CVE List - 2018 / September
Showing 701 - 800 of 1169 CVEs for September 2018 (Page 8 of 12)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-11273 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, 'voice_svc_dev' is allocated as a device-managed resource. If error 'cdev_alloc_err' occurs,... |
| CVE-2018-11274 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow may occur when payload size is extremely large. |
| CVE-2018-11275 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when flashing image using FastbootLib if size is not divisible by... |
| CVE-2018-11276 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, double free of memory allocation is possible in Kernel when it... |
| CVE-2018-11278 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream... |
| CVE-2018-11280 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing user-space there is no size validation of the NAT... |
| CVE-2018-11281 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while calling IPA_IOC_MDFY_RT_RULE IPA IOCTL, header entry is not checked before... |
| CVE-2018-11286 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing global variable "debug_client" in multi-thread manner, Use after free... |
| CVE-2018-11293 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in wma_ndp_confirm_event_handler and wma_ndp_indication_event_handler, ndp_cfg len and num_ndp_app_info is from fw.... |
| CVE-2018-11294 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WLAN handler indication from the firmware gets the information for 4... |
| CVE-2018-11295 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WMA handler carries a fixed event data from the firmware to... |
| CVE-2018-11296 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a message from firmware in WLAN handler, a buffer... |
| CVE-2018-11297 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a buffer over-read can occur In the WMA NDP event handler... |
| CVE-2018-11298 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing SET_PASSPOINT_LIST vendor command HDD does not make sure that... |
| CVE-2018-11299 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when WLAN FW has not filled the vdev id correctly in... |
| CVE-2018-11300 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, callback executed from the other thread has freed memory which is... |
| CVE-2018-11301 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on buffer length while processing debug log event... |
| CVE-2018-11302 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check of input received from userspace before copying into... |
| CVE-2018-11818 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, LUT configuration is passed down to driver from userspace via ioctl.... |
| CVE-2018-11826 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on integer overflow while calculating memory can lead... |
| CVE-2018-11827 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper validation of array index in WMA roam synchronization handler can... |
| CVE-2018-11832 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of input size validation before copying to buffer in PMIC... |
| CVE-2018-11836 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check can lead to out-of-bounds access in WLAN function. |
| CVE-2018-11840 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the WLAN driver command ioctl a temporary buffer used... |
| CVE-2018-11842 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, during wlan association, driver allocates memory. In case the mem allocation... |
| CVE-2018-11843 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack fo check on return value in WMA response handler can... |
| CVE-2018-11851 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on input received to calculate the buffer length... |
| CVE-2018-11852 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper check In the WMA API for the inputs received from... |
| CVE-2018-11860 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a potential buffer over flow could occur while processing the ndp... |
| CVE-2018-11863 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check of input received from firmware to calculate the... |
| CVE-2018-11868 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can... |
| CVE-2018-11869 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can... |
| CVE-2018-17176 | 2018-09-18 | A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver... |
| CVE-2018-17177 | 2018-09-18 | An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called "black box" logs (event logs and core... |
| CVE-2018-17178 | 2018-09-18 | An issue was discovered on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands (sent to /bin/webserver on port 8081) if they already have an active session. Commands... |
| CVE-2017-6913 | 2018-09-18 | Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag. |
| CVE-2018-16668 | 2018-09-18 | An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository. |
| CVE-2018-16669 | 2018-09-18 | An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an... |
| CVE-2018-16670 | 2018-09-18 | An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html. |
| CVE-2018-16671 | 2018-09-18 | An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information disclosure due to lack of authentication for /html/device-id. |
| CVE-2018-11071 | 2018-09-18 | DSA-2018-147: Dell EMC Isilon OneFS and IsilonSD Edge Remote Process Crash Vulnerability |
| CVE-2018-13982 | 2018-09-18 | Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted... |
| CVE-2018-15546 | 2018-09-18 | Accusoft PrizmDoc version 13.3 and earlier contains a Stored Cross-Site Scripting issue through a crafted PDF file. |
| CVE-2018-16225 | 2018-09-18 | The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2... |
| CVE-2018-16515 | 2018-09-18 | Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation. |
| CVE-2018-16794 | 2018-09-18 | Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls. |
| CVE-2018-16819 | 2018-09-18 | admin/index.php in Monstra CMS 3.0.4 allows arbitrary file deletion via id=filesmanager&path=uploads/.......//./.......//./&delete_file= requests. |
| CVE-2018-16820 | 2018-09-18 | admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./.......//./ requests. |
| CVE-2018-17071 | 2018-09-18 | The fallback function of a simple lottery smart contract implementation for Lucky9io, an Ethereum gambling game, generates a random value with the publicly readable variable entry_number. This variable is private,... |
| CVE-2018-17111 | 2018-09-18 | The onlyOwner modifier of a smart contract implementation for Coinlancer (CL), an Ethereum ERC20 token, has a potential access control vulnerability. All contract users can access functions that use this... |
| CVE-2018-11084 | 2018-09-18 | Garden-runC prevents deletion of some app environments |
| CVE-2017-3912 | 2018-09-18 | McAfee Application Control and Change Control (MACC) - password management security feature bypass (SFB) leading to an authentication bypass |
| CVE-2018-6690 | 2018-09-18 | McAfee Application Control (MAC) - Whitelist bypass using a hard drive solidified by MACC |
| CVE-2018-6693 | 2018-09-18 | Endpoint Security for Linux Threat Prevention (ENSLTP) privilege escalation vulnerability |
| CVE-2018-17144 | 2018-09-19 | Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by... |
| CVE-2018-17182 | 2018-09-19 | An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via... |
| CVE-2018-11878 | 2018-09-19 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possibility of invalid memory access while processing driver command in WLAN... |
| CVE-2018-11883 | 2018-09-19 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in policy mgr unit test if mode parameter in wlan function... |
| CVE-2018-11886 | 2018-09-19 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check while calculating the MPDU data length will cause... |
| CVE-2018-11889 | 2018-09-19 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when requesting rssi timeout, access invalid memory may occur since local... |
| CVE-2018-11891 | 2018-09-19 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on the length of array while accessing can... |
| CVE-2018-11893 | 2018-09-19 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing vendor scan request, when input argument - length of... |
| CVE-2018-11894 | 2018-09-19 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing preferred network offload scan results integer overflow may lead... |
| CVE-2018-11895 | 2018-09-19 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check Validation in WLAN function can lead to driver... |
| CVE-2018-11897 | 2018-09-19 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing diag event after associating to a network out of... |
| CVE-2018-11898 | 2018-09-19 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing start bss request from upper layer, out of bounds... |
| CVE-2018-11902 | 2018-09-19 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can... |
| CVE-2018-11903 | 2018-09-19 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from caller function... |
| CVE-2018-11904 | 2018-09-19 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, asynchronous callbacks received a pointer to a callers local variable. Should... |
| CVE-2018-3573 | 2018-09-19 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while relocating kernel images with a specially crafted boot image, an... |
| CVE-2018-3574 | 2018-09-19 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, userspace can request ION cache maintenance on a secure ION buffer... |
| CVE-2018-5905 | 2018-09-19 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a race condition while accessing num of clients in DIAG services... |
| CVE-2018-11761 | 2018-09-19 | In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a... |
| CVE-2018-11762 | 2018-09-19 | In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an... |
| CVE-2018-8017 | 2018-09-19 | In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser. |
| CVE-2018-16607 | 2018-09-19 | Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field. |
| CVE-2018-16785 | 2018-09-19 | XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell |
| CVE-2018-17183 | 2018-09-19 | Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to... |
| CVE-2017-1794 | 2018-09-19 | IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force... |
| CVE-2018-1149 | 2018-09-19 | cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests. |
| CVE-2018-1150 | 2018-09-19 | NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists. |
| CVE-2018-12242 | 2018-09-19 | The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security... |
| CVE-2018-12243 | 2018-09-19 | The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference... |
| CVE-2018-14792 | 2018-09-19 | WECON PLC Editor version 1.3.3U may allow an attacker to execute code under the current process when processing project files. |
| CVE-2018-1782 | 2018-09-19 | IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored... |
| CVE-2018-17204 | 2018-09-19 | An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole... |
| CVE-2018-17205 | 2018-09-19 | An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in... |
| CVE-2018-17206 | 2018-09-19 | An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding. |
| CVE-2017-2855 | 2018-09-19 | An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who... |
| CVE-2017-2875 | 2018-09-19 | An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can... |
| CVE-2017-2878 | 2018-09-19 | An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can cause... |
| CVE-2017-2879 | 2018-09-19 | An exploitable buffer overflow vulnerability exists in the UPnP implementation used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted UPnP discovery response can cause... |
| CVE-2018-17207 | 2018-09-19 | An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup... |
| CVE-2018-17208 | 2018-09-19 | Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered with binwalk on the firmware, but... |
| CVE-2017-2873 | 2018-09-19 | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can allow... |
| CVE-2017-2876 | 2018-09-19 | An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can... |
| CVE-2017-2877 | 2018-09-19 | A missing error check exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 could allow... |
| CVE-2018-3823 | 2018-09-19 | X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. Users with manage_ml permissions could create jobs containing malicious data as part of their configuration that... |
| CVE-2018-3824 | 2018-09-19 | X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job... |
| CVE-2018-3825 | 2018-09-19 | In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this... |