CVE List - 2018 / June
Showing 301 - 400 of 1783 CVEs for June 2018 (Page 4 of 18)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-11722 | 2018-06-05 | WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded. |
| CVE-2018-1252 | 2018-06-05 | RSA Web Threat Detection SQL Injection Vulnerability |
| CVE-2018-1000180 | 2018-06-05 | Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in... |
| CVE-2018-1000181 | 2018-06-05 | Kitura 2.3.0 and earlier have an unintended read access to unauthorised files and folders that can be exploited by a crafted URL resulting in information disclosure. |
| CVE-2018-1000200 | 2018-06-05 | The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises... |
| CVE-2018-11743 | 2018-06-05 | The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or... |
| CVE-2016-9488 | 2018-06-05 | ManageEngine Applications Manager versions 12 and 13 suffer from remote SQL injection vulnerabilities |
| CVE-2016-9490 | 2018-06-05 | ManageEngine Applications Manager versions 12 and 13 suffer from a Reflected Cross-Site Scripting vulnerability |
| CVE-2018-6662 | 2018-06-05 | SB10232 - McAfee Management of Native Encryption (MNE) - Privilege Escalation vulnerability |
| CVE-2018-8923 | 2018-06-05 | Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. |
| CVE-2018-8924 | 2018-06-05 | Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. |
| CVE-2018-10813 | 2018-06-05 | In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit... |
| CVE-2018-10966 | 2018-06-05 | An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02_passport.js. An attacker can edit the Passport.js contents of the session cookie to contain the ID number of the... |
| CVE-2017-1350 | 2018-06-05 | IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improper access controls. IBM X-Force ID: 126526. |
| CVE-2018-1432 | 2018-06-05 | IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML... |
| CVE-2018-1454 | 2018-06-05 | IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker... |
| CVE-2018-7943 | 2018-06-05 | There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker... |
| CVE-2018-1332 | 2018-06-05 | Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate another user when communicating with some... |
| CVE-2018-8008 | 2018-06-05 | Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive... |
| CVE-2017-7653 | 2018-06-05 | The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings... |
| CVE-2017-7654 | 2018-06-05 | In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service... |
| CVE-2018-1000182 | 2018-06-05 | A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send... |
| CVE-2018-1000183 | 2018-06-05 | A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified... |
| CVE-2018-1000184 | 2018-06-05 | A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to... |
| CVE-2018-1000185 | 2018-06-05 | A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET... |
| CVE-2018-1000186 | 2018-06-05 | A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified... |
| CVE-2018-1000187 | 2018-06-05 | A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs. |
| CVE-2018-1000188 | 2018-06-05 | A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to... |
| CVE-2018-1000189 | 2018-06-05 | A command execution vulnerability exists in Jenkins Absint Astree Plugin 1.0.5 and older in AstreeBuilder.java that allows attackers with Overall/Read access to execute a command on the Jenkins master. |
| CVE-2018-1000190 | 2018-06-05 | A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL... |
| CVE-2018-1000191 | 2018-06-05 | A exposure of sensitive information vulnerability exists in Jenkins Black Duck Detect Plugin 1.4.0 and older in DetectPostBuildStepDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL... |
| CVE-2018-10597 | 2018-06-05 | IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions... |
| CVE-2018-10599 | 2018-06-05 | IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions... |
| CVE-2018-10601 | 2018-06-05 | IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions... |
| CVE-2017-7635 | 2018-06-05 | QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections. |
| CVE-2017-7636 | 2018-06-05 | Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML. |
| CVE-2017-7637 | 2018-06-05 | QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges. |
| CVE-2017-7639 | 2018-06-05 | QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server. |
| CVE-2018-1000192 | 2018-06-05 | A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate all installed plugins. |
| CVE-2018-1000193 | 2018-06-05 | A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control... |
| CVE-2018-1000194 | 2018-06-05 | A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins... |
| CVE-2018-1000195 | 2018-06-05 | A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET... |
| CVE-2018-10057 | 2018-06-05 | The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing... |
| CVE-2018-10058 | 2018-06-05 | The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the addpool, failover-only, poolquota,... |
| CVE-2018-11586 | 2018-06-05 | XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in... |
| CVE-2018-7884 | 2018-06-05 | An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956. When the drivers are updated to a newer version, the product launches a process as SYSTEM to uninstall the... |
| CVE-2018-1000196 | 2018-06-05 | A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlab_notifier.rb, views/gitlab_notifier/global.erb that allows attackers with local Jenkins master file system access or control... |
| CVE-2018-1000197 | 2018-06-05 | An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub... |
| CVE-2018-1000198 | 2018-06-05 | A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal... |
| CVE-2018-1000202 | 2018-06-05 | A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define JavaScript... |
| CVE-2018-3691 | 2018-06-05 | Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time. |
| CVE-2018-11553 | 2018-06-06 | SGIN.CN xiangyun platform V9.4.10 has XSS via the login_url parameter to /login.php. |
| CVE-2018-11808 | 2018-06-06 | Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in... |
| CVE-2018-11813 | 2018-06-06 | libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF. |
| CVE-2018-1456 | 2018-06-06 | IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this... |
| CVE-2017-1474 | 2018-06-06 | IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the... |
| CVE-2017-1476 | 2018-06-06 | IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP... |
| CVE-2017-1480 | 2018-06-06 | IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID:... |
| CVE-2018-1000203 | 2018-06-06 | Soar Labs Soar Coin version up to and including git commit 4a2aa71ee21014e2880a3f7aad11091ed6ad434f (latest release as of Sept 2017) contains an intentional backdoor vulnerability in the function zero_fee_transaction() that can result... |
| CVE-2017-7933 | 2018-06-06 | In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access. |
| CVE-2018-10198 | 2018-06-06 | An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information... |
| CVE-2017-7906 | 2018-06-06 | In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticated user, which may allow an attacker to launch... |
| CVE-2017-7931 | 2018-06-06 | In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the configuration files and... |
| CVE-2018-1265 | 2018-06-06 | Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a... |
| CVE-2018-1268 | 2018-06-06 | Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not... |
| CVE-2018-1269 | 2018-06-06 | Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not... |
| CVE-2018-7510 | 2018-06-06 | In the web application in BeaconMedaes TotalAlert Scroll Medical Air Systems running software versions prior to 4107600010.23, passwords are presented in plaintext in a file that is accessible without authentication. |
| CVE-2017-18154 | 2018-06-06 | A crafted binder request can cause an arbitrary unmap in MediaServer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. |
| CVE-2018-3562 | 2018-06-06 | Buffer over -read can occur while processing a FILS authentication frame in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. |
| CVE-2018-3565 | 2018-06-06 | While sending a probe request indication in lim_send_sme_probe_req_ind() in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overflow... |
| CVE-2018-3578 | 2018-06-06 | Type mismatch for ie_len can cause the WLAN driver to allocate less memory on the heap due to implicit casting leading to a heap buffer overflow in all Android releases... |
| CVE-2018-3580 | 2018-06-06 | Stack-based buffer overflow can occur In the WLAN driver if the pmkid_count value is larger than the PMKIDCache size in all Android releases from CAF (Android for MSM, Firefox OS... |
| CVE-2018-3852 | 2018-06-06 | An exploitable denial of service vulnerability exists in the Ocularis Recorder functionality of Ocularis 5.5.0.242. A specially crafted TCP packet can cause a process to terminate resulting in denial of... |
| CVE-2018-5840 | 2018-06-06 | Buffer Copy without Checking Size of Input can occur during the DRM SDE driver initialization sequence in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD... |
| CVE-2018-5841 | 2018-06-06 | dcc_curr_list is initialized with a default invalid value that is expected to be programmed by the user through a sysfs node which could lead to an invalid access in all... |
| CVE-2018-5845 | 2018-06-06 | A race condition in drm_atomic_nonblocking_commit() in the display driver can potentially lead to a Use After Free scenario in all Android releases from CAF (Android for MSM, Firefox OS for... |
| CVE-2018-5846 | 2018-06-06 | A Use After Free condition can occur in the IPA driver whenever the IPA IOCTLs IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_ADD/IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_DEL/IPA_IOC_NOTIFY_WAN_EMBMS_CONNECTED are called in all Android releases from CAF (Android for MSM, Firefox OS for... |
| CVE-2018-5850 | 2018-06-06 | In the function csr_update_fils_params_rso(), insufficient validation on a key length can result in an integer underflow leading to a buffer overflow in all Android releases from CAF (Android for MSM,... |
| CVE-2017-16126 | 2018-06-07 | The module botbait is a tool to be used to track bot and automated tools usage with-in the npm ecosystem. botbait is known to record and track user information. The... |
| CVE-2017-16183 | 2018-06-07 | iter-server is a static file server. iter-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16198 | 2018-06-07 | ritp is a static web server. ritp is vulnerable to a directory traversal issue whereby an attacker can gain access to the file system by placing ../ in the URL.... |
| CVE-2017-16206 | 2018-06-07 | The cofee-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. |
| CVE-2017-16056 | 2018-06-07 | mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| CVE-2017-16057 | 2018-06-07 | nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| CVE-2017-16058 | 2018-06-07 | gruntcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| CVE-2017-16059 | 2018-06-07 | mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| CVE-2017-16060 | 2018-06-07 | babelcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| CVE-2017-16063 | 2018-06-07 | node-opensl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| CVE-2017-16064 | 2018-06-07 | node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| CVE-2017-16065 | 2018-06-07 | openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| CVE-2017-16066 | 2018-06-07 | opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| CVE-2017-16067 | 2018-06-07 | node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| CVE-2017-16068 | 2018-06-07 | ffmepg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| CVE-2017-16069 | 2018-06-07 | nodeffmpeg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| CVE-2017-16070 | 2018-06-07 | nodecaffe was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| CVE-2017-16071 | 2018-06-07 | nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| CVE-2017-16072 | 2018-06-07 | nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| CVE-2017-16073 | 2018-06-07 | noderequest was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| CVE-2017-16074 | 2018-06-07 | crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| CVE-2017-16075 | 2018-06-07 | http-proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |