CVE List - 2018 / June
Showing 701 - 800 of 1783 CVEs for June 2018 (Page 8 of 18)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-4243 | 2018-06-08 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue... |
| CVE-2018-4244 | 2018-06-08 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri Contacts" component. It allows physically proximate attackers to discover private contact information... |
| CVE-2018-4246 | 2018-06-08 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows... |
| CVE-2018-4247 | 2018-06-08 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause... |
| CVE-2018-4250 | 2018-06-08 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via... |
| CVE-2018-4251 | 2018-06-08 | An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Firmware" component. It allows attackers to modify the EFI flash-memory region that a... |
| CVE-2018-4252 | 2018-06-08 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism... |
| CVE-2018-4253 | 2018-06-08 | An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "AMD" component. It allows local users to bypass intended memory-read restrictions or cause... |
| CVE-2018-1281 | 2018-06-08 | The clustered setup of Apache MXNet allows users to specify which IP address and port the scheduler will listen on via the DMLC_PS_ROOT_URI and DMLC_PS_ROOT_PORT env variables. In versions older... |
| CVE-2018-0225 | 2018-06-08 | The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4.3.10598 (HF4) allows SQL injection, aka the Security Advisory 2089 issue. |
| CVE-2018-12020 | 2018-06-08 | mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to... |
| CVE-2018-12085 | 2018-06-09 | Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440. |
| CVE-2018-12088 | 2018-06-10 | S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old versions of the filesystem metadata database as up-to-date, temporarily... |
| CVE-2018-10360 | 2018-06-11 | The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. |
| CVE-2018-12025 | 2018-06-11 | The transferFrom function of a smart contract implementation for FuturXE (FXE), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized transfer of digital assets because of a logic error.... |
| CVE-2018-12090 | 2018-06-11 | There is unauthenticated reflected cross-site scripting (XSS) in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key=... |
| CVE-2018-12089 | 2018-06-11 | In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is... |
| CVE-2018-12092 | 2018-06-11 | tinyexr 0.9.5 has a heap-based buffer over-read in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code. |
| CVE-2018-12093 | 2018-06-11 | tinyexr 0.9.5 has a memory leak in ParseEXRHeaderFromMemory in tinyexr.h. |
| CVE-2018-12094 | 2018-06-11 | Cross-site scripting (XSS) vulnerability in news.php in Dimofinf CMS Version 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
| CVE-2018-12095 | 2018-06-11 | A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod parameter of info.php. |
| CVE-2018-12099 | 2018-06-11 | Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. |
| CVE-2018-12100 | 2018-06-11 | Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI. |
| CVE-2018-12102 | 2018-06-11 | md4c 0.2.6 has a NULL pointer dereference in the function md_process_line in md4c.c, related to ctx->current_block. |
| CVE-2018-12110 | 2018-06-11 | portfolioCMS 1.0.5 has SQL Injection via the admin/portfolio.php preview parameter. |
| CVE-2018-12111 | 2018-06-11 | Cross-site scripting (XSS) vulnerability in the Canon PrintMe EFI webinterface allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /wt3/mydocs.php URI. |
| CVE-2018-12108 | 2018-06-11 | An issue was discovered in Dropbox Lepton 1.2.1. The validateAndCompress function in validation.cc allows remote attackers to cause a denial of service (SIGFPE and application crash) via a malformed file. |
| CVE-2018-12109 | 2018-06-11 | An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The TransformPaletteC<FileIO>::process function in transform/palette_C.hpp allows remote attackers to cause a denial of service (heap-based buffer overflow and application... |
| CVE-2018-12112 | 2018-06-11 | md_build_attribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact via a crafted file. |
| CVE-2011-4181 | 2018-06-11 | open build service information leak via unauthorized source access |
| CVE-2017-3199 | 2018-06-11 | GraniteDS, version 3.1.1.GA, Action Message Format (AMF3) Java implementation is vulnerable to insecure deserialization |
| CVE-2017-3200 | 2018-06-11 | The implementation of Action Message Format (AMF3) deserializers in GraniteDS, version 3.1.1.GA, may allow instantiation of arbitrary classes due to improper code control |
| CVE-2017-3201 | 2018-06-11 | Flamingo amf-serializer by Exadel, version 2.2.0, Action Message Format (AMF3) Java implementation is vulnerable to insecure deserialization |
| CVE-2017-3202 | 2018-06-11 | The implementation of Action Message Format (AMF3) deserializers in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes due to improper code control |
| CVE-2017-3203 | 2018-06-11 | Pivotal/Spring Spring-flex's Action Message Format (AMF3) Java implementation is vulnerable to insecure deserialization |
| CVE-2017-3206 | 2018-06-11 | The Action Message Format (AMF3) deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages |
| CVE-2017-3207 | 2018-06-11 | WebORB for Java by Midnight Coders, version 5.1.1.0, Action Message Format (AMF3) Java implementation is vulnerable to insecure deserialization |
| CVE-2017-3208 | 2018-06-11 | The Java implementation of AMF3 deserializers used by WebORB for Java by Midnight Coders, version 5.1.1.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. If the... |
| CVE-2018-6512 | 2018-06-11 | The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and razor-server and pe-razor-server... |
| CVE-2018-6513 | 2018-06-11 | Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2018.1.1, Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7,... |
| CVE-2018-6514 | 2018-06-11 | In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which... |
| CVE-2018-6515 | 2018-06-11 | Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2 on Windows only, with a specially crafted configuration file an attacker... |
| CVE-2016-5287 | 2018-06-11 | A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49. This vulnerability affects Firefox < 49.0.2. |
| CVE-2016-5288 | 2018-06-11 | Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48... |
| CVE-2016-5289 | 2018-06-11 | Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be... |
| CVE-2016-5290 | 2018-06-11 | Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some... |
| CVE-2016-5291 | 2018-06-11 | A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. |
| CVE-2016-5292 | 2018-06-11 | During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50. |
| CVE-2016-5293 | 2018-06-11 | When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability... |
| CVE-2016-5294 | 2018-06-11 | The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue... |
| CVE-2016-5295 | 2018-06-11 | This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability... |
| CVE-2016-5296 | 2018-06-11 | A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox... |
| CVE-2016-5297 | 2018-06-11 | An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox... |
| CVE-2016-5298 | 2018-06-11 | A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is... |
| CVE-2016-5299 | 2018-06-11 | A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and... |
| CVE-2016-9061 | 2018-06-11 | A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for... |
| CVE-2016-9062 | 2018-06-11 | Private browsing mode leaves metadata information, such as URLs, for sites visited in "browser.db" and "browser.db-wal" files within the Firefox profile after the mode is exited. Note: This issue only... |
| CVE-2016-9063 | 2018-06-11 | An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50. |
| CVE-2016-9064 | 2018-06-11 | Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on... |
| CVE-2016-9065 | 2018-06-11 | The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location bar without any user... |
| CVE-2016-9066 | 2018-06-11 | A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR <... |
| CVE-2016-9067 | 2018-06-11 | Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50. |
| CVE-2016-9068 | 2018-06-11 | A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50. |
| CVE-2016-9070 | 2018-06-11 | A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox... |
| CVE-2016-9071 | 2018-06-11 | Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects... |
| CVE-2016-9072 | 2018-06-11 | When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit... |
| CVE-2016-9073 | 2018-06-11 | WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50. |
| CVE-2016-9074 | 2018-06-11 | An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR... |
| CVE-2016-9075 | 2018-06-11 | An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install... |
| CVE-2016-9076 | 2018-06-11 | An issue where a "<select>" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to... |
| CVE-2016-9077 | 2018-06-11 | Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the... |
| CVE-2016-9078 | 2018-06-11 | Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain... |
| CVE-2016-9080 | 2018-06-11 | Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be... |
| CVE-2016-9893 | 2018-06-11 | Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be... |
| CVE-2016-9894 | 2018-06-11 | A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash. This vulnerability affects Firefox <... |
| CVE-2016-9895 | 2018-06-11 | Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird... |
| CVE-2016-9896 | 2018-06-11 | Use-after-free while manipulating the "navigator" object within WebVR. Note: WebVR is not currently enabled by default. This vulnerability affects Firefox < 50.1. |
| CVE-2016-9897 | 2018-06-11 | Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR <... |
| CVE-2016-9898 | 2018-06-11 | Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. |
| CVE-2016-9899 | 2018-06-11 | Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird... |
| CVE-2016-9900 | 2018-06-11 | External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability... |
| CVE-2016-9901 | 2018-06-11 | HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's... |
| CVE-2016-9902 | 2018-06-11 | The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to... |
| CVE-2016-9903 | 2018-06-11 | Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content... |
| CVE-2016-9904 | 2018-06-11 | An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such... |
| CVE-2016-9905 | 2018-06-11 | A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6. |
| CVE-2017-5373 | 2018-06-11 | Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some... |
| CVE-2017-5374 | 2018-06-11 | Memory safety bugs were reported in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be... |
| CVE-2017-5375 | 2018-06-11 | JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and... |
| CVE-2017-5376 | 2018-06-11 | Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. |
| CVE-2017-5377 | 2018-06-11 | A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 51. |
| CVE-2017-5378 | 2018-06-11 | Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage... |
| CVE-2017-5379 | 2018-06-11 | Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox < 51. |
| CVE-2017-5380 | 2018-06-11 | A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. |
| CVE-2017-5381 | 2018-06-11 | The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations... |
| CVE-2017-5382 | 2018-06-11 | Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by... |
| CVE-2017-5383 | 2018-06-11 | URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird... |
| CVE-2017-5384 | 2018-06-11 | Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy... |
| CVE-2017-5385 | 2018-06-11 | Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. This vulnerability... |
| CVE-2017-5386 | 2018-06-11 | WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This... |