CVE List - 2018 / October
Showing 301 - 400 of 1468 CVEs for October 2018 (Page 4 of 15)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-15418 | 2018-10-05 | Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities |
| CVE-2018-15419 | 2018-10-05 | Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities |
| CVE-2018-15420 | 2018-10-05 | Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities |
| CVE-2018-15421 | 2018-10-05 | Cisco Webex Network Recording Player Remote Code Execution Vulnerabilities |
| CVE-2018-15422 | 2018-10-05 | Cisco Webex Network Recording Player Remote Code Execution Vulnerabilities |
| CVE-2018-15423 | 2018-10-05 | Cisco HyperFlex UI Clickjacking Vulnerability |
| CVE-2018-15424 | 2018-10-05 | Multiple Vulnerabilities in Cisco Identity Services Engine |
| CVE-2018-15425 | 2018-10-05 | Multiple Vulnerabilities in Cisco Identity Services Engine |
| CVE-2018-15426 | 2018-10-05 | Cisco Unity Connection Stored Cross-Site Scripting Vulnerability |
| CVE-2018-15427 | 2018-10-05 | Cisco Video Surveillance Manager Appliance Default Password Vulnerability |
| CVE-2018-15428 | 2018-10-05 | Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability |
| CVE-2018-15429 | 2018-10-05 | Cisco HyperFlex HX Data Platform Software Unauthorized Directory Access Vulnerability |
| CVE-2018-15430 | 2018-10-05 | Cisco Expressway Series and Cisco TelePresence Video Communication Server Remote Code Execution Vulnerability |
| CVE-2018-15431 | 2018-10-05 | Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities |
| CVE-2018-15432 | 2018-10-05 | Cisco Prime Infrastructure Information Disclosure Vulnerability |
| CVE-2018-15433 | 2018-10-05 | Cisco Prime Infrastructure Information Disclosure Vulnerability |
| CVE-2018-15434 | 2018-10-05 | Cisco Unified IP Phone 7900 Series Cross-Site Scripting Vulnerability |
| CVE-2018-15436 | 2018-10-05 | Cisco Webex Centers Cross-Site Scripting Vulnerability |
| CVE-2018-0404 | 2018-10-05 | Cisco RV180W Wireless-N Multifunction VPN Router SQL Injection Vulnerability |
| CVE-2018-0464 | 2018-10-05 | Cisco Data Center Network Manager Path Traversal Vulnerability |
| CVE-2018-18016 | 2018-10-05 | ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. |
| CVE-2018-0405 | 2018-10-05 | Cisco RV180W Wireless-N Multifunction VPN Router Directory Path Traversal Vulnerability |
| CVE-2018-11778 | 2018-10-05 | UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer overflow. Versions prior to 1.2.0 should be upgraded to 1.2.0 |
| CVE-2018-11797 | 2018-10-05 | In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. |
| CVE-2018-11083 | 2018-10-05 | Bosh accepts refresh tokens in place of an access token |
| CVE-2018-13042 | 2018-10-05 | The 1Password application 6.8 for Android is affected by a Denial Of Service vulnerability. By starting the activity com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivity from an external application (since they are exported), it... |
| CVE-2018-11064 | 2018-10-05 | Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentially exploit this... |
| CVE-2018-11081 | 2018-10-05 | Pivotal Operations Manager UAA config - temp Ram Disk |
| CVE-2018-11082 | 2018-10-05 | Cloud Foundry UAA MFA does not prevent brute force of MFA code |
| CVE-2018-1264 | 2018-10-05 | Log Cache logs UAA client secret on startup |
| CVE-2018-15763 | 2018-10-05 | PKS leaks IaaS Credentials to Application Logs |
| CVE-2018-18020 | 2018-10-06 | In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file. |
| CVE-2018-17456 | 2018-10-06 | Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone"... |
| CVE-2018-18021 | 2018-10-07 | arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can... |
| CVE-2015-9273 | 2018-10-07 | The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking. |
| CVE-2012-6710 | 2018-10-07 | ext_find_user in eXtplorer through 2.1.2 allows remote attackers to bypass authentication via a password[]= (aka an empty array) in an action=login request to index.php. |
| CVE-2018-18023 | 2018-10-07 | In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image... |
| CVE-2018-18024 | 2018-10-07 | In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via... |
| CVE-2018-18025 | 2018-10-07 | In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the EncodeImage function of coders/pict.c, which allows attackers to cause a denial of service via a crafted SVG image... |
| CVE-2018-1000807 | 2018-10-08 | Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to... |
| CVE-2018-14810 | 2018-10-08 | WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior parse files and pass invalidated user data to an unsafe method call,... |
| CVE-2018-14818 | 2018-10-08 | WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior have a stack-based buffer overflow vulnerability which may allow remote code execution. |
| CVE-2018-17889 | 2018-10-08 | In WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior when parsing project files, the XMLParser that ships with Wecon PIStudio... |
| CVE-2018-1000805 | 2018-10-08 | Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via... |
| CVE-2018-1000808 | 2018-10-08 | Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in... |
| CVE-2018-1000810 | 2018-10-08 | The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result... |
| CVE-2018-1000803 | 2018-10-08 | Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. This attack appear to be exploitable via Watch a repository... |
| CVE-2018-1000804 | 2018-10-08 | contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating... |
| CVE-2018-1000809 | 2018-10-08 | privacyIDEA version 2.23.1 and earlier contains a Improper Input Validation vulnerability in token validation api that can result in Denial-of-Service. This attack appear to be exploitable via http request with... |
| CVE-2018-1741 | 2018-10-08 | IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 does not properly limit the number or frequency of interaction which could be used to cause a denial of service, compromise... |
| CVE-2018-1742 | 2018-10-08 | IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to... |
| CVE-2018-1743 | 2018-10-08 | IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID:... |
| CVE-2018-1749 | 2018-10-08 | IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and... |
| CVE-2018-1750 | 2018-10-08 | IBM Security Key Lifecycle Manager 3.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID:... |
| CVE-2018-1753 | 2018-10-08 | IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 148514. |
| CVE-2018-5399 | 2018-10-08 | The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running and is configured with a hard-coded credentials |
| CVE-2018-5400 | 2018-10-08 | The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices, resulting in an origin validation error |
| CVE-2018-5401 | 2018-10-08 | The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors |
| CVE-2018-5402 | 2018-10-08 | The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN |
| CVE-2018-16291 | 2018-10-08 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A... |
| CVE-2018-16292 | 2018-10-08 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A... |
| CVE-2018-16293 | 2018-10-08 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16294, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A... |
| CVE-2018-16294 | 2018-10-08 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A... |
| CVE-2018-16295 | 2018-10-08 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16296, and CVE-2018-16297. A... |
| CVE-2018-16296 | 2018-10-08 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, and CVE-2018-16297. A... |
| CVE-2018-16297 | 2018-10-08 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, and CVE-2018-16296. A... |
| CVE-2018-17060 | 2018-10-08 | Telerik Extensions for ASP.NET MVC (all versions) does not whitelist requests, which can allow a remote attacker to access files inside the server's web directory. NOTE: this product has been... |
| CVE-2018-17440 | 2018-10-08 | An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin).... |
| CVE-2018-17441 | 2018-10-08 | An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS. |
| CVE-2018-17442 | 2018-10-08 | An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code. |
| CVE-2018-17443 | 2018-10-08 | An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS. |
| CVE-2018-3940 | 2018-10-08 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to... |
| CVE-2018-3941 | 2018-10-08 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory... |
| CVE-2018-3942 | 2018-10-08 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to... |
| CVE-2018-3945 | 2018-10-08 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory... |
| CVE-2018-3992 | 2018-10-08 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory... |
| CVE-2018-3996 | 2018-10-08 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to... |
| CVE-2018-3997 | 2018-10-08 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory... |
| CVE-2018-15903 | 2018-10-08 | The Discuss v1.2.1 module in Claromentis 8.2.2 is vulnerable to stored Cross Site Scripting (XSS). An authenticated attacker will be able to place malicious JavaScript in the discussion forum, which... |
| CVE-2018-17775 | 2018-10-08 | Seqrite End Point Security v7.4 has "Everyone: (F)" permission for %PROGRAMFILES%\Seqrite\Seqrite, which allows local users to gain privileges by replacing an executable file with a Trojan horse. |
| CVE-2018-17977 | 2018-10-08 | The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system... |
| CVE-2018-18064 | 2018-10-08 | cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the... |
| CVE-2018-18065 | 2018-10-08 | _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a... |
| CVE-2018-18066 | 2018-10-08 | snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a... |
| CVE-2016-7475 | 2018-10-08 | Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server... |
| CVE-2018-14656 | 2018-10-08 | A missing address check in the callers of the show_opcodes() in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the dmesg... |
| CVE-2018-18069 | 2018-10-08 | process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php. |
| CVE-2018-18070 | 2018-10-09 | An issue was discovered in Daimler Mercedes-Benz COMAND 17/13.0 50.12 on Mercedes-Benz C-Class 2018 vehicles. Defining or receiving a specific navigation route might cause the system to freeze and reboot... |
| CVE-2018-18071 | 2018-10-09 | An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The... |
| CVE-2018-2466 | 2018-10-09 | In Impact and Lineage Analysis in SAP Data Services, version 4.2, the management console does not sufficiently validate user-controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability. |
| CVE-2018-2467 | 2018-10-09 | In the Software Development Kit in SAP BusinessObjects BI Platform Servers, versions 4.1 and 4.2, using the specially crafted URL in a Web Browser such as Chrome the system returns... |
| CVE-2018-2468 | 2018-10-09 | Under certain conditions the backup server in SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted. |
| CVE-2018-2469 | 2018-10-09 | Under certain conditions SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted. |
| CVE-2018-2470 | 2018-10-09 | In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting... |
| CVE-2018-2471 | 2018-10-09 | Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted. |
| CVE-2018-2472 | 2018-10-09 | SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. |
| CVE-2018-2474 | 2018-10-09 | SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This... |
| CVE-2018-2475 | 2018-10-09 | Following the Gardener architecture, the Kubernetes apiserver of a Gardener managed shoot cluster resides in the corresponding seed cluster. Due to missing network isolation a shoot's apiserver can access services/endpoints... |
| CVE-2018-12474 | 2018-10-09 | Crafted service parameters allows to induce unexpected behaviour in obs-service-tar_scm |
| CVE-2018-12477 | 2018-10-09 | obs-service-refresh_patches can be tricked into deleting '..' or other unrelated directories |