Lista CVE - 2018 / Febbraio
Visualizzazione 1301 - 1325 di 1325 CVE per Febbraio 2018 (Pagina 14 di 14)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2018-7551 | 2018-02-28 | There is an invalid free in MiniPS::delete0 in minips.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly... |
| CVE-2018-7552 | 2018-02-28 | There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly... |
| CVE-2018-7553 | 2018-02-28 | There is a heap-based buffer overflow in the pcxLoadRaster function of in_pcx.cpp in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact. |
| CVE-2018-7554 | 2018-02-28 | There is an invalid free in ReadImage in input-bmp.ci that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly... |
| CVE-2018-7477 | 2018-02-28 | SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4 via the Username and Password fields to parents/Parent_module/parent_login.php. |
| CVE-2018-7482 | 2018-02-28 | The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. The specific pathname ../configuration.php... |
| CVE-2018-7556 | 2018-02-28 | LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file. |
| CVE-2018-7557 | 2018-02-28 | The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions... |
| CVE-2017-12191 | 2018-02-28 | A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC (VMWare Remote Console) functions that... |
| CVE-2017-9447 | 2018-02-28 | In the web interface of Parallels Remote Application Server (RAS) 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the... |
| CVE-2018-7469 | 2018-02-28 | PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9 has XSS via the p_name (aka Edit Category Name) field to admin/categories_industry.php (aka Categories - Industry Type). |
| CVE-2016-0291 | 2018-02-28 | IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by leveraging report server access. IBM X-Force ID: 111302. |
| CVE-2016-0295 | 2018-02-28 | Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that... |
| CVE-2016-0299 | 2018-02-28 | IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote attackers to obtain sensitive information via vectors involving a database query. IBM X-Force ID:... |
| CVE-2018-7264 | 2018-02-28 | The Pictview image processing library embedded in the ActivePDF toolkit through 2018.1.0.18321 is prone to multiple out of bounds write and sign errors, allowing a remote attacker to execute arbitrary... |
| CVE-2018-1286 | 2018-02-28 | In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users. |
| CVE-2018-1304 | 2018-02-28 | The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to... |
| CVE-2015-3898 | 2018-02-28 | Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter... |
| CVE-2018-7568 | 2018-02-28 | The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer... |
| CVE-2018-7569 | 2018-02-28 | dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and... |
| CVE-2018-7570 | 2018-02-28 | The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL... |
| CVE-2015-4117 | 2018-02-28 | Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php. |
| CVE-2015-5079 | 2018-02-28 | Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the dl parameter. |
| CVE-2018-6947 | 2018-02-28 | An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to... |
| CVE-2018-6653 | 2018-03-01 | comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used in SSLOBJ on HPE NonStop SSL T0910, and in the comforte SecurCS, SecurFTP, SecurLib/SSL-AT, and SecurTN products), after executing... |
| CVE-2018-7550 | 2018-03-01 | The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr,... |
| CVE-2017-18207 | 2018-03-01 | The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a... |
| CVE-2017-18208 | 2018-03-01 | The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX... |
| CVE-2017-12627 | 2018-03-01 | In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions. |
| CVE-2018-7561 | 2018-03-01 | Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact. |
| CVE-2017-6150 | 2018-03-01 | Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may... |
| CVE-2017-6154 | 2018-03-01 | On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, the BIG-IP ASM bd daemon may core dump memory under some circumstances when processing undisclosed types of... |
| CVE-2018-5500 | 2018-03-01 | On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile... |
| CVE-2018-5501 | 2018-03-01 | In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow... |
| CVE-2018-2365 | 2018-03-01 | SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. |
| CVE-2018-2367 | 2018-03-01 | ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path... |
| CVE-2018-2368 | 2018-03-01 | SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity. |
| CVE-2018-5314 | 2018-03-01 | Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed... |
| CVE-2018-7573 | 2018-03-01 | An issue was discovered in FTPShell Client 6.7. A remote FTP server can send 400 characters of 'F' in conjunction with the FTP 220 response code to crash the application;... |
| CVE-2018-2380 | 2018-03-01 | SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through... |
| CVE-2018-7579 | 2018-03-01 | \application\admin\controller\update_urls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/update_urls/update_category_url.html. |
| CVE-2018-7584 | 2018-03-01 | In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in... |
| CVE-2017-14798 | 2018-03-01 | local privilege escalation in SUSE postgresql init script |
| CVE-2017-14799 | 2018-03-01 | XSS Vulnerability with ESP URL |
| CVE-2017-14800 | 2018-03-01 | Reflected xss on Access Manager iManager UI |
| CVE-2017-14804 | 2018-03-01 | package builds could use directory traversal to write outside of target area |
| CVE-2017-5188 | 2018-03-01 | OBS worker VM escape via relative symbolic links |
| CVE-2017-7426 | 2018-03-01 | iManager - XML External Entity vulnerabilities |
| CVE-2017-7435 | 2018-03-01 | libzypp accepts unsigned 3rd party repo without warning |
| CVE-2017-7436 | 2018-03-01 | libzypp accepts unsigned packages even when configured to check signatures |
| CVE-2017-9268 | 2018-03-01 | open-build-service retrigger / wipebinaries hitting the wrong project bypassing access permissions |
| CVE-2017-9269 | 2018-03-01 | lack of keypinning in libzypp could lead to repository switching |
| CVE-2017-9270 | 2018-03-01 | post-auth arbitrary file write on cryptctl server |
| CVE-2017-9271 | 2018-03-01 | proxy credentials written to log files by zypper |
| CVE-2017-9274 | 2018-03-01 | osc executes spec code during "osc commit" |
| CVE-2017-9286 | 2018-03-01 | nextcloud package security issues with /srv/www/htdocs |
| CVE-2017-18209 | 2018-03-01 | In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory. |
| CVE-2017-18210 | 2018-03-01 | In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked. |
| CVE-2017-18211 | 2018-03-01 | In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel. |
| CVE-2018-7047 | 2018-03-01 | An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX using the default JMX credentials... |
| CVE-2018-7048 | 2018-03-01 | An issue was discovered in Wowza Streaming Engine before 4.7.1. There is a denial of service (memory consumption) via a crafted HTTP request. |
| CVE-2018-7049 | 2018-03-01 | An issue was discovered in Wowza Streaming Engine before 4.7.1. There is an XSS vulnerability in the HTTP providers (com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPStreamManager) causing script injection and/or reflection via a crafted... |
| CVE-2017-18212 | 2018-03-01 | An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function in lit/lit-char-helpers.c via a RegExp("[\x0"); payload. |
| CVE-2018-7586 | 2018-03-01 | In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured. |
| CVE-2018-7587 | 2018-03-01 | An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h. |
| CVE-2018-7588 | 2018-03-01 | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. |
| CVE-2018-7589 | 2018-03-01 | An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image. |
| CVE-2018-7590 | 2018-03-01 | CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation. |
| CVE-2017-15134 | 2018-03-01 | A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could... |
| CVE-2018-7634 | 2018-03-01 | An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a... |
| CVE-2017-6926 | 2018-03-01 | In Drupal versions 8.4.x versions before 8.4.5 users with permission to post comments are able to view content and comments they do not have access to, and are also able... |
| CVE-2017-6927 | 2018-03-01 | Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as... |
| CVE-2017-6928 | 2018-03-01 | Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to... |
| CVE-2017-6929 | 2018-03-01 | A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in... |
| CVE-2017-6930 | 2018-03-01 | In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access... |
| CVE-2017-6931 | 2018-03-01 | In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. If... |
| CVE-2017-6932 | 2018-03-01 | Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This... |
| CVE-2018-1169 | 2018-03-02 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Amazon Music Player 6.1.5.1213. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2018-1170 | 2018-03-02 | This vulnerability allows adjacent attackers to inject arbitrary Controller Area Network messages on vulnerable installations of Volkswagen Customer-Link App 1.30 and HTC Customer-Link Bridge. Authentication is not required to exploit... |
| CVE-2018-6490 | 2018-03-02 | MFSBGN03801 rev.1 - Micro Focus Operations Orchestration, Remote Denial of Service (DoS) |
| CVE-2018-1065 | 2018-03-02 | The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to... |
| CVE-2018-1066 | 2018-03-02 | The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has... |
| CVE-2018-7637 | 2018-03-02 | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in... |
| CVE-2018-7638 | 2018-03-02 | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in... |
| CVE-2018-7639 | 2018-03-02 | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in... |
| CVE-2018-7640 | 2018-03-02 | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in... |
| CVE-2018-7641 | 2018-03-02 | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in... |
| CVE-2018-7642 | 2018-03-02 | The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out... |
| CVE-2018-7643 | 2018-03-02 | The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via... |
| CVE-2017-14461 | 2018-03-02 | A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of... |
| CVE-2017-15130 | 2018-03-02 | A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory... |
| CVE-2018-1058 | 2018-03-02 | A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this... |
| CVE-2018-1063 | 2018-03-02 | Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few... |
| CVE-2018-7648 | 2018-03-02 | An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more... |
| CVE-2017-1654 | 2018-03-02 | IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service... |
| CVE-2017-1787 | 2018-03-02 | IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerability that could allow a local user with administrative privileges to obtain hard coded user credentials. IBM X-Force ID: 137022. |
| CVE-2018-1373 | 2018-03-02 | IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 137773. |
| CVE-2018-7433 | 2018-03-02 | The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page. |
| CVE-2015-0796 | 2018-03-02 | open build service source server symlink exploitation via source patch |
| CVE-2017-14801 | 2018-03-02 | Reflected xss in Admin Console REST interface |