CVE List - 2018 / July
Showing 901 - 1000 of 2167 CVEs for July 2018 (Page 10 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2017-1792 | 2018-07-10 | IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus... |
| CVE-2017-1793 | 2018-07-10 | IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus... |
| CVE-2018-1396 | 2018-07-10 | IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus... |
| CVE-2018-1423 | 2018-07-10 | IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. IBM X-Force ID: 139026. |
| CVE-2018-1458 | 2018-07-10 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10,1, 10.5 and 11.1 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks.... |
| CVE-2018-1487 | 2018-07-10 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full... |
| CVE-2018-1492 | 2018-07-10 | IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from... |
| CVE-2018-1523 | 2018-07-10 | IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus... |
| CVE-2018-1549 | 2018-07-10 | IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause... |
| CVE-2018-1566 | 2018-07-10 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string... |
| CVE-2018-5553 | 2018-07-10 | Crestron DGE-100 Console Command Injection (FIXED) |
| CVE-2018-1331 | 2018-07-10 | In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in some cases could execute... |
| CVE-2018-10889 | 2018-07-10 | A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7. No option existed to omit logs from data privacy exports, which may contain details of other users who interacted... |
| CVE-2018-10890 | 2018-07-10 | A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. It was possible for the core_course_get_categories web service to return hidden categories, which should be omitted when fetching... |
| CVE-2018-10891 | 2018-07-10 | A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is displayed to... |
| CVE-2018-13843 | 2018-07-10 | An issue has been found in HTSlib 1.8. It is a memory leak in bgzf_getline in bgzf.c. NOTE: the software maintainer's position is that the "failure to free memory" can... |
| CVE-2018-13844 | 2018-07-10 | An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. NOTE: This has been disputed with the assertion that this vulnerability exists in... |
| CVE-2018-13845 | 2018-07-10 | An issue has been found in HTSlib 1.8. It is a buffer over-read in sam_parse1 in sam.c. |
| CVE-2018-13846 | 2018-07-10 | An issue has been found in Bento4 1.5.1-624. AP4_Mpeg2TsVideoSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp has a heap-based buffer over-read after a call from Mp42Ts.cpp, a related issue to CVE-2018-14532. |
| CVE-2018-13847 | 2018-07-10 | An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StcoAtom::AdjustChunkOffsets in Core/Ap4StcoAtom.cpp. |
| CVE-2018-13848 | 2018-07-10 | An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StszAtom::GetSampleSize in Core/Ap4StszAtom.cpp. |
| CVE-2018-13849 | 2018-07-10 | edit_requests.php in yTakkar Instagram-clone through 2018-04-23 has XSS via an onmouseover payload because of an inadequate XSS protection mechanism based on preg_replace. |
| CVE-2018-13850 | 2018-07-10 | The "Firebase Cloud Messaging (FCM) + Advance Admin Panel" component supporting Firebase Push Notification on iOS (through 2017-10-26) allows SQL injection via the /advance_push/public/login username parameter. |
| CVE-2018-2427 | 2018-07-10 | SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed... |
| CVE-2018-2431 | 2018-07-10 | SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. |
| CVE-2018-2432 | 2018-07-10 | SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a... |
| CVE-2018-2433 | 2018-07-10 | SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and... |
| CVE-2018-2434 | 2018-07-10 | A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra,... |
| CVE-2018-2435 | 2018-07-10 | SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. |
| CVE-2018-2436 | 2018-07-10 | Executing transaction WRCK in SAP R/3 Enterprise Retail (EHP6) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. |
| CVE-2018-2437 | 2018-07-10 | The SAP Internet Graphics Service (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS command executions which can lead to: disclosure of information and malicious file... |
| CVE-2018-2438 | 2018-07-10 | The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has several denial-of-service vulnerabilities that allow an attacker to prevent legitimate users from accessing a service, either by crashing... |
| CVE-2018-2439 | 2018-07-10 | The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation (for example, where the request is validated for authenticity and validity) and under certain conditions,... |
| CVE-2018-2440 | 2018-07-10 | Under certain circumstances SAP Dynamic Authorization Management (DAM) by NextLabs (Java Policy Controller versions 7.7 and 8.5) exposes sensitive information in the application logs. |
| CVE-2018-12461 | 2018-07-10 | Certificate Revocation Check failure |
| CVE-2018-10872 | 2018-07-10 | A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation,... |
| CVE-2018-1116 | 2018-07-10 | A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by... |
| CVE-2018-12462 | 2018-07-10 | NetIQ iManager XSS vulnerabilities |
| CVE-2018-13863 | 2018-07-10 | The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is... |
| CVE-2018-13865 | 2018-07-10 | An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism. |
| CVE-2017-5704 | 2018-07-10 | Platform sample code firmware included with 4th Gen Intel Core Processor, 5th Gen Intel Core Processor, 6th Gen Intel Core Processor, and 7th Gen Intel Core Processor potentially exposes password... |
| CVE-2018-3619 | 2018-07-10 | Information disclosure vulnerability in storage media in systems with Intel Optane memory module with Whole Disk Encryption may allow an attacker to recover data via physical access. |
| CVE-2018-3627 | 2018-07-10 | Logic bug in Intel Converged Security Management Engine 11.x may allow an attacker to execute arbitrary code via local privileged access. |
| CVE-2018-3628 | 2018-07-10 | Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an... |
| CVE-2018-3629 | 2018-07-10 | Buffer overflow in event handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an... |
| CVE-2018-3632 | 2018-07-10 | Memory corruption in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 6.x / 7.x / 8.x / 9.x / 10.x / 11.0 / 11.5 / 11.6 /... |
| CVE-2018-3652 | 2018-07-10 | Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows... |
| CVE-2018-3667 | 2018-07-10 | Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets permissions of installed files incorrectly, allowing for execution of arbitrary code and potential privilege escalation. |
| CVE-2018-3668 | 2018-07-10 | Unquoted service paths in Intel Processor Diagnostic Tool (IPDT) before version 4.1.0.27 allows a local attacker to potentially execute arbitrary code. |
| CVE-2018-3682 | 2018-07-10 | BMC Firmware in Intel server boards, compute modules, and systems potentially allow an attacker with administrative privileges to make unauthorized read\writes to the SMBUS. |
| CVE-2018-3683 | 2018-07-10 | Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code. |
| CVE-2018-3684 | 2018-07-10 | Unquoted service paths in Intel Quartus II in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code. |
| CVE-2018-3687 | 2018-07-10 | Unquoted service paths in Intel Quartus II Programmer and Tools in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code. |
| CVE-2018-3688 | 2018-07-10 | Unquoted service paths in Intel Quartus Prime Programmer and Tools in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code. |
| CVE-2018-3693 | 2018-07-10 | Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. |
| CVE-2018-13866 | 2018-07-10 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer over-read in the function H5F_addr_decode_len in H5Fint.c. |
| CVE-2018-13867 | 2018-07-10 | An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5F__accum_read in H5Faccum.c. |
| CVE-2018-13868 | 2018-07-10 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_fill_old_decode in H5Ofill.c. |
| CVE-2018-13869 | 2018-07-10 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5O_link_decode in H5Olink.c. |
| CVE-2018-13870 | 2018-07-10 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_link_decode in H5Olink.c. |
| CVE-2018-13871 | 2018-07-10 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5FL_blk_malloc in H5FL.c. |
| CVE-2018-13872 | 2018-07-10 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5G_ent_decode in H5Gent.c. |
| CVE-2018-13873 | 2018-07-10 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a buffer over-read in H5O_chunk_deserialize in H5Ocache.c. |
| CVE-2018-13874 | 2018-07-10 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDmemset. |
| CVE-2018-13875 | 2018-07-10 | An issue was discovered in the HDF HDF5 1.8.20 library. There is an out-of-bounds read in the function H5VM_memcpyvv in H5VM.c. |
| CVE-2018-13876 | 2018-07-10 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDread. |
| CVE-2018-0949 | 2018-07-11 | A security feature bypass vulnerability exists when Microsoft Internet Explorer improperly handles requests involving UNC resources, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 9, Internet Explorer... |
| CVE-2018-8125 | 2018-07-11 | A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from... |
| CVE-2018-8171 | 2018-07-11 | A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1,... |
| CVE-2018-8172 | 2018-07-11 | A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote... |
| CVE-2018-8202 | 2018-07-11 | An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka ".NET Framework Elevation of Privilege Vulnerability." This affects Microsoft .NET... |
| CVE-2018-8206 | 2018-07-11 | A denial of service vulnerability exists when Windows improperly handles File Transfer Protocol (FTP) connections, aka "Windows FTP Server Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012... |
| CVE-2018-8222 | 2018-07-11 | A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security... |
| CVE-2018-8232 | 2018-07-11 | A Tampering vulnerability exists when Microsoft Macro Assembler improperly validates code, aka "Microsoft Macro Assembler Tampering Vulnerability." This affects Microsoft Visual Studio. |
| CVE-2018-8238 | 2018-07-11 | A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature... |
| CVE-2018-8242 | 2018-07-11 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer... |
| CVE-2018-8260 | 2018-07-11 | A Remote Code Execution vulnerability exists in .NET software when the software fails to check the source markup of a file, aka ".NET Framework Remote Code Execution Vulnerability." This affects... |
| CVE-2018-8262 | 2018-07-11 | A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from... |
| CVE-2018-8274 | 2018-07-11 | A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from... |
| CVE-2018-8275 | 2018-07-11 | A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique... |
| CVE-2018-8276 | 2018-07-11 | A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed, aka "Scripting Engine Security Feature Bypass Vulnerability." This affects... |
| CVE-2018-8278 | 2018-07-11 | A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. |
| CVE-2018-8279 | 2018-07-11 | A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique... |
| CVE-2018-8280 | 2018-07-11 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects... |
| CVE-2018-8281 | 2018-07-11 | A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft... |
| CVE-2018-8282 | 2018-07-11 | An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7,... |
| CVE-2018-8283 | 2018-07-11 | A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID... |
| CVE-2018-8284 | 2018-07-11 | A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft... |
| CVE-2018-8286 | 2018-07-11 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects... |
| CVE-2018-8287 | 2018-07-11 | A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer... |
| CVE-2018-8288 | 2018-07-11 | A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer... |
| CVE-2018-8289 | 2018-07-11 | An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8297,... |
| CVE-2018-8290 | 2018-07-11 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects... |
| CVE-2018-8291 | 2018-07-11 | A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer... |
| CVE-2018-8294 | 2018-07-11 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects... |
| CVE-2018-8296 | 2018-07-11 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer... |
| CVE-2018-8297 | 2018-07-11 | An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289,... |
| CVE-2018-8299 | 2018-07-11 | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege... |
| CVE-2018-8300 | 2018-07-11 | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka "Microsoft SharePoint Remote Code Execution Vulnerability." This... |
| CVE-2018-8301 | 2018-07-11 | A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from... |