CVE List - 2018 / August
Showing 901 - 1000 of 1013 CVEs for August 2018 (Page 10 of 11)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-15881 | 2018-08-29 | An issue was discovered in Joomla! before 3.8.12. Inadequate checks regarding disabled fields can lead to an ACL violation. |
| CVE-2018-15882 | 2018-08-29 | An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter. |
| CVE-2018-16062 | 2018-08-29 | dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. |
| CVE-2018-12799 | 2018-08-29 | Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2018-12806 | 2018-08-29 | Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. |
| CVE-2018-12807 | 2018-08-29 | Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have an input validation bypass vulnerability. Successful exploitation could lead to unauthorized information modification. |
| CVE-2018-12808 | 2018-08-29 | Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2018-12810 | 2018-08-29 | Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution. |
| CVE-2018-12811 | 2018-08-29 | Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution. |
| CVE-2018-12824 | 2018-08-29 | Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2018-12825 | 2018-08-29 | Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Successful exploitation could lead to security mitigation bypass. |
| CVE-2018-12826 | 2018-08-29 | Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2018-12827 | 2018-08-29 | Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2018-12828 | 2018-08-29 | Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability. Successful exploitation could lead to privilege escalation. |
| CVE-2018-12829 | 2018-08-29 | Adobe Creative Cloud Desktop Application before 4.6.1 has an improper certificate validation vulnerability. Successful exploitation could lead to privilege escalation. |
| CVE-2018-5003 | 2018-08-29 | Adobe Creative Cloud Desktop Application before 4.5.5.342 (installer) has an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. |
| CVE-2018-1318 | 2018-08-29 | Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server (ATS) 6.0.0 to 6.2.2 and 7.0.0 to... |
| CVE-2018-8004 | 2018-08-29 | There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3.... |
| CVE-2018-8005 | 2018-08-29 | When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache.... |
| CVE-2018-8022 | 2018-08-29 | A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. This affects version 6.2.2. To resolve this issue users running 6.2.2 should upgrade to 6.2.3 or... |
| CVE-2018-8040 | 2018-08-29 | Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS)... |
| CVE-2018-15727 | 2018-08-29 | Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an... |
| CVE-2018-14805 | 2018-08-29 | ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present.... |
| CVE-2017-17762 | 2018-08-29 | XML external entity (XXE) vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx. |
| CVE-2018-12710 | 2018-08-29 | An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account (which is a low privilege account) access, an attacker can intercept... |
| CVE-2018-14768 | 2018-08-29 | Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code. |
| CVE-2018-15562 | 2018-08-29 | CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or oggettiRicerca parameter to index.php. |
| CVE-2018-15746 | 2018-08-29 | qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main... |
| CVE-2018-15907 | 2018-08-29 | Technicolor (formerly RCA) TC8305C devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might... |
| CVE-2018-15912 | 2018-08-29 | An issue was discovered in manjaro-update-system.sh in manjaro-system 20180716-1 on Manjaro Linux. A local attacker can install or remove arbitrary packages and package repositories potentially containing hooks with arbitrary code,... |
| CVE-2018-6597 | 2018-08-29 | The Alcatel A30 device with a build fingerprint of TCL/5046G/MICKEY6US:7.0/NRD90M/J63:user/release-keys contains a hidden privilege escalation capability to achieve command execution as the root user. They have made modifications that allow... |
| CVE-2018-6598 | 2018-08-29 | An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices. Any app co-located on the device can send an intent to factory reset the device programmatically because of com.android.server.MasterClearReceiver. This does... |
| CVE-2018-6599 | 2018-08-29 | An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices, allowing attackers to obtain sensitive information (such as text-message content) by reading a copy of the Android log on the SD... |
| CVE-2018-12240 | 2018-08-29 | The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially... |
| CVE-2018-7789 | 2018-08-29 | An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to... |
| CVE-2018-7795 | 2018-08-29 | A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting attack on its... |
| CVE-2018-7790 | 2018-08-29 | An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If... |
| CVE-2018-7791 | 2018-08-29 | A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the... |
| CVE-2018-7792 | 2018-08-29 | A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the... |
| CVE-2018-16115 | 2018-08-29 | Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. A random number generator is used in Akka Remoting for TLS (both classic and Artery... |
| CVE-2018-16132 | 2018-08-29 | The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images. This allows for a... |
| CVE-2018-16133 | 2018-08-29 | Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI. |
| CVE-2018-16134 | 2018-08-29 | Cybrotech CyBroHttpServer 1.0.3 allows XSS via a URI. |
| CVE-2018-16056 | 2018-08-30 | In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for... |
| CVE-2018-16057 | 2018-08-30 | In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations. |
| CVE-2018-16058 | 2018-08-30 | In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure. |
| CVE-2018-16140 | 2018-08-30 | A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file. |
| CVE-2018-16141 | 2018-08-30 | ThinkCMF X2.2.3 has an arbitrary file deletion vulnerability in do_avatar in \application\User\Controller\ProfileController.class.php via an imgurl parameter with a ..\ sequence. A member user can delete any file on a Windows... |
| CVE-2018-16142 | 2018-08-30 | PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login_control.php via the _back parameter to the ok_f function. |
| CVE-2018-16158 | 2018-08-30 | Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key,... |
| CVE-2018-11615 | 2018-08-30 | This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing... |
| CVE-2018-11616 | 2018-08-30 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tencent Foxmail 7.2.9.115. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2018-14317 | 2018-08-30 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2018-14619 | 2018-08-30 | A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the... |
| CVE-2018-10936 | 2018-08-30 | A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not... |
| CVE-2018-14621 | 2018-08-30 | An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter... |
| CVE-2018-14622 | 2018-08-30 | A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the... |
| CVE-2018-16131 | 2018-08-30 | The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service (memory consumption and daemon crash)... |
| CVE-2018-16157 | 2018-08-30 | waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=cart&a=save item_totals parameter... |
| CVE-2018-13819 | 2018-08-30 | A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. |
| CVE-2018-13820 | 2018-08-30 | A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. |
| CVE-2018-13821 | 2018-08-30 | A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing. |
| CVE-2018-13822 | 2018-08-30 | Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information. |
| CVE-2018-13823 | 2018-08-30 | An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to... |
| CVE-2018-13824 | 2018-08-30 | Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection... |
| CVE-2018-13825 | 2018-08-30 | Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected... |
| CVE-2018-13826 | 2018-08-30 | An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to... |
| CVE-2018-15691 | 2018-08-30 | Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code. |
| CVE-2018-16159 | 2018-08-30 | The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request. |
| CVE-2018-11718 | 2018-08-30 | Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF. |
| CVE-2018-11719 | 2018-08-30 | Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE. |
| CVE-2018-11720 | 2018-08-30 | Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow Directory Traversal. |
| CVE-2016-0205 | 2018-08-30 | A vulnerability has been identified in IBM Cloud Orchestrator 2.3, 2.3.0.1, 2.4, and 2.4.0.1 that could allow an attacker after authentication to enumerate valid users of the system. IBM X-Force... |
| CVE-2016-0234 | 2018-08-30 | IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to... |
| CVE-2016-0373 | 2018-08-30 | IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data.... |
| CVE-2018-14899 | 2018-08-30 | On the EPSON WF-2750 printer with firmware JP02I2, the Web interface AirPrint Setup page is vulnerable to HTML Injection that can redirect users to malicious sites. |
| CVE-2018-14900 | 2018-08-30 | On EPSON WF-2750 printers with firmware JP02I2, there is no filtering of print jobs. Remote attackers can send print jobs directly to the printer via TCP port 9100. |
| CVE-2018-14901 | 2018-08-30 | The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services. |
| CVE-2018-14902 | 2018-08-30 | The ContentProvider in the EPSON iPrint application 6.6.3 for Android does not properly restrict data access. This allows an attacker's application to read scanned documents. |
| CVE-2018-14903 | 2018-08-30 | EPSON WF-2750 printers with firmware JP02I2 do not properly validate files before running updates, which allows remote attackers to cause a printer malfunction or send malicious data to the printer. |
| CVE-2018-15476 | 2018-08-30 | An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80,... |
| CVE-2018-15477 | 2018-08-30 | myStrom WiFi Switch V1 devices before 2.66 did not sanitize a parameter received from the cloud that was used in an OS command. Malicious servers were able to run operating... |
| CVE-2018-15478 | 2018-08-30 | An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80,... |
| CVE-2018-15479 | 2018-08-30 | An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80,... |
| CVE-2018-15480 | 2018-08-30 | An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80,... |
| CVE-2018-15745 | 2018-08-30 | Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter. |
| CVE-2018-10513 | 2018-08-30 | A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first... |
| CVE-2018-10514 | 2018-08-30 | A Missing Impersonation Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the... |
| CVE-2018-15363 | 2018-08-30 | An Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the... |
| CVE-2018-15364 | 2018-08-30 | A Named Pipe Request Processing Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro OfficeScan XG (12.0) could allow a local attacker to disclose sensitive information on vulnerable installations. An attacker... |
| CVE-2018-6498 | 2018-08-30 | Micro Focus Container Deployment Foundation (CDF), Remote Code Execution |
| CVE-2018-6499 | 2018-08-30 | Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05,... |
| CVE-2018-16231 | 2018-08-30 | Michael Roth Software Personal FTP Server (PFTP) through 8.4f allows remote attackers to cause a denial of service (daemon crash) via an unspecified sequence of FTP commands. |
| CVE-2018-16233 | 2018-08-30 | MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter. |
| CVE-2018-16234 | 2018-08-30 | MorningStar WhatWeb 0.4.9 has XSS via JSON report files. |
| CVE-2018-16236 | 2018-08-30 | cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering. |
| CVE-2018-16237 | 2018-08-30 | An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI. |
| CVE-2018-16238 | 2018-08-30 | An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html... |
| CVE-2018-16239 | 2018-08-30 | An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() function for cookies, which makes it possible to determine the cookie for an existing admin session via... |
| CVE-2018-16275 | 2018-08-31 | OPSWAT MetaDefender before v4.11.2 allows CSV injection. |