CVE List - 2018 / July
Showing 1101 - 1200 of 2167 CVEs for July 2018 (Page 12 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-14029 | 2018-07-13 | CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an... |
| CVE-2018-14031 | 2018-07-13 | An issue was discovered in the HDF HDF5 1.8.20 library.... |
| CVE-2018-14033 | 2018-07-13 | An issue was discovered in the HDF HDF5 1.8.20 library.... |
| CVE-2018-14034 | 2018-07-13 | An issue was discovered in the HDF HDF5 1.8.20 library.... |
| CVE-2018-14035 | 2018-07-13 | An issue was discovered in the HDF HDF5 1.8.20 library.... |
| CVE-2018-14036 | 2018-07-13 | Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50... |
| CVE-2018-6969 | 2018-07-13 | VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds... |
| CVE-2018-14040 | 2018-07-13 | In Bootstrap before 4.1.2, XSS is possible in the collapse... |
| CVE-2018-14041 | 2018-07-13 | In Bootstrap before 4.1.2, XSS is possible in the data-target... |
| CVE-2018-14042 | 2018-07-13 | In Bootstrap before 4.1.2, XSS is possible in the data-container... |
| CVE-2018-14043 | 2018-07-13 | mstdlib (aka the M Standard Library for C) 1.2.0 has... |
| CVE-2018-14046 | 2018-07-13 | Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in... |
| CVE-2018-14044 | 2018-07-13 | The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen... |
| CVE-2018-14045 | 2018-07-13 | The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in libSoundTouch.a in Olli Parviainen... |
| CVE-2018-14048 | 2018-07-13 | An issue has been found in libpng 1.6.34. It is... |
| CVE-2017-1367 | 2018-07-13 | IBM Security Identity Governance and Intelligence Virtual Appliance 5.2 through... |
| CVE-2017-1395 | 2018-07-13 | IBM Security Identity Governance and Intelligence Virtual Appliance 5.2 through... |
| CVE-2018-14047 | 2018-07-13 | An issue has been found in PNGwriter 0.7.0. It is... |
| CVE-2018-14049 | 2018-07-13 | An issue has been found in libwav through 2017-04-20. It... |
| CVE-2018-14050 | 2018-07-13 | An issue has been found in libwav through 2017-04-20. It... |
| CVE-2018-14051 | 2018-07-13 | The function wav_read in libwav.c in libwav through 2017-04-20 has... |
| CVE-2018-14052 | 2018-07-13 | An issue has been found in libwav through 2017-04-20. It... |
| CVE-2018-9067 | 2018-07-13 | The Lenovo Help Android app versions earlier than 6.1.2.0327 had... |
| CVE-2018-9070 | 2018-07-13 | For the Lenovo Smart Assistant Android app versions earlier than... |
| CVE-2018-10018 | 2018-07-13 | The GDASPAMLib.AntiSpam ActiveX control ASK\GDASpam.dll in G DATA Total Security... |
| CVE-2018-10098 | 2018-07-13 | In MicroWorld eScan Internet Security Suite (ISS) for Business 14.0.1400.2029,... |
| CVE-2018-7535 | 2018-07-13 | An issue was discovered in TotalAV v4.1.7. An unprivileged user... |
| CVE-2018-1245 | 2018-07-13 | Authorization ByPass Vulnerability |
| CVE-2018-1255 | 2018-07-13 | Reflected Cross-Site Scripting Vulnerability |
| CVE-2018-1000207 | 2018-07-13 | MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability... |
| CVE-2018-1000206 | 2018-07-13 | JFrog Artifactory version since 5.11 contains a Cross ite Request... |
| CVE-2018-1000208 | 2018-07-13 | MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in... |
| CVE-2018-1000209 | 2018-07-13 | Sensu, Inc. Sensu Core version Before version 1.4.2-3 contains a... |
| CVE-2018-1000210 | 2018-07-13 | YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object... |
| CVE-2018-1000211 | 2018-07-13 | Doorkeeper version 4.2.0 and later contains a Incorrect Access Control... |
| CVE-2018-10631 | 2018-07-13 | Medtronic N'Vision Clinician Programmer Missing Encryption of Sensitive Data |
| CVE-2018-8847 | 2018-07-13 | Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based... |
| CVE-2016-6542 | 2018-07-13 | The MAC address/device tracking ID of an iTrack Easy can be obtained within range of the device |
| CVE-2016-6543 | 2018-07-13 | A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data |
| CVE-2016-6544 | 2018-07-13 | iTrack Easy's getgps data can be modified without authentication |
| CVE-2016-6545 | 2018-07-13 | iTrack Easy does not use session cookies to maintain sessions and POSTs the users password over HTTPS for each request |
| CVE-2016-6546 | 2018-07-13 | iTrack Easy mobile application stores the user password in base-64 encoding/cleartext |
| CVE-2016-6547 | 2018-07-13 | Zizai Tech Nut stores the account password in cleartext |
| CVE-2016-6548 | 2018-07-13 | Zizai Tech Nut mobile application makes requests using HTTP, which includes the users session token |
| CVE-2016-6549 | 2018-07-13 | Zizai Tech Nut allows for unauthenticated Bluetooth pairing |
| CVE-2016-6551 | 2018-07-13 | Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses default credentials |
| CVE-2016-6552 | 2018-07-13 | Green Packet DX-350 uses default credentials |
| CVE-2016-6553 | 2018-07-13 | Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses default credentials |
| CVE-2016-6554 | 2018-07-13 | Synology NAS servers DS107, DS116, and DS213, use default credentials |
| CVE-2016-6557 | 2018-07-13 | The ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, is vulnerable to cross-site request forgery |
| CVE-2016-6558 | 2018-07-13 | The ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, is vulnerable to command injection |
| CVE-2016-6559 | 2018-07-13 | The BSD libc library's link_ntoa() function may be vulnerable to a classic buffer overflow |
| CVE-2016-6562 | 2018-07-13 | ShoreTel Mobility Client for iOS and Android, version 9.1.3.109 and earlier, fails to properly validate SSL certificates provided by HTTPS connections |
| CVE-2016-6563 | 2018-07-13 | D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action |
| CVE-2016-6564 | 2018-07-13 | Ragentek Android software contains an over-the-air update mechanism that communicates over an unencrypted channel, which can allow a remote attacker to execute arbitrary code with root privileges |
| CVE-2016-6565 | 2018-07-13 | The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 may execute code from an uploaded malicious file |
| CVE-2016-6566 | 2018-07-13 | The Sungard eTRAKiT3 software version 3.2.1.17 may be vulnerable to SQL injection which may allow a remote unauthenticated attacker to run a subset of SQL commands against the back-end database |
| CVE-2016-6567 | 2018-07-13 | SHDesigns' Resident Download Manager (as well as the Ethernet Download Manager) does not authenticate firmware downloads before executing code and deploying them to devices |
| CVE-2016-6578 | 2018-07-13 | CodeLathe FileCloud, version 13.0.0.32841 and earlier, is vulnerable to cross-site request forgery (CSRF) |
| CVE-2016-9482 | 2018-07-13 | PHP FormMail Generator generates PHP code for standard web forms, and the code generated is vulnerable to authentication bypass |
| CVE-2016-9483 | 2018-07-13 | PHP FormMail Generator generates PHP code for standard web forms, and the code generated is vulnerable to unsafe deserialization of untrusted data |
| CVE-2016-9484 | 2018-07-13 | PHP FormMail Generator generates PHP code for standard web forms, and the code generated does not properly validate user input folder directories and is vulnerable to path traversal |
| CVE-2016-9485 | 2018-07-13 | On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint because it fails to set any permissions on downloaded file objects |
| CVE-2016-9486 | 2018-07-13 | On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint because files are created in a folder with incorrect privileges |
| CVE-2016-9487 | 2018-07-13 | EpubCheck 4.0.1 is vulnerable to external XML entity processing attacks |
| CVE-2016-9489 | 2018-07-13 | ManageEngine Applications Manager 12 and 13 is vulnerable to privilege escalation and authentication bypass |
| CVE-2016-9491 | 2018-07-13 | ManageEngine Applications Manager 12 and 13 is vulnerable to privilege escalation due to improper restriction of an XML external entity |
| CVE-2016-9492 | 2018-07-13 | PHP forms generated using the PHP FormMail Generator are vulnerable to unrestricted upload of dangerous file types |
| CVE-2016-9493 | 2018-07-13 | PHP forms generated using the PHP FormMail Generator are vulnerable to stored cross-site scripting |
| CVE-2016-9494 | 2018-07-13 | Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation, potentially leading to denial of service |
| CVE-2016-9495 | 2018-07-13 | Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials |
| CVE-2016-9496 | 2018-07-13 | Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication to access certain pages |
| CVE-2016-9497 | 2018-07-13 | Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel |
| CVE-2016-9498 | 2018-07-13 | ManageEngine Applications Manager 12 and 13, allows unserialization of unsafe Java objects |
| CVE-2016-9499 | 2018-07-13 | The Accellion FTP server prior to version FTA_9_12_220 is vulnerable to cross-site scripting. |
| CVE-2016-9500 | 2018-07-13 | The Accellion FTP server prior to version FTA_9_12_220 is vulnerable to informaiton exposure |
| CVE-2017-13091 | 2018-07-13 | The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including improperly specified padding in CBC mode allows use of an EDA tool as a decryption oracle |
| CVE-2017-13092 | 2018-07-13 | The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle |
| CVE-2017-13093 | 2018-07-13 | The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of encrypted IP cyphertext to insert hardware trojans |
| CVE-2017-13094 | 2018-07-13 | The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of the encryption key and insertion of hardware trojans in any IP |
| CVE-2017-13095 | 2018-07-13 | The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of a license-deny response to a license grant |
| CVE-2017-13096 | 2018-07-13 | The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of Rights Block to remove or relax access control |
| CVE-2017-13097 | 2018-07-13 | The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of Rights Block to remove or relax license requirement |
| CVE-2013-0570 | 2018-07-13 | The Fibre Channel over Ethernet (FCoE) feature in IBM System... |
| CVE-2018-10875 | 2018-07-13 | A flaw was found in ansible. ansible.cfg is read from... |
| CVE-2018-14055 | 2018-07-15 | ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming... |
| CVE-2018-14056 | 2018-07-15 | ZNC before 1.7.1-rc1 is prone to a path traversal flaw... |
| CVE-2018-14010 | 2018-07-15 | OS command injection in the guest Wi-Fi settings feature in... |
| CVE-2018-14060 | 2018-07-15 | OS command injection in the AP mode settings feature in... |
| CVE-2018-14063 | 2018-07-15 | The increaseApproval function of a smart contract implementation for Tracto... |
| CVE-2018-14064 | 2018-07-15 | The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices... |
| CVE-2018-14065 | 2018-07-15 | XMLReader.php in PHPOffice Common before 0.2.9 allows XXE. |
| CVE-2018-14066 | 2018-07-15 | The content://wappush content provider in com.android.provider.telephony, as found in some... |
| CVE-2018-14068 | 2018-07-15 | An issue was discovered in SRCMS V2.3.1. There is a... |
| CVE-2018-14069 | 2018-07-15 | An issue was discovered in SRCMS V2.3.1. There is a... |
| CVE-2018-14072 | 2018-07-15 | libsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c,... |
| CVE-2018-14073 | 2018-07-15 | libsixel 1.8.1 has a memory leak in sixel_allocator_new in allocator.c. |
| CVE-2018-14325 | 2018-07-16 | In MP4v2 2.0.0, there is an integer underflow (with resultant... |
| CVE-2018-14326 | 2018-07-16 | In MP4v2 2.0.0, there is an integer overflow (with resultant... |
| CVE-2018-14084 | 2018-07-16 | An issue was discovered in a smart contract implementation for... |