Lista CVE - 2018 / Agosto
Visualizzazione 101 - 200 di 1013 CVE per Agosto 2018 (Pagina 2 di 11)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2017-16338 | 2018-08-02 | An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01bad0 the value for the host key is copied using... |
| CVE-2017-16339 | 2018-08-02 | An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01bb1c the value for the uri key is copied using... |
| CVE-2017-16340 | 2018-08-02 | An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c0e8 the value for the s_dport key is copied using... |
| CVE-2017-16341 | 2018-08-02 | An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c224 the value for the s_vol_play key is copied using... |
| CVE-2017-16342 | 2018-08-02 | An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c254 the value for the s_vol_dim_delta key is copied using... |
| CVE-2017-16343 | 2018-08-02 | An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c284 the value for the s_vol_brt_delta key is copied using... |
| CVE-2017-16344 | 2018-08-02 | An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c2c8 the value for the s_url key is copied using... |
| CVE-2017-16345 | 2018-08-02 | An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c318 the value for the s_port key is copied using... |
| CVE-2017-16346 | 2018-08-02 | An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c368 the value for the s_mac key is copied using... |
| CVE-2017-16347 | 2018-08-02 | An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01e7d4 the value for the s_vol key is copied using... |
| CVE-2017-16349 | 2018-08-02 | An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in... |
| CVE-2018-14851 | 2018-08-02 | exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application... |
| CVE-2018-3834 | 2018-08-02 | An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests.... |
| CVE-2018-1154 | 2018-08-02 | In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server... |
| CVE-2018-1155 | 2018-08-02 | In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area.... |
| CVE-2018-14858 | 2018-08-02 | An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. NOTE: this vulnerability... |
| CVE-2017-6213 | 2018-08-02 | paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution. |
| CVE-2017-6215 | 2018-08-02 | paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution. |
| CVE-2018-14872 | 2018-08-03 | An issue was discovered in Rincewind 0.1. A reinstall vulnerability exists because the parameter p of index.php and another file named commonPages.php allows an attacker to reinstall the product, with... |
| CVE-2018-14873 | 2018-08-03 | An issue was discovered in Rincewind 0.1. There is a cross-site scripting (XSS) vulnerability involving a p=account request to index.php and another file named commonPages.php. |
| CVE-2018-14876 | 2018-08-03 | An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3. Attackers can trigger a longjmp that leads to an uninitialized stack frame after a libpng... |
| CVE-2018-14877 | 2018-08-03 | An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site Language, Site Title, Site Description, and Site Keywords on the SETTINGS page. |
| CVE-2018-14883 | 2018-08-03 | An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of... |
| CVE-2018-14884 | 2018-08-03 | An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c... |
| CVE-2018-5489 | 2018-08-03 | NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which may have been intended to be restricted to administrators or privileged users. 7MTT versions below... |
| CVE-2018-6590 | 2018-08-03 | CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability. |
| CVE-2017-8316 | 2018-08-03 | IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml. |
| CVE-2018-1524 | 2018-08-03 | IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due... |
| CVE-2018-12482 | 2018-08-03 | OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues. |
| CVE-2018-12483 | 2018-08-03 | OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in... |
| CVE-2018-14417 | 2018-08-03 | A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv... |
| CVE-2018-14473 | 2018-08-03 | OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order... |
| CVE-2018-14497 | 2018-08-03 | Tenda D152 ADSL routers allow XSS via a crafted SSID. |
| CVE-2018-14541 | 2018-08-03 | PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields. |
| CVE-2018-14593 | 2018-08-03 | An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent... |
| CVE-2018-13416 | 2018-08-03 | In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability... |
| CVE-2018-14574 | 2018-08-03 | django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect. |
| CVE-2018-14773 | 2018-08-03 | An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises... |
| CVE-2018-14774 | 2018-08-03 | An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache,... |
| CVE-2017-15358 | 2018-08-03 | Race condition in the Charles Proxy Settings suid binary in Charles Proxy before 4.2.1 allows local users to gain privileges via vectors involving the --self-repair option. |
| CVE-2018-12605 | 2018-08-03 | An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a... |
| CVE-2018-12606 | 2018-08-03 | An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a... |
| CVE-2018-12607 | 2018-08-03 | An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to... |
| CVE-2018-12989 | 2018-08-03 | The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrator, which allows local... |
| CVE-2018-13055 | 2018-08-03 | A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a... |
| CVE-2018-14504 | 2018-08-03 | An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit... |
| CVE-2018-14576 | 2018-08-03 | The mintTokens function of a smart contract implementation for SunContract, an Ethereum token, has an integer overflow via the _amount variable. |
| CVE-2018-14715 | 2018-08-03 | The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block's hash. Therefore, attackers can predict the random... |
| CVE-2018-14728 | 2018-08-03 | upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter. |
| CVE-2018-14904 | 2018-08-03 | Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid. |
| CVE-2018-14905 | 2018-08-03 | The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter. |
| CVE-2018-14906 | 2018-08-03 | The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters. |
| CVE-2018-14907 | 2018-08-03 | The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname. |
| CVE-2018-14908 | 2018-08-03 | Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action. |
| CVE-2018-7748 | 2018-08-03 | report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '${xyz}' Glide Scripting Injection in the sysparm_media parameter. |
| CVE-2018-14910 | 2018-08-03 | SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php). The code is executed by visiting adm1n/admin_ip.php or data/admin/ip.php.... |
| CVE-2018-14912 | 2018-08-03 | cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request. |
| CVE-2018-14911 | 2018-08-03 | A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vulnerability is due to the system not strictly filtering the file upload type. An attacker can exploit the vulnerability... |
| CVE-2018-5490 | 2018-08-03 | Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients.... |
| CVE-2018-9866 | 2018-08-03 | A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability... |
| CVE-2018-14923 | 2018-08-03 | A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to execute arbitrary code on a targeted system via video playback. |
| CVE-2018-3777 | 2018-08-03 | Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests. |
| CVE-2018-14924 | 2018-08-03 | Matera Banco 1.0.0 is vulnerable to multiple stored XSS, as demonstrated by the sca/privilegio/consultarUsuario.jsf "Nome Completo" (aka user fullname) field. |
| CVE-2018-14925 | 2018-08-03 | Matera Banco 1.0.0 mishandles Java errors in the backend, as demonstrated by a stack trace revealing use of net.sf.acegisecurity components. |
| CVE-2018-14926 | 2018-08-03 | Matera Banco 1.0.0 allows CSRF, as demonstrated by a /contingency/web/messageSend/messageSendHandler.jsp request. |
| CVE-2018-14927 | 2018-08-03 | Matera Banco 1.0.0 is vulnerable to path traversal (allowing access to system files outside the default application folder) via the /contingency/servlet/ServletFileDownload file parameter, related to /contingency/web/receiptQuery/receiptDisplay.jsp. |
| CVE-2018-14928 | 2018-08-03 | /contingency/servlet/ServletFileDownload executes as root and provides unauthenticated access to files via the file parameter. |
| CVE-2018-14929 | 2018-08-03 | Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonstrated by the /contingency/web/index.jsp (aka home page) url parameter. |
| CVE-2018-14933 | 2018-08-04 | upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. |
| CVE-2018-14936 | 2018-08-05 | The Add page option in my little forum 2.4.12 allows XSS via the Title field. |
| CVE-2018-14937 | 2018-08-05 | The Add page option in my little forum 2.4.12 allows XSS via the Menu Link field. |
| CVE-2018-14938 | 2018-08-05 | An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one... |
| CVE-2018-14939 | 2018-08-05 | The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service... |
| CVE-2018-14940 | 2018-08-05 | PHPCMS 9 allows remote attackers to cause a denial of service (resource consumption) via large font_size, height, and width parameters in an api.php?op=checkcode request. |
| CVE-2018-14941 | 2018-08-05 | Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI. |
| CVE-2018-14942 | 2018-08-05 | Harmonic NSG 9000 devices allow remote authenticated users to conduct directory traversal attacks, as demonstrated by "POST /PY/EMULATION_GET_FILE" or "POST /PY/EMULATION_EXPORT" with FileName=../../../passwd in the POST data. |
| CVE-2018-14943 | 2018-08-05 | Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for... |
| CVE-2018-14944 | 2018-08-05 | An issue has been found in jpeg_encoder through 2015-11-27. It is a SEGV in the function readFromBMP in jpeg_encoder.cpp. The signal is caused by an out-of-bounds write. |
| CVE-2018-14945 | 2018-08-05 | An issue has been found in jpeg_encoder through 2015-11-27. It is a heap-based buffer overflow in the function readFromBMP in jpeg_encoder.cpp. |
| CVE-2018-14946 | 2018-08-05 | An issue has been found in PDF2JSON 0.69. The HtmlString class in ImgOutputDev.cc has Mismatched Memory Management Routines (malloc versus operator delete). |
| CVE-2018-14947 | 2018-08-05 | An issue has been found in PDF2JSON 0.69. XmlFontAccu::CSStyle in XmlFonts.cc has Mismatched Memory Management Routines (operator new [] versus operator delete). |
| CVE-2018-14948 | 2018-08-05 | An issue has been found in dilawar sound through 2017-11-27. The end of openWavFile in wav-file.cc has Mismatched Memory Management Routines (operator new [] versus operator delete). |
| CVE-2018-14950 | 2018-08-05 | The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack. |
| CVE-2018-14951 | 2018-08-05 | The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack. |
| CVE-2018-14952 | 2018-08-05 | The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack. |
| CVE-2018-14953 | 2018-08-05 | The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack. |
| CVE-2018-14954 | 2018-08-05 | The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute. |
| CVE-2018-14955 | 2018-08-05 | The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute). |
| CVE-2018-14958 | 2018-08-05 | An issue was discovered in WeaselCMS v0.3.5. CSRF can update the website settings (such as the theme, title, and description) via index.php. |
| CVE-2018-14959 | 2018-08-05 | An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages via an index.php?b=pages&a=new URI. |
| CVE-2017-12614 | 2018-08-06 | It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the... |
| CVE-2017-1366 | 2018-08-06 | IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126859. |
| CVE-2017-1368 | 2018-08-06 | IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values... |
| CVE-2017-1396 | 2018-08-06 | IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.... |
| CVE-2017-1409 | 2018-08-06 | IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID:... |
| CVE-2017-1411 | 2018-08-06 | IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.... |
| CVE-2017-1412 | 2018-08-06 | IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 127400. |
| CVE-2017-1755 | 2018-08-06 | IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 could allow a local attacker to inject commands into malicious files that could be executed by the administrator. IBM X-Force ID:... |
| CVE-2018-1422 | 2018-08-06 | IBM Jazz Foundation products (IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.5) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code... |
| CVE-2018-1528 | 2018-08-06 | IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290. |