The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2018-14255 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getNthFieldName method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6018. | MEDIUM | Jul 31, 2018 |
CVE-2018-14254 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getLinks method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6017. | MEDIUM | Jul 31, 2018 |
CVE-2018-14253 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getIcon method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6016. | MEDIUM | Jul 31, 2018 |
CVE-2018-14252 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getField method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6015. | MEDIUM | Jul 31, 2018 |
CVE-2018-14251 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getDataObject method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6014. | MEDIUM | Jul 31, 2018 |
CVE-2018-14250 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getAnnot method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6013. | MEDIUM | Jul 31, 2018 |
CVE-2018-14249 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportDataObject method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6012. | MEDIUM | Jul 31, 2018 |
CVE-2018-14248 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportAsXFDF method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6011. | MEDIUM | Jul 31, 2018 |
CVE-2018-14247 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportAsFDF method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6010. | MEDIUM | Jul 31, 2018 |
CVE-2018-14246 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the convertTocPDF method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6009. | MEDIUM | Jul 31, 2018 |
CVE-2018-14245 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the closeDoc method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6008. | MEDIUM | Jul 31, 2018 |
CVE-2018-14244 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the calculateNow method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6007. | MEDIUM | Jul 31, 2018 |
CVE-2018-14243 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addPageOpenJSMessage method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6006. | MEDIUM | Jul 31, 2018 |
CVE-2018-14242 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addField method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6005. | MEDIUM | Jul 31, 2018 |
CVE-2018-14241 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addAnnot method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6004. | MEDIUM | Jul 31, 2018 |
CVE-2018-14089 | An issue was discovered in a smart contract implementation for Virgo_ZodiacToken, an Ethereum token. In this contract, 'bool sufficientAllowance = allowance <= _value' will cause an arbitrary transfer in the function transferFrom because '<=' is used instead of '>=' (which was intended). An attacker can transfer from any address to his address, and does not need to meet the 'allowance > value' condition. | MEDIUM | Jul 15, 2018 |
CVE-2018-14088 | An issue was discovered in a smart contract implementation for STeX White List (STE(WL)), an Ethereum token. The contract has an integer overflow. If the owner sets the value of amount to a large number then the amount * 1000000000000000 will cause an integer overflow in withdrawToFounders(). | HIGH | Jul 15, 2018 |
CVE-2018-14087 | An issue was discovered in a smart contract implementation for EUC (EUC), an Ethereum token. The contract has an integer overflow. If the owner sets the value of buyPrice to a large number in setPrices() then the msg.value * buyPrice will cause an integer overflow in the fallback function. | HIGH | Jul 15, 2018 |
CVE-2018-14086 | An issue was discovered in a smart contract implementation for SingaporeCoinOrigin (SCO), an Ethereum token. The contract has an integer overflow. If the owner sets the value of sellPrice to a large number in setPrices() then the amount * sellPrice will cause an integer overflow in sell(). | HIGH | Jul 15, 2018 |
CVE-2018-14085 | An issue was discovered in a smart contract implementation for UserWallet 0x0a7bca9FB7AfF26c6ED8029BB6f0F5D291587c42, an Ethereum token. First, suppose that the owner adds the evil contract address to his sweepers. The evil contract looks like this: contract Exploit { uint public start; function sweep(address _token, uint _amount) returns (bool) { start = 0x123456789; return true;} }. Then, when one calls the function sweep() in the UserWallet contract, it will change the sweeperList to 0X123456789. | MEDIUM | Jul 15, 2018 |
CVE-2018-14084 | An issue was discovered in a smart contract implementation for MKCB, an Ethereum token. If the owner sets the value of sellPrice to a large number in setPrices() then the amount * sellPrice will cause an integer overflow in sell(). | HIGH | Jul 15, 2018 |
CVE-2018-14083 | LICA miniCMTS E8K(u/i/...) devices allow remote attackers to obtain sensitive information via a direct POST request for the inc/user.ini file, leading to discovery of a password hash. | MEDIUM | Jul 25, 2018 |
CVE-2018-14082 | PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has Cross-site Scripting (XSS) via the search bar. | LOW | Jul 18, 2018 |
CVE-2018-14081 | An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Device passwords, such as the admin password and the WPA key, are stored in cleartext. | MEDIUM | Oct 9, 2018 |
CVE-2018-14080 | An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. One can bypass authentication mechanisms to download the configuration file. | MEDIUM | Oct 9, 2018 |
CVE-2018-14079 | Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to obtain sensitive information via /Status/SystemStatusRpm.esp. | MEDIUM | Aug 21, 2018 |
CVE-2018-14078 | Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to reset the admin password via the /ConfigWizard/ChangePwd.esp?2admin URL (Attackers can login using the admin username with password admin after a successful attack). | HIGH | Aug 21, 2018 |
CVE-2018-14077 | Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to backup the device configuration via a direct request to /Maintenance/configfile.cfg. | MEDIUM | Aug 21, 2018 |
CVE-2018-14073 | libsixel 1.8.1 has a memory leak in sixel_allocator_new in allocator.c. | MEDIUM | Jul 15, 2018 |
CVE-2018-14072 | libsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c, image_buffer_resize in fromsixel.c, and sixel_decode_raw in fromsixel.c. | MEDIUM | Jul 15, 2018 |
CVE-2018-14071 | The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input. | HIGH | Jul 16, 2018 |
CVE-2018-14069 | An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add a user account via admin.php?m=Admin&c=member&a=add. | MEDIUM | Jul 15, 2018 |
CVE-2018-14068 | An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add an admin account via admin.php?m=Admin&c=manager&a=add. | MEDIUM | Jul 15, 2018 |
CVE-2018-14067 | Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces (including the external Internet) by default. NOTE: this may overlap CVE-2017-9980. | HIGH | Dec 31, 2020 |
CVE-2018-14066 | The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo. | HIGH | Jul 15, 2018 |
CVE-2018-14065 | XMLReader.php in PHPOffice Common before 0.2.9 allows XXE. | HIGH | Jul 15, 2018 |
CVE-2018-14064 | The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as demonstrated by /../../etc/passwd on TCP port 80. | MEDIUM | Jul 15, 2018 |
CVE-2018-14063 | The increaseApproval function of a smart contract implementation for Tracto (TRCT), an Ethereum ERC20 token, has an integer overflow. | HIGH | Jul 15, 2018 |
CVE-2018-14062 | The COSPAS-SARSAT protocol allows remote attackers to forge messages, replay encrypted messages, conduct denial of service attacks, and send private messages (unrelated to distress alerts) via a crafted 406 MHz digital signal. | HIGH | Aug 28, 2019 |
CVE-2018-14060 | OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data. | HIGH | Jul 14, 2018 |
CVE-2018-14059 | Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions. | LOW | Aug 25, 2018 |
CVE-2018-14058 | Pimcore before 5.3.0 allows SQL Injection via the REST web service API. | MEDIUM | Aug 18, 2018 |
CVE-2018-14057 | Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the Settings > Users / Roles function. | MEDIUM | Aug 18, 2018 |
CVE-2018-14056 | ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories. | MEDIUM | Jul 14, 2018 |
CVE-2018-14055 | ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf. | MEDIUM | Jul 14, 2018 |
CVE-2018-14054 | A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered. | HIGH | Jul 13, 2018 |
CVE-2018-14052 | An issue has been found in libwav through 2017-04-20. It is a SEGV in the function apply_gain in wav_gain/wav_gain.c. | MEDIUM | Jul 13, 2018 |
CVE-2018-14051 | The function wav_read in libwav.c in libwav through 2017-04-20 has an infinite loop. | MEDIUM | Jul 13, 2018 |
CVE-2018-14050 | An issue has been found in libwav through 2017-04-20. It is a SEGV in the function wav_free in libwav.c. | MEDIUM | Jul 13, 2018 |
CVE-2018-14049 | An issue has been found in libwav through 2017-04-20. It is a SEGV in the function print_info in wav_info/wav_info.c. | MEDIUM | Jul 13, 2018 |