Weekly Vulnerabilities Reports > July 16 to 22, 2018

Overview

546 new vulnerabilities reported during this period, including 43 critical vulnerabilities and 79 high severity vulnerabilities. This weekly summary report vulnerabilities in 421 products from 107 vendors including Oracle, Adobe, Microsoft, Apple, and Debian. Vulnerabilities are notably categorized as "Out-of-bounds Read", "Out-of-bounds Write", "Cross-site Scripting", "Improper Input Validation", and "Use After Free".

  • 494 reported vulnerabilities are remotely exploitables.
  • 22 reported vulnerabilities have public exploit available.
  • 65 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 426 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 206 reported vulnerabilities.
  • Adobe has the most reported critical vulnerabilities, with 21 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

43 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-07-20 CVE-2018-5070 Adobe
Apple
Microsoft
Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability.

10.0
2018-07-20 CVE-2018-5069 Adobe
Apple
Microsoft
Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability.

10.0
2018-07-20 CVE-2018-5064 Adobe
Apple
Microsoft
Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability.

10.0
2018-07-20 CVE-2018-5021 Adobe
Apple
Microsoft
Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability.

10.0
2018-07-20 CVE-2018-5011 Adobe
Apple
Microsoft
Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability.

10.0
2018-07-20 CVE-2018-5009 Adobe
Apple
Microsoft
Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability.

10.0
2018-07-20 CVE-2018-12815 Adobe
Apple
Microsoft
Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability.

10.0
2018-07-20 CVE-2018-12812 Adobe
Apple
Microsoft
Incorrect Type Conversion or Cast vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions have a Type Confusion vulnerability.

10.0
2018-07-20 CVE-2018-12802 Adobe
Apple
Microsoft
Unspecified vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Security Bypass vulnerability.

10.0
2018-07-20 CVE-2018-12798 Adobe
Apple
Microsoft
Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability.

10.0
2018-07-20 CVE-2018-12792 Adobe
Apple
Microsoft
Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability.

10.0
2018-07-20 CVE-2018-12791 Adobe
Apple
Microsoft
Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability.

10.0
2018-07-20 CVE-2018-12787 Adobe
Apple
Microsoft
Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability.

10.0
2018-07-20 CVE-2018-12782 Adobe
Apple
Microsoft
Double Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Double Free vulnerability.

10.0
2018-07-20 CVE-2018-12760 Adobe
Apple
Microsoft
Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability.

10.0
2018-07-20 CVE-2018-12758 Adobe
Apple
Microsoft
Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability.

10.0
2018-07-20 CVE-2018-12756 Adobe
Apple
Microsoft
Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability.

10.0
2018-07-20 CVE-2018-12755 Adobe
Apple
Microsoft
Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability.

10.0
2018-07-20 CVE-2018-12754 Adobe
Apple
Microsoft
Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability.

10.0
2018-07-18 CVE-2018-0375 Cisco Use of Hard-coded Credentials vulnerability in Cisco Mobility Services Engine and Policy Suite

A vulnerability in the Cluster Manager of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials.

10.0
2018-07-18 CVE-2018-0349 Cisco OS Command Injection vulnerability in Cisco products

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device.

10.0
2018-07-17 CVE-2018-13861 Trivum Unspecified vulnerability in Trivum Webtouch Setup V9 Firmware 2.53

Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example.

10.0
2018-07-17 CVE-2018-13858 Trivum Unspecified vulnerability in Trivum C4 Professional Firmware 8.76

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example.

10.0
2018-07-16 CVE-2018-14324 Oracle Use of Hard-coded Credentials vulnerability in Oracle Glassfish Server 5.0

The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account.

10.0
2018-07-20 CVE-2018-8018 Apache Deserialization of Untrusted Data vulnerability in Apache Ignite

In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath.

9.8
2018-07-19 CVE-2018-10620 Aveva Out-of-bounds Write vulnerability in Aveva Indusoft web Studio and Intouch Machine 2017

AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed.

9.8
2018-07-19 CVE-2018-7602 Drupal
Debian
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x.
9.8
2018-07-19 CVE-2018-14403 Techsmith Incorrect Type Conversion or Cast vulnerability in Techsmith Mp4V2 2.0.0

MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to use of an inappropriate data type for associated atoms.

9.8
2018-07-19 CVE-2018-14399 Phpcms Project Code Injection vulnerability in PHPcms Project PHPcms 9.6.0

libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php#.jpg URI in the SRC attribute of an IMG element within info[content] JSON data to the index.php?m=member&c=index&a=register URI.

9.8
2018-07-16 CVE-2018-14071 Cyberhobo Improper Input Validation vulnerability in Cyberhobo GEO Mashup

The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input.

9.8
2018-07-20 CVE-2018-12797 Adobe
Apple
Microsoft
Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability.

9.3
2018-07-20 CVE-2018-12796 Adobe
Apple
Microsoft
Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability.

9.3
2018-07-18 CVE-2018-0387 Cisco Improper Input Validation vulnerability in Cisco Webex Teams

A vulnerability in Cisco Webex Teams (for Windows and macOS) could allow an unauthenticated, remote attacker to execute arbitrary code on the user's device, possibly with elevated privileges.

9.3
2018-07-18 CVE-2018-10616 ABB Improper Input Validation vulnerability in ABB Panel Builder 800

ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used.

9.3
2018-07-16 CVE-2018-1046 Powerdns Out-of-bounds Write vulnerability in Powerdns Pdns

pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay.

9.3
2018-07-18 CVE-2018-0350 Cisco Command Injection vulnerability in Cisco products

A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges.

9.0
2018-07-18 CVE-2018-0348 Cisco OS Command Injection vulnerability in Cisco products

A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges.

9.0
2018-07-18 CVE-2018-0345 Cisco Argument Injection or Modification vulnerability in Cisco products

A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software.

9.0
2018-07-17 CVE-2018-0710 Qnap OS Command Injection vulnerability in Qnap Q'Center

Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.

9.0
2018-07-17 CVE-2018-0709 Qnap OS Command Injection vulnerability in Qnap Q'Center

Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.

9.0
2018-07-17 CVE-2018-0708 Qnap OS Command Injection vulnerability in Qnap Q'Center

Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.

9.0
2018-07-17 CVE-2018-0707 Qnap OS Command Injection vulnerability in Qnap Q'Center

Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.

9.0
2018-07-16 CVE-2018-0341 Cisco OS Command Injection vulnerability in Cisco IP Phone Multiplatform Firmware 11.1(2)

A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server.

9.0

79 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-07-20 CVE-2018-14446 Techsmith Out-of-bounds Write vulnerability in Techsmith Mp4V2 2.1.0

MP4Integer32Property::Read in atom_avcC.cpp in MP4v2 2.1.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted MP4 file.

8.8
2018-07-18 CVE-2018-2928 Oracle Unspecified vulnerability in Oracle Solaris 11.3

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RAD).

8.8
2018-07-18 CVE-2018-14379 Techsmith Incorrect Type Conversion or Cast vulnerability in Techsmith Mp4V2 2.0.0

MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certain case where MP4DataAtom is required, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted MP4 file, because access to the data structure has different expectations about layout as a result of this type confusion.

8.8
2018-07-16 CVE-2018-14326 Techsmith Integer Overflow or Wraparound vulnerability in Techsmith Mp4V2 2.0.0

In MP4v2 2.0.0, there is an integer overflow (with resultant memory corruption) when resizing MP4Array for the ftyp atom in mp4array.h.

8.8
2018-07-16 CVE-2018-14325 Techsmith Integer Underflow (Wrap or Wraparound) vulnerability in Techsmith Mp4V2 2.0.0

In MP4v2 2.0.0, there is an integer underflow (with resultant memory corruption) when parsing MP4Atom in mp4atom.cpp.

8.8
2018-07-18 CVE-2018-2942 Oracle
Netapp
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL).
8.3
2018-07-18 CVE-2018-2926 Oracle Unspecified vulnerability in Oracle Solaris 11.3

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NVIDIA-GFX Kernel driver).

8.0
2018-07-19 CVE-2018-3871 Acdsystems Out-of-bounds Write vulnerability in Acdsystems Canvas Draw 4.0.0

An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0.

7.8
2018-07-19 CVE-2018-3870 Acdsystems Out-of-bounds Write vulnerability in Acdsystems Canvas Draw 4.0.0

An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0.

7.8
2018-07-19 CVE-2018-3860 Acdsystems Out-of-bounds Write vulnerability in Acdsystems Canvas Draw 4.0.0

An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0.

7.8
2018-07-19 CVE-2018-3859 Acdsystems Out-of-bounds Write vulnerability in Acdsystems Canvas Draw 4.0.0

An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0.

7.8
2018-07-19 CVE-2018-3858 Acdsystems Out-of-bounds Write vulnerability in Acdsystems Canvas Draw 4.0.0

An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0.

7.8
2018-07-19 CVE-2018-3857 Acdsystems Out-of-bounds Write vulnerability in Acdsystems Canvas Draw 4.0.0

An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0.

7.8
2018-07-18 CVE-2018-0372 Cisco Resource Exhaustion vulnerability in Cisco Nx-Os 13.0(1K)

A vulnerability in the DHCPv6 feature of the Cisco Nexus 9000 Series Fabric Switches in Application-Centric Infrastructure (ACI) Mode could allow an unauthenticated, remote attacker to cause the device to run low on system memory, which could result in a Denial of Service (DoS) condition on an affected system.

7.8
2018-07-18 CVE-2018-0346 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products

A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

7.8
2018-07-22 CVE-2018-14501 Joyplus Project SQL Injection vulnerability in Joyplus Project Joyplus-Cms 1.6.0

manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "m_id=1 AND SLEEP(5)" substring.

7.5
2018-07-20 CVE-2018-12805 Adobe Uncontrolled Search Path Element vulnerability in Adobe Connect

Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability.

7.5
2018-07-20 CVE-2018-12804 Adobe Improper Authentication vulnerability in Adobe Connect

Adobe Connect versions 9.7.5 and earlier have an Authentication Bypass vulnerability.

7.5
2018-07-20 CVE-2018-12785 Adobe
Apple
Microsoft
Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability.

7.5
2018-07-20 CVE-2018-12784 Adobe
Apple
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability.

7.5
2018-07-20 CVE-2018-14442 Foxitsoftware Use After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free that leads to Remote Code Execution, aka V-88f4smlocs.

7.5
2018-07-20 CVE-2018-14418 Msvod SQL Injection vulnerability in Msvod CMS 10

In Msvod Cms v10, SQL Injection exists via an images/lists?cid= URI.

7.5
2018-07-20 CVE-2018-14441 SSH Companywebsite Project Unrestricted Upload of File with Dangerous Type vulnerability in SSH Companywebsite Project SSH Companywebsite

An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03.

7.5
2018-07-20 CVE-2018-14440 SSH Companywebsite Project SQL Injection vulnerability in SSH Companywebsite Project SSH Companywebsite

An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03.

7.5
2018-07-19 CVE-2018-10870 Redhat Improper Input Validation vulnerability in Redhat Certification

redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile.

7.5
2018-07-19 CVE-2018-10869 Redhat Files or Directories Accessible to External Parties vulnerability in Redhat Certification and Enterprise Linux

redhat-certification does not properly restrict files that can be download through the /download page.

7.5
2018-07-19 CVE-2014-2302 Webedition Code Injection vulnerability in Webedition CMS 6.2.7.0/6.3.3.0/6.3.8

The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org.

7.5
2018-07-19 CVE-2018-12911 Webkitgtk
Canonical
Out-of-bounds Write vulnerability in multiple products

WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c.

7.5
2018-07-19 CVE-2017-7481 Redhat
Canonical
Debian
Improper Input Validation vulnerability in multiple products

Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe.

7.5
2018-07-19 CVE-2018-14370 Wireshark Out-of-bounds Read vulnerability in Wireshark

In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash.

7.5
2018-07-19 CVE-2018-14369 Wireshark
Debian
Improper Input Validation vulnerability in multiple products

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash.

7.5
2018-07-19 CVE-2018-14368 Wireshark
Debian
Infinite Loop vulnerability in multiple products

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop.

7.5
2018-07-19 CVE-2018-14367 Wireshark Unchecked Return Value vulnerability in Wireshark

In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash.

7.5
2018-07-19 CVE-2018-14344 Wireshark Out-of-bounds Read vulnerability in Wireshark

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash.

7.5
2018-07-19 CVE-2018-14343 Wireshark
Debian
Integer Overflow or Wraparound vulnerability in multiple products

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash.

7.5
2018-07-19 CVE-2018-14342 Wireshark
Debian
Excessive Iteration vulnerability in multiple products

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop.

7.5
2018-07-19 CVE-2018-14341 Wireshark
Debian
Infinite Loop vulnerability in multiple products

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop.

7.5
2018-07-19 CVE-2018-14340 Wireshark
Debian
Out-of-bounds Read vulnerability in multiple products

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash.

7.5
2018-07-19 CVE-2018-14339 Wireshark
Debian
Infinite Loop vulnerability in multiple products

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop.

7.5
2018-07-18 CVE-2018-0398 Cisco Server-Side Request Forgery (SSRF) vulnerability in Cisco Finesse 11.5(1)

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack.

7.5
2018-07-18 CVE-2018-0377 Cisco Missing Authentication for Critical Function vulnerability in Cisco Mobility Services Engine and Policy Suite

A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface.

7.5
2018-07-18 CVE-2018-0376 Cisco Missing Authentication for Critical Function vulnerability in Cisco Mobility Services Engine and Policy Suite

A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy Builder interface.

7.5
2018-07-18 CVE-2018-0374 Cisco Missing Authentication for Critical Function vulnerability in Cisco Mobility Services Engine 14.0.0

A vulnerability in the Policy Builder database of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database.

7.5
2018-07-18 CVE-2018-14389 Joyplus CMS Project SQL Injection vulnerability in Joyplus-Cms Project Joyplus-Cms 1.6.0

joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val parameter.

7.5
2018-07-18 CVE-2018-14364 Gitlab Path Traversal vulnerability in Gitlab

GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.

7.5
2018-07-18 CVE-2018-8011 Apache
Netapp
NULL Pointer Dereference vulnerability in multiple products

By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault.

7.5
2018-07-18 CVE-2018-2943 Oracle Unspecified vulnerability in Oracle Fusion Middleware Mapviewer 12.2.1.2.0/12.2.1.3.0

Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder).

7.5
2018-07-18 CVE-2018-2930 Oracle Unspecified vulnerability in Oracle Solaris Cluster 3.3/4.3

Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition).

7.5
2018-07-18 CVE-2018-2894 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services).

7.5
2018-07-18 CVE-2018-2893 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components).

7.5
2018-07-17 CVE-2018-14362 Mutt
Neomutt
Canonical
Debian
Redhat
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.

7.5
2018-07-17 CVE-2018-14361 Debian
Neomutt
Improper Input Validation vulnerability in multiple products

An issue was discovered in NeoMutt before 2018-07-16.

7.5
2018-07-17 CVE-2018-14360 Debian
Neomutt
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in NeoMutt before 2018-07-16.

7.5
2018-07-17 CVE-2018-14359 Mutt
Neomutt
Canonical
Debian
Classic Buffer Overflow vulnerability in multiple products

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.

7.5
2018-07-17 CVE-2018-14358 Mutt
Neomutt
Canonical
Debian
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.

7.5
2018-07-17 CVE-2018-14357 Mutt
Neomutt
Canonical
Debian
Redhat
OS Command Injection vulnerability in multiple products

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.

7.5
2018-07-17 CVE-2018-14356 Debian
Mutt
Neomutt
Canonical
Access of Uninitialized Pointer vulnerability in multiple products

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.

7.5
2018-07-17 CVE-2018-14354 Mutt
Neomutt
Canonical
Debian
Redhat
OS Command Injection vulnerability in multiple products

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.

7.5
2018-07-17 CVE-2018-14353 Mutt
Neomutt
Canonical
Debian
Integer Underflow (Wrap or Wraparound) vulnerability in multiple products

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.

7.5
2018-07-17 CVE-2018-14352 Mutt
Neomutt
Canonical
Debian
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.

7.5
2018-07-17 CVE-2018-14351 Mutt
Neomutt
Canonical
Debian
Improper Input Validation vulnerability in multiple products

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.

7.5
2018-07-17 CVE-2018-14350 Mutt
Neomutt
Debian
Canonical
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.

7.5
2018-07-17 CVE-2018-14349 Debian
Mutt
Neomutt
Canonical
Improper Input Validation vulnerability in multiple products

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.

7.5
2018-07-17 CVE-2018-13862 Trivum Unspecified vulnerability in Trivum Webtouch Setup V9 Firmware 2.53

Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization).

7.5
2018-07-17 CVE-2018-13859 Trivum Unspecified vulnerability in Trivum C4 Professional Firmware 8.76

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization).

7.5
2018-07-17 CVE-2018-14334 Joyplus CMS Project Unrestricted Upload of File with Dangerous Type vulnerability in Joyplus-Cms Project Joyplus-Cms 1.6.0

manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of control.

7.5
2018-07-16 CVE-2018-12584 Resiprocate
Debian
Classic Buffer Overflow vulnerability in multiple products

The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service (buffer overflow) or possibly execute arbitrary code when TLS communication is enabled.

7.5
2018-07-16 CVE-2018-13981 Zeta Producer Unrestricted Upload of File with Dangerous Type vulnerability in Zeta-Producer Zeta Producer Desktop CMS

The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated remote code execution due to a default component that permits arbitrary upload of PHP files, because the formmailer widget blocks .php files but not .php5 or .phtml files.

7.5
2018-07-16 CVE-2018-14088 Stex White List Project Integer Overflow or Wraparound vulnerability in Stex White List Project Stex White List

An issue was discovered in a smart contract implementation for STeX White List (STE(WL)), an Ethereum token.

7.5
2018-07-16 CVE-2018-14087 Encryptedtoken Project Integer Overflow or Wraparound vulnerability in Encryptedtoken Project Encryptedtoken

An issue was discovered in a smart contract implementation for EUC (EUC), an Ethereum token.

7.5
2018-07-16 CVE-2018-14086 Mytoken Project Integer Overflow or Wraparound vulnerability in Mytoken Project Mytoken

An issue was discovered in a smart contract implementation for SingaporeCoinOrigin (SCO), an Ethereum token.

7.5
2018-07-16 CVE-2018-14084 Myadvancedtoken Project Integer Overflow or Wraparound vulnerability in Myadvancedtoken Project Myadvancedtoken

An issue was discovered in a smart contract implementation for MKCB, an Ethereum token.

7.5
2018-07-19 CVE-2018-9062 Lenovo Injection vulnerability in Lenovo products

In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.

7.2
2018-07-19 CVE-2017-2673 Redhat Incorrect Authorization vulnerability in Redhat Openstack 10/9

An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone).

7.2
2018-07-18 CVE-2018-0351 Cisco Command Injection vulnerability in Cisco products

A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.

7.2
2018-07-18 CVE-2018-0347 Cisco Command Injection vulnerability in Cisco products

A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.

7.2
2018-07-18 CVE-2018-0342 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products

A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device.

7.2
2018-07-18 CVE-2018-2892 Oracle Unspecified vulnerability in Oracle Solaris 10.0/11.3

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Availability Suite Service).

7.2
2018-07-16 CVE-2018-5239 Symantec Unspecified vulnerability in Symantec Norton APP Lock

Norton App Lock prior to v1.3.0.332 can be susceptible to a bypass exploit.

7.2

377 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-07-22 CVE-2018-14505 Mitmproxy Improper Input Validation vulnerability in Mitmproxy 4.0.3

mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to tools/web/app.py.

6.8
2018-07-20 CVE-2018-5067 Adobe
Apple
Microsoft
Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability.

6.8
2018-07-20 CVE-2018-5065 Adobe
Apple
Microsoft
Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability.

6.8
2018-07-20 CVE-2018-5059 Adobe
Apple
Microsoft
Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability.

6.8
2018-07-20 CVE-2018-5058 Adobe
Apple
Microsoft
Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability.

6.8
2018-07-20 CVE-2018-5057 Adobe
Apple
Microsoft
Incorrect Type Conversion or Cast vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability.

6.8
2018-07-20 CVE-2018-5052 Adobe
Apple
Microsoft
Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability.

6.8
2018-07-20 CVE-2018-5045 Adobe
Apple
Microsoft
Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability.

6.8
2018-07-20 CVE-2018-5043 Adobe
Apple
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability.

6.8
2018-07-20 CVE-2018-5042 Adobe
Apple
Microsoft
Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability.

6.8
2018-07-20 CVE-2018-5041 Adobe
Apple
Microsoft
Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability.

6.8
2018-07-20 CVE-2018-5040 Adobe
Apple
Microsoft
Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability.

6.8
2018-07-20 CVE-2018-5038 Adobe
Apple
Microsoft
Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability.

6.8
2018-07-20 CVE-2018-5037 Adobe
Apple
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability.

6.8
2018-07-20 CVE-2018-5036 Adobe
Apple
Microsoft
Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability.

6.8
2018-07-20 CVE-2018-5034 Adobe
Apple
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability.

6.8
2018-07-20 CVE-2018-5032 Adobe
Apple
Microsoft
Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability.

6.8
2018-07-20 CVE-2018-5030 Adobe
Apple
Microsoft
NULL Pointer Dereference vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability.

6.8
2018-07-20 CVE-2018-5028 Adobe
Apple
Microsoft
Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability.

6.8
2018-07-20 CVE-2018-5020 Adobe
Apple
Microsoft
Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability.

6.8
2018-07-20 CVE-2018-5015 Adobe
Apple
Microsoft
Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability.

6.8
2018-07-20 CVE-2018-5012 Adobe
Apple
Microsoft
NULL Pointer Dereference vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability.

6.8
2018-07-20 CVE-2018-5007 Adobe
Apple
Linux
Microsoft
Google
Redhat
Incorrect Type Conversion or Cast vulnerability in multiple products

Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusion vulnerability.

6.8
2018-07-20 CVE-2018-12794 Adobe
Apple
Microsoft
Incorrect Type Conversion or Cast vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability.

6.8
2018-07-20 CVE-2018-12788 Adobe
Apple
Microsoft
Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability.

6.8
2018-07-20 CVE-2018-12783 Adobe
Apple
Microsoft
Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability.

6.8
2018-07-20 CVE-2018-12776 Adobe
Apple
Microsoft
Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability.

6.8
2018-07-20 CVE-2018-12773 Adobe
Apple
Microsoft
Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability.

6.8
2018-07-20 CVE-2018-12772 Adobe
Apple
Microsoft
Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability.

6.8
2018-07-20 CVE-2018-12771 Adobe
Apple
Microsoft
Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability.

6.8
2018-07-20 CVE-2018-12770 Adobe
Apple
Microsoft
Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability.

6.8
2018-07-20 CVE-2014-2296 Apereo XXE vulnerability in Apereo CAS Server

XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data.

6.8
2018-07-20 CVE-2018-14460 Hdfgroup Out-of-bounds Read vulnerability in Hdfgroup Hdf5 1.8.20

An issue was discovered in the HDF HDF5 1.8.20 library.

6.8
2018-07-20 CVE-2018-14459 Linuxsampler Out-of-bounds Write vulnerability in Linuxsampler Libgig 4.1.0

An issue was discovered in libgig 4.1.0.

6.8
2018-07-20 CVE-2018-14458 Linuxsampler Out-of-bounds Write vulnerability in Linuxsampler Libgig 4.1.0

An issue was discovered in libgig 4.1.0.

6.8
2018-07-20 CVE-2018-14457 Linuxsampler Out-of-bounds Write vulnerability in Linuxsampler Libgig 4.1.0

An issue was discovered in libgig 4.1.0.

6.8
2018-07-20 CVE-2018-14456 Linuxsampler Out-of-bounds Write vulnerability in Linuxsampler Libgig 4.1.0

An issue was discovered in libgig 4.1.0.

6.8
2018-07-20 CVE-2018-14455 Linuxsampler Out-of-bounds Write vulnerability in Linuxsampler Libgig 4.1.0

An issue was discovered in libgig 4.1.0.

6.8
2018-07-20 CVE-2018-14454 Linuxsampler Out-of-bounds Read vulnerability in Linuxsampler Libgig 4.1.0

An issue was discovered in libgig 4.1.0.

6.8
2018-07-20 CVE-2018-14453 Linuxsampler Out-of-bounds Write vulnerability in Linuxsampler Libgig 4.1.0

An issue was discovered in libgig 4.1.0.

6.8
2018-07-20 CVE-2018-14452 Linuxsampler Out-of-bounds Read vulnerability in Linuxsampler Libgig 4.1.0

An issue was discovered in libgig 4.1.0.

6.8
2018-07-20 CVE-2018-14451 Linuxsampler Out-of-bounds Write vulnerability in Linuxsampler Libgig 4.1.0

An issue was discovered in libgig 4.1.0.

6.8
2018-07-20 CVE-2018-14450 Linuxsampler Out-of-bounds Read vulnerability in Linuxsampler Libgig 4.1.0

An issue was discovered in libgig 4.1.0.

6.8
2018-07-20 CVE-2018-14449 Linuxsampler Out-of-bounds Read vulnerability in Linuxsampler Libgig 4.1.0

An issue was discovered in libgig 4.1.0.

6.8
2018-07-20 CVE-2018-14447 Libconfuse Project
Debian
Out-of-bounds Read vulnerability in multiple products

trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds read.

6.8
2018-07-20 CVE-2018-14421 Seacms Cross-Site Request Forgery (CSRF) vulnerability in Seacms 6.61

SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php).

6.8
2018-07-20 CVE-2018-14420 Metinfo Cross-Site Request Forgery (CSRF) vulnerability in Metinfo 6.0.0

MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI.

6.8
2018-07-18 CVE-2018-0402 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack.

6.8
2018-07-18 CVE-2018-0379 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products

Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files.

6.8
2018-07-18 CVE-2018-14387 Wondercms Session Fixation vulnerability in Wondercms

An issue was discovered in WonderCMS before 2.5.2.

6.8
2018-07-18 CVE-2018-2938 Oracle
Netapp
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB).
6.8
2018-07-18 CVE-2018-2908 Oracle Unspecified vulnerability in Oracle Solaris 11.3

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel).

6.8
2018-07-17 CVE-2018-14346 Debian
GNU
Out-of-bounds Write vulnerability in multiple products

GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).

6.8
2018-07-17 CVE-2018-14338 Exiv2 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Exiv2 0.26

samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow.

6.8
2018-07-17 CVE-2018-14331 Xiaocms Cross-Site Request Forgery (CSRF) vulnerability in Xiaocms X1 20140305

An issue was discovered in XiaoCms X1 v20140305.

6.8
2018-07-16 CVE-2018-10840 Linux
Canonical
Redhat
Heap-based Buffer Overflow vulnerability in multiple products

Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function.

6.6
2018-07-20 CVE-2018-14472 Wuzhicms SQL Injection vulnerability in Wuzhicms 4.1.0

An issue was discovered in WUZHI CMS 4.1.0.

6.5
2018-07-18 CVE-2018-0394 Cisco Improper Input Validation vulnerability in Cisco Cloud Services Platform 2100 2.2(4)

A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to obtain restricted shell access on an affected system.

6.5
2018-07-18 CVE-2018-0344 Cisco Command Injection vulnerability in Cisco products

A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system.

6.5
2018-07-18 CVE-2018-0343 Cisco Improper Privilege Management vulnerability in Cisco products

A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service (DoS) condition on an affected system.

6.5
2018-07-18 CVE-2018-10877 Canonical
Linux
Debian
Redhat
Out-of-bounds Read vulnerability in multiple products

Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.

6.5
2018-07-18 CVE-2018-3073 Oracle
Netapp
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).
6.5
2018-07-18 CVE-2018-3037 Oracle Unspecified vulnerability in Oracle Flexcube Enterprise Limits and Collateral Management 12.3.0/14.0.0/14.1.0

Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure).

6.5
2018-07-18 CVE-2018-3036 Oracle Unspecified vulnerability in Oracle Banking Corporate Lending

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module).

6.5
2018-07-18 CVE-2018-3028 Oracle Unspecified vulnerability in Oracle Flexcube Investor Servicing

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure).

6.5
2018-07-18 CVE-2018-3020 Oracle Unspecified vulnerability in Oracle Banking Payments

Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core).

6.5
2018-07-18 CVE-2018-2974 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure).

6.5
2018-07-18 CVE-2018-2920 Oracle Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT 8.7.13

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks).

6.5
2018-07-18 CVE-2018-2881 Oracle Unspecified vulnerability in Oracle Micros Retail-J

Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Database).

6.5
2018-07-18 CVE-2018-3100 Oracle Unspecified vulnerability in Oracle Business Process Management Suite

Vulnerability in the Oracle Business Process Management Suite component of Oracle Fusion Middleware (subcomponent: Process Analysis & Discovery).

6.4
2018-07-18 CVE-2018-2976 Oracle Unspecified vulnerability in Oracle Enterprise Manager OPS Center 12.2.2

Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Networking).

6.4
2018-07-18 CVE-2018-2958 Oracle Unspecified vulnerability in Oracle Business Intelligence Publisher

Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: BI Publisher Security).

6.4
2018-07-18 CVE-2018-2904 Oracle Unspecified vulnerability in Oracle Communications Eagle Local Number Portability Application Processor 10.0/10.1

Vulnerability in the Oracle Communications EAGLE LNP Application Processor component of Oracle Communications Applications (subcomponent: GUI).

6.4
2018-07-18 CVE-2018-2900 Oracle Unspecified vulnerability in Oracle Business Intelligence Publisher 11.1.1.7.0

Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Layout Tools).

6.4
2018-07-16 CVE-2017-2638 Infinispan
Redhat
Improper Authentication vulnerability in multiple products

It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints.

6.4
2018-07-20 CVE-2018-3771 Statics Server Project Cross-site Scripting vulnerability in Statics-Server Project Statics-Server

An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.

6.1
2018-07-20 CVE-2017-18343 Sensiolabs Cross-site Scripting vulnerability in Sensiolabs Symfony

The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI.

6.1
2018-07-18 CVE-2018-2978 Oracle Unspecified vulnerability in Oracle Hospitality Simphony 2.10/2.8/2.9

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export).

6.0
2018-07-17 CVE-2018-14345 Sddm Project Improper Authentication vulnerability in Sddm Project Sddm

An issue was discovered in SDDM through 0.17.0.

6.0
2018-07-19 CVE-2016-9574 Mozilla Session Fixation vulnerability in Mozilla Network Security Services

nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.

5.9
2018-07-20 CVE-2018-14474 Goodoldweb Open Redirect vulnerability in Goodoldweb Orange Forum 1.4.0

views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the next parameter to /login or /signup.

5.8
2018-07-18 CVE-2018-14381 Pagekit Open Redirect vulnerability in Pagekit

Pagekit before 1.0.14 has a /user/login?redirect= open redirect vulnerability.

5.8
2018-07-18 CVE-2018-3104 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.8
2018-07-18 CVE-2018-3103 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.8
2018-07-18 CVE-2018-3102 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.8
2018-07-18 CVE-2018-3099 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.8
2018-07-18 CVE-2018-3098 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.8
2018-07-18 CVE-2018-3097 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.8
2018-07-18 CVE-2018-3096 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.8
2018-07-18 CVE-2018-3095 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.8
2018-07-18 CVE-2018-3094 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.8
2018-07-18 CVE-2018-3093 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.8
2018-07-18 CVE-2018-3092 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.8
2018-07-18 CVE-2018-3068 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Human Capital Management Human Resources 9.2

Vulnerability in the PeopleSoft Enterprise HCM Human Resources component of Oracle PeopleSoft Products (subcomponent: Compensation).

5.8
2018-07-18 CVE-2018-3018 Oracle Unspecified vulnerability in Oracle Istore

Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Shopping Cart).

5.8
2018-07-18 CVE-2018-3017 Oracle Unspecified vulnerability in Oracle Customer Relationship Management Technical Foundation

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences).

5.8
2018-07-18 CVE-2018-3012 Oracle Unspecified vulnerability in Oracle Trade Management

Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2018-07-18 CVE-2018-3010 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.8
2018-07-18 CVE-2018-3009 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.8
2018-07-18 CVE-2018-3008 Oracle Unspecified vulnerability in Oracle Marketing 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2018-07-18 CVE-2018-3006 Oracle Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime).

5.8
2018-07-18 CVE-2018-2999 Oracle Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime).

5.8
2018-07-18 CVE-2018-2997 Oracle Unspecified vulnerability in Oracle Scripting 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Script Author).

5.8
2018-07-18 CVE-2018-2995 Oracle Unspecified vulnerability in Oracle Istore

Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Shopping Cart).

5.8
2018-07-18 CVE-2018-2993 Oracle Unspecified vulnerability in Oracle Customer Relationship Management Technical Foundation

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences).

5.8
2018-07-18 CVE-2018-2992 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.8
2018-07-18 CVE-2018-2991 Oracle Unspecified vulnerability in Oracle Trade Management

Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2018-07-18 CVE-2018-2990 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker).

5.8
2018-07-18 CVE-2018-2989 Oracle Unspecified vulnerability in Oracle Ilearning 6.2

Vulnerability in the Oracle iLearning component of Oracle iLearning (subcomponent: Learner Administration).

5.8
2018-07-18 CVE-2018-2987 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Console).

5.8
2018-07-18 CVE-2018-2986 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Workflow).

5.8
2018-07-18 CVE-2018-2985 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Workflow).

5.8
2018-07-18 CVE-2018-2965 Oracle Unspecified vulnerability in Oracle Primavera Unifier

Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core).

5.8
2018-07-18 CVE-2018-2961 Oracle Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access).

5.8
2018-07-18 CVE-2018-2960 Oracle Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access).

5.8
2018-07-18 CVE-2018-2953 Oracle Unspecified vulnerability in Oracle One-To-One Fulfillment

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server).

5.8
2018-07-18 CVE-2018-2950 Oracle Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime).

5.8
2018-07-18 CVE-2018-2949 Oracle Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime).

5.8
2018-07-18 CVE-2018-2948 Oracle Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime).

5.8
2018-07-18 CVE-2018-2946 Oracle Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime).

5.8
2018-07-18 CVE-2018-2945 Oracle Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime).

5.8
2018-07-18 CVE-2018-2936 Oracle Unspecified vulnerability in Oracle Communications Convergence 3.0.1

Vulnerability in the Oracle Communications Messaging Server component of Oracle Communications Applications (subcomponent: Web Client).

5.8
2018-07-18 CVE-2018-2935 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JSF).

5.8
2018-07-18 CVE-2018-2929 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology).

5.8
2018-07-18 CVE-2018-2919 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Unified Navigation).

5.8
2018-07-18 CVE-2018-2899 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure).

5.8
2018-07-18 CVE-2018-2898 Oracle Unspecified vulnerability in Oracle Flexcube Investor Servicing

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure).

5.8
2018-07-18 CVE-2018-2897 Oracle Unspecified vulnerability in Oracle Flexcube Enterprise Limits and Collateral Management 12.3.0/14.0.0/14.1.0

Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure).

5.8
2018-07-18 CVE-2018-2896 Oracle Unspecified vulnerability in Oracle Banking Payments

Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core).

5.8
2018-07-18 CVE-2018-2895 Oracle Unspecified vulnerability in Oracle Banking Corporate Lending

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module).

5.8
2018-07-18 CVE-2018-2891 Oracle Unspecified vulnerability in Oracle Retail Bulk Data Integration 16.0

Vulnerability in the Oracle Retail Bulk Data Integration component of Oracle Retail Applications (subcomponent: BDI Job Scheduler).

5.8
2018-07-20 CVE-2018-3770 Markdown PDF Project Path Traversal vulnerability in Markdown-Pdf Project Markdown-Pdf

A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.

5.5
2018-07-19 CVE-2014-0243 Check MK Project Link Following vulnerability in Check MK Project Check MK

Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job.

5.5
2018-07-18 CVE-2018-3064 Oracle
Netapp
Canonical
Debian
Mariadb
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB).
5.5
2018-07-18 CVE-2018-3060 Oracle
Netapp
Canonical
Mariadb
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB).
5.5
2018-07-18 CVE-2018-3053 Oracle Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 16.0.1/16.0.2/17.0.1

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation component of Oracle Retail Applications (subcomponent: Internal Operations).

5.5
2018-07-18 CVE-2018-3052 Oracle Unspecified vulnerability in Oracle Micros Relate Customer Relationship Management Software

Vulnerability in the MICROS Relate CRM Software component of Oracle Retail Applications (subcomponent: Internal Operations).

5.5
2018-07-18 CVE-2018-3051 Oracle Unspecified vulnerability in Oracle Flexcube Enterprise Limits and Collateral Management 12.3.0/14.0.0/14.1.0

Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure).

5.5
2018-07-18 CVE-2018-3050 Oracle Unspecified vulnerability in Oracle Banking Corporate Lending

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module).

5.5
2018-07-18 CVE-2018-3045 Oracle Unspecified vulnerability in Oracle Flexcube Enterprise Limits and Collateral Management 12.3.0/14.0.0/14.1.0

Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure).

5.5
2018-07-18 CVE-2018-3044 Oracle Unspecified vulnerability in Oracle Banking Corporate Lending

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module).

5.5
2018-07-18 CVE-2018-3043 Oracle Unspecified vulnerability in Oracle Flexcube Enterprise Limits and Collateral Management 12.3.0/14.0.0/14.1.0

Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure).

5.5
2018-07-18 CVE-2018-3042 Oracle Unspecified vulnerability in Oracle Banking Corporate Lending

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module).

5.5
2018-07-18 CVE-2018-3035 Oracle Unspecified vulnerability in Oracle Flexcube Investor Servicing

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure).

5.5
2018-07-18 CVE-2018-3032 Oracle Unspecified vulnerability in Oracle Flexcube Investor Servicing

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure).

5.5
2018-07-18 CVE-2018-3031 Oracle Unspecified vulnerability in Oracle Flexcube Investor Servicing

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure).

5.5
2018-07-18 CVE-2018-3027 Oracle Unspecified vulnerability in Oracle Banking Payments

Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core).

5.5
2018-07-18 CVE-2018-3024 Oracle Unspecified vulnerability in Oracle Banking Payments

Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core).

5.5
2018-07-18 CVE-2018-3023 Oracle Unspecified vulnerability in Oracle Banking Payments

Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core).

5.5
2018-07-18 CVE-2018-3016 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker).

5.5
2018-07-18 CVE-2018-3015 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure).

5.5
2018-07-18 CVE-2018-2998 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: SAML).

5.5
2018-07-18 CVE-2018-2984 Oracle Unspecified vulnerability in Oracle Hospitality Cruise Fleet Management 9.0

Vulnerability in the Oracle Hospitality Cruise Fleet Management System component of Oracle Hospitality Applications (subcomponent: Gangway Activity Web App).

5.5
2018-07-18 CVE-2018-2981 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure).

5.5
2018-07-18 CVE-2018-2980 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure).

5.5
2018-07-17 CVE-2018-6681 Mcafee Cross-site Scripting vulnerability in Mcafee Network Security Manager

Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface.

5.4
2018-07-18 CVE-2018-3074 Oracle
Netapp
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles).
5.3
2018-07-18 CVE-2018-2934 Oracle Improper Initialization vulnerability in Oracle E-Business Suite 12.1.3

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload).

5.3
2018-07-16 CVE-2017-15137 Redhat Improper Input Validation vulnerability in Redhat Openshift and Openshift Container Platform

The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example.

5.3
2018-07-18 CVE-2018-2964 Oracle
Netapp
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment).
5.1
2018-07-18 CVE-2018-2941 Oracle
Netapp
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX).
5.1
2018-07-18 CVE-2018-2932 Oracle Unspecified vulnerability in Oracle Supercluster Specific Software

Vulnerability in the Oracle SuperCluster Specific Software component of Oracle Sun Systems Products Suite (subcomponent: SuperCluster Virtual Assistant).

5.1
2018-07-18 CVE-2018-2918 Oracle Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT 8.7.13

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks).

5.1
2018-07-21 CVE-2018-14492 Tendacn Out-of-bounds Write vulnerability in Tendacn products

Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.

5.0
2018-07-20 CVE-2018-5068 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

5.0
2018-07-20 CVE-2018-5066 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

5.0
2018-07-20 CVE-2018-5062 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

5.0
2018-07-20 CVE-2018-5026 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

5.0
2018-07-20 CVE-2018-5025 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

5.0
2018-07-20 CVE-2018-5024 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

5.0
2018-07-20 CVE-2018-5023 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

5.0
2018-07-20 CVE-2018-5022 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

5.0
2018-07-20 CVE-2018-5010 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

5.0
2018-07-20 CVE-2018-5008 Adobe
Apple
Linux
Microsoft
Google
Redhat
Out-of-bounds Read vulnerability in multiple products

Adobe Flash Player 30.0.0.113 and earlier versions have an Out-of-bounds read vulnerability.

5.0
2018-07-20 CVE-2018-5006 Adobe Server-Side Request Forgery (SSRF) vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability.

5.0
2018-07-20 CVE-2018-5004 Adobe Server-Side Request Forgery (SSRF) vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Request Forgery vulnerability.

5.0
2018-07-20 CVE-2018-12809 Adobe Server-Side Request Forgery (SSRF) vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability.

5.0
2018-07-20 CVE-2018-12795 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

5.0
2018-07-20 CVE-2018-12786 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

5.0
2018-07-20 CVE-2018-12768 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

5.0
2018-07-20 CVE-2018-12767 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

5.0
2018-07-20 CVE-2018-12766 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

5.0
2018-07-20 CVE-2018-12765 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

5.0
2018-07-20 CVE-2018-12763 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

5.0
2018-07-20 CVE-2018-12762 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

5.0
2018-07-20 CVE-2018-12757 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

5.0
2018-07-20 CVE-2018-1679 IBM Information Exposure vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow an unauthenticated user to obtain sensitive information that could be used in further attacks against the system.

5.0
2018-07-20 CVE-2018-1398 IBM Information Exposure vulnerability in IBM Sterling File Gateway 2.2.0.0

IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote attacker to download certain files that could contain sensitive information.

5.0
2018-07-20 CVE-2018-14444 Libdxfrw Project Out-of-bounds Read vulnerability in Libdxfrw Project Libdxfrw 0.6.3

libdxfrw 0.6.3 has an Integer Overflow in dwgCompressor::decompress18 in dwgutil.cpp, leading to an out-of-bounds read and application crash.

5.0
2018-07-20 CVE-2016-10727 Canonical
Gnome
Information Exposure vulnerability in multiple products

camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

5.0
2018-07-20 CVE-2018-14439 Eblock Incorrect Calculation vulnerability in Eblock Eos4J

espritblock eos4j, an unofficial SDK for EOS, through 2018-07-12 mishandles floating-point numbers with more than four digits after the decimal point, which might allow attackers to trigger currency transfers of unintended amounts.

5.0
2018-07-20 CVE-2018-14438 Wireshark Improper Input Validation vulnerability in Wireshark

In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily.

5.0
2018-07-19 CVE-2018-14336 TP Link Improper Input Validation vulnerability in Tp-Link Wr840N

TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses.

5.0
2018-07-19 CVE-2018-12959 Aditustoken Project Improper Input Validation vulnerability in Aditustoken Project Aditustoken

The approveAndCall function of a smart contract implementation for Aditus (ADI), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all contract balances into their account).

5.0
2018-07-19 CVE-2018-14423 Uclouvain
Debian
Divide By Zero vulnerability in multiple products

Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).

5.0
2018-07-19 CVE-2018-5535 F5 Improper Input Validation vulnerability in F5 products

On F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.5.1-11.6.3 specifically crafted HTTP responses, when processed by a Virtual Server with an associated QoE profile that has Video enabled, may cause TMM to incorrectly buffer response data causing the TMM to restart resulting in a Denial of Service.

5.0
2018-07-19 CVE-2018-5534 F5 Improper Input Validation vulnerability in F5 products

Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 12.1.0-12.1.3.1, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic.

5.0
2018-07-19 CVE-2018-5533 F5 Improper Input Validation vulnerability in F5 products

Under certain conditions on F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic.

5.0
2018-07-19 CVE-2018-5532 F5 Unspecified vulnerability in F5 products

On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the cached name.

5.0
2018-07-19 CVE-2018-14404 Canonical
Debian
Xmlsoft
NULL Pointer Dereference vulnerability in multiple products

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case.

5.0
2018-07-19 CVE-2018-14402 Axmldec Project Out-of-bounds Write vulnerability in Axmldec Project Axmldec 1.2.0

axmldec 1.2.0 has an out-of-bounds write in the jitana::axml_parser::parse_start_namespace function in lib/jitana/util/axml_parser.cpp.

5.0
2018-07-19 CVE-2018-14401 Axml Parser Project Out-of-bounds Read vulnerability in Axml Parser Project Axml Parser

CopyData in AxmlParser.c in AXML Parser through 2018-01-04 has an out-of-bounds read.

5.0
2018-07-18 CVE-2018-0403 Cisco Server-Side Request Forgery (SSRF) vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to retrieve a cleartext password.

5.0
2018-07-18 CVE-2018-0399 Cisco Server-Side Request Forgery (SSRF) vulnerability in Cisco Finesse 11.5(1)

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system.

5.0
2018-07-18 CVE-2018-3101 Oracle Unspecified vulnerability in Oracle Webcenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0

Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: Portlet Services).

5.0
2018-07-18 CVE-2018-3072 Oracle Unspecified vulnerability in Oracle Peoplesoft Human Resource Management Systems 9.2

Vulnerability in the PeopleSoft HRMS component of Oracle PeopleSoft Products (subcomponent: Candidate Gateway).

5.0
2018-07-18 CVE-2018-3039 Oracle Unspecified vulnerability in Oracle Flexcube Enterprise Limits and Collateral Management 12.3.0/14.0.0/14.1.0

Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure).

5.0
2018-07-18 CVE-2018-3038 Oracle Unspecified vulnerability in Oracle Banking Corporate Lending

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module).

5.0
2018-07-18 CVE-2018-3029 Oracle Unspecified vulnerability in Oracle Flexcube Investor Servicing

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure).

5.0
2018-07-18 CVE-2018-3021 Oracle Unspecified vulnerability in Oracle Banking Payments

Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core).

5.0
2018-07-18 CVE-2018-3007 Oracle Unspecified vulnerability in Oracle Tuxedo 12.1.1/12.1.3/12.2.2

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core).

5.0
2018-07-18 CVE-2018-2996 Oracle Unspecified vulnerability in Oracle Applications Manager

Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces).

5.0
2018-07-18 CVE-2018-2994 Oracle Unspecified vulnerability in Oracle Istore

Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Shopping Cart).

5.0
2018-07-18 CVE-2018-2975 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure).

5.0
2018-07-18 CVE-2018-2957 Oracle Unspecified vulnerability in Oracle Hospitality Opera Property Management 5.5/5.5.1

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Logging).

5.0
2018-07-18 CVE-2018-2955 Oracle Unspecified vulnerability in Oracle Hospitality Opera Property Management 5.5/5.5.1

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Integration).

5.0
2018-07-18 CVE-2018-2944 Oracle Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Monitoring and Diagnostics).

5.0
2018-07-18 CVE-2018-2937 Oracle Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT 8.7.13

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface).

5.0
2018-07-18 CVE-2018-2921 Oracle Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT 8.7.13

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface).

5.0
2018-07-18 CVE-2018-2917 Oracle Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT 8.7.13

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks).

5.0
2018-07-18 CVE-2018-2915 Oracle Unspecified vulnerability in Oracle Hyperion Data Relationship Management 11.1.2.4.330

Vulnerability in the Hyperion Data Relationship Management component of Oracle Hyperion (subcomponent: Access and security).

5.0
2018-07-18 CVE-2018-2907 Oracle Unspecified vulnerability in Oracle Hyperion Financial Reporting 11.1.2

Vulnerability in the Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Security Models).

5.0
2018-07-18 CVE-2018-2905 Oracle Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT 8.7.13

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Services).

5.0
2018-07-18 CVE-2018-14371 Eclipse Path Traversal vulnerability in Eclipse Mojarra

The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter.

5.0
2018-07-17 CVE-2018-14363 Debian
Neomutt
Path Traversal vulnerability in multiple products

An issue was discovered in NeoMutt before 2018-07-16.

5.0
2018-07-17 CVE-2018-14355 Debian
Mutt
Neomutt
Canonical
Path Traversal vulnerability in multiple products

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.

5.0
2018-07-17 CVE-2018-1612 IBM Information Exposure vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) could allow a remote attacker to bypass authentication and obtain sensitive information.

5.0
2018-07-17 CVE-2018-13860 Trivum Information Exposure vulnerability in Trivum C4 Professional Firmware 8.76

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the "/xml/menu/getObjectEditor.xml" URL, using a "?oid=systemSetup&id=_0" or "?oid=systemUsers&id=_0" GET request.

5.0
2018-07-17 CVE-2018-13864 Lightbend
Microsoft
Path Traversal vulnerability in Lightbend Play Framework

A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows.

5.0
2018-07-17 CVE-2018-14337 Mruby
Debian
Integer Overflow or Wraparound vulnerability in multiple products

The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length.

5.0
2018-07-16 CVE-2018-10857 GIT Annex Project
Debian
Information Exposure vulnerability in multiple products

git-annex is vulnerable to a private data exposure and exfiltration attack.

5.0
2018-07-16 CVE-2018-10859 GIT Annex Project
Debian
Information Exposure vulnerability in multiple products

git-annex is vulnerable to an Information Exposure when decrypting files.

5.0
2018-07-16 CVE-2018-0385 Cisco Improper Input Validation vulnerability in Cisco Firepower Management Center

A vulnerability in the detection engine parsing of Security Socket Layer (SSL) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting.

5.0
2018-07-16 CVE-2018-0384 Cisco Protection Mechanism Failure vulnerability in Cisco Firepower Management Center

A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a URL-based access control policy that is configured to block traffic for an affected system.

5.0
2018-07-16 CVE-2018-0383 Cisco Protection Mechanism Failure vulnerability in Cisco Firepower Management Center 6.2.2.1/6.2.3/6.3.0

A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the transfer of files to an affected system via FTP.

5.0
2018-07-16 CVE-2018-0370 Cisco Unspecified vulnerability in Cisco Firepower Management Center 6.1.0.7/6.2.0.5/6.2.2.2

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause one of the detection engine processes to run out of memory and thus slow down traffic processing.

5.0
2018-07-16 CVE-2018-0369 Cisco Improper Input Validation vulnerability in Cisco Staros

A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service (DoS) condition.

5.0
2018-07-16 CVE-2018-11717 Zohocorp Information Exposure Through Log Files vulnerability in Zohocorp Manageengine Desktop Central

An issue was discovered in Zoho ManageEngine Desktop Central before 100251.

5.0
2018-07-16 CVE-2018-11716 Zohocorp Information Exposure Through Log Files vulnerability in Zohocorp Manageengine Desktop Central

An issue was discovered in Zoho ManageEngine Desktop Central before 100230.

5.0
2018-07-16 CVE-2017-7468 Haxx Improper Certificate Validation vulnerability in Haxx Libcurl

In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed.

5.0
2018-07-16 CVE-2018-14089 Virgo Zodiactoken Project Improper Input Validation vulnerability in Virgo Zodiactoken Project Virgo Zodiactoken

An issue was discovered in a smart contract implementation for Virgo_ZodiacToken, an Ethereum token.

5.0
2018-07-16 CVE-2018-14085 Userwallet Project Improper Input Validation vulnerability in Userwallet Project Userwallet

An issue was discovered in a smart contract implementation for UserWallet 0x0a7bca9FB7AfF26c6ED8029BB6f0F5D291587c42, an Ethereum token.

5.0
2018-07-18 CVE-2018-3081 Oracle
Netapp
Canonical
Debian
Mariadb
Redhat
Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs).
4.9
2018-07-18 CVE-2018-3080 Oracle
Netapp
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).
4.9
2018-07-18 CVE-2018-3079 Oracle
Netapp
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB).
4.9
2018-07-18 CVE-2018-3078 Oracle
Netapp
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).
4.9
2018-07-18 CVE-2018-3075 Oracle
Netapp
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges).
4.9
2018-07-18 CVE-2018-3067 Oracle
Netapp
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication).
4.9
2018-07-18 CVE-2018-3066 Oracle
Netapp
Canonical
Debian
Mariadb
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options).
4.9
2018-07-18 CVE-2018-3049 Oracle Unspecified vulnerability in Oracle Flexcube Enterprise Limits and Collateral Management 12.3.0/14.0.0/14.1.0

Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure).

4.9
2018-07-18 CVE-2018-3048 Oracle Unspecified vulnerability in Oracle Banking Corporate Lending

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module).

4.9
2018-07-18 CVE-2018-3034 Oracle Unspecified vulnerability in Oracle Flexcube Investor Servicing

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure).

4.9
2018-07-18 CVE-2018-3026 Oracle Unspecified vulnerability in Oracle Banking Payments

Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core).

4.9
2018-07-18 CVE-2018-3019 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure).

4.9
2018-07-18 CVE-2018-2903 Oracle Unspecified vulnerability in Oracle Solaris 10.0/11.3

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel).

4.9
2018-07-18 CVE-2018-3057 Oracle Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT 8.7.13

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks).

4.6
2018-07-18 CVE-2018-2924 Oracle Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT 8.7.13

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks).

4.6
2018-07-18 CVE-2018-3090 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.4
2018-07-18 CVE-2018-3089 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.4
2018-07-18 CVE-2018-3088 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.4
2018-07-18 CVE-2018-3087 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.4
2018-07-18 CVE-2018-3086 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.4
2018-07-18 CVE-2018-3085 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.4
2018-07-18 CVE-2018-2956 Oracle Unspecified vulnerability in Oracle Hospitality Opera Property Management 5.5/5.5.1

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Integration).

4.4
2018-07-18 CVE-2018-2954 Oracle Unspecified vulnerability in Oracle Order Management

Vulnerability in the Oracle Order Management component of Oracle E-Business Suite (subcomponent: Product Diagnostic Tools).

4.4
2018-07-22 CVE-2018-14500 Joyplus CMS Project Cross-site Scripting vulnerability in Joyplus-Cms Project Joyplus-Cms 1.6.0

joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter.

4.3
2018-07-20 CVE-2018-5063 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-5061 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-5060 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-5056 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-5055 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-5054 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-5053 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-5051 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-5050 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-5049 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-5048 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-5047 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-5046 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-5044 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-5039 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-5035 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-5033 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-5031 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-5029 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-5027 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-5019 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-5018 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-5017 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-5016 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-5014 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-12803 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-12793 Adobe
Apple
Microsoft
Incorrect Type Conversion or Cast vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability.

4.3
2018-07-20 CVE-2018-12790 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-12789 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-12781 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-12780 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-12779 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-12777 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-12774 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-12764 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-12761 Adobe
Apple
Microsoft
Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability.

4.3
2018-07-20 CVE-2018-14471 GNU NULL Pointer Dereference vulnerability in GNU Libredwg

dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service (NULL pointer dereference and SEGV) via a crafted dwg file.

4.3
2018-07-20 CVE-2018-14448 Untrunc Project NULL Pointer Dereference vulnerability in Untrunc Project Untrunc 20180607

Codec::parse in track.cpp in Untrunc through 2018-06-07 has a NULL pointer dereference via a crafted MP4 file because of improper interaction with libav.

4.3
2018-07-20 CVE-2018-14445 Axiosys Infinite Loop vulnerability in Axiosys Bento4 1.5.1624

In Bento4 v1.5.1-624, AP4_File::ParseStream in Ap4File.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 file.

4.3
2018-07-20 CVE-2018-14443 GNU Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Libredwg

get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV).

4.3
2018-07-20 CVE-2018-14422 Sanscms Cross-site Scripting vulnerability in Sanscms 0.7

blog/index.php in SansCMS 0.7 has XSS via the q parameter.

4.3
2018-07-20 CVE-2018-14415 Icmsdev Cross-site Scripting vulnerability in Icmsdev Icms

An issue was discovered in idreamsoft iCMS before 7.0.10.

4.3
2018-07-20 CVE-2018-14437 Imagemagick
Canonical
Missing Release of Resource after Effective Lifetime vulnerability in multiple products

ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c.

4.3
2018-07-20 CVE-2018-14436 Imagemagick
Canonical
Missing Release of Resource after Effective Lifetime vulnerability in multiple products

ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c.

4.3
2018-07-20 CVE-2018-14435 Imagemagick
Canonical
Missing Release of Resource after Effective Lifetime vulnerability in multiple products

ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c.

4.3
2018-07-20 CVE-2018-14434 Imagemagick
Canonical
Missing Release of Resource after Effective Lifetime vulnerability in multiple products

ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c.

4.3
2018-07-19 CVE-2018-14395 Debian
Ffmpeg
Divide By Zero vulnerability in multiple products

libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format.

4.3
2018-07-19 CVE-2018-14394 Ffmpeg Divide By Zero vulnerability in Ffmpeg

libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file.

4.3
2018-07-19 CVE-2018-14392 Mybb Cross-site Scripting vulnerability in Mybb NEW Threads 1.0/1.1

The New Threads plugin before 1.2 for MyBB has XSS.

4.3
2018-07-18 CVE-2018-0401 Cisco Cross-site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

4.3
2018-07-18 CVE-2018-0400 Cisco Cross-site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

4.3
2018-07-18 CVE-2018-0396 Cisco Cross-site Scripting vulnerability in Cisco Unified Communications Manager IM and Presence Service 11.5/12.0

A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system.

4.3
2018-07-18 CVE-2018-0390 Cisco Cross-site Scripting vulnerability in Cisco Webex Meetings 2.0

A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based (DOM-based) cross-site scripting (XSS) attack against the user of the web interface of an affected system.

4.3
2018-07-18 CVE-2018-0380 Cisco Unspecified vulnerability in Cisco Webex Meetings Online

Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files.

4.3
2018-07-18 CVE-2018-7546 Kingsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Kingsoft Jinshan PDF and WPS Office

wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 allows remote attackers to cause a denial of service via a crafted pdf file.

4.3
2018-07-18 CVE-2018-8042 Apache Information Exposure Through an Error Message vulnerability in Apache Ambari

Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services.

4.3
2018-07-18 CVE-2018-14382 Instantcms Cross-site Scripting vulnerability in Instantcms 2.10.1

InstantCMS 2.10.1 has /redirect?url= XSS.

4.3
2018-07-18 CVE-2018-14380 Graylog Cross-site Scripting vulnerability in Graylog

In Graylog before 2.4.6, XSS was possible in typeahead components, related to components/common/TypeAheadInput.jsx and components/search/QueryInput.ts.

4.3
2018-07-18 CVE-2018-5232 Atlassian Cross-site Scripting vulnerability in Atlassian Jira

The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuetype parameter.

4.3
2018-07-18 CVE-2017-18103 Atlassian Improper Input Validation vulnerability in Atlassian Http Library

The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of application/mathml+xml.

4.3
2018-07-18 CVE-2018-2977 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker).

4.3
2018-07-18 CVE-2018-2973 Oracle
Redhat
Netapp
HP
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE).
4.3
2018-07-18 CVE-2018-2972 Oracle Unspecified vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security).

4.3
2018-07-18 CVE-2018-2968 Oracle Unspecified vulnerability in Oracle Primavera Unifier

Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core).

4.3
2018-07-18 CVE-2018-2966 Oracle Unspecified vulnerability in Oracle Primavera Unifier

Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core).

4.3
2018-07-18 CVE-2018-2959 Oracle Unspecified vulnerability in Oracle Siebel UI Framework 18.0

Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI).

4.3
2018-07-18 CVE-2018-2940 Oracle
HP
Redhat
Netapp
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).
4.3
2018-07-18 CVE-2018-2906 Oracle Unspecified vulnerability in Oracle Hardware Management Pack 11.3

Vulnerability in the Hardware Management Pack component of Oracle Sun Systems Products Suite (subcomponent: Ipmitool).

4.3
2018-07-18 CVE-2018-2901 Oracle Unspecified vulnerability in Oracle Solaris 10.0/11.2

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel).

4.3
2018-07-18 CVE-2018-2598 Oracle Unspecified vulnerability in Oracle Mysql Workbench

Vulnerability in the MySQL Workbench component of Oracle MySQL (subcomponent: Workbench: Security: Encryption).

4.3
2018-07-17 CVE-2018-14347 Debian
GNU
Infinite Loop vulnerability in multiple products

GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c).

4.3
2018-07-17 CVE-2018-14333 Teamviewer Information Exposure vulnerability in Teamviewer

TeamViewer through 13.1.1548 stores a password in Unicode format within TeamViewer.exe process memory between "[00 88] and "[00 00 00]" delimiters, which might make it easier for attackers to obtain sensitive information by leveraging an unattended workstation on which TeamViewer has disconnected but remains running.

4.3
2018-07-16 CVE-2017-17541 Fortinet Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.

4.3
2018-07-16 CVE-2018-0366 Cisco Cross-site Scripting vulnerability in Cisco web Security Appliance 10.1.2003/10.5.1276

A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

4.3
2018-07-16 CVE-2018-0361 Clamav
Debian
Improper Input Validation vulnerability in multiple products

ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.

4.3
2018-07-16 CVE-2018-0360 Clamav
Canonical
Debian
Integer Overflow or Wraparound vulnerability in multiple products

ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file.

4.3
2018-07-16 CVE-2018-13387 Atlassian Cross-site Scripting vulnerability in Atlassian Jira

The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter as the fix for CVE-2017-18039 was incomplete.

4.3
2018-07-20 CVE-2018-1470 IBM Information Exposure vulnerability in IBM Sterling File Gateway 2.2.0.0

IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote authenticated attacker to obtain sensitive information displayed in the URL that could lead to further attacks against the system.

4.0
2018-07-20 CVE-2017-1633 IBM Information Exposure vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator 5.2 through 5.2.6 could allow an authenticated attacker to obtain sensitive variable name information using specially crafted HTTP requests.

4.0
2018-07-19 CVE-2018-1587 IBM Information Exposure vulnerability in IBM products

IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 could reveal technical error messages to allow an adversary to gain information about the application and database that could be used to conduct further attacks.

4.0
2018-07-18 CVE-2018-0393 Cisco Unspecified vulnerability in Cisco products

A Read-Only User Effect Change vulnerability in the Policy Builder interface of Cisco Policy Suite could allow an authenticated, remote attacker to make policy changes in the Policy Builder interface.

4.0
2018-07-18 CVE-2018-3105 Oracle Unspecified vulnerability in Oracle SOA Suite

Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middleware (subcomponent: Health Care FastPath).

4.0
2018-07-18 CVE-2018-3077 Oracle
Netapp
Canonical
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).
4.0
2018-07-18 CVE-2018-3076 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise CS Financial AID 9.0/9.2

Vulnerability in the PeopleSoft Enterprise CS Financial Aid component of Oracle PeopleSoft Products (subcomponent: ISIR Processing).

4.0
2018-07-18 CVE-2018-3071 Oracle
Netapp
Canonical
Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log).

4.0
2018-07-18 CVE-2018-3070 Oracle
Netapp
Canonical
Debian
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump).
4.0
2018-07-18 CVE-2018-3069 Oracle Unspecified vulnerability in Oracle Agile Product Lifecycle Management for Process 6.2.0.0

Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: Installation).

4.0
2018-07-18 CVE-2018-3065 Oracle
Netapp
Canonical
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML).
4.0
2018-07-18 CVE-2018-3063 Oracle
Debian
Netapp
Canonical
Mariadb
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges).
4.0
2018-07-18 CVE-2018-3061 Oracle
Netapp
Canonical
Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML).

4.0
2018-07-18 CVE-2018-3058 Oracle
Netapp
Canonical
Debian
Mariadb
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM).
4.0
2018-07-18 CVE-2018-3056 Oracle
Netapp
Canonical
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges).
4.0
2018-07-18 CVE-2018-3054 Oracle
Netapp
Canonical
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).
4.0
2018-07-18 CVE-2018-3041 Oracle Unspecified vulnerability in Oracle Flexcube Enterprise Limits and Collateral Management 12.3.0/14.0.0/14.1.0

Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure).

4.0
2018-07-18 CVE-2018-3040 Oracle Unspecified vulnerability in Oracle Banking Corporate Lending

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module).

4.0
2018-07-18 CVE-2018-3030 Oracle Unspecified vulnerability in Oracle Flexcube Investor Servicing

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure).

4.0
2018-07-18 CVE-2018-3022 Oracle Unspecified vulnerability in Oracle Banking Payments

Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core).

4.0
2018-07-18 CVE-2018-3014 Oracle Unspecified vulnerability in Oracle Hospitality Opera Property Management 5.5/5.5.1

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Reports).

4.0
2018-07-18 CVE-2018-3013 Oracle Unspecified vulnerability in Oracle Hospitality Opera Property Management 5.5/5.5.1

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Report Server Config).

4.0
2018-07-18 CVE-2018-2988 Oracle Unspecified vulnerability in Oracle Marketing

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Products).

4.0
2018-07-18 CVE-2018-2979 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure).

4.0
2018-07-18 CVE-2018-2970 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search Functionality).

4.0
2018-07-18 CVE-2018-2969 Oracle Unspecified vulnerability in Oracle Primavera Unifier

Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core).

4.0
2018-07-18 CVE-2018-2963 Oracle Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access).

4.0
2018-07-18 CVE-2018-2947 Oracle Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime).

4.0
2018-07-18 CVE-2018-2927 Oracle Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT 8.7.13

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: HTTP data path subsystems).

4.0
2018-07-18 CVE-2018-2925 Oracle Unspecified vulnerability in Oracle Business Intelligence Publisher

Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Server).

4.0
2018-07-18 CVE-2018-2916 Oracle Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT 8.7.13

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks).

4.0
2018-07-18 CVE-2018-2882 Oracle Unspecified vulnerability in Oracle Micros Retail-J

Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Interfaces).

4.0
2018-07-18 CVE-2018-10871 Fedoraproject
Debian
Cleartext Storage of Sensitive Information vulnerability in multiple products

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information.

4.0
2018-07-17 CVE-2018-0706 Qnap Unspecified vulnerability in Qnap Q'Center

Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information.

4.0

47 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-07-18 CVE-2018-2952 Oracle
Debian
Canonical
HP
Redhat
Netapp
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency).
3.7
2018-07-18 CVE-2018-2888 Oracle Unspecified vulnerability in Oracle Micros Retail-J

Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office).

3.7
2018-07-20 CVE-2014-4150 S48 Link Following vulnerability in S48 Scheme48

The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to arbitrary files via a symlink attack on /tmp/s48lose.tmp.

3.6
2018-07-18 CVE-2018-2962 Oracle Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access).

3.6
2018-07-18 CVE-2018-2939 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Core RDBMS component of Oracle Database Server.

3.6
2018-07-20 CVE-2018-1563 IBM Cross-site Scripting vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) is vulnerable to cross-site scripting.

3.5
2018-07-20 CVE-2018-14419 Metinfo Cross-site Scripting vulnerability in Metinfo 6.0.0

MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page.

3.5
2018-07-19 CVE-2018-1585 IBM Cross-site Scripting vulnerability in IBM products

IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting.

3.5
2018-07-19 CVE-2018-1536 IBM Cross-site Scripting vulnerability in IBM products

IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting.

3.5
2018-07-19 CVE-2018-1535 IBM Cross-site Scripting vulnerability in IBM products

IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting.

3.5
2018-07-19 CVE-2018-1529 IBM Cross-site Scripting vulnerability in IBM products

IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through 6.0.5 and IBM Rational Requirements Composer 5.0 through 5.0.2 are vulnerable to cross-site scripting.

3.5
2018-07-18 CVE-2018-14388 Joyplus CMS Project Cross-site Scripting vulnerability in Joyplus-Cms Project Joyplus-Cms 1.6.0

joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_device array parameter.

3.5
2018-07-18 CVE-2018-14082 Freelancewebdesignerchennai Cross-site Scripting vulnerability in Freelancewebdesignerchennai JOB Portal 3.0.1

PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has Cross-site Scripting (XSS) via the search bar.

3.5
2018-07-18 CVE-2018-12429 Jeesns Cross-site Scripting vulnerability in Jeesns 1.2.1

JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie.

3.5
2018-07-18 CVE-2018-3062 Oracle
Netapp
Canonical
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached).
3.5
2018-07-18 CVE-2018-3047 Oracle Unspecified vulnerability in Oracle Flexcube Enterprise Limits and Collateral Management 12.3.0/14.0.0/14.1.0

Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure).

3.5
2018-07-18 CVE-2018-3046 Oracle Unspecified vulnerability in Oracle Banking Corporate Lending

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module).

3.5
2018-07-18 CVE-2018-3033 Oracle Unspecified vulnerability in Oracle Flexcube Investor Servicing

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure).

3.5
2018-07-18 CVE-2018-3025 Oracle Unspecified vulnerability in Oracle Banking Payments

Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core).

3.5
2018-07-18 CVE-2018-3004 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Java VM component of Oracle Database Server.

3.5
2018-07-18 CVE-2018-2982 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure).

3.5
2018-07-18 CVE-2018-2767 Oracle
Debian
Canonical
Redhat
Mariadb
Netapp
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption).
3.5
2018-07-16 CVE-2018-13832 Techotronic Cross-site Scripting vulnerability in ONE Favicon

Multiple Persistent cross-site scripting (XSS) issues in the Techotronic all-in-one-favicon (aka All In One Favicon) plugin 4.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via Apple-Text, GIF-Text, ICO-Text, PNG-Text, or JPG-Text.

3.5
2018-07-16 CVE-2018-5229 Atlassian Cross-site Scripting vulnerability in Atlassian Universal Plugin Manager

The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names.

3.5
2018-07-18 CVE-2018-3055 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

3.3
2018-07-17 CVE-2018-14329 Htslib Race Condition vulnerability in Htslib 1.8

In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack.

3.3
2018-07-18 CVE-2018-3084 Oracle
Netapp
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Core / Client).
2.8
2018-07-18 CVE-2018-3082 Oracle
Netapp
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).
2.7
2018-07-20 CVE-2018-1564 IBM Information Exposure vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow a local user with administrator privileges to obtain user passwords found in debugging messages.

2.1
2018-07-20 CVE-2017-1575 IBM Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Sterling File Gateway 2.2.0.0

IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) uses weaker than expected cryptographic algorithms that could allow a local attacker to decrypt highly sensitive information.

2.1
2018-07-20 CVE-2017-1544 IBM Information Exposure vulnerability in IBM Sterling File Gateway 2.2.0.0

IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) caches usernames and passwords in browsers that could be used by a local attacker to obtain sensitive information.

2.1
2018-07-19 CVE-2018-5540 F5 Incorrect Permission Assignment for Critical Resource vulnerability in F5 products

On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up.

2.1
2018-07-18 CVE-2018-0392 Cisco Incorrect Permission Assignment for Critical Resource vulnerability in Cisco products

A vulnerability in the CLI of Cisco Policy Suite could allow an authenticated, local attacker to access files owned by another user.

2.1
2018-07-18 CVE-2018-3005 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

2.1
2018-07-18 CVE-2018-3003 Oracle Unspecified vulnerability in Oracle Hospitality Cruise Fleet Management 9.0

Vulnerability in the Oracle Hospitality Cruise Fleet Management System component of Oracle Hospitality Applications (subcomponent: Fleet Management System Suite).

2.1
2018-07-18 CVE-2018-3002 Oracle Unspecified vulnerability in Oracle Hospitality Cruise Fleet Management 9.0

Vulnerability in the Oracle Hospitality Cruise Fleet Management System component of Oracle Hospitality Applications (subcomponent: Fleet Management System Suite).

2.1
2018-07-18 CVE-2018-3001 Oracle Unspecified vulnerability in Oracle Hospitality Cruise Shipboard Property Management System 8.0

Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: SPMS Suite).

2.1
2018-07-18 CVE-2018-3000 Oracle Unspecified vulnerability in Oracle Hospitality Cruise Shipboard Property Management System 8.0

Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: SPMS Suite).

2.1
2018-07-18 CVE-2018-2967 Oracle Unspecified vulnerability in Oracle Primavera Unifier

Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core).

2.1
2018-07-18 CVE-2018-2951 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Configuration Manager).

2.1
2018-07-18 CVE-2018-2923 Oracle Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT 8.7.13

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Services).

2.1
2018-07-16 CVE-2018-0368 Cisco Unspecified vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module 1.1Base

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, local attacker to access sensitive information on an affected system.

2.1
2018-07-16 CVE-2018-13980 Zeta Producer Path Traversal vulnerability in Zeta-Producer Zeta Producer

The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated file disclosure if the plugin "filebrowser" is installed, because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal.

2.1
2018-07-16 CVE-2014-2079 X File Explorer Project
Debian
Permissions, Privileges, and Access Controls vulnerability in multiple products

X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba and NFS shares.

2.1
2018-07-19 CVE-2018-14332 Clementine Player NULL Pointer Dereference vulnerability in Clementine-Player Clementine 1.3.1

An issue was discovered in Clementine Music Player 1.3.1.

1.9
2018-07-18 CVE-2018-3091 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

1.9
2018-07-16 CVE-2013-0522 IBM Information Exposure vulnerability in IBM Lotus Notes

The Notes Client Single Logon feature in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3, and 9.0 on Windows allows local users to discover passwords via vectors involving an unspecified operating system communication mechanism for password transmission between Windows and Notes.

1.9