Lista CVE - 2018 / Agosto
Visualizzazione 1 - 100 di 1013 CVE per Agosto 2018 (Pagina 1 di 11)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2016-8616 | 2018-08-01 | A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means... |
| CVE-2016-8619 | 2018-08-01 | The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free. |
| CVE-2016-8620 | 2018-08-01 | The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input. |
| CVE-2016-8623 | 2018-08-01 | A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure. |
| CVE-2016-8625 | 2018-08-01 | curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong... |
| CVE-2016-9573 | 2018-08-01 | An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially,... |
| CVE-2018-14775 | 2018-08-01 | tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has a Local Denial of Service (system crash) due to incorrect I/O port access control on the i386 architecture. |
| CVE-2018-11050 | 2018-08-01 | Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol (AMQP)... |
| CVE-2018-14776 | 2018-08-01 | Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authenticated users via an uploaded HTML document. |
| CVE-2016-8634 | 2018-08-01 | A vulnerability was found in foreman 1.14.0. When creating an organization or location in Foreman, if the name contains HTML then the second step of the wizard (/organizations/id/step2) will render... |
| CVE-2016-8635 | 2018-08-01 | It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys... |
| CVE-2016-8637 | 2018-08-01 | A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local... |
| CVE-2016-8639 | 2018-08-01 | It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization... |
| CVE-2018-1999026 | 2018-08-01 | A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host. |
| CVE-2018-1999025 | 2018-08-01 | A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to. |
| CVE-2018-1999027 | 2018-08-01 | An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in... |
| CVE-2018-1999028 | 2018-08-01 | An exposure of sensitive information vulnerability exists in Jenkins Accurev Plugin 0.7.16 and earlier in AccurevSCM.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. |
| CVE-2018-1999029 | 2018-08-01 | A cross-site scripting vulnerability exists in Jenkins Shelve Project Plugin 1.5 and earlier in ShelveProjectAction/index.jelly, ShelvedProjectsAction/index.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in... |
| CVE-2018-1999030 | 2018-08-01 | An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known... |
| CVE-2018-1999031 | 2018-08-01 | An exposure of sensitive information vulnerability exists in Jenkins meliora-testlab Plugin 1.14 and earlier in TestlabNotifier.java that allows attackers with file system access to the Jenkins master to obtain the... |
| CVE-2018-1999032 | 2018-08-01 | A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by... |
| CVE-2018-1999033 | 2018-08-01 | An exposure of sensitive information vulnerability exists in Jenkins Anchore Container Image Scanner Plugin 10.16 and earlier in AnchoreBuilder.java that allows attackers with Item/ExtendedRead permission or file system access to... |
| CVE-2018-1999034 | 2018-08-01 | A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to. |
| CVE-2018-1999035 | 2018-08-01 | A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to. |
| CVE-2018-1999036 | 2018-08-01 | An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read... |
| CVE-2018-1999037 | 2018-08-01 | A data modification vulnerability exists in Jenkins Resource Disposer Plugin 0.11 and earlier in AsyncResourceDisposer.java that allows attackers to stop tracking a resource. |
| CVE-2018-1999038 | 2018-08-01 | A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with... |
| CVE-2018-1999039 | 2018-08-01 | A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server... |
| CVE-2018-1999040 | 2018-08-01 | An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. |
| CVE-2018-1999041 | 2018-08-01 | An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain... |
| CVE-2016-8608 | 2018-08-01 | JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers... |
| CVE-2016-8641 | 2018-08-01 | A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to... |
| CVE-2016-8648 | 2018-08-01 | It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. An attacker... |
| CVE-2016-8653 | 2018-08-01 | It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. An attacker could use this flaw... |
| CVE-2016-9581 | 2018-08-01 | An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2. |
| CVE-2018-10916 | 2018-08-01 | It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when... |
| CVE-2017-5692 | 2018-08-01 | Out-of-bounds read condition in older versions of some Intel Graphics Driver for Windows code branches allows local users to perform a denial of service attack. |
| CVE-2018-12466 | 2018-08-01 | openbuildservice allowed deleting packages via project links |
| CVE-2018-12467 | 2018-08-01 | delete package via link exploit in open buildservice |
| CVE-2018-3650 | 2018-08-01 | Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivileged user to bypass URI sanitization via local vector. |
| CVE-2018-3662 | 2018-08-01 | Escalation of privilege in Intel Saffron MemoryBase before version 11.4 potentially allows an authorized user of the Saffron application to execute arbitrary code as root. |
| CVE-2018-3663 | 2018-08-01 | Escalation of privilege in Intel Saffron MemoryBase before 11.4 allows an authenticated user access to privileged information. |
| CVE-2018-3666 | 2018-08-01 | Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a non-paged pool overflow. |
| CVE-2018-3670 | 2018-08-01 | Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a buffer overflow. |
| CVE-2018-3671 | 2018-08-01 | Escalation of privilege in Intel Saffron admin application before 11.4 allows an authenticated user to access unauthorized information. |
| CVE-2018-3672 | 2018-08-01 | Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a system calls. |
| CVE-2018-3921 | 2018-08-01 | A memory corruption vulnerability exists in the PSD-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PSD image processed via the application can lead to a stack overflow, overwriting arbitrary... |
| CVE-2018-3922 | 2018-08-01 | A memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54. A specially crafted ANI image processed via the application can lead to a stack overflow, overwriting arbitrary... |
| CVE-2018-3923 | 2018-08-01 | A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary... |
| CVE-2016-8651 | 2018-08-01 | An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an... |
| CVE-2016-8654 | 2018-08-01 | A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected. |
| CVE-2016-9572 | 2018-08-01 | A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image,... |
| CVE-2016-9579 | 2018-08-01 | A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated... |
| CVE-2016-9580 | 2018-08-01 | An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow. |
| CVE-2016-8609 | 2018-08-01 | It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack... |
| CVE-2016-9583 | 2018-08-01 | An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input. |
| CVE-2018-10894 | 2018-08-01 | It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks. |
| CVE-2018-10896 | 2018-08-01 | The default cloud-init configuration, in cloud-init 0.6.2 and newer, included "ssh_deletekeys: 0", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning... |
| CVE-2018-10897 | 2018-08-01 | A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they... |
| CVE-2018-1595 | 2018-08-01 | IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input. IBM X-Force ID: 143622. |
| CVE-2016-8640 | 2018-08-01 | A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that... |
| CVE-2018-10618 | 2018-08-01 | Davolink DVW-3200N all version prior to Version 1.00.06. The device generates a weak password hash that is easily cracked, allowing a remote attacker to obtain the password for the device. |
| CVE-2018-8034 | 2018-08-01 | The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1... |
| CVE-2018-14777 | 2018-08-01 | An issue was discovered in DataLife Engine (DLE) through 13.0. An attacker can use XSS (related to the /addnews.html and /index.php?do=addnews URIs) to send a malicious script to unsuspecting Admins... |
| CVE-2018-3847 | 2018-08-01 | Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting... |
| CVE-2018-0391 | 2018-08-01 | A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. The vulnerability is due to... |
| CVE-2018-0397 | 2018-08-01 | A vulnerability in Cisco AMP for Endpoints Mac Connector Software installed on Apple macOS 10.12 could allow an unauthenticated, remote attacker to cause a kernel panic on an affected system,... |
| CVE-2018-0406 | 2018-08-01 | A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected or Document Object Model based (DOM-based) cross-site... |
| CVE-2018-0407 | 2018-08-01 | A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack... |
| CVE-2018-0408 | 2018-08-01 | A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack... |
| CVE-2018-0411 | 2018-08-01 | A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of... |
| CVE-2018-0413 | 2018-08-01 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary... |
| CVE-2018-12468 | 2018-08-01 | Arbitrary File Upload in GroupWise Administration Console |
| CVE-2018-3881 | 2018-08-01 | An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope v2416. A unauthenticated attacker could submit a specially crafted web request to FocalScope's server that could cause an XXE,... |
| CVE-2018-3924 | 2018-08-01 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory... |
| CVE-2018-3939 | 2018-08-01 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to... |
| CVE-2018-10624 | 2018-08-01 | Johnson Controls Metasys and BCPro Generation of Error Message Containing Sensitive Information |
| CVE-2015-9262 | 2018-08-01 | _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow. |
| CVE-2018-14835 | 2018-08-02 | Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping added to the tooltip information being displayed in multiple areas. |
| CVE-2018-14836 | 2018-08-02 | Subrion 4.2.1 is vulnerable to Improper Access control because user groups not having access to the Admin panel are able to access it (but not perform actions) if the Guests... |
| CVE-2018-14840 | 2018-08-02 | uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads). |
| CVE-2018-14838 | 2018-08-02 | rejucms 2.1 has stored XSS via the admin/book.php content parameter. |
| CVE-2018-14847 | 2018-08-02 | MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface. |
| CVE-2018-2933 | 2018-08-02 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Difficult to exploit vulnerability... |
| CVE-2018-3108 | 2018-08-02 | Vulnerability in the Oracle Fusion Middleware component of Oracle Fusion Middleware (subcomponent: Oracle Notification Service). Supported versions that are affected are 12.2.1.2 and 12.2.1.3. Difficult to exploit vulnerability allows low... |
| CVE-2018-3109 | 2018-08-02 | Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Supported versions that are affected are 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows low privileged... |
| CVE-2018-10920 | 2018-08-02 | Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache. |
| CVE-2018-12448 | 2018-08-02 | Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker... |
| CVE-2018-8032 | 2018-08-02 | Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. |
| CVE-2018-1336 | 2018-08-02 | An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat... |
| CVE-2018-1554 | 2018-08-02 | IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |
| CVE-2018-8037 | 2018-08-02 | If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user... |
| CVE-2017-9118 | 2018-08-02 | PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call. |
| CVE-2017-9120 | 2018-08-02 | PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of... |
| CVE-2018-7649 | 2018-08-02 | Monitorix before 3.10.1 allows XSS via CGI variables. |
| CVE-2018-10921 | 2018-08-02 | Certain input files may trigger an integer overflow in ttembed input file processing. This overflow could potentially lead to corruption of the input file due to a lack of checking... |
| CVE-2018-10922 | 2018-08-02 | An input validation flaw exists in ttembed. With a crafted input file, an attacker may be able to trigger a denial of service condition due to ttembed trusting attacker controlled... |
| CVE-2017-14444 | 2018-08-02 | An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the URL parameter during a firmware update request, leading to a... |
| CVE-2017-14445 | 2018-08-02 | An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the host parameter during a firmware update request, leading to a... |
| CVE-2017-14446 | 2018-08-02 | An exploitable stack-based buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation unsafely extracts parameters from the query string, leading to a buffer overflow... |