Lista CVE - 2018 / Agosto
Visualizzazione 1001 - 1013 di 1013 CVE per Agosto 2018 (Pagina 11 di 11)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2018-7685 | 2018-08-31 | libzypp does not reevaluate malicious rpms once downloaded |
| CVE-2018-16276 | 2018-08-31 | An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver... |
| CVE-2018-16278 | 2018-08-31 | phpkaiyuancms PhpOpenSourceCMS (POSCMS) V3.2.0 allows an unauthenticated user to execute arbitrary SQL commands via the diy/module/member/controllers/Api.php ajax_save_draft function with the dir parameter. |
| CVE-2018-3787 | 2018-08-31 | Path traversal in simplehttpserver <v0.2.1 allows listing any file on the server. |
| CVE-2018-11054 | 2018-08-31 | RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service. |
| CVE-2018-11055 | 2018-08-31 | RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded... |
| CVE-2018-11056 | 2018-08-31 | RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability... |
| CVE-2018-11057 | 2018-08-31 | RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a... |
| CVE-2018-6257 | 2018-08-31 | NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges,... |
| CVE-2018-6258 | 2018-08-31 | NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a Man-in-the-Middle (MitM) attack to... |
| CVE-2018-6259 | 2018-08-31 | NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where limited information... |
| CVE-2018-16298 | 2018-08-31 | An issue was discovered in MiniCMS 1.10. There is an mc-admin/post.php?tag= XSS vulnerability for a state=delete, state=draft, or state=publish request. |
| CVE-2018-15514 | 2018-09-01 | HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would... |
| CVE-2018-15157 | 2018-09-01 | The libfsclfs_block_read function in libfsclfs_block.c in libfsclfs before 2018-07-25 allows remote attackers to cause a heap-based buffer over-read via a crafted clfs file. NOTE: the vendor has disputed this as... |
| CVE-2018-15158 | 2018-09-01 | The libesedb_page_read_values function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as... |
| CVE-2018-15159 | 2018-09-01 | The libesedb_page_read_tags function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as... |
| CVE-2018-15160 | 2018-09-01 | The libesedb_catalog_definition_read function in libesedb_catalog_definition.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as... |
| CVE-2018-15161 | 2018-09-01 | The libesedb_key_append_data function in libesedb_key.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as... |
| CVE-2018-16302 | 2018-09-01 | MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted file. |
| CVE-2018-16303 | 2018-09-01 | PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564. |
| CVE-2018-16308 | 2018-09-01 | The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. |
| CVE-2018-16313 | 2018-09-01 | Bludit 2.3.4 allows XSS via a user name. |
| CVE-2018-16314 | 2018-09-01 | An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an... |
| CVE-2018-16315 | 2018-09-01 | In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add. |
| CVE-2018-16316 | 2018-09-01 | A stored Cross-site scripting (XSS) vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field. |
| CVE-2018-16320 | 2018-09-01 | idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file. |
| CVE-2018-16323 | 2018-09-01 | ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library... |
| CVE-2018-16324 | 2018-09-01 | In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. |
| CVE-2018-16325 | 2018-09-01 | There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field. |
| CVE-2018-16327 | 2018-09-01 | There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration. |
| CVE-2018-16328 | 2018-09-01 | In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. |
| CVE-2018-16329 | 2018-09-01 | In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c. |
| CVE-2018-16330 | 2018-09-02 | Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element. |
| CVE-2018-16331 | 2018-09-02 | admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password. |
| CVE-2018-16332 | 2018-09-02 | An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability. |
| CVE-2018-16333 | 2018-09-02 | An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While... |
| CVE-2018-16334 | 2018-09-02 | An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection. |
| CVE-2018-16335 | 2018-09-02 | newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact... |
| CVE-2018-16336 | 2018-09-02 | Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999. |
| CVE-2018-16337 | 2018-09-02 | An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save. |
| CVE-2018-16338 | 2018-09-02 | An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a... |
| CVE-2018-16339 | 2018-09-02 | An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser. |
| CVE-2018-16342 | 2018-09-02 | ShowDoc v1.8.0 has XSS via a new page. |
| CVE-2018-16343 | 2018-09-02 | SeaCMS 6.61 allows remote attackers to execute arbitrary code because parseIf() in include/main.class.php does not block use of $GLOBALS. |
| CVE-2018-16344 | 2018-09-02 | An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access... |
| CVE-2018-16345 | 2018-09-02 | An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent. |
| CVE-2018-16346 | 2018-09-02 | ChemCMS 1.0.6 has XSS via the "setting -> website information" field. |
| CVE-2018-16347 | 2018-09-02 | An issue was discovered in Gleez CMS v1.2.0. There is XSS via media/imagecache/resize. |
| CVE-2018-16348 | 2018-09-02 | SeaCMS V6.61 has XSS via the admin_video.php v_content parameter, related to the site name. |
| CVE-2018-16349 | 2018-09-02 | WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter. |
| CVE-2018-16350 | 2018-09-02 | WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter. |
| CVE-2018-16352 | 2018-09-02 | There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is... |
| CVE-2018-16353 | 2018-09-02 | An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the /index.php/Customer/read limit parameter. |
| CVE-2018-16354 | 2018-09-02 | An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the index.php/User/read limit parameter. |
| CVE-2018-16358 | 2018-09-02 | A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file... |
| CVE-2018-16359 | 2018-09-02 | Google gVisor before 2018-08-23, within the seccomp sandbox, permits access to the renameat system call, which allows attackers to rename files on the host OS. |
| CVE-2018-16362 | 2018-09-02 | An issue was discovered in the Source Integration plugin before 1.5.9 and 2.x before 2.1.5 for MantisBT. A cross-site scripting (XSS) vulnerability in the Manage Repository and Changesets List pages... |
| CVE-2018-16365 | 2018-09-02 | An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF. |
| CVE-2018-16366 | 2018-09-02 | An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF. |
| CVE-2018-16367 | 2018-09-02 | In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file anywhere. A user can write a directory listing to /tmp, and can leak file... |
| CVE-2018-16368 | 2018-09-03 | SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. |
| CVE-2018-16369 | 2018-09-03 | XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE:... |
| CVE-2018-16370 | 2018-09-03 | In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team&m=Setting&a=upgrade by placing a .php file in a ZIP archive. |
| CVE-2018-16371 | 2018-09-03 | PESCMS Team 2.2.1 has multiple reflected XSS via the keyword parameter: g=Team&m=User&a=index&keyword=, g=Team&m=User_group&a=index&keyword=, g=Team&m=Department&a=index&keyword=, and g=Team&m=Bulletin&a=index&keyword=. |
| CVE-2018-16372 | 2018-09-03 | The issue was discovered in IdeaCMS through 2016-04-30. There is reflected XSS via the index.php?c=content&a=search kw parameter. NOTE: this product is discontinued. |
| CVE-2018-16373 | 2018-09-03 | Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save. |
| CVE-2018-16374 | 2018-09-03 | Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings. |
| CVE-2018-16375 | 2018-09-03 | An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow. |
| CVE-2018-16376 | 2018-09-03 | An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote... |
| CVE-2018-16379 | 2018-09-03 | Ogma CMS 0.4 Beta has XSS via the "Footer Text footer" field on the "Theme/Theme Options" screen. |
| CVE-2018-16380 | 2018-09-03 | An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF vulnerability in users.php?action=createnew that can add an admin account. |
| CVE-2018-16384 | 2018-09-03 | A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and... |
| CVE-2018-16382 | 2018-09-03 | Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c. |
| CVE-2018-16385 | 2018-09-03 | ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string. |
| CVE-2018-16387 | 2018-09-03 | An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF vulnerability that can add an account via user/add. |
| CVE-2018-16391 | 2018-09-03 | Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause... |
| CVE-2018-16392 | 2018-09-03 | Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause... |
| CVE-2018-16393 | 2018-09-03 | Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to... |
| CVE-2018-16397 | 2018-09-03 | In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file, |
| CVE-2018-16398 | 2018-09-03 | In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=\/start to bypass a policy in which "docker start" is allowed but "docker pause" is not allowed. |
| CVE-2018-16402 | 2018-09-03 | libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. |
| CVE-2018-16403 | 2018-09-03 | libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash. |
| CVE-2018-16405 | 2018-09-03 | An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS. |
| CVE-2018-16406 | 2018-09-03 | An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app has XSS via a crafted cabinet label. |
| CVE-2018-16407 | 2018-09-03 | An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled. |
| CVE-2018-16408 | 2018-09-03 | D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access. |
| CVE-2018-16409 | 2018-09-03 | In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF. |
| CVE-2018-16410 | 2018-09-03 | Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php. |
| CVE-2018-16412 | 2018-09-03 | ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function. |
| CVE-2018-16413 | 2018-09-03 | ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function. |
| CVE-2018-16416 | 2018-09-03 | Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password. |
| CVE-2018-16418 | 2018-09-04 | A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of... |
| CVE-2018-16419 | 2018-09-04 | Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause... |
| CVE-2018-16420 | 2018-09-04 | Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to... |
| CVE-2018-16421 | 2018-09-04 | Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause... |
| CVE-2018-16422 | 2018-09-04 | A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards... |
| CVE-2018-16423 | 2018-09-04 | A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a... |
| CVE-2018-16424 | 2018-09-04 | A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to... |
| CVE-2018-16425 | 2018-09-04 | A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause... |
| CVE-2018-16426 | 2018-09-04 | Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or... |