Lista CVE - 2018 / Maggio
Visualizzazione 801 - 900 di 1162 CVE per Maggio 2018 (Pagina 9 di 12)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2018-1310 | 2018-05-23 | Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. See ActiveMQ CVE-2015-5254 announcement for more information. The fix to upgrade the... |
| CVE-2017-9317 | 2018-05-23 | Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device... |
| CVE-2018-1193 | 2018-05-23 | Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement... |
| CVE-2018-10351 | 2018-05-23 | A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class.... |
| CVE-2018-10352 | 2018-05-23 | A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formConfiguration class.... |
| CVE-2018-10353 | 2018-05-23 | A SQL injection information disclosure vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to disclose sensitive information on vulnerable installations due to a flaw in... |
| CVE-2018-10354 | 2018-05-23 | A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw... |
| CVE-2018-10355 | 2018-05-23 | An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to recover user passwords on vulnerable installations due to a flaw in the DBCrypto class.... |
| CVE-2018-10356 | 2018-05-23 | A SQL injection remote code execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw... |
| CVE-2018-10357 | 2018-05-23 | A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop... |
| CVE-2018-11231 | 2018-05-23 | In the Divido plugin for OpenCart, there is SQL injection. Attackers can use SQL injection to get some confidential information. |
| CVE-2018-8898 | 2018-05-23 | A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated attackers to perform arbitrary modification (read, write) to passwords... |
| CVE-2018-10648 | 2018-05-23 | There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. |
| CVE-2018-10649 | 2018-05-23 | There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3. |
| CVE-2018-10650 | 2018-05-23 | There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. |
| CVE-2018-10651 | 2018-05-23 | There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. |
| CVE-2018-10652 | 2018-05-23 | There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3. |
| CVE-2018-10653 | 2018-05-23 | There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. |
| CVE-2018-10654 | 2018-05-23 | There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. |
| CVE-2018-6495 | 2018-05-23 | MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting |
| CVE-2018-10428 | 2018-05-23 | ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting. |
| CVE-2018-11399 | 2018-05-24 | SimpliSafe Original has Unencrypted Sensor Transmissions, which allows physically proximate attackers to obtain potentially sensitive information about the specific times when alarm-system events occur. |
| CVE-2018-11400 | 2018-05-24 | In SimpliSafe Original, the Base Station fails to detect tamper attempts: it does not send a notification if a physically proximate attacker removes the battery and external power. |
| CVE-2018-11401 | 2018-05-24 | In SimpliSafe Original, RF Interference (e.g., an extremely strong 433.92 MHz signal) by a physically proximate attacker does not cause a notification. |
| CVE-2018-11402 | 2018-05-24 | SimpliSafe Original has Unencrypted Keypad Transmissions, which allows physically proximate attackers to discover the PIN. |
| CVE-2018-11403 | 2018-05-24 | DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter. |
| CVE-2018-11404 | 2018-05-24 | DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter. |
| CVE-2018-11405 | 2018-05-24 | Kliqqi 2.0.2 has CSRF in admin/admin_users.php. |
| CVE-2018-11410 | 2018-05-24 | An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly have... |
| CVE-2018-11411 | 2018-05-24 | The transferFrom function of a smart contract implementation for DimonCoin (FUD), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain... |
| CVE-2017-9421 | 2018-05-24 | Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request... |
| CVE-2018-1000036 | 2018-05-24 | In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file. |
| CVE-2018-1000037 | 2018-05-24 | In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file. |
| CVE-2018-1000038 | 2018-05-24 | In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file. |
| CVE-2018-1000039 | 2018-05-24 | In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial... |
| CVE-2018-1000040 | 2018-05-24 | In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program... |
| CVE-2018-1000155 | 2018-05-24 | OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller.... |
| CVE-2018-1000199 | 2018-05-24 | The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code... |
| CVE-2018-1000300 | 2018-05-24 | curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a... |
| CVE-2018-1000301 | 2018-05-24 | curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data... |
| CVE-2018-9920 | 2018-05-24 | Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL. |
| CVE-2017-17158 | 2018-05-24 | Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the... |
| CVE-2017-17315 | 2018-05-24 | Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have a numeric errors vulnerability. An unauthenticated, remote attacker may send... |
| CVE-2018-7902 | 2018-05-24 | Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator.... |
| CVE-2018-7903 | 2018-05-24 | Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator.... |
| CVE-2018-7904 | 2018-05-24 | Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator.... |
| CVE-2018-7942 | 2018-05-24 | The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due... |
| CVE-2018-5485 | 2018-05-24 | NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3 are susceptible to a vulnerability which could lead to a privilege escalation attack. |
| CVE-2018-5487 | 2018-05-24 | NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to... |
| CVE-2018-11332 | 2018-05-24 | Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML... |
| CVE-2018-10593 | 2018-05-24 | A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system... |
| CVE-2018-10595 | 2018-05-24 | A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen... |
| CVE-2018-8013 | 2018-05-24 | In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the... |
| CVE-2018-11412 | 2018-05-24 | In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended... |
| CVE-2018-11413 | 2018-05-24 | An issue was discovered in BearAdmin 0.5. Remote attackers can download arbitrary files via /admin/databack/download.html?name= directory traversal sequences, as demonstrated by name=../application/database.php to read the MySQL credentials in the configuration. |
| CVE-2018-11414 | 2018-05-24 | An issue was discovered in BearAdmin 0.5. There is admin/admin_log/index.html?user_id= SQL injection because admin\controller\AdminLog.php constructs a MySQL query improperly. |
| CVE-2018-11415 | 2018-05-24 | SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases... |
| CVE-2018-11416 | 2018-05-24 | jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of realloc() and free(), which allows remote attackers to cause a denial of service (application crash) or possibly have... |
| CVE-2018-7526 | 2018-05-24 | In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able... |
| CVE-2017-14187 | 2018-05-24 | A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program... |
| CVE-2017-9664 | 2018-05-24 | In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01... |
| CVE-2018-11418 | 2018-05-24 | An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_utf8 function via a RegExp("[\\u0020") payload, related to re_parse_char_class in parser/regexp/re-parser.c. |
| CVE-2018-11419 | 2018-05-24 | An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function via a RegExp("[\\u0") payload, related to re_parse_char_class in parser/regexp/re-parser.c. |
| CVE-2018-7518 | 2018-05-24 | In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, an attacker with network access to the integrated web server could retrieve default or user defined credentials... |
| CVE-2013-3018 | 2018-05-24 | The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request,... |
| CVE-2013-3023 | 2018-05-24 | IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session... |
| CVE-2013-3024 | 2018-05-24 | IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362. |
| CVE-2018-5674 | 2018-05-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in... |
| CVE-2018-5675 | 2018-05-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in... |
| CVE-2018-5676 | 2018-05-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in... |
| CVE-2018-5677 | 2018-05-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in... |
| CVE-2018-5678 | 2018-05-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in... |
| CVE-2018-5679 | 2018-05-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in... |
| CVE-2018-5680 | 2018-05-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in... |
| CVE-2018-7406 | 2018-05-24 | An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability... |
| CVE-2018-7407 | 2018-05-24 | An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability... |
| CVE-2018-11440 | 2018-05-25 | Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c. |
| CVE-2018-1133 | 2018-05-25 | An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection. |
| CVE-2018-1134 | 2018-05-25 | An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL. |
| CVE-2018-1135 | 2018-05-25 | An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL. |
| CVE-2018-1136 | 2018-05-25 | An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a... |
| CVE-2018-1137 | 2018-05-25 | An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests... |
| CVE-2018-11442 | 2018-05-25 | A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation. |
| CVE-2018-11443 | 2018-05-25 | The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0. |
| CVE-2018-11444 | 2018-05-25 | A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0. |
| CVE-2018-11445 | 2018-05-25 | A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role. |
| CVE-2018-11468 | 2018-05-25 | The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html. |
| CVE-2018-6674 | 2018-05-25 | Privilege escalation vulnerability in McAfee VSE when McTray run with elevated privileges |
| CVE-2017-3961 | 2018-05-25 | SB10192 - Network Security Management (NSM) - Cross-Site Scripting (XSS) vulnerability |
| CVE-2018-6664 | 2018-05-25 | SB10233 - Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 - Application Protections Bypass vulnerability |
| CVE-2018-11469 | 2018-05-25 | Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related... |
| CVE-2017-1752 | 2018-05-25 | IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547. |
| CVE-2018-11470 | 2018-05-25 | iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel. |
| CVE-2018-1449 | 2018-05-25 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned... |
| CVE-2018-1450 | 2018-05-25 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned... |
| CVE-2018-1451 | 2018-05-25 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned... |
| CVE-2018-1452 | 2018-05-25 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned... |
| CVE-2018-1459 | 2018-05-25 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could... |
| CVE-2018-1467 | 2018-05-25 | The IBM Storwize V7000 Unified management Web interface 1.6 exposes internal cluster details to unauthenticated users. IBM X-Force ID: 140398. |
| CVE-2018-1488 | 2018-05-25 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary... |