CVE List - 2018 / August
Showing 201 - 300 of 1013 CVEs for August 2018 (Page 3 of 11)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-1551 | 2018-08-06 | IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group... |
| CVE-2018-14960 | 2018-08-06 | Xiao5uCompany 1.7 has CSRF via admin/Admin.asp. |
| CVE-2018-14961 | 2018-08-06 | dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql parameter. |
| CVE-2018-14962 | 2018-08-06 | zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php. |
| CVE-2018-14963 | 2018-08-06 | zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI. |
| CVE-2018-14964 | 2018-08-06 | An issue was discovered in EMLsoft 5.4.5. XSS exists via the eml/upload/eml/?action=address&do=edit page. |
| CVE-2018-14965 | 2018-08-06 | An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=address&do=add page allows CSRF. |
| CVE-2018-14966 | 2018-08-06 | An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=user&do=add page allows CSRF. |
| CVE-2018-14967 | 2018-08-06 | An issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.user.php has SQL Injection via the numPerPage parameter. |
| CVE-2018-14968 | 2018-08-06 | An issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.address.php has SQL Injection via the numPerPage parameter. |
| CVE-2018-14969 | 2018-08-06 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/system.php has XSS. |
| CVE-2018-14970 | 2018-08-06 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/slideshow.php has XSS. |
| CVE-2018-14971 | 2018-08-06 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/user.php has XSS. |
| CVE-2018-14972 | 2018-08-06 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/down.php has XSS. |
| CVE-2018-14973 | 2018-08-06 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/product.php has XSS. |
| CVE-2018-14974 | 2018-08-06 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/news.php has XSS. |
| CVE-2018-14975 | 2018-08-06 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/album.php has XSS. |
| CVE-2018-14976 | 2018-08-06 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/category.php has XSS. |
| CVE-2018-14977 | 2018-08-06 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/guest.php has XSS, as demonstrated by the name parameter, a different vulnerability than CVE-2018-8070. |
| CVE-2018-14978 | 2018-08-06 | An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/user/admin/add.html URI. |
| CVE-2017-6920 | 2018-08-06 | Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations. |
| CVE-2017-14447 | 2018-08-06 | An exploitable buffer overflow vulnerability exists in the PubNub message handler for the 'ad' channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service... |
| CVE-2016-4391 | 2018-08-06 | A remote code execution security vulnerability has been identified in all versions of the HP ArcSight WINC Connector prior to v7.3.0. |
| CVE-2016-4392 | 2018-08-06 | A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1. |
| CVE-2016-4397 | 2018-08-06 | A local code execution security vulnerability was identified in HP Network Node Manager i (NNMi) v10.00, v10.10 and v10.20 Software. |
| CVE-2016-4398 | 2018-08-06 | A remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10 using Java Deserialization. |
| CVE-2016-4399 | 2018-08-06 | A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS). |
| CVE-2016-4400 | 2018-08-06 | A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS). |
| CVE-2016-4402 | 2018-08-06 | A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via buffer overflow. |
| CVE-2016-4403 | 2018-08-06 | A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via memory corruption. |
| CVE-2016-4404 | 2018-08-06 | A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via a memory allocation... |
| CVE-2016-4405 | 2018-08-06 | A remote code execution vulnerability was identified in HP Business Service Management (BSM) using Apache Commons Collection Java Deserialization versions v9.20-v9.26 |
| CVE-2016-4406 | 2018-08-06 | A remote cross site scripting vulnerability was identified in HPE iLO 3 all version prior to v1.88 and HPE iLO 4 all versions prior to v2.44. |
| CVE-2016-8526 | 2018-08-06 | Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that... |
| CVE-2016-8527 | 2018-08-06 | Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting... |
| CVE-2017-8968 | 2018-08-06 | A remote execution of arbitrary code vulnerability has been identified in HPE RESTful Interface Tool 1.5, 2.0 (hprest-1.5-79.x86_64.rpm, ilorest-2.0-403.x86_64.rpm). The issue is resolved in iLOREST v2.1 or subsequent versions. |
| CVE-2017-8987 | 2018-08-06 | A Unauthenticated Remote Denial of Service vulnerability was identified in HPE Integrated Lights-Out 3 (iLO 3) version v1.88 only. The vulnerability is resolved in iLO3 v1.89 or subsequent versions. |
| CVE-2017-8988 | 2018-08-06 | A Remote Bypass of Security Restrictions vulnerability was identified in HPE XP Command View Advanced Edition Software Earlier than 8.5.3-00. The vulnerability impacts DevMgr Earlier than 8.5.3-00 (for Windows, Linux),... |
| CVE-2017-8989 | 2018-08-06 | A security vulnerability in HPE IceWall SSO Dfw 10.0 and 11.0 on RHEL, HP-UX, and Windows could be exploited remotely to allow URL Redirection. |
| CVE-2017-8990 | 2018-08-06 | A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Service Manager (WSM) Software earlier than version WSM 7.3 (E0506). This issue was resolved in HPE... |
| CVE-2017-8991 | 2018-08-06 | HPE has identified a cross site scripting (XSS) vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1... |
| CVE-2017-8992 | 2018-08-06 | HPE has identified a remote privilege escalation vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or... |
| CVE-2017-9000 | 2018-08-06 | ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior to 6.5.4.2, 8.x prior to 8.1.0.4 FIPS and non-FIPS... |
| CVE-2017-9001 | 2018-08-06 | Aruba ClearPass 6.6.3 and later includes a feature called "SSH Lockout", which causes ClearPass to lock accounts with too many login failures through SSH. When this feature is enabled, an... |
| CVE-2017-9002 | 2018-08-06 | All versions of Aruba ClearPass prior to 6.6.8 contain reflected cross-site scripting vulnerabilities. By exploiting this vulnerability, an attacker who can trick a logged-in ClearPass administrative user into clicking a... |
| CVE-2017-9003 | 2018-08-06 | Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes. With sufficient time and effort, it is possible these vulnerabilities could lead... |
| CVE-2018-13877 | 2018-08-06 | The doPayouts() function of the smart contract implementation for MegaCryptoPolis, an Ethereum game, has a Denial of Service vulnerability. If a smart contract that has a fallback function always causing... |
| CVE-2018-14716 | 2018-08-06 | A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can... |
| CVE-2018-5390 | 2018-08-06 | Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service |
| CVE-2018-7058 | 2018-08-06 | Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The... |
| CVE-2018-7059 | 2018-08-06 | Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. An authenticated user with the "mon" permission could use this vulnerability to obtain... |
| CVE-2018-7060 | 2018-08-06 | Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users. An attacker could manipulate an authenticated user into performing actions on... |
| CVE-2018-7068 | 2018-08-06 | HPE has identified a remote HOST header attack vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1... |
| CVE-2018-7069 | 2018-08-06 | HPE has identified a remote unauthenticated access to files vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV... |
| CVE-2018-7070 | 2018-08-06 | HPE has identified a remote disclosure of information vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1... |
| CVE-2018-7071 | 2018-08-06 | HPE has identified a remote access to sensitive information vulnerability in HPE Network Function Virtualization Director (NFVD) 4.2.1 prior to gui patch 3. |
| CVE-2018-7072 | 2018-08-06 | A remote bypass of security restrictions vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24. |
| CVE-2018-7073 | 2018-08-06 | A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24. |
| CVE-2018-7074 | 2018-08-06 | A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT 7.3 E0506P07. The vulnerability was resolved in iMC PLAT 7.3 E0605P04 or subsequent version. |
| CVE-2018-7075 | 2018-08-06 | A remote cross-site scripting (XSS) vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT version v7.3 (E0506). The vulnerability is fixed in Intelligent Management Center PLAT 7.3 E0605P04 or... |
| CVE-2018-7078 | 2018-08-06 | A remote code execution was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than version v2.60 and HPE Integrated Lights-Out 5 (iLO 5) earlier than version v1.30. |
| CVE-2018-7090 | 2018-08-06 | HPE XP P9000 Command View Advanced Edition Software (CVAE) has local and remote cross site scripting vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr. |
| CVE-2018-7091 | 2018-08-06 | HPE XP P9000 Command View Advanced Edition Software (CVAE) has open URL redirection vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr. |
| CVE-2018-7092 | 2018-08-06 | A potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09. The vulnerability could be remotely exploited to allow for remote directory traversal leading... |
| CVE-2017-16653 | 2018-08-06 | An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The current implementation of CSRF protection in Symfony (Version >=2) does not use different tokens for... |
| CVE-2017-16654 | 2018-08-06 | An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The Intl component includes various bundle readers that are used to read resource bundles from the... |
| CVE-2017-16790 | 2018-08-06 | An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. When a form is submitted by the user, the request handler classes of the Form component... |
| CVE-2018-14857 | 2018-08-06 | Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server... |
| CVE-2018-14869 | 2018-08-06 | PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a profile. |
| CVE-2017-16252 | 2018-08-06 | Specially crafted commands sent through the PubNub service in Insteon Hub 2245-222 with firmware version 1012 can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an... |
| CVE-2017-2654 | 2018-08-06 | jenkins-email-ext before version 2.57.1 is vulnerable to an Information Exposure. The Email Extension Plugins is able to send emails to a dynamically created list of users based on the changelogs,... |
| CVE-2018-15129 | 2018-08-07 | ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter. |
| CVE-2018-1690 | 2018-08-07 | IBM Rhapsody Model Manager 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |
| CVE-2018-15130 | 2018-08-07 | ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter. |
| CVE-2018-11455 | 2018-08-07 | A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4), Automation License Manager 6 (All versions < 6.0.1). A directory traversal vulnerability could allow a remote... |
| CVE-2018-11456 | 2018-08-07 | A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4). An attacker with network access to the device could send specially crafted network packets to determine... |
| CVE-2018-12885 | 2018-08-07 | The randMod() function of the smart contract implementation for MyCryptoChamp, an Ethereum game, generates a random value with publicly readable variables such as the current block information and a private... |
| CVE-2018-15132 | 2018-08-07 | An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check.... |
| CVE-2018-11453 | 2018-08-07 | A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13... |
| CVE-2018-11454 | 2018-08-07 | A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13... |
| CVE-2018-5953 | 2018-08-07 | The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call. |
| CVE-2018-5995 | 2018-08-07 | The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "pages/cpu" printk call. |
| CVE-2018-5383 | 2018-08-07 | Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange |
| CVE-2013-7464 | 2018-08-08 | In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret... |
| CVE-2018-15137 | 2018-08-08 | CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the... |
| CVE-2018-15168 | 2018-08-08 | A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request. |
| CVE-2018-15169 | 2018-08-08 | A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter. |
| CVE-2018-15173 | 2018-08-08 | Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted TCP-based service. |
| CVE-2018-15177 | 2018-08-08 | In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account. |
| CVE-2018-15178 | 2018-08-08 | Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\ substring in the user/login redirect_to parameter,... |
| CVE-2018-15174 | 2018-08-08 | XnView 2.45 allows remote attackers to cause a denial of service (Read Access Violation at the Instruction Pointer and application crash) or possibly have unspecified other impact via a crafted... |
| CVE-2018-15175 | 2018-08-08 | XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at Qt5Core!QVariant::~QVariant+0x0000000000000014 and application crash) or possibly have unspecified other impact via a crafted... |
| CVE-2018-15176 | 2018-08-08 | XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at MSVCR120!memcpy+0x0000000000000074 and application crash) or possibly have unspecified other impact via a crafted... |
| CVE-2018-15192 | 2018-08-08 | An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services. |
| CVE-2018-15193 | 2018-08-08 | A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows remote attackers to execute admin operations via a crafted issue / link. |
| CVE-2018-15197 | 2018-08-08 | An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges. |
| CVE-2018-15198 | 2018-08-08 | An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user. |
| CVE-2018-15199 | 2018-08-08 | AuraCMS 2.3 allows XSS via a Bukutamu -> AddGuestbook action. |
| CVE-2018-15209 | 2018-08-08 | ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted... |
| CVE-2018-15202 | 2018-08-08 | An issue was discovered in Juunan06 eCommerce through 2018-08-05. There is a CSRF vulnerability in ee/eBoutique/app/template/includes/crudTreatment.php that can add new users and add products. |