CVE List - 2018 / October
Showing 901 - 1000 of 1468 CVEs for October 2018 (Page 10 of 15)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-3271 | 2018-10-17 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker... |
| CVE-2018-3272 | 2018-10-17 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones Virtualized NIC Driver). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated... |
| CVE-2018-3273 | 2018-10-17 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Remote Administration Daemon (RAD)). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker... |
| CVE-2018-3274 | 2018-10-17 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with network... |
| CVE-2018-3275 | 2018-10-17 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: LibKMIP). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with network... |
| CVE-2018-3276 | 2018-10-17 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable... |
| CVE-2018-3277 | 2018-10-17 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged... |
| CVE-2018-3278 | 2018-10-17 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: RBR). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable... |
| CVE-2018-3279 | 2018-10-17 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2018-3280 | 2018-10-17 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: JSON). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2018-3281 | 2018-10-17 | Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.1, 15.2, 16.1, 16.2,... |
| CVE-2018-3282 | 2018-10-17 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12... |
| CVE-2018-3283 | 2018-10-17 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Logging). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows... |
| CVE-2018-3284 | 2018-10-17 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high... |
| CVE-2018-3285 | 2018-10-17 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Windows). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2018-3286 | 2018-10-17 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2018-3287 | 2018-10-17 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon... |
| CVE-2018-3288 | 2018-10-17 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon... |
| CVE-2018-3289 | 2018-10-17 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon... |
| CVE-2018-3290 | 2018-10-17 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon... |
| CVE-2018-3291 | 2018-10-17 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon... |
| CVE-2018-3292 | 2018-10-17 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon... |
| CVE-2018-3293 | 2018-10-17 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon... |
| CVE-2018-3294 | 2018-10-17 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2018-3295 | 2018-10-17 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon... |
| CVE-2018-3296 | 2018-10-17 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon... |
| CVE-2018-3297 | 2018-10-17 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon... |
| CVE-2018-3298 | 2018-10-17 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon... |
| CVE-2018-3299 | 2018-10-17 | Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via... |
| CVE-2018-3301 | 2018-10-17 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker... |
| CVE-2018-3302 | 2018-10-17 | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows... |
| CVE-2018-17897 | 2018-10-17 | LAquis SCADA Versions 4.1.0.3870 and prior has several integer overflow to buffer overflow vulnerabilities, which may allow remote code execution. |
| CVE-2018-17893 | 2018-10-17 | LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer dereference vulnerability, which may allow remote code execution. |
| CVE-2018-17895 | 2018-10-17 | LAquis SCADA Versions 4.1.0.3870 and prior has several out-of-bounds read vulnerabilities, which may allow remote code execution. |
| CVE-2018-17899 | 2018-10-17 | LAquis SCADA Versions 4.1.0.3870 and prior has a path traversal vulnerability, which may allow remote code execution. |
| CVE-2018-17901 | 2018-10-17 | LAquis SCADA Versions 4.1.0.3870 and prior, when processing project files the application fails to sanitize user input prior to performing write operations on a stack object, which may allow an... |
| CVE-2018-17911 | 2018-10-17 | LAquis SCADA Versions 4.1.0.3870 and prior has several stack-based buffer overflow vulnerabilities, which may allow remote code execution. |
| CVE-2018-3953 | 2018-10-17 | Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering... |
| CVE-2018-3954 | 2018-10-17 | Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering... |
| CVE-2018-3955 | 2018-10-17 | An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). Specially crafted entries to network... |
| CVE-2018-18407 | 2018-10-17 | A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. The issue gets triggered in the function csum_replace4() in incremental_checksum.h, causing... |
| CVE-2018-18408 | 2018-10-17 | A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecified... |
| CVE-2018-18409 | 2018-10-17 | A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an address_histogram call or... |
| CVE-2018-18422 | 2018-10-17 | UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/a_adminx.php?x=a URI. |
| CVE-2018-18426 | 2018-10-17 | s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter. |
| CVE-2018-18427 | 2018-10-17 | s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter or the POST data to member/member_login.php. |
| CVE-2018-18430 | 2018-10-17 | An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has XSS via the first text box to the admin.php URI. |
| CVE-2018-18431 | 2018-10-17 | An issue was discovered in DESTOON B2B 7.0. XSS exists via certain text boxes to the admin.php?moduleid=2&action=add URI. |
| CVE-2018-18432 | 2018-10-17 | An issue was discovered in DESTOON B2B 7.0. CSRF exists via the admin.php URI in an action=add request. |
| CVE-2018-18433 | 2018-10-17 | An issue was discovered in DESTOON B2B 7.0. admin/category.inc.php has XSS via the category[catname] parameter to the admin.php URI. |
| CVE-2018-18434 | 2018-10-17 | An issue was discovered in litemall 0.9.0. Arbitrary file download is possible via ../ directory traversal in linlinjava/litemall/wx/web/WxStorageController.java in the litemall-wx-api component. |
| CVE-2018-18436 | 2018-10-17 | JTBC(PHP) 3.0 allows CSRF for creating an account via the console/account/manage.php?type=action&action=add URI. |
| CVE-2018-10933 | 2018-10-17 | A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access. |
| CVE-2018-7076 | 2018-10-17 | A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) prior to iMC PLAT 7.3 E0605P04. |
| CVE-2018-7110 | 2018-10-17 | A remote unauthorized disclosure of information vulnerability was identified in HPE Service Governance Framework (SGF) version 4.2, 4.3. A race condition under high load in SGF exists where SGF transferred... |
| CVE-2018-7111 | 2018-10-17 | A remote unauthorized access vulnerability was identified in HPE UIoT versions 1.5, 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. Specifically, there is a malfunction identified in some section of the DSM portal and... |
| CVE-2018-10822 | 2018-10-17 | Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02,... |
| CVE-2018-10823 | 2018-10-17 | An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may... |
| CVE-2018-10824 | 2018-10-17 | An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through... |
| CVE-2018-15493 | 2018-10-17 | vBulletin 5.4.3 has an Open Redirect. |
| CVE-2018-16232 | 2018-10-17 | An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary... |
| CVE-2018-17964 | 2018-10-17 | Aryanic HighPortal 12.5 has XSS via an Add Tags action. |
| CVE-2018-18262 | 2018-10-17 | Zoho ManageEngine OpManager 12.3 before build 123214 has XSS. |
| CVE-2018-18372 | 2018-10-17 | A Stored XSS vulnerability has been discovered in KAASoft Library CMS - Powerful Book Management System 2.1.1 via the /admin/book/create/ title parameter. |
| CVE-2018-18373 | 2018-10-17 | In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help... |
| CVE-2017-17176 | 2018-10-17 | The hardware security module of Mate 9 and Mate 9 Pro Huawei smart phones with the versions earlier before MHA-AL00BC00B156, versions earlier before MHA-CL00BC00B156, versions earlier before MHA-DL00BC00B156, versions earlier... |
| CVE-2018-7924 | 2018-10-17 | Anne-AL00 Huawei phones with versions earlier than 8.0.0.151(C00) have an information leak vulnerability. Due to improper permission settings for specific commands, attackers who can connect to a mobile phone via... |
| CVE-2018-7989 | 2018-10-17 | Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1.0.326(C00) have an improper authentication vulnerability. App Lock is a function to prevent unauthorized use of apps on smartphones, an... |
| CVE-2018-12813 | 2018-10-17 | Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2018-12814 | 2018-10-17 | Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2018-12816 | 2018-10-17 | Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2018-12818 | 2018-10-17 | Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2018-12819 | 2018-10-17 | Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2018-12820 | 2018-10-17 | Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2018-12821 | 2018-10-17 | Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2018-12822 | 2018-10-17 | Adobe Digital Editions versions 4.5.8 and below have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2018-12823 | 2018-10-17 | Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2018-15969 | 2018-10-17 | Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. |
| CVE-2018-15970 | 2018-10-17 | Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. |
| CVE-2018-15971 | 2018-10-17 | Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. |
| CVE-2018-15972 | 2018-10-17 | Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. |
| CVE-2018-15973 | 2018-10-17 | Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. |
| CVE-2018-15974 | 2018-10-17 | Adobe Framemaker versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. |
| CVE-2018-15976 | 2018-10-17 | Adobe Technical Communications Suite versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. |
| CVE-2018-15616 | 2018-10-17 | System Platform Web UI Deserialization |
| CVE-2018-18443 | 2018-10-17 | OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview. |
| CVE-2018-18444 | 2018-10-17 | makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact. |
| CVE-2018-18445 | 2018-10-17 | In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles... |
| CVE-2018-0388 | 2018-10-17 | Cisco Wireless LAN Controller Software Cross-Site Scripting Vulnerability |
| CVE-2018-0416 | 2018-10-17 | Cisco Wireless LAN Controller Software Information Disclosure Vulnerability |
| CVE-2018-18386 | 2018-10-17 | drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC... |
| CVE-2018-0395 | 2018-10-17 | Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability |
| CVE-2018-0456 | 2018-10-17 | Cisco NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability |
| CVE-2018-15395 | 2018-10-17 | Cisco Wireless LAN Controller Software Privilege Escalation Vulnerability |
| CVE-2018-15402 | 2018-10-17 | Cisco Enterprise NFV Infrastructure Software Cross-Site Request Forgery Vulnerability |
| CVE-2018-14597 | 2018-10-17 | CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate... |
| CVE-2018-0378 | 2018-10-17 | Cisco NX-OS Software for Nexus 5500, 5600, and 6000 Series Switches Precision Time Protocol Denial of Service Vulnerability |
| CVE-2018-18450 | 2018-10-17 | apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI. |
| CVE-2018-0381 | 2018-10-17 | Cisco Aironet 1560, 1800, 2800, and 3800 Series Access Points Denial of Service Vulnerability |
| CVE-2018-0417 | 2018-10-17 | Cisco Wireless LAN Controller Software GUI Privilege Escalation Vulnerability |