 125 2018-07-10 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer over-read in the function H5F_addr_decode_len in H5Fint.c.
386 CVE-2018-13865 79 XSS Bypass 2018-07-10 2018-09-06
4.3
None Remote Medium Not required None Partial None
An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism.
387 CVE-2018-13864 22 Dir. Trav. 2018-07-17 2019-11-25
5.0
None Remote Low Not required Partial None None
A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests.
388 CVE-2018-13863 DoS 2018-07-10 2019-10-03
5.0
None Remote Low Not required None None Partial
The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long untrusted string.
389 CVE-2018-13862 2018-07-17 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization).
390 CVE-2018-13861 2018-07-17 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example.
391 CVE-2018-13860 200 +Info 2018-07-17 2018-09-17
5.0
None Remote Low Not required Partial None None
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the "/xml/menu/getObjectEditor.xml" URL, using a "?oid=systemSetup&id=_0" or "?oid=systemUsers&id=_0" GET request.
392 CVE-2018-13859 2018-07-17 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization).
393 CVE-2018-13858 2018-07-17 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example.
394 CVE-2018-13850 89 Sql 2018-07-10 2018-09-07
7.5
None Remote Low Not required Partial Partial Partial
The "Firebase Cloud Messaging (FCM) + Advance Admin Panel" component supporting Firebase Push Notification on iOS (through 2017-10-26) allows SQL injection via the /advance_push/public/login username parameter.
395 CVE-2018-13849 79 XSS 2018-07-10 2018-09-05
4.3
None Remote Medium Not required None Partial None
edit_requests.php in yTakkar Instagram-clone through 2018-04-23 has XSS via an onmouseover payload because of an inadequate XSS protection mechanism based on preg_replace.
396 CVE-2018-13848 119 Overflow 2018-07-10 2018-08-30
5.0
None Remote Low Not required None None Partial
An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StszAtom::GetSampleSize in Core/Ap4StszAtom.cpp.
397 CVE-2018-13847 119 Overflow 2018-07-10 2018-08-30
5.0
None Remote Low Not required None None Partial
An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StcoAtom::AdjustChunkOffsets in Core/Ap4StcoAtom.cpp.
398 CVE-2018-13846 125 2018-07-10 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
An issue has been found in Bento4 1.5.1-624. AP4_Mpeg2TsVideoSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp has a heap-based buffer over-read after a call from Mp42Ts.cpp, a related issue to CVE-2018-14532.
399 CVE-2018-13845 125 2018-07-10 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
An issue has been found in HTSlib 1.8. It is a buffer over-read in sam_parse1 in sam.c.
400 CVE-2018-13844 772 2018-07-10 2021-08-13
5.0
None Remote Low Not required None None Partial
** DISPUTED ** An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. NOTE: This has been disputed with the assertion that this vulnerability exists in the test harness and HTSlib users would be aware of the need to destruct this object returned by fai_load() in their own code.
Total number of vulnerabilities : 2175   Page : 1 2 3 4 5 6 7 8 (This Page)9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.