Lista CVE - 2018 / Luglio
Visualizzazione 1 - 100 di 2167 CVE per Luglio 2018 (Pagina 1 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2018-13033 | 2018-07-01 | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via... |
| CVE-2018-13037 | 2018-07-01 | An issue was discovered in jpeg-compressor 0.1. The bmp_load function in stb_image.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have... |
| CVE-2018-13038 | 2018-07-01 | OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. This vulnerability leads to uploading arbitrary PHP code via a .php filename with the... |
| CVE-2018-13039 | 2018-07-01 | OpenSID 18.06-pasca has reflected Cross Site Scripting (XSS) via the cari parameter, aka an index.php/first?cari= URI. |
| CVE-2018-13040 | 2018-07-01 | OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account (at the admin level) via the index.php/man_user/insert URI. |
| CVE-2018-13041 | 2018-07-01 | The mint function of a smart contract implementation for Link Platform (LNK), an Ethereum ERC20 token, has an integer overflow that allows the owner of the contract to set the... |
| CVE-2018-13043 | 2018-07-01 | scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing. |
| CVE-2018-13049 | 2018-07-02 | The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php. |
| CVE-2018-13050 | 2018-07-02 | A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request. |
| CVE-2018-0499 | 2018-07-02 | A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet(). |
| CVE-2018-13053 | 2018-07-02 | The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used. |
| CVE-2017-17175 | 2018-07-02 | Short Message Service (SMS) module of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.354(C00) has a Denial of Service (DoS) vulnerability. An unauthenticated attacker may set... |
| CVE-2017-17316 | 2018-07-02 | Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability. An unauthenticated, remote attacker has... |
| CVE-2017-17317 | 2018-07-02 | Common Open Policy Service Protocol (COPS) module in Huawei USG6300 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6500 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6600 V100R001C00; V100R001C20;... |
| CVE-2018-10874 | 2018-07-02 | In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a... |
| CVE-2018-8039 | 2018-07-02 | It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection to try to make the... |
| CVE-2018-13054 | 2018-07-02 | An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These... |
| CVE-2018-13056 | 2018-07-02 | An issue was discovered on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative path into the zzcms_main table and then making... |
| CVE-2018-10075 | 2018-07-02 | Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature. |
| CVE-2018-10076 | 2018-07-02 | An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnerability allows a remote attacker to inject arbitrary web script or HTML via the search functionality (the... |
| CVE-2018-12499 | 2018-07-02 | The Motorola MBP853 firmware does not correctly validate server certificates. This allows for a Man in The Middle (MiTM) attack to take place between a Motorola MBP853 camera and the... |
| CVE-2018-12528 | 2018-07-02 | An issue was discovered on Intex N150 devices. The backup/restore option does not check the file extension uploaded for importing a configuration files backup, which can lead to corrupting the... |
| CVE-2018-12529 | 2018-07-02 | An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF injection point vulnerabilities including changing user passwords and router settings. |
| CVE-2018-12574 | 2018-07-02 | CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices. |
| CVE-2018-12575 | 2018-07-02 | On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request. |
| CVE-2018-12576 | 2018-07-02 | TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking. |
| CVE-2018-12577 | 2018-07-02 | The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection. |
| CVE-2018-9276 | 2018-07-02 | An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command... |
| CVE-2018-10843 | 2018-07-02 | source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in... |
| CVE-2018-12426 | 2018-07-02 | The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a... |
| CVE-2018-12891 | 2018-07-02 | An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt... |
| CVE-2018-12892 | 2018-07-02 | An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an... |
| CVE-2018-12893 | 2018-07-02 | An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an... |
| CVE-2018-12896 | 2018-07-02 | An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending... |
| CVE-2018-13066 | 2018-07-02 | There is a memory leak in util/parser.c in libming 0.4.8, which will lead to a denial of service via parseSWF_DEFINEBUTTON2, parseSWF_DEFINEFONT, parseSWF_DEFINEFONTINFO, parseSWF_DEFINELOSSLESS, parseSWF_DEFINESPRITE, parseSWF_DEFINETEXT, parseSWF_DOACTION, parseSWF_FILLSTYLEARRAY, parseSWF_FRAMELABEL, parseSWF_LINESTYLEARRAY, parseSWF_PLACEOBJECT2,... |
| CVE-2018-13067 | 2018-07-02 | /upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password. |
| CVE-2018-1212 | 2018-07-02 | Authenticated remote code execution in iDRAC 6 |
| CVE-2018-1243 | 2018-07-02 | iDRAC6/iDRAC7/iDRAC8 - Weak CGI session ID vulnerability |
| CVE-2018-1244 | 2018-07-02 | iDRAC7/iDRAC8/iDrac9 contains a command injection vulnerability in the SNMP agent. |
| CVE-2018-1249 | 2018-07-02 | iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to iDRAC web server for certain URLs |
| CVE-2017-2615 | 2018-07-02 | Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in... |
| CVE-2018-1080 | 2018-07-02 | Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is... |
| CVE-2018-10855 | 2018-07-02 | Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive... |
| CVE-2018-10856 | 2018-07-02 | It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the... |
| CVE-2018-1113 | 2018-07-02 | setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access... |
| CVE-2018-10596 | 2018-07-02 | Medtronic 2090 Carelink Programmer Improper Restriction of Communication Channel to Intended Endpoints |
| CVE-2018-8868 | 2018-07-02 | Medtronic MyCareLink Patient Monitor Exposed Dangerous Method or Function |
| CVE-2018-8870 | 2018-07-02 | Medtronic MyCareLink Patient Monitor Use of Hard-coded Password |
| CVE-2018-13068 | 2018-07-02 | The mintToken function of a smart contract implementation for AzurionToken (AZU), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of... |
| CVE-2018-13069 | 2018-07-02 | The mintToken function of a smart contract implementation for DYchain (DYC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of... |
| CVE-2018-13070 | 2018-07-02 | The mintToken function of a smart contract implementation for EncryptedToken (ECC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of... |
| CVE-2018-13071 | 2018-07-02 | The mintToken function of a smart contract implementation for CCindex10 (T10), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of... |
| CVE-2018-13072 | 2018-07-02 | The mintToken function of a smart contract implementation for Coffeecoin (COFFEE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of... |
| CVE-2018-13073 | 2018-07-02 | The mintToken function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of... |
| CVE-2018-13074 | 2018-07-02 | The mintToken function of a smart contract implementation for FIBToken (FIB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of... |
| CVE-2018-13075 | 2018-07-02 | The mintToken function of a smart contract implementation for Carbon Exchange Coin Token (CEC), an Ethereum token, has an integer overflow that allows the owner of the contract to set... |
| CVE-2018-13076 | 2018-07-02 | The mintToken function of a smart contract implementation for Betcash (BC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of... |
| CVE-2018-13077 | 2018-07-02 | The mintToken function of a smart contract implementation for CTB, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an... |
| CVE-2018-13078 | 2018-07-02 | The mintToken function of a smart contract implementation for Jitech (JTH), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of... |
| CVE-2018-13079 | 2018-07-02 | The mintToken function of a smart contract implementation for GoodTo (GTO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of... |
| CVE-2018-13080 | 2018-07-02 | The mintToken function of a smart contract implementation for Goutex (GTX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of... |
| CVE-2018-13081 | 2018-07-02 | The mintToken function of a smart contract implementation for GZS Token (GZS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance... |
| CVE-2018-13082 | 2018-07-02 | The mintToken function of a smart contract implementation for MODI Token (MODI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance... |
| CVE-2018-13083 | 2018-07-02 | The mintToken function of a smart contract implementation for Plaza Token (PLAZA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance... |
| CVE-2018-13084 | 2018-07-02 | The mintToken function of a smart contract implementation for Good Time Coin (GTY), an Ethereum token, has an integer overflow that allows the owner of the contract to set the... |
| CVE-2018-13085 | 2018-07-02 | The mintToken function of a smart contract implementation for FreeCoin (FREE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of... |
| CVE-2018-13086 | 2018-07-02 | The mintToken function of a smart contract implementation for IADOWR Coin (IAD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance... |
| CVE-2018-13087 | 2018-07-02 | The mintToken function of a smart contract implementation for Coinstar (CSTR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of... |
| CVE-2018-13088 | 2018-07-02 | The mintToken function of a smart contract implementation for Futures Pease (FP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance... |
| CVE-2018-13089 | 2018-07-02 | The mintToken function of a smart contract implementation for Universal Coin (UCOIN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance... |
| CVE-2018-13090 | 2018-07-02 | The mintToken function of a smart contract implementation for YiTongCoin (YTC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of... |
| CVE-2018-13091 | 2018-07-02 | The mintToken function of a smart contract implementation for sumocoin (SUMO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of... |
| CVE-2018-13092 | 2018-07-02 | The mintToken function of a smart contract implementation for Reimburse Token (REIM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance... |
| CVE-2018-11314 | 2018-07-03 | The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network... |
| CVE-2018-13113 | 2018-07-03 | The transfer and transferFrom functions of a smart contract implementation for Easy Trading Token (ETT), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third... |
| CVE-2018-13093 | 2018-07-03 | An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks... |
| CVE-2018-13094 | 2018-07-03 | An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. |
| CVE-2018-13095 | 2018-07-03 | An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an... |
| CVE-2018-13096 | 2018-07-03 | An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when... |
| CVE-2018-13097 | 2018-07-03 | An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. There is an out-of-bounds read or a divide-by-zero error for an incorrect user_block_count in a corrupted f2fs image,... |
| CVE-2018-13098 | 2018-07-03 | An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in... |
| CVE-2018-13099 | 2018-07-03 | An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in... |
| CVE-2018-13100 | 2018-07-03 | An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error. |
| CVE-2018-12255 | 2018-07-03 | An XSS issue was discovered in InvoicePlane 1.5.10 via the "Quote PDF Password(Optional)" field. |
| CVE-2018-13065 | 2018-07-03 | ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core... |
| CVE-2018-13101 | 2018-07-03 | KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from a privilege escalation vulnerability in the WCF endpoint. The exposed methods allow read and write access to the Windows registry and control of... |
| CVE-2018-11746 | 2018-07-03 | Puppet Discovery can leak authentication information |
| CVE-2018-4851 | 2018-07-03 | A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could cause a Denial-of-Service condition by sending... |
| CVE-2018-4852 | 2018-07-03 | A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mechanism if... |
| CVE-2018-4853 | 2018-07-03 | A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the firmware of the device. |
| CVE-2018-4854 | 2018-07-03 | A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the administrative client stored on... |
| CVE-2018-4855 | 2018-07-03 | A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow... |
| CVE-2018-4856 | 2018-07-03 | A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with administrative access to the device's management interface could lock out legitimate users.... |
| CVE-2018-7763 | 2018-07-03 | The vulnerability exists within css.inc.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The 'css' parameter contains a directory traversal vulnerability. |
| CVE-2018-7764 | 2018-07-03 | The vulnerability exists within runscript.php applet in Schneider Electric U.motion Builder software versions prior to v1.3.4. There is a directory traversal vulnerability in the processing of the 's' parameter of... |
| CVE-2018-7765 | 2018-07-03 | The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the object_id... |
| CVE-2018-7766 | 2018-07-03 | The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id... |
| CVE-2018-7767 | 2018-07-03 | The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the type... |
| CVE-2018-7768 | 2018-07-03 | The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the tpl... |
| CVE-2018-7769 | 2018-07-03 | The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id... |