CVE List - 2018 / May
Showing 901 - 1000 of 1162 CVEs for May 2018 (Page 10 of 12)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-1515 | 2018-05-25 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may... |
| CVE-2018-1544 | 2018-05-25 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a... |
| CVE-2018-1565 | 2018-05-25 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a... |
| CVE-2018-10350 | 2018-05-25 | A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a... |
| CVE-2018-6232 | 2018-05-25 | A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing... |
| CVE-2018-6233 | 2018-05-25 | A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing... |
| CVE-2018-6234 | 2018-05-25 | An Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within... |
| CVE-2018-6235 | 2018-05-25 | An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing... |
| CVE-2018-6236 | 2018-05-25 | A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing... |
| CVE-2018-6237 | 2018-05-25 | A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests... |
| CVE-2017-9641 | 2018-05-25 | PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to the PI system. OSIsoft recommends that users upgrade to PI Vision 2017 or greater to... |
| CVE-2017-14185 | 2018-05-25 | An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses)... |
| CVE-2018-8862 | 2018-05-25 | In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely... |
| CVE-2018-8864 | 2018-05-25 | In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an... |
| CVE-2018-8871 | 2018-05-25 | In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution. |
| CVE-2018-11471 | 2018-05-25 | Cockpit 0.5.5 has XSS via a collection, form, or region. |
| CVE-2018-11472 | 2018-05-25 | Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php). |
| CVE-2018-11473 | 2018-05-25 | Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration). |
| CVE-2018-11474 | 2018-05-25 | Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser. |
| CVE-2018-11475 | 2018-05-25 | Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser. |
| CVE-2018-11479 | 2018-05-25 | The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \\.\pipe\WindscribeService named pipe endpoint that allows the Windscribe... |
| CVE-2018-9091 | 2018-05-25 | A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an unauthenticated, remote... |
| CVE-2018-11490 | 2018-05-26 | The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array... |
| CVE-2018-11487 | 2018-05-26 | PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php. |
| CVE-2018-11489 | 2018-05-26 | The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is... |
| CVE-2018-11493 | 2018-05-26 | An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add. |
| CVE-2018-11494 | 2018-05-26 | The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step... |
| CVE-2018-11495 | 2018-05-26 | OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. For example, an attacker can download ../../config.php. |
| CVE-2018-11496 | 2018-05-26 | In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation. |
| CVE-2018-11498 | 2018-05-26 | In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an unchecked buffer size during a memcpy in the Lizard_decompress_LIZv1 function (lib/lizard_decompress_liz.h). Remote attackers... |
| CVE-2018-11499 | 2018-05-26 | A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified... |
| CVE-2018-11500 | 2018-05-26 | An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account. |
| CVE-2018-11501 | 2018-05-26 | PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2, with resultant XSS. |
| CVE-2018-11503 | 2018-05-26 | The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html. |
| CVE-2018-11504 | 2018-05-26 | The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html. |
| CVE-2018-11505 | 2018-05-26 | The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output. |
| CVE-2018-6409 | 2018-05-26 | An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to... |
| CVE-2018-6410 | 2018-05-26 | An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter. |
| CVE-2018-6411 | 2018-05-26 | An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is... |
| CVE-2018-11506 | 2018-05-28 | The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because... |
| CVE-2018-11507 | 2018-05-28 | An issue was discovered in Free Lossless Image Format (FLIF) 0.3. An attacker can trigger a long loop in image_load_pnm in image/image-pnm.cpp. |
| CVE-2018-11508 | 2018-05-28 | The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex. |
| CVE-2018-11512 | 2018-05-28 | Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web... |
| CVE-2018-11514 | 2018-05-28 | PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dangerous Type in edit_resume_det.php, as demonstrated by changing .docx to .php. |
| CVE-2018-11515 | 2018-05-28 | The wpForo plugin through 2018-02-05 for WordPress has SQL Injection via a search with the /forum/ wpfo parameter. |
| CVE-2018-11309 | 2018-05-28 | Blind SQL injection in coupon_code in the MemberMouse plugin 2.2.8 and prior for WordPress allows an unauthenticated attacker to dump the WordPress MySQL database via an applyCoupon action in an... |
| CVE-2018-11430 | 2018-05-28 | An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. The XSS... |
| CVE-2018-11516 | 2018-05-28 | The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other... |
| CVE-2018-11517 | 2018-05-28 | mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP... |
| CVE-2018-10732 | 2018-05-28 | The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pictures visibility. |
| CVE-2018-11488 | 2018-05-29 | A stack exhaustion vulnerability in the search function of dtSearch 7.90.8538.1 and prior allows remote attackers to cause a denial of service condition by sending a specially crafted HTTP request. |
| CVE-2018-11523 | 2018-05-29 | upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files. |
| CVE-2018-11527 | 2018-05-29 | An issue was discovered in CScms v4.1. A Cross-site request forgery (CSRF) vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator's username and password via /admin.php/sys/editpass_save. |
| CVE-2018-11528 | 2018-05-29 | WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI. |
| CVE-2018-11531 | 2018-05-29 | Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. |
| CVE-2018-11532 | 2018-05-29 | An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field. |
| CVE-2018-11535 | 2018-05-29 | An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. The parameter "my_item_search" in users.php is exploitable using SQL injection. |
| CVE-2018-11536 | 2018-05-29 | md4c before 0.2.5 has a heap-based buffer overflow because md_split_simple_pairing_mark mishandles splits. |
| CVE-2016-7076 | 2018-05-29 | sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A... |
| CVE-2017-1768 | 2018-05-29 | IBM Security Guardium Big Data Intelligence (SonarG) 3.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 136471. |
| CVE-2018-1369 | 2018-05-29 | IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server... |
| CVE-2018-1370 | 2018-05-29 | IBM Security Guardium Big Data Intelligence (SonarG) 3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM... |
| CVE-2018-1375 | 2018-05-29 | IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user... |
| CVE-2018-1376 | 2018-05-29 | IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2018-5241 | 2018-05-29 | Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML... |
| CVE-2018-1495 | 2018-05-29 | IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148. |
| CVE-2018-1235 | 2018-05-29 | Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to... |
| CVE-2018-1241 | 2018-05-29 | Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. An... |
| CVE-2018-1242 | 2018-05-29 | Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt... |
| CVE-2018-10466 | 2018-05-29 | Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection. |
| CVE-2018-10751 | 2018-05-29 | A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to... |
| CVE-2018-11027 | 2018-05-29 | A reflected XSS vulnerability on Ruckus ICX7450-48 devices allows remote attackers to inject arbitrary web script or HTML. |
| CVE-2018-11392 | 2018-05-29 | An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt "PHP Login & User Management" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user to upload .php... |
| CVE-2014-10067 | 2018-05-29 | paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a... |
| CVE-2014-10068 | 2018-05-29 | The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when `showHidden` is false. |
| CVE-2015-9235 | 2018-05-29 | In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead... |
| CVE-2015-9240 | 2018-05-29 | Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. A correct password is still required... |
| CVE-2015-9241 | 2018-05-29 | Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. Instead of sending a HTTP 500 error back to the sender, hapi... |
| CVE-2015-9242 | 2018-05-29 | Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial... |
| CVE-2015-9243 | 2018-05-29 | When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a... |
| CVE-2015-9244 | 2018-05-29 | Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection. |
| CVE-2016-10525 | 2018-05-29 | When attempting to allow authentication mode `try` in hapi, hapi-auth-jwt2 version 5.1.1 introduced an issue whereby people could bypass authentication. |
| CVE-2016-10551 | 2018-05-29 | waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's `like`, `contains`, `startsWith`, or `endsWith` will end up in waterline-sequel with... |
| CVE-2016-10556 | 2018-05-29 | sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft... |
| CVE-2016-10558 | 2018-05-29 | aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to... |
| CVE-2016-10559 | 2018-05-29 | selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may... |
| CVE-2016-10566 | 2018-05-29 | install-nw is a module which quickly and robustly installs and caches NW.js. install-nw versions below 1.1.5 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may... |
| CVE-2016-10567 | 2018-05-29 | product-monitor is a HTML/JavaScript template for monitoring a product by encouraging product developers to gather all the information about the status of a product, including live monitoring, statistics, endpoints, and... |
| CVE-2016-10568 | 2018-05-29 | geoip-lite-country is a stripped down version of geoip-lite, supporting only country lookup. geoip-lite-country before 1.1.4 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. |
| CVE-2016-10570 | 2018-05-29 | pngcrush-installer is an installer for Pngcrush. pngcrush-installer versions below 1.8.10 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code... |
| CVE-2016-10573 | 2018-05-29 | baryton-saxophone is a module to install and launch Selenium Server for Mac, Linux and Windows. baryton-saxophone versions below 3.0.1 download binary resources over HTTP, which leaves it vulnerable to MITM... |
| CVE-2016-10577 | 2018-05-29 | ibm_db is an asynchronous/synchronous interface for node.js to IBM DB2 and IBM Informix. ibm_db before 1.0.2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may... |
| CVE-2016-10578 | 2018-05-29 | unicode loads unicode data downloaded from unicode.org into nodejs. Unicode before 9.0.0 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. |
| CVE-2016-10584 | 2018-05-29 | dalek-browser-chrome-canary provides Google Chrome bindings for DalekJS. dalek-browser-chrome-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE)... |
| CVE-2016-10586 | 2018-05-29 | macaca-chromedriver is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver before 1.0.29 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause... |
| CVE-2016-10589 | 2018-05-29 | selenium-binaries downloads Selenium related binaries for your OS. selenium-binaries downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution... |
| CVE-2016-10590 | 2018-05-29 | cue-sdk-node is a Corsair Cue SDK wrapper for node.js. cue-sdk-node downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code... |
| CVE-2016-10591 | 2018-05-29 | Prince is a Node API for executing XML/HTML to PDF renderer PrinceXML via prince(1) CLI. prince downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may... |
| CVE-2016-10593 | 2018-05-29 | ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. Before 2.5.6, it may be possible to cause... |
| CVE-2016-10601 | 2018-05-29 | webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver / IEDriver / IOSDriver / Ghostdriver. webdrvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It... |