Lista CVE - 2018 / Luglio
Visualizzazione 1501 - 1600 di 2167 CVE per Luglio 2018 (Pagina 16 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2018-0346 | 2018-07-18 | A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected... |
| CVE-2018-0347 | 2018-07-18 | A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.... |
| CVE-2018-0348 | 2018-07-18 | A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due... |
| CVE-2018-0349 | 2018-07-18 | A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due... |
| CVE-2018-0350 | 2018-07-18 | A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability... |
| CVE-2018-0351 | 2018-07-18 | A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability... |
| CVE-2018-0372 | 2018-07-18 | A vulnerability in the DHCPv6 feature of the Cisco Nexus 9000 Series Fabric Switches in Application-Centric Infrastructure (ACI) Mode could allow an unauthenticated, remote attacker to cause the device to... |
| CVE-2018-0374 | 2018-07-18 | A vulnerability in the Policy Builder database of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database. The vulnerability is... |
| CVE-2018-0375 | 2018-07-18 | A vulnerability in the Cluster Manager of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which... |
| CVE-2018-0376 | 2018-07-18 | A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy Builder interface. The vulnerability is due to... |
| CVE-2018-0377 | 2018-07-18 | A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The... |
| CVE-2018-0379 | 2018-07-18 | Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a... |
| CVE-2018-0380 | 2018-07-18 | Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a... |
| CVE-2018-0387 | 2018-07-18 | A vulnerability in Cisco Webex Teams (for Windows and macOS) could allow an unauthenticated, remote attacker to execute arbitrary code on the user's device, possibly with elevated privileges. The vulnerability... |
| CVE-2018-0390 | 2018-07-18 | A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based (DOM-based) cross-site scripting (XSS) attack against the user of... |
| CVE-2018-0392 | 2018-07-18 | A vulnerability in the CLI of Cisco Policy Suite could allow an authenticated, local attacker to access files owned by another user. The vulnerability is due to insufficient access control... |
| CVE-2018-0393 | 2018-07-18 | A Read-Only User Effect Change vulnerability in the Policy Builder interface of Cisco Policy Suite could allow an authenticated, remote attacker to make policy changes in the Policy Builder interface.... |
| CVE-2018-0394 | 2018-07-18 | A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to obtain restricted shell access on an affected system. The vulnerability... |
| CVE-2018-0396 | 2018-07-18 | A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack... |
| CVE-2018-0398 | 2018-07-18 | Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack. Cisco Bug IDs: CSCvg71018. |
| CVE-2018-0399 | 2018-07-18 | Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. Cisco Bug IDs: CSCvg71044. |
| CVE-2018-0400 | 2018-07-18 | Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user... |
| CVE-2018-0401 | 2018-07-18 | Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user... |
| CVE-2018-0402 | 2018-07-18 | Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. Cisco... |
| CVE-2018-0403 | 2018-07-18 | Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to retrieve a cleartext password. Cisco Bug IDs: CSCvg71040. |
| CVE-2018-14403 | 2018-07-19 | MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to use of an inappropriate data type for associated atoms. The resulting type confusion can cause out-of-bounds memory... |
| CVE-2018-14339 | 2018-07-19 | In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and... |
| CVE-2018-14340 | 2018-07-19 | In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid... |
| CVE-2018-14341 | 2018-07-19 | In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing... |
| CVE-2018-14342 | 2018-07-19 | In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path... |
| CVE-2018-14343 | 2018-07-19 | In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not... |
| CVE-2018-14344 | 2018-07-19 | In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid... |
| CVE-2018-14367 | 2018-07-19 | In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition. |
| CVE-2018-14368 | 2018-07-19 | In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling... |
| CVE-2018-14369 | 2018-07-19 | In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before... |
| CVE-2018-14370 | 2018-07-19 | In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read. |
| CVE-2018-14392 | 2018-07-19 | The New Threads plugin before 1.2 for MyBB has XSS. |
| CVE-2018-14394 | 2018-07-19 | libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file. |
| CVE-2018-14395 | 2018-07-19 | libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to... |
| CVE-2018-14399 | 2018-07-19 | libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php#.jpg URI in the SRC attribute of an IMG element within info[content] JSON data... |
| CVE-2018-14401 | 2018-07-19 | CopyData in AxmlParser.c in AXML Parser through 2018-01-04 has an out-of-bounds read. |
| CVE-2018-14402 | 2018-07-19 | axmldec 1.2.0 has an out-of-bounds write in the jitana::axml_parser::parse_start_namespace function in lib/jitana/util/axml_parser.cpp. |
| CVE-2016-9574 | 2018-07-19 | nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA. |
| CVE-2017-2673 | 2018-07-19 | An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related... |
| CVE-2017-7481 | 2018-07-19 | Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to... |
| CVE-2018-12911 | 2018-07-19 | WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c. |
| CVE-2018-14404 | 2018-07-19 | A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL... |
| CVE-2018-1529 | 2018-07-19 | IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through 6.0.5 and IBM Rational Requirements Composer 5.0 through 5.0.2 are vulnerable to cross-site scripting. This vulnerability allows users to embed... |
| CVE-2018-1535 | 2018-07-19 | IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site... |
| CVE-2018-1536 | 2018-07-19 | IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site... |
| CVE-2018-1585 | 2018-07-19 | IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site... |
| CVE-2018-1587 | 2018-07-19 | IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 could reveal technical error... |
| CVE-2018-5532 | 2018-07-19 | On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent... |
| CVE-2018-5533 | 2018-07-19 | Under certain conditions on F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic. |
| CVE-2018-5534 | 2018-07-19 | Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 12.1.0-12.1.3.1, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic. |
| CVE-2018-5535 | 2018-07-19 | On F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.5.1-11.6.3 specifically crafted HTTP responses, when processed by a Virtual Server with an associated QoE profile that has Video enabled, may cause TMM... |
| CVE-2018-5540 | 2018-07-19 | On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably... |
| CVE-2018-14332 | 2018-07-19 | An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference in the Init call in... |
| CVE-2014-0243 | 2018-07-19 | Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job. |
| CVE-2014-2302 | 2018-07-19 | The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org. |
| CVE-2018-7602 | 2018-07-19 | Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004 |
| CVE-2018-14415 | 2018-07-19 | An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=add screen. |
| CVE-2018-14418 | 2018-07-19 | In Msvod Cms v10, SQL Injection exists via an images/lists?cid= URI. |
| CVE-2018-14419 | 2018-07-19 | MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page. |
| CVE-2018-14420 | 2018-07-19 | MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI. |
| CVE-2018-14421 | 2018-07-19 | SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php). The code is executed by visiting /details/index.php. This can... |
| CVE-2018-14422 | 2018-07-19 | blog/index.php in SansCMS 0.7 has XSS via the q parameter. |
| CVE-2018-8018 | 2018-07-19 | In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code... |
| CVE-2018-14423 | 2018-07-19 | Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). |
| CVE-2018-9062 | 2018-07-19 | BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack |
| CVE-2018-10620 | 2018-07-19 | AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based... |
| CVE-2018-3857 | 2018-07-19 | An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write,... |
| CVE-2018-3858 | 2018-07-19 | An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write,... |
| CVE-2018-3859 | 2018-07-19 | An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write,... |
| CVE-2018-3860 | 2018-07-19 | An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write,... |
| CVE-2018-3870 | 2018-07-19 | An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write,... |
| CVE-2018-3871 | 2018-07-19 | An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write,... |
| CVE-2018-12959 | 2018-07-19 | The approveAndCall function of a smart contract implementation for Aditus (ADI), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all contract balances into their account). |
| CVE-2018-14336 | 2018-07-19 | TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses. |
| CVE-2018-10869 | 2018-07-19 | redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd. |
| CVE-2018-10870 | 2018-07-19 | redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution. |
| CVE-2017-18343 | 2018-07-20 | The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as... |
| CVE-2018-14434 | 2018-07-20 | ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. |
| CVE-2018-14435 | 2018-07-20 | ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. |
| CVE-2018-14436 | 2018-07-20 | ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. |
| CVE-2018-14437 | 2018-07-20 | ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. |
| CVE-2018-14438 | 2018-07-20 | In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily. |
| CVE-2018-14446 | 2018-07-20 | MP4Integer32Property::Read in atom_avcC.cpp in MP4v2 2.1.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted... |
| CVE-2018-14439 | 2018-07-20 | espritblock eos4j, an unofficial SDK for EOS, through 2018-07-12 mishandles floating-point numbers with more than four digits after the decimal point, which might allow attackers to trigger currency transfers of... |
| CVE-2018-14440 | 2018-07-20 | An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. SQL injection exists via the admin/noticeManageAction_queryNotice.action noticeInfo parameter. |
| CVE-2018-14441 | 2018-07-20 | An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. admin/admin/fileUploadAction_fileUpload.action allows arbitrary file upload, as demonstrated by a .jsp file with the image/jpeg content type. |
| CVE-2016-10727 | 2018-07-20 | camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use... |
| CVE-2018-14442 | 2018-07-20 | Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free that leads to Remote Code Execution, aka V-88f4smlocs. |
| CVE-2018-14443 | 2018-07-20 | get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV). |
| CVE-2018-14444 | 2018-07-20 | libdxfrw 0.6.3 has an Integer Overflow in dwgCompressor::decompress18 in dwgutil.cpp, leading to an out-of-bounds read and application crash. |
| CVE-2018-14445 | 2018-07-20 | In Bento4 v1.5.1-624, AP4_File::ParseStream in Ap4File.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 file. |
| CVE-2018-14447 | 2018-07-20 | trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds read. |
| CVE-2018-14448 | 2018-07-20 | Codec::parse in track.cpp in Untrunc through 2018-06-07 has a NULL pointer dereference via a crafted MP4 file because of improper interaction with libav. |
| CVE-2018-14449 | 2018-07-20 | An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp. |
| CVE-2018-14450 | 2018-07-20 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "update dimension region's chunks" feature of the function gig::Region::UpdateChunks in gig.cpp. |