CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2018 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-1000061 20 Bypass 2018-02-09 2018-03-08
7.5
None Remote Low Not required Partial Partial Partial
ARM mbedTLS version development branch, 2.7.0 and earlier contains a CWE-670, Incorrect condition control flow leading to incorrect return, leading to data loss vulnerability in ssl_write_real(), library/ssl_tls.c:7142 that can result in Leads to data loss, can be escalated to DoS and authorization bypass in application protocols. This attack appear to be exploitable via network connectivity.
2 CVE-2018-1000059 502 Exec Code 2018-02-09 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose file contents in file system.
3 CVE-2018-1000044 89 Exec Code Sql 2018-02-09 2018-02-28
7.5
None Remote Low Not required Partial Partial Partial
Security Onion Solutions Squert version 1.1.1 through 1.6.7 contains a SQL Injection vulnerability in .inc/callback.php that can result in execution of SQL commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the sensors parameter, used in ec(). This vulnerability appears to have been fixed in 1.7.0.
4 CVE-2018-1000043 78 Exec Code 2018-02-09 2018-03-01
10.0
None Remote Low Not required Complete Complete Complete
Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the txdata parameter, used in tx()/transcript(), or the catdata parameter, used in cat(). This vulnerability appears to have been fixed in 1.7.0.
5 CVE-2018-1000042 78 Exec Code 2018-02-09 2018-03-01
10.0
None Remote Low Not required Complete Complete Complete
Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the data or obj parameters, used in autocat(). This vulnerability appears to have been fixed in 1.7.0.
6 CVE-2018-1000019 78 2018-02-09 2018-03-01
9.0
None Remote Low ??? Complete Complete Complete
OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in fax_dispatch.php that can result in OS command injection by an authenticated attacker with any role. This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher.
7 CVE-2018-7554 416 DoS 2018-02-28 2019-03-01
7.5
None Remote Low Not required Partial Partial Partial
There is an invalid free in ReadImage in input-bmp.ci that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
8 CVE-2018-7553 787 DoS Overflow 2018-02-28 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
There is a heap-based buffer overflow in the pcxLoadRaster function of in_pcx.cpp in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
9 CVE-2018-7552 119 DoS Overflow 2018-02-28 2019-03-13
7.5
None Remote Low Not required Partial Partial Partial
There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
10 CVE-2018-7551 416 DoS 2018-02-28 2019-03-13
7.5
None Remote Low Not required Partial Partial Partial
There is an invalid free in MiniPS::delete0 in minips.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
11 CVE-2018-7548 476 2018-02-27 2019-03-05
7.5
None Remote Low Not required Partial Partial Partial
In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.
12 CVE-2018-7489 184 Exec Code Bypass 2018-02-26 2021-03-25
7.5
None Remote Low Not required Partial Partial Partial
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.
13 CVE-2018-7485 119 DoS Overflow 2018-02-26 2019-08-06
7.5
None Remote Low Not required Partial Partial Partial
The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact.
14 CVE-2018-7484 426 2018-02-26 2018-03-17
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in PureVPN through 5.19.4.0 on Windows. The client installation grants the Everyone group Full Control permission to the installation directory. In addition, the PureVPNService.exe service, which runs under NT Authority\SYSTEM privileges, tries to load several dynamic-link libraries using relative paths instead of the absolute path. When not using a fully qualified path, the application will first try to load the library from the directory from which the application is started. As the residing directory of PureVPNService.exe is writable to all users, this makes the application susceptible to privilege escalation through DLL hijacking.
15 CVE-2018-7480 415 DoS 2018-02-25 2019-03-04
7.2
None Local Low Not required Complete Complete Complete
The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.
16 CVE-2018-7477 89 Sql 2018-02-28 2018-03-18
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4 via the Username and Password fields to parents/Parent_module/parent_login.php.
17 CVE-2018-7471 190 Overflow 2018-02-25 2018-03-17
7.2
None Local Low Not required Complete Complete Complete
KingView 7.5SP1 has an integer overflow during stgopenstorage API read operations.
18 CVE-2018-7463 89 Exec Code Sql 2018-02-26 2018-03-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in files.php in the "files" component in ASANHAMAYESH CMS 3.4.6 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter.
19 CVE-2018-7448 78 Exec Code 2018-02-26 2018-03-22
8.5
None Remote Medium ??? Complete Complete Complete
Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure.
20 CVE-2018-7440 78 2018-02-23 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.
21 CVE-2018-7409 119 Overflow 2018-02-22 2019-08-06
7.5
None Remote Low Not required Partial Partial Partial
In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c.
22 CVE-2018-7319 89 Sql 2018-02-22 2018-03-02
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the OS Property Real Estate 3.12.7 component for Joomla! via the cooling_system1, heating_system1, or laundry parameter.
23 CVE-2018-7318 89 Sql 2018-02-22 2021-01-30
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter.
24 CVE-2018-7316 434 2018-02-22 2018-03-13
7.5
None Remote Low Not required Partial Partial Partial
Arbitrary File Upload exists in the Proclaim 9.1.1 component for Joomla! via a mediafileform action.
25 CVE-2018-7315 89 Sql 2018-02-22 2020-06-03
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter.
26 CVE-2018-7314 89 Sql 2018-02-22 2018-03-06
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.
27 CVE-2018-7313 89 Sql 2018-02-22 2018-03-05
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter.
28 CVE-2018-7312 89 Sql 2018-02-22 2018-03-02
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the Alexandria Book Library 3.1.2 component for Joomla! via the letter parameter.
29 CVE-2018-7311 732 Exec Code 2018-02-21 2020-05-04
9.0
None Remote Low ??? Complete Complete Complete
** DISPUTED ** PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability. The software installs a privileged helper tool that runs as the root user. This privileged helper tool is installed as a LaunchDaemon and implements an XPC service. The XPC service is responsible for handling new VPN connection operations via the main PrivateVPN application. The privileged helper tool creates new VPN connections by executing the openvpn binary located in the /Applications/PrivateVPN.app/Contents/Resources directory. The openvpn binary can be overwritten by the default user, which allows an attacker that has already installed malicious software as the default user to replace the binary. When a new VPN connection is established, the privileged helper tool will launch this malicious binary, thus allowing an attacker to execute code as the root user. NOTE: the vendor has reportedly indicated that this behavior is "an acceptable part of their software."
30 CVE-2018-7301 306 2018-02-22 2018-03-18
7.5
None Remote Low Not required Partial Partial Partial
eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices.
31 CVE-2018-7300 22 Exec Code Dir. Trav. 2018-02-22 2020-04-14
10.0
None Remote Low Not required Complete Complete Complete
Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
32 CVE-2018-7298 319 2018-02-22 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software update packages are downloaded via the HTTP protocol, which does not provide any cryptographic protection of the downloaded contents. An attacker with a privileged network position (which could be obtained via DNS spoofing of www.meine-homematic.de or other approaches) can exploit this issue in order to provide arbitrary malicious firmware updates to the CCU2. This can result in a full system compromise.
33 CVE-2018-7297 Exec Code 2018-02-22 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
34 CVE-2018-7281 Exec Code 2018-02-21 2020-05-04
9.0
None Remote Low ??? Complete Complete Complete
CactusVPN 5.3.6 for macOS contains a root privilege escalation vulnerability through a setuid root binary called runme. The binary takes a single command line argument and passes this argument to a system() call, thus allowing low privileged users to execute commands as root.
35 CVE-2018-7271 94 Exec Code 2018-02-21 2018-03-21
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell.
36 CVE-2018-7264 787 Exec Code 2018-02-28 2018-03-23
7.5
None Remote Low Not required Partial Partial Partial
The Pictview image processing library embedded in the ActivePDF toolkit through 2018.1.0.18321 is prone to multiple out of bounds write and sign errors, allowing a remote attacker to execute arbitrary code on vulnerable applications using the ActivePDF Toolkit to process untrusted images.
37 CVE-2018-7247 119 Exec Code Overflow 2018-02-19 2018-03-14
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input (rootname) can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact.
38 CVE-2018-7226 190 Overflow 2018-02-19 2019-08-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in vcSetXCutTextProc() in VNConsole.c in LinuxVNC and VNCommand from the LibVNC/vncterm distribution through 0.9.10. Missing sanitization of the client-specified message length may cause integer overflow or possibly have unspecified other impact via a specially crafted VNC packet.
39 CVE-2018-7225 190 Overflow 2018-02-19 2020-10-23
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
40 CVE-2018-7187 78 Exec Code 2018-02-16 2019-02-28
9.3
None Remote Medium Not required Complete Complete Complete
The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site.
41 CVE-2018-7186 787 DoS Overflow 2018-02-16 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions.
42 CVE-2018-7180 89 Sql 2018-02-17 2018-03-02
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter.
43 CVE-2018-7179 89 Sql 2018-02-17 2018-03-02
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter.
44 CVE-2018-7178 89 Sql 2018-02-17 2018-03-02
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter.
45 CVE-2018-7177 89 Sql 2018-02-17 2018-03-02
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter.
46 CVE-2018-7054 416 2018-02-15 2019-07-04
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix for CVE-2017-7191.
47 CVE-2018-7053 416 2018-02-15 2019-02-28
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.
48 CVE-2018-7046 78 Exec Code 2018-02-20 2019-02-28
9.0
None Remote Low ??? Complete Complete Complete
** DISPUTED ** Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C# code in a "Pages -> Edit -> Template -> Edit template properties -> Layout" box. NOTE: the vendor has responded that there is intended functionality for authorized users to edit and update ascx code layout.
49 CVE-2018-7039 119 DoS Overflow 2018-02-14 2018-03-15
7.5
None Remote Low Not required Partial Partial Partial
CCN-lite 2.0.0 Beta allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because the ccnl_ndntlv_prependBlob function in ccnl-pkt-ndntlv.c can be called with wrong arguments. Specifically, there is an incorrect integer data type causing a negative third argument in some cases of crafted TLV data with inconsistent length information.
50 CVE-2018-6954 59 2018-02-13 2022-01-31
7.2
None Local Low Not required Complete Complete Complete
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.
Total number of vulnerabilities : 439   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.