Lista CVE - 2018 / Dicembre
Visualizzazione 1 - 100 di 1163 CVE per Dicembre 2018 (Pagina 1 di 12)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2018-19784 | 2018-12-01 | The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak... |
| CVE-2018-19785 | 2018-12-01 | PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL... |
| CVE-2018-3949 | 2018-12-01 | An exploitable information disclosure vulnerability exists in the HTTP server... |
| CVE-2018-3950 | 2018-12-01 | An exploitable remote code execution vulnerability exists in the ping... |
| CVE-2018-3951 | 2018-12-01 | An exploitable remote code execution vulnerability exists in the HTTP... |
| CVE-2018-4038 | 2018-12-01 | An exploitable arbitrary write vulnerability exists in the open document... |
| CVE-2018-4039 | 2018-12-01 | An exploitable out-of-bounds write vulnerability exists in the PNG implementation... |
| CVE-2018-4040 | 2018-12-01 | An exploitable uninitialized pointer vulnerability exists in the rich text... |
| CVE-2018-19787 | 2018-12-02 | An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in... |
| CVE-2018-19788 | 2018-12-03 | A flaw was found in PolicyKit (aka polkit) 0.115 that... |
| CVE-2018-19791 | 2018-12-03 | The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not... |
| CVE-2018-19792 | 2018-12-03 | The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local... |
| CVE-2018-19793 | 2018-12-03 | jiacrontab 1.4.5 allows remote attackers to execute arbitrary commands via... |
| CVE-2018-19794 | 2018-12-03 | Cross-site scripting (XSS) vulnerability in UiV2Public.index in Internet2 Grouper 2.2... |
| CVE-2018-19795 | 2018-12-03 | ChipsBank UMPTool saves the password to the NAND with a... |
| CVE-2018-19796 | 2018-12-03 | An open redirect in the Ninja Forms plugin before 3.3.19.1... |
| CVE-2018-19797 | 2018-12-03 | In LibSass 3.5.5, a NULL Pointer Dereference in the function... |
| CVE-2018-16855 | 2018-12-03 | An issue has been found in PowerDNS Recursor before version... |
| CVE-2018-16868 | 2018-12-03 | A Bleichenbacher type side-channel based padding oracle attack was found... |
| CVE-2018-16869 | 2018-12-03 | A Bleichenbacher type side-channel based padding oracle attack was found... |
| CVE-2018-6332 | 2018-12-03 | A potential denial-of-service issue in the Proxygen handling of invalid... |
| CVE-2018-7112 | 2018-12-03 | The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and... |
| CVE-2018-7113 | 2018-12-03 | A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5)... |
| CVE-2018-7114 | 2018-12-03 | HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3... |
| CVE-2018-7115 | 2018-12-03 | HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3... |
| CVE-2018-7116 | 2018-12-03 | HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3... |
| CVE-2018-1840 | 2018-12-03 | IBM WebSphere Application Server 8.5 and 9.0 could allow a... |
| CVE-2018-1002000 | 2018-12-03 | There is blind SQL injection in WordPress Arigato Autoresponder and... |
| CVE-2018-1002001 | 2018-12-03 | There is a reflected XSS vulnerability in WordPress Arigato Autoresponder... |
| CVE-2018-1002002 | 2018-12-03 | There is a reflected XSS vulnerability in WordPress Arigato Autoresponder... |
| CVE-2018-1002003 | 2018-12-03 | There is a reflected XSS vulnerability in WordPress Arigato Autoresponder... |
| CVE-2018-1002004 | 2018-12-03 | There is a reflected XSS vulnerability in WordPress Arigato Autoresponder... |
| CVE-2018-1002005 | 2018-12-03 | These vulnerabilities require administrative privileges to exploit. There is an... |
| CVE-2018-1002006 | 2018-12-03 | These vulnerabilities require administrative privileges to exploit. There is an... |
| CVE-2018-1002007 | 2018-12-03 | There is a reflected XSS vulnerability in WordPress Arigato Autoresponder... |
| CVE-2018-1002008 | 2018-12-03 | There is a reflected XSS vulnerability in WordPress Arigato Autoresponder... |
| CVE-2018-1002009 | 2018-12-03 | There is a reflected XSS vulnerability in WordPress Arigato Autoresponder... |
| CVE-2018-16863 | 2018-12-03 | It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509.... |
| CVE-2018-19824 | 2018-12-03 | In the Linux kernel through 4.19.6, a local user could... |
| CVE-2018-19826 | 2018-12-03 | In inspect.cpp in LibSass 3.5.5, a high memory footprint caused... |
| CVE-2018-19827 | 2018-12-03 | In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr... |
| CVE-2018-19835 | 2018-12-03 | Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter. |
| CVE-2018-19836 | 2018-12-03 | In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including... |
| CVE-2018-14695 | 2018-12-03 | Incorrect access control in the /mysql/api/diags.php endpoint in Drobo 5N2... |
| CVE-2018-14696 | 2018-12-03 | Incorrect access control in the /mysql/api/drobo.php endpoint in Drobo 5N2... |
| CVE-2018-14697 | 2018-12-03 | Cross-site scripting in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS... |
| CVE-2018-14698 | 2018-12-03 | Cross-site scripting in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS... |
| CVE-2018-14699 | 2018-12-03 | System command injection in the /DroboAccess/enable_user endpoint in Drobo 5N2... |
| CVE-2018-14700 | 2018-12-03 | Incorrect access control in the /mysql/api/logfile.php endpoint in Drobo 5N2... |
| CVE-2018-14701 | 2018-12-03 | System command injection in the /DroboAccess/delete_user endpoint in Drobo 5N2... |
| CVE-2018-14702 | 2018-12-03 | Incorrect access control in the /drobopix/api/drobo.php endpoint in Drobo 5N2... |
| CVE-2018-14703 | 2018-12-03 | Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2... |
| CVE-2018-14704 | 2018-12-03 | Cross-site scripting in the MySQL API error page in Drobo... |
| CVE-2018-14706 | 2018-12-03 | System command injection in the /DroboPix/api/drobopix/demo endpoint on Drobo 5N2... |
| CVE-2018-14707 | 2018-12-03 | Directory traversal in the Drobo Pix web application on Drobo... |
| CVE-2018-14708 | 2018-12-03 | An insecure transport protocol used by Drobo Dashboard API on... |
| CVE-2018-14709 | 2018-12-03 | Incorrect access control in the Dashboard API on Drobo 5N2... |
| CVE-2018-3854 | 2018-12-03 | An exploitable information disclosure vulnerability exists in the password protection... |
| CVE-2018-4019 | 2018-12-03 | An exploitable command injection vulnerability exists in the way Netgate... |
| CVE-2018-4020 | 2018-12-03 | An exploitable command injection vulnerability exists in the way Netgate... |
| CVE-2018-4021 | 2018-12-03 | An exploitable command injection vulnerability exists in the way Netgate... |
| CVE-2018-6439 | 2018-12-03 | A Vulnerability in the configdownload command of Brocade Fabric OS... |
| CVE-2018-6440 | 2018-12-03 | A vulnerability in the proxy service of Brocade Fabric OS... |
| CVE-2018-19837 | 2018-12-04 | In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers... |
| CVE-2018-19838 | 2018-12-04 | In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS... |
| CVE-2018-19839 | 2018-12-04 | In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp... |
| CVE-2018-19840 | 2018-12-04 | The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through... |
| CVE-2018-19841 | 2018-12-04 | The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through... |
| CVE-2018-19842 | 2018-12-04 | getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to... |
| CVE-2018-19843 | 2018-12-04 | opmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to... |
| CVE-2018-19849 | 2018-12-04 | An issue was discovered in YzmCMS 5.2. XSS exists via... |
| CVE-2018-19853 | 2018-12-04 | An issue was discovered in hitshop through 2014-07-15. There is... |
| CVE-2018-16478 | 2018-12-04 | A Path Traversal in simplehttpserver versions <=0.2.1 allows to list... |
| CVE-2018-6981 | 2018-12-04 | VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without... |
| CVE-2018-6982 | 2018-12-04 | VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without... |
| CVE-2018-17157 | 2018-12-04 | In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error... |
| CVE-2018-17158 | 2018-12-04 | In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error... |
| CVE-2018-17159 | 2018-12-04 | In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS server lacks... |
| CVE-2018-16628 | 2018-12-04 | panel/login in Kirby v2.5.12 allows XSS via a blog name. |
| CVE-2018-16629 | 2018-12-04 | panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG... |
| CVE-2018-16631 | 2018-12-04 | Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE... |
| CVE-2018-16633 | 2018-12-04 | Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title. |
| CVE-2018-16634 | 2018-12-04 | Pluck v4.7.7 allows CSRF via admin.php?action=settings. |
| CVE-2018-19591 | 2018-12-04 | In the GNU C Library (aka glibc or libc6) through... |
| CVE-2018-19854 | 2018-12-04 | An issue was discovered in the Linux kernel before 4.19.3.... |
| CVE-2018-11347 | 2018-12-04 | The YunoHost 2.7.2 through 2.7.14 web application is affected by... |
| CVE-2018-11348 | 2018-12-04 | Two XSS vulnerabilities are located in the profile edition page... |
| CVE-2018-12305 | 2018-12-04 | Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1... |
| CVE-2018-12306 | 2018-12-04 | Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1... |
| CVE-2018-12307 | 2018-12-04 | OS command injection in user.cgi in ASUSTOR ADM version 3.1.1... |
| CVE-2018-12308 | 2018-12-04 | Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1... |
| CVE-2018-12309 | 2018-12-04 | Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows... |
| CVE-2018-12310 | 2018-12-04 | Cross-site scripting in the Login page in ASUSTOR ADM version... |
| CVE-2018-12311 | 2018-12-04 | Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version... |
| CVE-2018-12312 | 2018-12-04 | OS command injection in user.cgi in ASUSTOR ADM version 3.1.1... |
| CVE-2018-12313 | 2018-12-04 | OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1... |
| CVE-2018-12314 | 2018-12-04 | Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows... |
| CVE-2018-12315 | 2018-12-04 | Missing verification of a password in ASUSTOR ADM version 3.1.1... |
| CVE-2018-12316 | 2018-12-04 | OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1... |
| CVE-2018-12317 | 2018-12-04 | OS command injection in group.cgi in ASUSTOR ADM version 3.1.1... |