CVE List - 2018 / July
Showing 1801 - 1900 of 2167 CVEs for July 2018 (Page 19 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-11452 | 2018-07-23 | A vulnerability has been identified in Firmware variant IEC 61850... |
| CVE-2018-10912 | 2018-07-23 | keycloak before version 4.0.0.final is vulnerable to a infinite loop... |
| CVE-2018-8031 | 2018-07-23 | The Apache TomEE console (tomee-webapp) has a XSS vulnerability which... |
| CVE-2018-14573 | 2018-07-23 | A Local File Inclusion (LFI) vulnerability exists in the Web... |
| CVE-2018-10905 | 2018-07-24 | CloudForms Management Engine (cfme) is vulnerable to an improper security... |
| CVE-2018-14335 | 2018-07-24 | An issue was discovered in H2 1.4.197. Insecure handling of... |
| CVE-2017-18104 | 2018-07-24 | The Webhooks component of Atlassian Jira before version 7.6.7 and... |
| CVE-2018-10600 | 2018-07-24 | SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input... |
| CVE-2018-10604 | 2018-07-24 | SEL Compass version 3.0.5.1 and prior allows all users full... |
| CVE-2018-10608 | 2018-07-24 | SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited... |
| CVE-2018-13385 | 2018-07-24 | There was an argument injection vulnerability in Sourcetree for macOS... |
| CVE-2018-13386 | 2018-07-24 | There was an argument injection vulnerability in Sourcetree for Windows... |
| CVE-2018-14579 | 2018-07-24 | GolemCMS through 2008-12-24, if the install/ directory remains active after... |
| CVE-2016-5638 | 2018-07-24 | Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877 reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text |
| CVE-2016-5649 | 2018-07-24 | Netgear DGN2200 and DGND3700 disclose the administrator password |
| CVE-2017-3180 | 2018-07-24 | Multiple TIBCO Spotfire components fail to sanitize user-supplied inout and are vulnerable to cross-site scripting |
| CVE-2017-3181 | 2018-07-24 | Multiple TIBCO Spotfire components are vulnerable to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query |
| CVE-2017-3182 | 2018-07-24 | On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle (MITM) attack |
| CVE-2017-3183 | 2018-07-24 | Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions |
| CVE-2017-3187 | 2018-07-24 | The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery |
| CVE-2017-3188 | 2018-07-24 | The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal |
| CVE-2017-3189 | 2018-07-24 | The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload |
| CVE-2017-3209 | 2018-07-24 | The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user |
| CVE-2017-3210 | 2018-07-24 | Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution |
| CVE-2017-3217 | 2018-07-24 | CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS (text message) interface that can be deployed where no password is configured for this interface by the integrator / reseller |
| CVE-2017-3223 | 2018-07-24 | Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow |
| CVE-2017-3224 | 2018-07-24 | Open Shortest Path First (OSPF) protocol implementations may improperly determine LSA recency in affected Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages) |
| CVE-2017-3225 | 2018-07-24 | Das U-Boot's AES-CBC encryption feature uses a zero (0) initialization vector that may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data |
| CVE-2017-3226 | 2018-07-24 | Das U-Boot's AES-CBC encryption feature improperly handles an error condition and may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data |
| CVE-2018-5384 | 2018-07-24 | Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection |
| CVE-2018-5385 | 2018-07-24 | Navarino Infinity web interface up to version 2.2 is prone to session fixation attacks |
| CVE-2018-5386 | 2018-07-24 | Some Navarino Infinity functions placed in the URL can bypass any authentication mechanism leading to an information leak |
| CVE-2018-5387 | 2018-07-24 | Wizkunde SAMLBase may incorrectly utilize the results of XML DOM... |
| CVE-2018-14584 | 2018-07-24 | An issue has been discovered in Bento4 1.5.1-624. AP4_AvccAtom::Create in... |
| CVE-2018-14585 | 2018-07-24 | An issue has been discovered in Bento4 1.5.1-624. AP4_BytesToUInt16BE in... |
| CVE-2018-14586 | 2018-07-24 | An issue has been discovered in Bento4 1.5.1-624. A SEGV... |
| CVE-2018-14587 | 2018-07-24 | An issue has been discovered in Bento4 1.5.1-624. AP4_MemoryByteStream::WritePartial in... |
| CVE-2018-14588 | 2018-07-24 | An issue has been discovered in Bento4 1.5.1-624. A NULL... |
| CVE-2018-14589 | 2018-07-24 | An issue has been discovered in Bento4 1.5.1-624. AP4_Mp4AudioDsiParser::ReadBits in... |
| CVE-2018-14590 | 2018-07-24 | An issue has been discovered in Bento4 1.5.1-624. A SEGV... |
| CVE-2018-14582 | 2018-07-24 | index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background... |
| CVE-2018-14583 | 2018-07-24 | xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background... |
| CVE-2018-10627 | 2018-07-24 | Echelon SmartServer 1 all versions, SmartServer 2 all versions prior... |
| CVE-2018-10632 | 2018-07-24 | In Moxa NPort 5210, 5230, and 5232 versions 2.9 build... |
| CVE-2018-8851 | 2018-07-24 | Echelon SmartServer 1 all versions, SmartServer 2 all versions prior... |
| CVE-2018-8855 | 2018-07-24 | Echelon SmartServer 1 all versions, SmartServer 2 all versions prior... |
| CVE-2018-8859 | 2018-07-24 | Echelon SmartServer 1 all versions, SmartServer 2 all versions prior... |
| CVE-2018-10628 | 2018-07-24 | AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch... |
| CVE-2018-11044 | 2018-07-24 | Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x... |
| CVE-2018-11047 | 2018-07-24 | Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12... |
| CVE-2018-11059 | 2018-07-24 | RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site... |
| CVE-2018-11060 | 2018-07-24 | RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass... |
| CVE-2018-10906 | 2018-07-24 | In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount... |
| CVE-2018-14596 | 2018-07-25 | wancms 1.0 through 5.0 allows remote attackers to cause a... |
| CVE-2018-10880 | 2018-07-25 | Linux kernel is vulnerable to a stack-out-of-bounds write in the... |
| CVE-2018-11491 | 2018-07-25 | ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access,... |
| CVE-2018-6971 | 2018-07-25 | VMware Horizon View Agents (7.x.x before 7.5.1) contain a local... |
| CVE-2018-6972 | 2018-07-25 | VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before... |
| CVE-2018-5530 | 2018-07-25 | F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual servers with HTTP/2... |
| CVE-2018-5531 | 2018-07-25 | Through undisclosed methods, on F5 BIG-IP 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or... |
| CVE-2018-5536 | 2018-07-25 | A remote attacker via undisclosed measures, may be able to... |
| CVE-2018-5537 | 2018-07-25 | A remote attacker may be able to disrupt services on... |
| CVE-2018-5538 | 2018-07-25 | On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS... |
| CVE-2018-5539 | 2018-07-25 | Under certain conditions, on F5 BIG-IP ASM 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1,... |
| CVE-2018-5541 | 2018-07-25 | When F5 BIG-IP ASM 13.0.0-13.1.0.1, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.5.1-11.5.6 is... |
| CVE-2018-5542 | 2018-07-25 | F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS health monitors do... |
| CVE-2017-10934 | 2018-07-25 | All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product... |
| CVE-2017-10935 | 2018-07-25 | All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10... |
| CVE-2017-10936 | 2018-07-25 | SQL injection vulnerability in all versions prior to V4.01.01 of... |
| CVE-2017-10937 | 2018-07-25 | SQL injection vulnerability in all versions prior to V2.01.05.09 of... |
| CVE-2018-5240 | 2018-07-25 | The Inventory Plugin for Symantec Management Agent prior to 7.6... |
| CVE-2018-1002200 | 2018-07-25 | plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers... |
| CVE-2018-1002202 | 2018-07-25 | zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers... |
| CVE-2018-1002204 | 2018-07-25 | adm-zip npm library before 0.4.9 is vulnerable to directory traversal,... |
| CVE-2018-1002208 | 2018-07-25 | SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing... |
| CVE-2018-1002205 | 2018-07-25 | DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers... |
| CVE-2018-1002201 | 2018-07-25 | zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers... |
| CVE-2018-1002203 | 2018-07-25 | unzipper npm library before 0.8.13 is vulnerable to directory traversal,... |
| CVE-2018-1002206 | 2018-07-25 | SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers... |
| CVE-2018-1002207 | 2018-07-25 | mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal,... |
| CVE-2018-1002209 | 2018-07-25 | QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers... |
| CVE-2018-13988 | 2018-07-25 | Poppler through 0.62 contains an out of bounds read vulnerability... |
| CVE-2018-14083 | 2018-07-25 | LICA miniCMTS E8K(u/i/...) devices allow remote attackers to obtain sensitive... |
| CVE-2018-14430 | 2018-07-25 | The Mondula Multi Step Form plugin through 1.2.5 for WordPress... |
| CVE-2018-14493 | 2018-07-25 | Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit... |
| CVE-2018-8090 | 2018-07-25 | Quick Heal Total Security 64 bit 17.00 (QHTS64.exe), (QHTSFT64.exe) -... |
| CVE-2017-2637 | 2018-07-26 | A design flaw issue was found in the Red Hat... |
| CVE-2017-7526 | 2018-07-26 | libgcrypt before version 1.7.8 is vulnerable to a cache side-channel... |
| CVE-2017-7530 | 2018-07-26 | In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before... |
| CVE-2017-7535 | 2018-07-26 | foreman before version 1.16.0 is vulnerable to a stored XSS... |
| CVE-2017-7537 | 2018-07-26 | It was found that a mock CMC authentication plugin with... |
| CVE-2016-8647 | 2018-07-26 | An input validation vulnerability was found in Ansible's mysql_user module... |
| CVE-2017-2664 | 2018-07-26 | CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1... |
| CVE-2017-7539 | 2018-07-26 | An assertion-failure flaw was found in Qemu before 2.10.1, in... |
| CVE-2017-7543 | 2018-07-26 | A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x... |
| CVE-2017-12610 | 2018-07-26 | In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1,... |
| CVE-2018-1288 | 2018-07-26 | In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0... |
| CVE-2017-2589 | 2018-07-26 | It was discovered that the hawtio servlet 1.4 uses a... |
| CVE-2017-7538 | 2018-07-26 | A cross-site scripting (XSS) flaw was found in how an... |
| CVE-2017-7545 | 2018-07-26 | It was discovered that the XmlUtils class in jbpmmigration 6.5... |