CVE List - 2018 / November
Showing 701 - 800 of 983 CVEs for November 2018 (Page 8 of 10)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-19517 | 2018-11-24 | An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memset call, as demonstrated by sadf. |
| CVE-2018-19518 | 2018-11-25 | University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and... |
| CVE-2018-19519 | 2018-11-25 | In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization. |
| CVE-2018-19520 | 2018-11-25 | An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent... |
| CVE-2018-19535 | 2018-11-26 | In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file. |
| CVE-2018-19528 | 2018-11-26 | TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to cause a denial of service (Tlb Load Exception) via crafted DNS packets to port 53/udp. |
| CVE-2018-19530 | 2018-11-26 | HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting. |
| CVE-2018-19531 | 2018-11-26 | HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting. |
| CVE-2018-19532 | 2018-11-26 | A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial... |
| CVE-2018-19537 | 2018-11-26 | TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded... |
| CVE-2018-19539 | 2018-11-26 | An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service. |
| CVE-2018-19540 | 2018-11-26 | An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31,... |
| CVE-2018-19541 | 2018-11-26 | An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31,... |
| CVE-2018-19542 | 2018-11-26 | An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service. |
| CVE-2018-19543 | 2018-11-26 | An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c. |
| CVE-2018-19544 | 2018-11-26 | JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news. |
| CVE-2018-19545 | 2018-11-26 | JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user. |
| CVE-2018-19546 | 2018-11-26 | JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter. |
| CVE-2018-19547 | 2018-11-26 | JTBC(PHP) 3.0.1.7 has XSS via the console/xml/manage.php?type=action&action=edit content parameter. |
| CVE-2018-19548 | 2018-11-26 | index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginForm[username] and LoginForm[password] parameters, which might make it easier for remote attackers to obtain access via a brute-force... |
| CVE-2018-19549 | 2018-11-26 | Interspire Email Marketer through 6.1.6 has SQL Injection via a tagids Delete action to Dynamiccontenttags.php. |
| CVE-2018-19550 | 2018-11-26 | Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/... |
| CVE-2018-19551 | 2018-11-26 | Interspire Email Marketer through 6.1.6 has SQL Injection via a checkduplicatetags tagname request to Dynamiccontenttags.php. |
| CVE-2018-19552 | 2018-11-26 | Interspire Email Marketer through 6.1.6 has SQL Injection via a deleteblock blockid[] request to Dynamiccontenttags.php. |
| CVE-2018-19553 | 2018-11-26 | Interspire Email Marketer through 6.1.6 has SQL Injection via an updateblock sortorder request to Dynamiccontenttags.php |
| CVE-2018-19554 | 2018-11-26 | An issue was discovered in Dotcms through 5.0.3. Attackers may perform XSS attacks via the inode, identifier, or fieldName parameter in html/js/dotcms/dijit/image/image_tool.jsp. |
| CVE-2018-19555 | 2018-11-26 | tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password. |
| CVE-2018-19556 | 2018-11-26 | zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing. NOTE: the software maintainer disputes that this is a vulnerability |
| CVE-2018-19557 | 2018-11-26 | An issue was discovered in arcms through 2018-03-19. No authentication is required for index/main, user/useradd, or img/images. |
| CVE-2018-19558 | 2018-11-26 | An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php. |
| CVE-2018-19559 | 2018-11-26 | CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter. |
| CVE-2018-19560 | 2018-11-26 | BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account. |
| CVE-2018-19561 | 2018-11-26 | sikcms 1.1 has CSRF via admin.php?m=Admin&c=Users&a=userAdd to add an administrator account. |
| CVE-2018-19562 | 2018-11-26 | An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a... |
| CVE-2018-16854 | 2018-11-26 | A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token... |
| CVE-2017-1418 | 2018-11-26 | IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to... |
| CVE-2018-1905 | 2018-11-26 | IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose... |
| CVE-2018-19564 | 2018-11-26 | Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress. Three wp-admin/post.php parameters (_ikcf_client and _ikcf_position and _ikcf_other) have Cross-Site Scripting. |
| CVE-2018-14646 | 2018-11-26 | The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this... |
| CVE-2018-16862 | 2018-11-26 | A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with... |
| CVE-2018-11066 | 2018-11-26 | Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability |
| CVE-2018-11067 | 2018-11-26 | Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability |
| CVE-2018-11076 | 2018-11-26 | Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability |
| CVE-2018-11077 | 2018-11-26 | Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability |
| CVE-2018-18807 | 2018-11-26 | TIBCO Statistica Server Vulnerable to Cross Site Scripting |
| CVE-2018-19565 | 2018-11-26 | A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak... |
| CVE-2018-19566 | 2018-11-26 | A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or... |
| CVE-2018-19567 | 2018-11-26 | A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. |
| CVE-2018-19568 | 2018-11-26 | A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. |
| CVE-2018-13308 | 2018-11-26 | Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field. |
| CVE-2018-13309 | 2018-11-26 | Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password. |
| CVE-2018-13310 | 2018-11-26 | Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username. |
| CVE-2018-13311 | 2018-11-26 | System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter. |
| CVE-2018-13312 | 2018-11-26 | Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field. |
| CVE-2018-13315 | 2018-11-26 | Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request. |
| CVE-2018-13317 | 2018-11-26 | Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm. |
| CVE-2018-13318 | 2018-11-26 | System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter. |
| CVE-2018-13319 | 2018-11-26 | Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request. |
| CVE-2018-13320 | 2018-11-26 | System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters. |
| CVE-2018-13321 | 2018-11-26 | Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter. |
| CVE-2018-13322 | 2018-11-26 | Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter. |
| CVE-2018-13323 | 2018-11-26 | Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie. |
| CVE-2018-13324 | 2018-11-26 | Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header. |
| CVE-2018-14663 | 2018-11-26 | An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by... |
| CVE-2018-19587 | 2018-11-27 | In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_add_session() function. |
| CVE-2018-19595 | 2018-11-27 | PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel... |
| CVE-2018-19607 | 2018-11-27 | Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. |
| CVE-2018-17953 | 2018-11-27 | pam_access does not handle netmask matches correctly |
| CVE-2018-11766 | 2018-11-27 | In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is incomplete. A user who can escalate to yarn user can possibly run arbitrary commands as root user. |
| CVE-2018-16089 | 2018-11-27 | System Management Module Vulnerabilities |
| CVE-2018-16090 | 2018-11-27 | System Management Module Vulnerabilities |
| CVE-2018-16091 | 2018-11-27 | System Management Module Vulnerabilities |
| CVE-2018-16092 | 2018-11-27 | System Management Module Vulnerabilities |
| CVE-2018-16094 | 2018-11-27 | System Management Module Vulnerabilities |
| CVE-2018-16095 | 2018-11-27 | System Management Module Vulnerabilities |
| CVE-2018-16096 | 2018-11-27 | System Management Module Vulnerabilities |
| CVE-2018-9083 | 2018-11-27 | System Management Module Vulnerabilities |
| CVE-2018-9084 | 2018-11-27 | System Management Module Vulnerabilities |
| CVE-2018-13376 | 2018-11-27 | An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to... |
| CVE-2018-19609 | 2018-11-27 | ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at... |
| CVE-2018-6983 | 2018-11-27 | VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and Fusion (11.x before 11.0.2 and 10.x before 10.1.5) contain an integer overflow vulnerability in the virtual network devices. This issue... |
| CVE-2017-11078 | 2018-11-27 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the boot image header, an out of bounds read can... |
| CVE-2018-11260 | 2018-11-27 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a fast Initial link setup (FILS) connection request, integer overflow... |
| CVE-2018-11261 | 2018-11-27 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible Use-after-free issue in Media Codec process. Any application... |
| CVE-2018-11266 | 2018-11-27 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper input validation can lead to an improper access to already freed... |
| CVE-2018-11823 | 2018-11-27 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, freeing device memory in driver probe failure will result in double free... |
| CVE-2018-11906 | 2018-11-27 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a security concern with default privileged access to ADB and... |
| CVE-2018-11907 | 2018-11-27 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be... |
| CVE-2018-11908 | 2018-11-27 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be... |
| CVE-2018-11909 | 2018-11-27 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be... |
| CVE-2018-11910 | 2018-11-27 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be... |
| CVE-2018-11911 | 2018-11-27 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of script may lead to unprivileged access. |
| CVE-2018-11912 | 2018-11-27 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of daemons may lead to unprivileged access. |
| CVE-2018-11913 | 2018-11-27 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of dev nodes may lead to potential security issue. |
| CVE-2018-11914 | 2018-11-27 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be... |
| CVE-2018-11918 | 2018-11-27 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated is automatically released by the kernel if the 'probe' function... |
| CVE-2018-11919 | 2018-11-27 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a potential heap overflow and memory corruption due to improper... |
| CVE-2018-11943 | 2018-11-27 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing fastboot flash command, memory leak or unexpected behavior may occur... |
| CVE-2018-11946 | 2018-11-27 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, the UPnP daemon should not be running out of box because it... |
| CVE-2018-11956 | 2018-11-27 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper mounting lead to device node and executable to be run from... |