CVE List - 2018 / July
Showing 1001 - 1100 of 2167 CVEs for July 2018 (Page 11 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-8304 | 2018-07-11 | A denial of service vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses, aka "Windows DNSAPI Denial of Service Vulnerability." This affects... |
| CVE-2018-8305 | 2018-07-11 | An information disclosure vulnerability exists in Windows Mail Client when a message is opened, aka "Windows Mail Client Information Disclosure Vulnerability." This affects Mail, Calendar, and People in Windows 8.1... |
| CVE-2018-8306 | 2018-07-11 | A command injection vulnerability exists in the Microsoft Wireless Display Adapter (MWDA) when the Microsoft Wireless Display Adapter does not properly manage user input, aka "Microsoft Wireless Display Adapter Command... |
| CVE-2018-8307 | 2018-07-11 | A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects, aka "WordPad Security Feature Bypass Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT... |
| CVE-2018-8308 | 2018-07-11 | An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server... |
| CVE-2018-8309 | 2018-07-11 | A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1,... |
| CVE-2018-8310 | 2018-07-11 | A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka "Microsoft Office Tampering Vulnerability." This affects Microsoft Word, Microsoft Office. |
| CVE-2018-8311 | 2018-07-11 | A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka "Remote Code Execution Vulnerability in Skype For Business... |
| CVE-2018-8312 | 2018-07-11 | A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka "Microsoft Access Remote Code Execution Vulnerability." This affects Microsoft Access, Microsoft Office. |
| CVE-2018-8313 | 2018-07-11 | An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT... |
| CVE-2018-8314 | 2018-07-11 | An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows... |
| CVE-2018-8319 | 2018-07-11 | A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka "MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability." This affects Microsoft... |
| CVE-2018-8323 | 2018-07-11 | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege... |
| CVE-2018-8324 | 2018-07-11 | An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289,... |
| CVE-2018-8325 | 2018-07-11 | An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289,... |
| CVE-2018-8326 | 2018-07-11 | A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected... |
| CVE-2018-8327 | 2018-07-11 | A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability." This affects PowerShell Editor, PowerShell Extension. |
| CVE-2018-8356 | 2018-07-11 | A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET... |
| CVE-2018-8298 | 2018-07-11 | A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID... |
| CVE-2018-13878 | 2018-07-11 | An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js in Rocket.Chat before 0.65. The real name of a username is displayed unescaped when the user is mentioned (using the @ symbol) in... |
| CVE-2018-13879 | 2018-07-11 | A reflected XSS issue was discovered in the registration form in Rocket.Chat before 0.66. When one creates an account, the next step will ask for a username. This field will... |
| CVE-2016-9604 | 2018-07-11 | It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it... |
| CVE-2017-7467 | 2018-07-11 | A buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this flaw to crash minicom, or... |
| CVE-2018-0500 | 2018-07-11 | Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl... |
| CVE-2018-8007 | 2018-07-11 | Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator... |
| CVE-2013-0589 | 2018-07-11 | IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to bypass the remote image filtering mechanism and obtain sensitive information via a crafted e-mail message.... |
| CVE-2013-0592 | 2018-07-11 | Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM... |
| CVE-2013-0594 | 2018-07-11 | Open redirect vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via... |
| CVE-2013-2951 | 2018-07-11 | IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information... |
| CVE-2013-2972 | 2018-07-11 | IBM WebSphere Cast Iron 6.3 allows remote attackers to bypass intended access restrictions via unspecified vectors. IBM X-Force ID: 83868. |
| CVE-2017-16709 | 2018-07-11 | Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors. |
| CVE-2017-16710 | 2018-07-11 | Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote attackers to inject arbitrary web script or HTML... |
| CVE-2018-10197 | 2018-07-11 | There is a time-based blind SQL injection vulnerability in the Access Manager component before 9.18.040 and 10.x before 10.18.040 in ELO ELOenterprise 9 and 10 and ELOprofessional 9 and 10... |
| CVE-2018-11529 | 2018-07-11 | VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will... |
| CVE-2018-13989 | 2018-07-11 | Grundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks via a POST request to TCP port 8085 containing a predictable ID value, as demonstrated by a /sendrcpackage?keyid=-2544&keysymbol=-4081 request to shut... |
| CVE-2018-3929 | 2018-07-11 | An exploitable heap corruption exists in the PowerPoint document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted PowerPoint (PPT)... |
| CVE-2018-3930 | 2018-07-11 | In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code... |
| CVE-2018-3931 | 2018-07-11 | In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code... |
| CVE-2018-3932 | 2018-07-11 | An exploitable stack-based buffer overflow exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted... |
| CVE-2018-3933 | 2018-07-11 | An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted Microsoft... |
| CVE-2018-3936 | 2018-07-11 | In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code... |
| CVE-2018-10231 | 2018-07-11 | Cross-site scripting (XSS) vulnerability in TOPdesk before 8.05.017 (June 2018 version) and before 5.7.SR9 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. |
| CVE-2018-10232 | 2018-07-11 | Cross-site request forgery (CSRF) vulnerability in TOPdesk before 8.05.017 (June 2018 version) and before 5.7.SR9 allows remote attackers to hijack the authentication of authenticated users for requests that can obtain... |
| CVE-2018-10633 | 2018-07-11 | Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 utilizes hard-coded credentials that may allow an attacker to reset passwords for the controller. |
| CVE-2018-10635 | 2018-07-11 | In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003/TCP listen for arbitrary URScript code and execute the code. This enables a remote attacker who... |
| CVE-2018-0038 | 2018-07-11 | Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in... |
| CVE-2018-0042 | 2018-07-11 | Juniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosure vulnerability. |
| CVE-2018-0024 | 2018-07-11 | Junos OS: A privilege escalation vulnerability exists where authenticated users with shell access can become root |
| CVE-2018-0025 | 2018-07-11 | Junos OS: SRX Series: Credentials exposed when using HTTP and HTTPS Firewall Pass-through User Authentication |
| CVE-2018-0026 | 2018-07-11 | Junos OS: Stateless IP firewall filter rules stop working as expected after reboot or upgrade |
| CVE-2018-0027 | 2018-07-11 | Junos OS: Receipt of malformed RSVP packet may lead to RPD denial of service |
| CVE-2018-0029 | 2018-07-11 | Junos OS: Kernel crash (vmcore) during broadcast storm after enabling 'monitor traffic interface fxp0' |
| CVE-2018-0030 | 2018-07-11 | Junos OS: MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2) and PTX1K: Line card may crash upon receipt of specific MPLS packet. |
| CVE-2018-0031 | 2018-07-11 | Junos OS: Receipt of specially crafted UDP packets over MPLS may bypass stateless IP firewall rules |
| CVE-2018-0032 | 2018-07-11 | Junos OS: RPD crash when receiving a crafted BGP UPDATE |
| CVE-2018-0034 | 2018-07-11 | Junos OS: A malicious crafted IPv6 DHCP packet may cause the JDHCPD daemon to core |
| CVE-2018-0035 | 2018-07-11 | Junos OS: QFX5200 and QFX10002: Unintended ONIE partition was shipped with certain Junos OS .bin and .iso images |
| CVE-2018-0037 | 2018-07-11 | Junos OS: RPD daemon crashes due to receipt of crafted BGP NOTIFICATION messages |
| CVE-2018-0039 | 2018-07-11 | Contrail Service Orchestration: Hardcoded credentials for Grafana service |
| CVE-2018-0040 | 2018-07-11 | Contrail Service Orchestration: hardcoded cryptographic certificates and keys |
| CVE-2018-0041 | 2018-07-11 | Contrail Service Orchestration: Hardcoded credentials for Keystone service. |
| CVE-2016-0708 | 2018-07-11 | Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For... |
| CVE-2018-11045 | 2018-07-11 | Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in... |
| CVE-2018-11049 | 2018-07-11 | RSA Identity Governance and Lifecycle Uncontrolled Search Path Vulnerability |
| CVE-2018-10895 | 2018-07-12 | qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL,... |
| CVE-2018-13996 | 2018-07-12 | Genann through 2018-07-08 has a stack-based buffer over-read in genann_train in genann.c. |
| CVE-2018-13997 | 2018-07-12 | Genann through 2018-07-08 has a SEGV in genann_run in genann.c. |
| CVE-2018-13998 | 2018-07-12 | ClipperCMS 1.3.3 has stored XSS via the Full Name field of (1) Security -> Manager Users or (2) Security -> Web Users. |
| CVE-2018-13999 | 2018-07-12 | Catfish CMS v4.7.9 allows XSS via the admin/Index/write.html editorValue parameter (aka an article posted by an administrator). |
| CVE-2018-1334 | 2018-07-12 | In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and... |
| CVE-2018-8024 | 2018-07-12 | In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage... |
| CVE-2018-12540 | 2018-07-12 | In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously... |
| CVE-2017-18155 | 2018-07-12 | While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, an uninitialized variable can... |
| CVE-2018-13836 | 2018-07-12 | An integer overflow vulnerability exists in the function multiTransfer of Rocket Coin (XRC), an Ethereum token smart contract. An attacker could use it to set any user's balance. |
| CVE-2018-14001 | 2018-07-12 | An integer overflow vulnerability exists in the function batchTransfer of SHARKTECH (SKT), an Ethereum token smart contract. An attacker could use it to set any user's balance. |
| CVE-2018-14002 | 2018-07-12 | An integer overflow vulnerability exists in the function distribute of MP3 Coin (MP3), an Ethereum token smart contract. An attacker could use it to set any user's balance. |
| CVE-2018-14003 | 2018-07-12 | An integer overflow vulnerability exists in the function batchTransfer of WeMediaChain (WMC), an Ethereum token smart contract. An attacker could use it to set any user's balance. |
| CVE-2018-14004 | 2018-07-12 | An integer overflow vulnerability exists in the function transfer_tokens_after_ICO of GlobeCoin (GLB), an Ethereum token smart contract. An attacker could use it to set any user's balance. |
| CVE-2018-14005 | 2018-07-12 | An integer overflow vulnerability exists in the function transferAny of Malaysia coins (Xmc), an Ethereum token smart contract. An attacker could use it to set any user's balance. |
| CVE-2018-14006 | 2018-07-12 | An integer overflow vulnerability exists in the function multipleTransfer of Neo Genesis Token (NGT), an Ethereum token smart contract. An attacker could use it to set any user's balance. |
| CVE-2017-14612 | 2018-07-12 | "Shpock Boot Sale & Classifieds" app before 3.17.0 -- aka shpock-boot-sale-classifieds/id557153158 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and... |
| CVE-2017-14709 | 2018-07-12 | The komoot GmbH "Komoot - Cycling & Hiking Maps" app before 9.3.2 -- aka komoot-cycling-hiking-maps/id447374873 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers... |
| CVE-2017-14710 | 2018-07-12 | The Shein Group Ltd. "SHEIN - Fashion Shopping" app -- aka shein fashion-shopping/id878577184 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof... |
| CVE-2018-14009 | 2018-07-12 | Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689. |
| CVE-2018-12463 | 2018-07-12 | MFSBGN03811 rev.1 - Fortify Software Security Center (SSC), Multiple vulnerabilities |
| CVE-2018-12979 | 2018-07-12 | An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted... |
| CVE-2018-12980 | 2018-07-12 | An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system... |
| CVE-2018-12981 | 2018-07-12 | An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted... |
| CVE-2018-13441 | 2018-07-12 | qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload... |
| CVE-2018-13457 | 2018-07-12 | qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to... |
| CVE-2018-13458 | 2018-07-12 | qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to... |
| CVE-2018-13796 | 2018-07-12 | An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site. |
| CVE-2018-5529 | 2018-07-12 | The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as a privileged process and can allow an unprivileged user... |
| CVE-2018-14012 | 2018-07-12 | WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the default URI. |
| CVE-2018-14014 | 2018-07-12 | In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.php?m=Member&a=adminadd. |
| CVE-2018-14015 | 2018-07-12 | The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file because of missing... |
| CVE-2018-14016 | 2018-07-12 | The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Mini Crash Dump file. |
| CVE-2018-14017 | 2018-07-12 | The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted .class file because of... |
| CVE-2018-14054 | 2018-07-13 | A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered. |
| CVE-2018-14029 | 2018-07-13 | CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account, as demonstrated by modifying the account's email field. |