CVE List - 2018 / October
Showing 501 - 600 of 1468 CVEs for October 2018 (Page 6 of 15)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-15311 | 2018-10-10 | When F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.5.1-11.5.6 is processing specially crafted TCP traffic with the Large Receive Offload (LRO) feature enabled, TMM may crash, leading to a failover event.... |
| CVE-2018-8006 | 2018-10-10 | An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The... |
| CVE-2018-18207 | 2018-10-10 | Virtualmin 6.03 allows Frame Injection via the settings-editor_read.cgi file parameter. |
| CVE-2018-18208 | 2018-10-10 | Virtualmin 6.03 allows XSS via the query string, as demonstrated by the webmin_search.cgi URI. |
| CVE-2018-17915 | 2018-10-10 | All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow... |
| CVE-2018-17917 | 2018-10-10 | All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potential Cloud IDs. Using this ID, the attacker... |
| CVE-2018-17919 | 2018-10-10 | All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account "default" with its default password to login to... |
| CVE-2018-18209 | 2018-10-10 | XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_type parameter. |
| CVE-2018-18210 | 2018-10-10 | XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_url parameter. |
| CVE-2018-18211 | 2018-10-10 | PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1 URI. |
| CVE-2018-13805 | 2018-10-10 | A vulnerability has been identified in SIMATIC ET 200SP Open Controller (All versions >= V2.0 and < V2.1.6), SIMATIC S7-1500 Software Controller (All versions >= V2.0 and < V2.5), SIMATIC... |
| CVE-2018-13800 | 2018-10-10 | A vulnerability has been identified in SIMATIC S7-1200 CPU family version 4 (All versions < V4.2.3). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting... |
| CVE-2018-13801 | 2018-10-10 | A vulnerability has been identified in ROX II (All versions < V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could... |
| CVE-2018-13802 | 2018-10-10 | A vulnerability has been identified in ROX II (All versions < V2.12.1). An authenticated attacker with a high-privileged user account access via SSH could circumvent restrictions in place and execute... |
| CVE-2018-17925 | 2018-10-10 | Multiple instances of this vulnerability (Unsafe ActiveX Control Marked Safe For Scripting) have been identified in the third-party ActiveX object provided to GE iFIX versions 2.0 - 5.8 by Gigasoft.... |
| CVE-2018-0043 | 2018-10-10 | Junos OS: RPD daemon crashes upon receipt of specific MPLS packet |
| CVE-2018-0044 | 2018-10-10 | NFX Series: Insecure sshd configuration in Juniper Device Manager (JDM) and host OS |
| CVE-2018-0045 | 2018-10-10 | Junos OS: RPD daemon crashes due to receipt of specific Draft-Rosen MVPN control packet in Draft-Rosen MVPN configuration |
| CVE-2018-0046 | 2018-10-10 | Junos Space: Reflected Cross-site Scripting vulnerability in OpenNMS |
| CVE-2018-0047 | 2018-10-10 | Junos Space Security Director: XSS vulnerability in web administration |
| CVE-2018-0048 | 2018-10-10 | Junos OS: Memory exhaustion denial of service vulnerability in Routing Protocols Daemon (RPD) with Juniper Extension Toolkit (JET) support. |
| CVE-2018-0049 | 2018-10-10 | Junos OS: Receipt of a specifically crafted malicious MPLS packet leads to a Junos kernel crash. |
| CVE-2018-0050 | 2018-10-10 | Junos OS: Receipt of a malformed MPLS RSVP packet leads to a Routing Protocols Daemon (RPD) crash. |
| CVE-2018-0051 | 2018-10-10 | Junos OS: Denial of Service vulnerability in MS-PIC, MS-MIC, MS-MPC, MS-DPC and SRX flow daemon (flowd) related to SIP ALG |
| CVE-2018-0052 | 2018-10-10 | Junos OS: Unauthenticated remote root access possible when RSH service is enabled |
| CVE-2018-0053 | 2018-10-10 | vSRX Series: A local authentication vulnerability may lead to full control of a vSRX instance while the system is booting. |
| CVE-2018-0054 | 2018-10-10 | QFX5000/EX4600 Series: Routing protocol flap upon receipt of high rate of Ethernet frames |
| CVE-2018-0055 | 2018-10-10 | Junos OS: jdhcpd process crash during processing of specially crafted DHCPv6 message |
| CVE-2018-0056 | 2018-10-10 | MX Series: L2ALD daemon may crash if a duplicate MAC is learned by two different interfaces |
| CVE-2018-0057 | 2018-10-10 | Junos OS: authd allows assignment of IP address requested by DHCP subscriber logging in with Option 50 (Requested IP Address) |
| CVE-2018-0058 | 2018-10-10 | MX Series: In BBE configurations, receipt of a crafted IPv6 exception packet causes a Denial of Service |
| CVE-2018-0059 | 2018-10-10 | ScreenOS: Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2018-0060 | 2018-10-10 | Junos OS: Invalid IP/mask learned from DHCP server might cause device control daemon (dcd) process crash |
| CVE-2018-0061 | 2018-10-10 | Junos OS: Denial of service in telnetd |
| CVE-2018-0062 | 2018-10-10 | Junos OS: Denial of Service in J-Web |
| CVE-2018-0063 | 2018-10-10 | Junos OS: Nexthop index allocation failed: private index space exhausted after incoming ARP requests to management interface |
| CVE-2018-12152 | 2018-10-10 | Pointer corruption in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unauthenticated remote user to potentially execute... |
| CVE-2018-12153 | 2018-10-10 | Denial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unprivileged user from a virtual... |
| CVE-2018-12158 | 2018-10-10 | Insufficient input validation in BIOS update utility in Intel NUC FW kits downloaded before May 24, 2018 may allow a privileged user to potentially trigger a denial of service or... |
| CVE-2018-12161 | 2018-10-10 | Insufficient session validation in the webserver component of the Intel Rapid Web Server 3 may allow an unauthenticated user to potentially disclose information via network access. |
| CVE-2018-12172 | 2018-10-10 | Improper password hashing in firmware in Intel Server Board (S7200AP,S7200APR) and Intel Compute Module (HNS7200AP, HNS7200AP) may allow a privileged user to potentially disclose firmware passwords via local access. |
| CVE-2018-12173 | 2018-10-10 | Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code... |
| CVE-2018-12193 | 2018-10-10 | Insufficient access control in driver stack for Intel QuickAssist Technology for Linux before version 4.2 may allow an unprivileged user to potentially disclose information via local access. |
| CVE-2018-12541 | 2018-10-10 | In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory.... |
| CVE-2018-12542 | 2018-10-10 | In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly... |
| CVE-2018-12544 | 2018-10-10 | In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the... |
| CVE-2018-12410 | 2018-10-10 | TIBCO Spotfire Statistics Services remote execution vulnerabilities |
| CVE-2018-12455 | 2018-10-10 | Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie. |
| CVE-2018-12456 | 2018-10-10 | Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing... |
| CVE-2018-12596 | 2018-10-10 | Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via... |
| CVE-2018-13789 | 2018-10-10 | An issue was discovered in Descor Infocad FM before 3.1.0.0. An unauthenticated web service allows the retrieval of files on the web server and on reachable SMB servers. |
| CVE-2018-17337 | 2018-10-10 | Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast. |
| CVE-2018-17784 | 2018-10-10 | Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM Community Edition 6.5.26 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. |
| CVE-2018-18061 | 2018-10-10 | An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files. |
| CVE-2018-18062 | 2018-10-10 | An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML. |
| CVE-2018-18240 | 2018-10-11 | Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling. |
| CVE-2018-1706 | 2018-10-11 | IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to... |
| CVE-2018-1708 | 2018-10-11 | IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to obtain sensitive user information such as passwords through the WebUI. IBM X-Force ID: 146343. |
| CVE-2018-1724 | 2018-10-11 | IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user to change their job user at job submission time due to improper file permission settings. IBM X-Force... |
| CVE-2018-1738 | 2018-10-11 | IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. IBM X-Force ID:... |
| CVE-2018-1745 | 2018-10-11 | IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the SKLM server due to missing authentication. IBM X-Force ID: 148424. |
| CVE-2018-12449 | 2018-10-11 | The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking. |
| CVE-2018-18242 | 2018-10-11 | youke365 v1.1.5 has SQL injection via admin/login.html, as demonstrated by username=admin&pass=123456&code=9823&act=login&submit=%E7%99%BB+%E9%99%86. |
| CVE-2018-18215 | 2018-10-11 | In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can add an user account. |
| CVE-2018-9206 | 2018-10-11 | Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0 |
| CVE-2018-15766 | 2018-10-11 | Dell Encryption and Dell Endpoint Security Suite Enterprise Security Policy Overwrite Vulnerability |
| CVE-2018-18257 | 2018-10-11 | An issue was discovered in BageCMS 3.1.3. An attacker can delete any files and folders on the web server via an index.php?r=admini/template/batch&command=deleteFile&fileName= or index.php?r=admini/template/batch&command=deleteFolder&folderName=../ directory traversal URI. |
| CVE-2018-18258 | 2018-10-11 | An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename=... |
| CVE-2018-12441 | 2018-10-11 | The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the CorsairService BINARY_PATH_NAME, leading to... |
| CVE-2018-17927 | 2018-10-11 | In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files lacking user input validation, which may cause... |
| CVE-2018-17929 | 2018-10-11 | In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files lacking user input validation before copying... |
| CVE-2018-18225 | 2018-10-12 | In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed. |
| CVE-2018-18226 | 2018-10-12 | In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approach. |
| CVE-2018-18227 | 2018-10-12 | In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values. |
| CVE-2017-1231 | 2018-10-12 | IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123910. |
| CVE-2018-1673 | 2018-10-12 | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2018-1838 | 2018-10-12 | IBM WebSphere Application Server 8.5 and 9.0 in IBM Cloud could allow a remote attacker to obtain sensitive information caused by improper handling of passwords. IBM X-Force ID: 150811. |
| CVE-2018-1533 | 2018-10-12 | IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2018-1534 | 2018-10-12 | IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2018-1770 | 2018-10-12 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot... |
| CVE-2018-1844 | 2018-10-12 | IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose... |
| CVE-2018-12469 | 2018-10-12 | Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update... |
| CVE-2018-8890 | 2018-10-12 | An information disclosure vulnerability in the Management Console of BlackBerry UEM 12.8.0 and 12.8.1 could allow an attacker to take over a UEM user's session and perform administrative actions in... |
| CVE-2018-17888 | 2018-10-12 | NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code... |
| CVE-2018-17890 | 2018-10-12 | NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution. |
| CVE-2018-17892 | 2018-10-12 | NUUO CMS all versions 3.1 and prior, The application implements a method of user account control that causes standard account security features to not be utilized as intended, which could... |
| CVE-2018-17894 | 2018-10-12 | NUUO CMS all versions 3.1 and prior, The application creates default accounts that have hard-coded passwords, which could allow an attacker to gain privileged access. |
| CVE-2018-17896 | 2018-10-12 | Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions... |
| CVE-2018-17898 | 2018-10-12 | Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the... |
| CVE-2018-17900 | 2018-10-12 | Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to... |
| CVE-2018-17902 | 2018-10-12 | Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the... |
| CVE-2018-12759 | 2018-10-12 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2018-12769 | 2018-10-12 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2018-12831 | 2018-10-12 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2018-12832 | 2018-10-12 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2018-12833 | 2018-10-12 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2018-12834 | 2018-10-12 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2018-12835 | 2018-10-12 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2018-12836 | 2018-10-12 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2018-12837 | 2018-10-12 | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. |