Lista CVE - 2018 / Marzo
Visualizzazione 901 - 1000 di 1337 CVE per Marzo 2018 (Pagina 10 di 14)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2018-7517 | 2018-03-21 | In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause an out of bounds vulnerability. |
| CVE-2018-7519 | 2018-03-21 | In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a heap-based buffer overflow. |
| CVE-2018-7521 | 2018-03-21 | In Omron CX-Supervisor Versions 3.30 and prior, use after free vulnerabilities can be exploited when CX Supervisor parses a specially crafted project file. |
| CVE-2018-7523 | 2018-03-21 | In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a double free vulnerability. |
| CVE-2018-7525 | 2018-03-21 | In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability. |
| CVE-2016-10717 | 2018-03-21 | A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat... |
| CVE-2014-4912 | 2018-03-22 | An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation. |
| CVE-2018-8894 | 2018-03-22 | In 2345 Security Guard 3.6, the driver file (2345BdPcSafe.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input... |
| CVE-2018-8895 | 2018-03-22 | In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input... |
| CVE-2018-8896 | 2018-03-22 | In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input... |
| CVE-2018-8904 | 2018-03-22 | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of... |
| CVE-2018-8905 | 2018-03-22 | In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. |
| CVE-2018-8906 | 2018-03-22 | dsmall v20180320 has XSS via a crafted street address to public/index.php/home/memberaddress/index.html, which is mishandled at public/index.php/home/memberaddress/edit/address_id/2.html. |
| CVE-2017-17743 | 2018-03-22 | Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell... |
| CVE-2018-8899 | 2018-03-22 | IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations. |
| CVE-2018-8909 | 2018-03-22 | The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to... |
| CVE-2016-9711 | 2018-03-22 | IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveals sensitive information in detailed error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 119619. |
| CVE-2017-1571 | 2018-03-22 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly... |
| CVE-2017-1677 | 2018-03-22 | IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) deserializes the contents of /tmp/connlicj.bin which leads to object injection... |
| CVE-2017-1788 | 2018-03-22 | IBM WebSphere Application Server 9 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 137031. |
| CVE-2017-1789 | 2018-03-22 | IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034. |
| CVE-2018-1426 | 2018-03-22 | IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could... |
| CVE-2018-1427 | 2018-03-22 | IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) contains several environment variables that a local attacker could overflow and cause a denial of service.... |
| CVE-2018-1428 | 2018-03-22 | IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.... |
| CVE-2018-1448 | 2018-03-22 | IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) contains a vulnerability that could allow a local user to overwrite arbitrary files owned... |
| CVE-2018-0534 | 2018-03-22 | Cross-site scripting vulnerability in ArsenoL Version 0.5 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2018-0535 | 2018-03-22 | Cross-site scripting vulnerability in PHP 2chBBS version bbs18c allows an attacker to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2018-0536 | 2018-03-22 | Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via quiz.cgi. |
| CVE-2018-0537 | 2018-03-22 | Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via quiz_op.cgi. |
| CVE-2018-0538 | 2018-03-22 | Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2018-0539 | 2018-03-22 | QQQ SYSTEMS version 2.24 allows an attacker to execute arbitrary commands via unspecified vectors. |
| CVE-2018-0540 | 2018-03-22 | Untrusted search path vulnerability in ViX version 2.21.148.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2018-0541 | 2018-03-22 | Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker to cause a denial-of-service (DoS) condition or execute arbitrary code via unspecified vectors. |
| CVE-2018-0542 | 2018-03-22 | Directory traversal vulnerability in WebProxy version 1.7.8 allows an attacker to read arbitrary files via unspecified vectors. |
| CVE-2018-0552 | 2018-03-22 | Untrusted search path vulnerability in The installer of PhishWall Client Firefox and Chrome edition for Windows Ver. 5.1.26 and earlier allows an attacker to gain privileges via a Trojan horse... |
| CVE-2017-18094 | 2018-03-22 | Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allow remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via... |
| CVE-2018-5225 | 2018-03-22 | In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5... |
| CVE-2018-8930 | 2018-03-22 | The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3. |
| CVE-2018-8931 | 2018-03-22 | The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1. |
| CVE-2018-8932 | 2018-03-22 | The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4. |
| CVE-2018-8933 | 2018-03-22 | The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3. |
| CVE-2018-8934 | 2018-03-22 | The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW. |
| CVE-2018-8935 | 2018-03-22 | The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW. |
| CVE-2018-8936 | 2018-03-22 | The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation. |
| CVE-2017-0932 | 2018-03-22 | Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of validation on the input of the Feature functionality. An attacker with... |
| CVE-2017-0933 | 2018-03-22 | Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery (CSRF) vulnerability. An attacker with access to an operator (read-only) account could lure an admin (root) user... |
| CVE-2017-0934 | 2018-03-22 | Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed.... |
| CVE-2017-0935 | 2018-03-22 | Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed.... |
| CVE-2017-16771 | 2018-03-22 | Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter. |
| CVE-2017-16772 | 2018-03-22 | Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter. |
| CVE-2017-0920 | 2018-03-22 | GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name... |
| CVE-2017-16242 | 2018-03-22 | An issue was discovered on MECO USB Memory Stick with Fingerprint MECOZiolsamDE601 devices. The fingerprint authentication requirement for data access can be bypassed. An attacker with physical access can send... |
| CVE-2018-5349 | 2018-03-22 | A vulnerability has been found in Heimdal PRO v2.2.190, but it is most likely also present in Heimdal FREE and Heimdal CORP. Faulty permissions on the directory "C:\ProgramData\Heimdal Security\Heimdal Agent"... |
| CVE-2018-5731 | 2018-03-22 | An issue was discovered in Heimdal PRO 2.2.190. As part of the scanning feature, a process called md.hs writes an executable called CS1.tmp to C:\windows\TEMP. Afterwards the executable is run.... |
| CVE-2018-5502 | 2018-03-22 | On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with... |
| CVE-2018-5503 | 2018-03-22 | On F5 BIG-IP versions 13.0.0 - 13.1.0.3 or 12.0.0 - 12.1.3.1, TMM may restart when processing a specifically crafted page through a virtual server with an associated PEM policy that... |
| CVE-2018-5504 | 2018-03-22 | In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service (DoS) or possible remote code execution... |
| CVE-2018-5505 | 2018-03-22 | On F5 BIG-IP versions 13.1.0 - 13.1.0.3, when ASM and AVR are both provisioned, TMM may restart while processing DNS requests when the virtual server is configured with a DNS... |
| CVE-2018-5509 | 2018-03-22 | On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action,... |
| CVE-2018-7512 | 2018-03-22 | A cross-site scripting vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. |
| CVE-2018-7516 | 2018-03-22 | A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network scans. |
| CVE-2018-7520 | 2018-03-22 | An improper access control vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could allow a full configuration download, including passwords. |
| CVE-2018-7524 | 2018-03-22 | A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to... |
| CVE-2018-7528 | 2018-03-22 | An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data. |
| CVE-2018-7532 | 2018-03-22 | Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. |
| CVE-2018-8903 | 2018-03-22 | Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen. |
| CVE-2018-8945 | 2018-03-22 | The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation... |
| CVE-2017-18242 | 2018-03-22 | The apply_dependent_coupling function in libavcodec/aacdec.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file. |
| CVE-2017-18243 | 2018-03-22 | The unpack_parse_unit function in libavcodec/dirac_parser.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault) via a crafted file. |
| CVE-2017-18244 | 2018-03-22 | The stereo_processing function in libavcodec/aacps.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file, related to ff_ps_apply. |
| CVE-2018-8942 | 2018-03-22 | Xiuno BBS 4.0.0 has XSS in the adminpage sitename parameter. |
| CVE-2018-8943 | 2018-03-22 | There is a SQL injection in the PHPSHE 1.6 userbank parameter. |
| CVE-2018-8944 | 2018-03-22 | PHPOK 4.8.338 has an arbitrary file upload vulnerability. |
| CVE-2018-1000140 | 2018-03-23 | rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear... |
| CVE-2018-1207 | 2018-03-23 | Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI... |
| CVE-2018-1211 | 2018-03-23 | Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A... |
| CVE-2017-17736 | 2018-03-23 | Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard. |
| CVE-2017-15325 | 2018-03-23 | The Bdat driver of Prague smart phones with software versions earlier than Prague-AL00AC00B211, versions earlier than Prague-AL00BC00B211, versions earlier than Prague-AL00CC00B211, versions earlier than Prague-TL00AC01B211, versions earlier than Prague-TL10AC01B211 has... |
| CVE-2017-15326 | 2018-03-23 | DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated... |
| CVE-2018-7502 | 2018-03-23 | Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code... |
| CVE-2018-8948 | 2018-03-23 | In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has multiple XSS issues via a malicious MISP module. |
| CVE-2018-8949 | 2018-03-23 | An issue was discovered in app/Model/Attribute.php in MISP before 2.4.89. There is a critical API integrity bug, potentially allowing users to delete attributes of other events. A crafted edit for... |
| CVE-2017-18245 | 2018-03-23 | The mpc8_probe function in libavformat/mpc8.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted audio file. |
| CVE-2018-1000136 | 2018-03-23 | Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code... |
| CVE-2017-1524 | 2018-03-23 | IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request that could be used... |
| CVE-2017-1602 | 2018-03-23 | IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to access settings that they should not be able to using a specially crafted... |
| CVE-2017-1629 | 2018-03-23 | IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus... |
| CVE-2017-1655 | 2018-03-23 | IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus... |
| CVE-2017-1762 | 2018-03-23 | IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus... |
| CVE-2017-18246 | 2018-03-23 | The pcm_encode_frame function in libavcodec/pcm.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted media file. |
| CVE-2017-18247 | 2018-03-23 | The av_audio_fifo_size function in libavutil/audio_fifo.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted media file. |
| CVE-2018-1429 | 2018-03-23 | IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2018-8957 | 2018-03-23 | CoverCMS v1.1.6 has XSS via the fourth input box to index.php, related to admina/mconfigs.inc.php. |
| CVE-2018-8960 | 2018-03-23 | The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read. |
| CVE-2018-1000137 | 2018-03-23 | I, Librarian version 4.8 and earlier contains a Cross site Request Forgery (CSRF) vulnerability in users.php that can result in the password of the admin being forced to be changed... |
| CVE-2018-1000138 | 2018-03-23 | I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read... |
| CVE-2018-1000139 | 2018-03-23 | I, Librarian version 4.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in "id" parameter in stable.php that can result in an attacker using the XSS to send a... |
| CVE-2018-1000141 | 2018-03-23 | I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions. |
| CVE-2018-8961 | 2018-03-23 | In libming 0.4.8, the decompilePUSHPARAM function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. |
| CVE-2018-8962 | 2018-03-23 | In libming 0.4.8, the decompileSingleArgBuiltInFunctionCall function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. |