Lista CVE - 2018 / Marzo
Visualizzazione 1201 - 1300 di 1337 CVE per Marzo 2018 (Pagina 13 di 14)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2018-0185 | 2018-03-28 | Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could... |
| CVE-2018-0186 | 2018-03-28 | Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user... |
| CVE-2018-0188 | 2018-03-28 | Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user... |
| CVE-2018-0189 | 2018-03-28 | A vulnerability in the Forwarding Information Base (FIB) code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, network attacker to cause a denial of service... |
| CVE-2018-0190 | 2018-03-28 | Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user... |
| CVE-2018-0193 | 2018-03-28 | Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could... |
| CVE-2018-0195 | 2018-03-28 | A vulnerability in the Cisco IOS XE Software REST API could allow an authenticated, remote attacker to bypass API authorization checks and use the API to perform privileged actions on... |
| CVE-2018-0196 | 2018-03-28 | A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to write arbitrary files to the operating system of an... |
| CVE-2018-0151 | 2018-03-28 | A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service... |
| CVE-2018-0154 | 2018-03-28 | A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of... |
| CVE-2018-0155 | 2018-03-28 | A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause... |
| CVE-2018-0156 | 2018-03-28 | A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device,... |
| CVE-2018-0158 | 2018-03-28 | A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory... |
| CVE-2018-0159 | 2018-03-28 | A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause... |
| CVE-2018-0161 | 2018-03-28 | A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause... |
| CVE-2018-0167 | 2018-03-28 | Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent... |
| CVE-2018-0171 | 2018-03-28 | A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device,... |
| CVE-2018-0172 | 2018-03-28 | A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to... |
| CVE-2018-0173 | 2018-03-28 | A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets could allow an unauthenticated, remote... |
| CVE-2018-0174 | 2018-03-28 | A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to... |
| CVE-2018-0175 | 2018-03-28 | Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker... |
| CVE-2018-0179 | 2018-03-28 | Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a... |
| CVE-2018-0180 | 2018-03-28 | Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a... |
| CVE-2018-9120 | 2018-03-29 | In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post. |
| CVE-2018-9121 | 2018-03-29 | In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post comment. |
| CVE-2018-9122 | 2018-03-29 | In Crea8social 2018.2, there is Reflected Cross-Site Scripting via the term parameter to the /search URI. |
| CVE-2018-9123 | 2018-03-29 | In Crea8social 2018.2, there is Stored Cross-Site Scripting via a User Profile. |
| CVE-2018-9116 | 2018-03-29 | An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local files and internal resources and potentially cause a Denial of Service. |
| CVE-2018-9117 | 2018-03-29 | WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal. |
| CVE-2018-7600 | 2018-03-29 | Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or... |
| CVE-2018-4841 | 2018-03-29 | A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on... |
| CVE-2018-5223 | 2018-03-29 | Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to... |
| CVE-2018-5224 | 2018-03-29 | Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to create a... |
| CVE-2018-6586 | 2018-03-29 | CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing. |
| CVE-2018-6587 | 2018-03-29 | CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable. |
| CVE-2018-6588 | 2018-03-29 | CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer. |
| CVE-2018-9031 | 2018-03-29 | The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an "if(pwd ==" line in the HTML source code. This means, in effect, that authentication occurs... |
| CVE-2014-5028 | 2018-03-29 | The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information... |
| CVE-2014-5170 | 2018-03-29 | The Storage API module 7.x before 7.x-1.6 for Drupal might allow remote attackers to execute arbitrary code by leveraging failure to update .htaccess file contents after SA-CORE-2013-003. |
| CVE-2014-6604 | 2018-03-29 | Cross-site scripting (XSS) vulnerability in class-s2-list-table.php in the Subscribe2 plugin before 10.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ip parameter. |
| CVE-2015-2000 | 2018-03-29 | The Jumio SDK before 1.5.0 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to... |
| CVE-2015-2001 | 2018-03-29 | The MetaIO SDK before 6.0.2.1 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to... |
| CVE-2015-2002 | 2018-03-29 | The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled... |
| CVE-2015-2003 | 2018-03-29 | The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an... |
| CVE-2015-2004 | 2018-03-29 | The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an... |
| CVE-2015-2009 | 2018-03-29 | Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 before MR2 Patch 11 Interim Fix 02 and 7.2.x before 7.2.5 Patch 4 allows remote attackers... |
| CVE-2015-2020 | 2018-03-29 | The MyScript SDK before 1.3 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to... |
| CVE-2015-4952 | 2018-03-29 | The on-demand plugin in IBM Endpoint Manager for Remote Control 9.0.1 and 9.1.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. IBM X-Force ID: 105196. |
| CVE-2015-4953 | 2018-03-29 | IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 makes it easier for man-in-the-middle attackers to decrypt traffic by leveraging a weakness in its encryption protocol. IBM X-Force ID: 105197. |
| CVE-2017-5947 | 2018-03-29 | An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download... |
| CVE-2018-1191 | 2018-03-29 | Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions... |
| CVE-2016-0898 | 2018-03-29 | MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the... |
| CVE-2016-6658 | 2018-03-29 | Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can... |
| CVE-2017-16512 | 2018-03-29 | The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available. |
| CVE-2017-16839 | 2018-03-29 | Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion is not installed. |
| CVE-2017-16873 | 2018-03-29 | It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 through 5.0.4 in order to escalate to root privileges. |
| CVE-2018-9130 | 2018-03-30 | IBOS 4.4.3 has XSS via a company full name. |
| CVE-2018-9132 | 2018-03-30 | libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted... |
| CVE-2018-9133 | 2018-03-30 | ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage... |
| CVE-2018-9135 | 2018-03-30 | In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c. |
| CVE-2018-9136 | 2018-03-30 | windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a crafted .exe file, a different vulnerability than CVE-2018-8821. |
| CVE-2018-9138 | 2018-03-30 | An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there... |
| CVE-2018-9139 | 2018-03-30 | On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code execution in a privileged process via a large frame size, aka SVE-2017-11165. |
| CVE-2018-9140 | 2018-03-30 | On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747. |
| CVE-2018-9141 | 2018-03-30 | On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, Gallery allows remote attackers to execute arbitrary code via a BMP file with a crafted resolution, aka SVE-2017-11105. |
| CVE-2018-9142 | 2018-03-30 | On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package... |
| CVE-2018-9143 | 2018-03-30 | On Samsung mobile devices with M(6.0) and N(7.x) software, a heap overflow in the sensorhub binder service leads to code execution in a privileged process, aka SVE-2017-10991. |
| CVE-2018-9144 | 2018-03-30 | In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. It could result in denial of service or information disclosure. |
| CVE-2018-9145 | 2018-03-30 | In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. A large size value may lead to a SIGABRT during... |
| CVE-2018-5799 | 2018-03-30 | In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139. |
| CVE-2017-11010 | 2018-03-30 | In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 650/52, SD 835, access control left a configuration space unprotected. |
| CVE-2017-14906 | 2018-03-30 | In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, PKCS7 padding is not supported by the crypto storage APIs. |
| CVE-2017-14911 | 2018-03-30 | In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile, Snapdragon Automobile APQ8096AU, MDM9206, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 625, SD 650/52, SD 820,... |
| CVE-2017-14912 | 2018-03-30 | In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile [VERSION]: MDM9206, MDM9607, MDM9650, MSM8909W, SD 200, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD... |
| CVE-2017-14913 | 2018-03-30 | In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, SD 625, SD 650/52, SD 835, SD 845, DDR address input validation is being improperly truncated. |
| CVE-2017-14915 | 2018-03-30 | In Android before 2018-01-05 on Qualcomm Snapdragon Mobile SD 625, SD 650/52, SD 835, accessing SPCOM functions with a compromised client structure can result in a Use After Free condition. |
| CVE-2017-9681 | 2018-03-30 | In Android before 2017-08-05 on Qualcomm MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel, if kernel memory address is passed from... |
| CVE-2018-9134 | 2018-03-30 | file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP... |
| CVE-2018-9147 | 2018-03-30 | Cross-site scripting (XSS) vulnerabilities in version 7.5.7 of Gespage software allow remote attackers to inject arbitrary web script or HTML via the email, passwd, and repasswd parameters to webapp/users/user_reg.jsp. |
| CVE-2017-1705 | 2018-03-30 | IBM Security Privileged Identity Manager 2.1.0 contains left-over, sensitive information in page comments. While this information is not visible at first it can be obtained by viewing the page source.... |
| CVE-2017-1747 | 2018-03-30 | A specially crafted message could cause a denial of service in IBM WebSphere MQ 9.0, 9.0.0.1, 9.0.0.2, 9.0.1, 9.0.2, 9.0.3, and 9.0.4 applications consuming messages that it needs to perform... |
| CVE-2017-1756 | 2018-03-30 | IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856. |
| CVE-2017-1765 | 2018-03-30 | IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. IBM X-Force ID: 136150. |
| CVE-2017-1766 | 2018-03-30 | Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to. IBM X-Force ID: 136151. |
| CVE-2017-1767 | 2018-03-30 | IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |
| CVE-2018-1384 | 2018-03-30 | IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |
| CVE-2018-1390 | 2018-03-30 | IBM Financial Transaction Manager for Check Services for Multi-Platform 3.0, 3.0.2, and 3.0.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web... |
| CVE-2018-3728 | 2018-03-30 | hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify... |
| CVE-2018-3740 | 2018-03-30 | A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element. |
| CVE-2018-3741 | 2018-03-30 | There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted... |
| CVE-2018-9148 | 2018-03-30 | Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentication by listing a directory. NOTE: this... |
| CVE-2018-9151 | 2018-03-30 | A NULL pointer dereference bug in the function ObReferenceObjectByHandle in the Kingsoft Internet Security 9+ kernel driver KWatch3.sys allows local non-privileged users to crash the system via IOCTL 0x80030030. |
| CVE-2018-3817 | 2018-03-30 | When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information. |
| CVE-2018-3818 | 2018-03-30 | Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform... |
| CVE-2018-3819 | 2018-03-30 | The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions before 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable... |
| CVE-2018-3820 | 2018-03-30 | Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacker to obtain sensitive information from or perform destructive actions... |
| CVE-2018-3821 | 2018-03-30 | Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from... |
| CVE-2018-3822 | 2018-03-30 | X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a... |
| CVE-2017-16614 | 2018-03-30 | SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the plugins/payment/weixin/lib/WxPay.tedatac.php fBill... |
| CVE-2018-5708 | 2018-03-30 | An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on the same local network as, but being unauthenticated to, the administrator's panel, a user can obtain the admin... |