Weekly Vulnerabilities Reports > July 16 to 22, 2018
Overview
546 new vulnerabilities reported during this period, including 43 critical vulnerabilities and 79 high severity vulnerabilities. This weekly summary report vulnerabilities in 421 products from 107 vendors including Oracle, Adobe, Microsoft, Apple, and Debian. Vulnerabilities are notably categorized as "Out-of-bounds Read", "Out-of-bounds Write", "Cross-site Scripting", "Improper Input Validation", and "Use After Free".
- 494 reported vulnerabilities are remotely exploitables.
- 22 reported vulnerabilities have public exploit available.
- 65 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 426 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 206 reported vulnerabilities.
- Adobe has the most reported critical vulnerabilities, with 21 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
43 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-07-20 | CVE-2018-5070 | Adobe Apple Microsoft | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. | 10.0 |
2018-07-20 | CVE-2018-5069 | Adobe Apple Microsoft | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. | 10.0 |
2018-07-20 | CVE-2018-5064 | Adobe Apple Microsoft | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. | 10.0 |
2018-07-20 | CVE-2018-5021 | Adobe Apple Microsoft | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. | 10.0 |
2018-07-20 | CVE-2018-5011 | Adobe Apple Microsoft | Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. | 10.0 |
2018-07-20 | CVE-2018-5009 | Adobe Apple Microsoft | Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. | 10.0 |
2018-07-20 | CVE-2018-12815 | Adobe Apple Microsoft | Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. | 10.0 |
2018-07-20 | CVE-2018-12812 | Adobe Apple Microsoft | Incorrect Type Conversion or Cast vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions have a Type Confusion vulnerability. | 10.0 |
2018-07-20 | CVE-2018-12802 | Adobe Apple Microsoft | Unspecified vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Security Bypass vulnerability. | 10.0 |
2018-07-20 | CVE-2018-12798 | Adobe Apple Microsoft | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. | 10.0 |
2018-07-20 | CVE-2018-12792 | Adobe Apple Microsoft | Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. | 10.0 |
2018-07-20 | CVE-2018-12791 | Adobe Apple Microsoft | Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. | 10.0 |
2018-07-20 | CVE-2018-12787 | Adobe Apple Microsoft | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. | 10.0 |
2018-07-20 | CVE-2018-12782 | Adobe Apple Microsoft | Double Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Double Free vulnerability. | 10.0 |
2018-07-20 | CVE-2018-12760 | Adobe Apple Microsoft | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. | 10.0 |
2018-07-20 | CVE-2018-12758 | Adobe Apple Microsoft | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. | 10.0 |
2018-07-20 | CVE-2018-12756 | Adobe Apple Microsoft | Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. | 10.0 |
2018-07-20 | CVE-2018-12755 | Adobe Apple Microsoft | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. | 10.0 |
2018-07-20 | CVE-2018-12754 | Adobe Apple Microsoft | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. | 10.0 |
2018-07-18 | CVE-2018-0375 | Cisco | Use of Hard-coded Credentials vulnerability in Cisco Mobility Services Engine and Policy Suite A vulnerability in the Cluster Manager of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials. | 10.0 |
2018-07-18 | CVE-2018-0349 | Cisco | OS Command Injection vulnerability in Cisco products A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. | 10.0 |
2018-07-17 | CVE-2018-13861 | Trivum | Unspecified vulnerability in Trivum Webtouch Setup V9 Firmware 2.53 Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example. | 10.0 |
2018-07-17 | CVE-2018-13858 | Trivum | Unspecified vulnerability in Trivum C4 Professional Firmware 8.76 MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example. | 10.0 |
2018-07-16 | CVE-2018-14324 | Oracle | Use of Hard-coded Credentials vulnerability in Oracle Glassfish Server 5.0 The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. | 10.0 |
2018-07-20 | CVE-2018-8018 | Apache | Deserialization of Untrusted Data vulnerability in Apache Ignite In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. | 9.8 |
2018-07-19 | CVE-2018-10620 | Aveva | Out-of-bounds Write vulnerability in Aveva Indusoft web Studio and Intouch Machine 2017 AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed. | 9.8 |
2018-07-19 | CVE-2018-7602 | Drupal Debian | A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. | 9.8 |
2018-07-19 | CVE-2018-14403 | Techsmith | Incorrect Type Conversion or Cast vulnerability in Techsmith Mp4V2 2.0.0 MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to use of an inappropriate data type for associated atoms. | 9.8 |
2018-07-19 | CVE-2018-14399 | Phpcms Project | Code Injection vulnerability in PHPcms Project PHPcms 9.6.0 libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php#.jpg URI in the SRC attribute of an IMG element within info[content] JSON data to the index.php?m=member&c=index&a=register URI. | 9.8 |
2018-07-16 | CVE-2018-14071 | Cyberhobo | Improper Input Validation vulnerability in Cyberhobo GEO Mashup The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input. | 9.8 |
2018-07-20 | CVE-2018-12797 | Adobe Apple Microsoft | Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. | 9.3 |
2018-07-20 | CVE-2018-12796 | Adobe Apple Microsoft | Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. | 9.3 |
2018-07-18 | CVE-2018-0387 | Cisco | Improper Input Validation vulnerability in Cisco Webex Teams A vulnerability in Cisco Webex Teams (for Windows and macOS) could allow an unauthenticated, remote attacker to execute arbitrary code on the user's device, possibly with elevated privileges. | 9.3 |
2018-07-18 | CVE-2018-10616 | ABB | Improper Input Validation vulnerability in ABB Panel Builder 800 ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used. | 9.3 |
2018-07-16 | CVE-2018-1046 | Powerdns | Out-of-bounds Write vulnerability in Powerdns Pdns pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. | 9.3 |
2018-07-18 | CVE-2018-0350 | Cisco | Command Injection vulnerability in Cisco products A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. | 9.0 |
2018-07-18 | CVE-2018-0348 | Cisco | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. | 9.0 |
2018-07-18 | CVE-2018-0345 | Cisco | Argument Injection or Modification vulnerability in Cisco products A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. | 9.0 |
2018-07-17 | CVE-2018-0710 | Qnap | OS Command Injection vulnerability in Qnap Q'Center Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | 9.0 |
2018-07-17 | CVE-2018-0709 | Qnap | OS Command Injection vulnerability in Qnap Q'Center Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | 9.0 |
2018-07-17 | CVE-2018-0708 | Qnap | OS Command Injection vulnerability in Qnap Q'Center Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | 9.0 |
2018-07-17 | CVE-2018-0707 | Qnap | OS Command Injection vulnerability in Qnap Q'Center Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | 9.0 |
2018-07-16 | CVE-2018-0341 | Cisco | OS Command Injection vulnerability in Cisco IP Phone Multiplatform Firmware 11.1(2) A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. | 9.0 |
79 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-07-20 | CVE-2018-14446 | Techsmith | Out-of-bounds Write vulnerability in Techsmith Mp4V2 2.1.0 MP4Integer32Property::Read in atom_avcC.cpp in MP4v2 2.1.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted MP4 file. | 8.8 |
2018-07-18 | CVE-2018-2928 | Oracle | Unspecified vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RAD). | 8.8 |
2018-07-18 | CVE-2018-14379 | Techsmith | Incorrect Type Conversion or Cast vulnerability in Techsmith Mp4V2 2.0.0 MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certain case where MP4DataAtom is required, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted MP4 file, because access to the data structure has different expectations about layout as a result of this type confusion. | 8.8 |
2018-07-16 | CVE-2018-14326 | Techsmith | Integer Overflow or Wraparound vulnerability in Techsmith Mp4V2 2.0.0 In MP4v2 2.0.0, there is an integer overflow (with resultant memory corruption) when resizing MP4Array for the ftyp atom in mp4array.h. | 8.8 |
2018-07-16 | CVE-2018-14325 | Techsmith | Integer Underflow (Wrap or Wraparound) vulnerability in Techsmith Mp4V2 2.0.0 In MP4v2 2.0.0, there is an integer underflow (with resultant memory corruption) when parsing MP4Atom in mp4atom.cpp. | 8.8 |
2018-07-18 | CVE-2018-2942 | Oracle Netapp | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). | 8.3 |
2018-07-18 | CVE-2018-2926 | Oracle | Unspecified vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NVIDIA-GFX Kernel driver). | 8.0 |
2018-07-19 | CVE-2018-3871 | Acdsystems | Out-of-bounds Write vulnerability in Acdsystems Canvas Draw 4.0.0 An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. | 7.8 |
2018-07-19 | CVE-2018-3870 | Acdsystems | Out-of-bounds Write vulnerability in Acdsystems Canvas Draw 4.0.0 An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. | 7.8 |
2018-07-19 | CVE-2018-3860 | Acdsystems | Out-of-bounds Write vulnerability in Acdsystems Canvas Draw 4.0.0 An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. | 7.8 |
2018-07-19 | CVE-2018-3859 | Acdsystems | Out-of-bounds Write vulnerability in Acdsystems Canvas Draw 4.0.0 An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. | 7.8 |
2018-07-19 | CVE-2018-3858 | Acdsystems | Out-of-bounds Write vulnerability in Acdsystems Canvas Draw 4.0.0 An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. | 7.8 |
2018-07-19 | CVE-2018-3857 | Acdsystems | Out-of-bounds Write vulnerability in Acdsystems Canvas Draw 4.0.0 An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. | 7.8 |
2018-07-18 | CVE-2018-0372 | Cisco | Resource Exhaustion vulnerability in Cisco Nx-Os 13.0(1K) A vulnerability in the DHCPv6 feature of the Cisco Nexus 9000 Series Fabric Switches in Application-Centric Infrastructure (ACI) Mode could allow an unauthenticated, remote attacker to cause the device to run low on system memory, which could result in a Denial of Service (DoS) condition on an affected system. | 7.8 |
2018-07-18 | CVE-2018-0346 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.8 |
2018-07-22 | CVE-2018-14501 | Joyplus Project | SQL Injection vulnerability in Joyplus Project Joyplus-Cms 1.6.0 manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "m_id=1 AND SLEEP(5)" substring. | 7.5 |
2018-07-20 | CVE-2018-12805 | Adobe | Uncontrolled Search Path Element vulnerability in Adobe Connect Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability. | 7.5 |
2018-07-20 | CVE-2018-12804 | Adobe | Improper Authentication vulnerability in Adobe Connect Adobe Connect versions 9.7.5 and earlier have an Authentication Bypass vulnerability. | 7.5 |
2018-07-20 | CVE-2018-12785 | Adobe Apple Microsoft | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. | 7.5 |
2018-07-20 | CVE-2018-12784 | Adobe Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. | 7.5 |
2018-07-20 | CVE-2018-14442 | Foxitsoftware | Use After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free that leads to Remote Code Execution, aka V-88f4smlocs. | 7.5 |
2018-07-20 | CVE-2018-14418 | Msvod | SQL Injection vulnerability in Msvod CMS 10 In Msvod Cms v10, SQL Injection exists via an images/lists?cid= URI. | 7.5 |
2018-07-20 | CVE-2018-14441 | SSH Companywebsite Project | Unrestricted Upload of File with Dangerous Type vulnerability in SSH Companywebsite Project SSH Companywebsite An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. | 7.5 |
2018-07-20 | CVE-2018-14440 | SSH Companywebsite Project | SQL Injection vulnerability in SSH Companywebsite Project SSH Companywebsite An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. | 7.5 |
2018-07-19 | CVE-2018-10870 | Redhat | Improper Input Validation vulnerability in Redhat Certification redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. | 7.5 |
2018-07-19 | CVE-2018-10869 | Redhat | Files or Directories Accessible to External Parties vulnerability in Redhat Certification and Enterprise Linux redhat-certification does not properly restrict files that can be download through the /download page. | 7.5 |
2018-07-19 | CVE-2014-2302 | Webedition | Code Injection vulnerability in Webedition CMS 6.2.7.0/6.3.3.0/6.3.8 The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org. | 7.5 |
2018-07-19 | CVE-2018-12911 | Webkitgtk Canonical | Out-of-bounds Write vulnerability in multiple products WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c. | 7.5 |
2018-07-19 | CVE-2017-7481 | Redhat Canonical Debian | Improper Input Validation vulnerability in multiple products Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. | 7.5 |
2018-07-19 | CVE-2018-14370 | Wireshark | Out-of-bounds Read vulnerability in Wireshark In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. | 7.5 |
2018-07-19 | CVE-2018-14369 | Wireshark Debian | Improper Input Validation vulnerability in multiple products In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. | 7.5 |
2018-07-19 | CVE-2018-14368 | Wireshark Debian | Infinite Loop vulnerability in multiple products In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. | 7.5 |
2018-07-19 | CVE-2018-14367 | Wireshark | Unchecked Return Value vulnerability in Wireshark In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. | 7.5 |
2018-07-19 | CVE-2018-14344 | Wireshark | Out-of-bounds Read vulnerability in Wireshark In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. | 7.5 |
2018-07-19 | CVE-2018-14343 | Wireshark Debian | Integer Overflow or Wraparound vulnerability in multiple products In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. | 7.5 |
2018-07-19 | CVE-2018-14342 | Wireshark Debian | Excessive Iteration vulnerability in multiple products In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. | 7.5 |
2018-07-19 | CVE-2018-14341 | Wireshark Debian | Infinite Loop vulnerability in multiple products In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. | 7.5 |
2018-07-19 | CVE-2018-14340 | Wireshark Debian | Out-of-bounds Read vulnerability in multiple products In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. | 7.5 |
2018-07-19 | CVE-2018-14339 | Wireshark Debian | Infinite Loop vulnerability in multiple products In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. | 7.5 |
2018-07-18 | CVE-2018-0398 | Cisco | Server-Side Request Forgery (SSRF) vulnerability in Cisco Finesse 11.5(1) Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack. | 7.5 |
2018-07-18 | CVE-2018-0377 | Cisco | Missing Authentication for Critical Function vulnerability in Cisco Mobility Services Engine and Policy Suite A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. | 7.5 |
2018-07-18 | CVE-2018-0376 | Cisco | Missing Authentication for Critical Function vulnerability in Cisco Mobility Services Engine and Policy Suite A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy Builder interface. | 7.5 |
2018-07-18 | CVE-2018-0374 | Cisco | Missing Authentication for Critical Function vulnerability in Cisco Mobility Services Engine 14.0.0 A vulnerability in the Policy Builder database of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database. | 7.5 |
2018-07-18 | CVE-2018-14389 | Joyplus CMS Project | SQL Injection vulnerability in Joyplus-Cms Project Joyplus-Cms 1.6.0 joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val parameter. | 7.5 |
2018-07-18 | CVE-2018-14364 | Gitlab | Path Traversal vulnerability in Gitlab GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component. | 7.5 |
2018-07-18 | CVE-2018-8011 | Apache Netapp | NULL Pointer Dereference vulnerability in multiple products By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. | 7.5 |
2018-07-18 | CVE-2018-2943 | Oracle | Unspecified vulnerability in Oracle Fusion Middleware Mapviewer 12.2.1.2.0/12.2.1.3.0 Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). | 7.5 |
2018-07-18 | CVE-2018-2930 | Oracle | Unspecified vulnerability in Oracle Solaris Cluster 3.3/4.3 Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). | 7.5 |
2018-07-18 | CVE-2018-2894 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). | 7.5 |
2018-07-18 | CVE-2018-2893 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). | 7.5 |
2018-07-17 | CVE-2018-14362 | Mutt Neomutt Canonical Debian Redhat | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. | 7.5 |
2018-07-17 | CVE-2018-14361 | Debian Neomutt | Improper Input Validation vulnerability in multiple products An issue was discovered in NeoMutt before 2018-07-16. | 7.5 |
2018-07-17 | CVE-2018-14360 | Debian Neomutt | Out-of-bounds Write vulnerability in multiple products An issue was discovered in NeoMutt before 2018-07-16. | 7.5 |
2018-07-17 | CVE-2018-14359 | Mutt Neomutt Canonical Debian | Classic Buffer Overflow vulnerability in multiple products An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. | 7.5 |
2018-07-17 | CVE-2018-14358 | Mutt Neomutt Canonical Debian | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. | 7.5 |
2018-07-17 | CVE-2018-14357 | Mutt Neomutt Canonical Debian Redhat | OS Command Injection vulnerability in multiple products An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. | 7.5 |
2018-07-17 | CVE-2018-14356 | Debian Mutt Neomutt Canonical | Access of Uninitialized Pointer vulnerability in multiple products An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. | 7.5 |
2018-07-17 | CVE-2018-14354 | Mutt Neomutt Canonical Debian Redhat | OS Command Injection vulnerability in multiple products An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. | 7.5 |
2018-07-17 | CVE-2018-14353 | Mutt Neomutt Canonical Debian | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. | 7.5 |
2018-07-17 | CVE-2018-14352 | Mutt Neomutt Canonical Debian | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. | 7.5 |
2018-07-17 | CVE-2018-14351 | Mutt Neomutt Canonical Debian | Improper Input Validation vulnerability in multiple products An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. | 7.5 |
2018-07-17 | CVE-2018-14350 | Mutt Neomutt Debian Canonical | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. | 7.5 |
2018-07-17 | CVE-2018-14349 | Debian Mutt Neomutt Canonical | Improper Input Validation vulnerability in multiple products An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. | 7.5 |
2018-07-17 | CVE-2018-13862 | Trivum | Unspecified vulnerability in Trivum Webtouch Setup V9 Firmware 2.53 Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization). | 7.5 |
2018-07-17 | CVE-2018-13859 | Trivum | Unspecified vulnerability in Trivum C4 Professional Firmware 8.76 MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization). | 7.5 |
2018-07-17 | CVE-2018-14334 | Joyplus CMS Project | Unrestricted Upload of File with Dangerous Type vulnerability in Joyplus-Cms Project Joyplus-Cms 1.6.0 manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of control. | 7.5 |
2018-07-16 | CVE-2018-12584 | Resiprocate Debian | Classic Buffer Overflow vulnerability in multiple products The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service (buffer overflow) or possibly execute arbitrary code when TLS communication is enabled. | 7.5 |
2018-07-16 | CVE-2018-13981 | Zeta Producer | Unrestricted Upload of File with Dangerous Type vulnerability in Zeta-Producer Zeta Producer Desktop CMS The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated remote code execution due to a default component that permits arbitrary upload of PHP files, because the formmailer widget blocks .php files but not .php5 or .phtml files. | 7.5 |
2018-07-16 | CVE-2018-14088 | Stex White List Project | Integer Overflow or Wraparound vulnerability in Stex White List Project Stex White List An issue was discovered in a smart contract implementation for STeX White List (STE(WL)), an Ethereum token. | 7.5 |
2018-07-16 | CVE-2018-14087 | Encryptedtoken Project | Integer Overflow or Wraparound vulnerability in Encryptedtoken Project Encryptedtoken An issue was discovered in a smart contract implementation for EUC (EUC), an Ethereum token. | 7.5 |
2018-07-16 | CVE-2018-14086 | Mytoken Project | Integer Overflow or Wraparound vulnerability in Mytoken Project Mytoken An issue was discovered in a smart contract implementation for SingaporeCoinOrigin (SCO), an Ethereum token. | 7.5 |
2018-07-16 | CVE-2018-14084 | Myadvancedtoken Project | Integer Overflow or Wraparound vulnerability in Myadvancedtoken Project Myadvancedtoken An issue was discovered in a smart contract implementation for MKCB, an Ethereum token. | 7.5 |
2018-07-19 | CVE-2018-9062 | Lenovo | Injection vulnerability in Lenovo products In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code. | 7.2 |
2018-07-19 | CVE-2017-2673 | Redhat | Incorrect Authorization vulnerability in Redhat Openstack 10/9 An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). | 7.2 |
2018-07-18 | CVE-2018-0351 | Cisco | Command Injection vulnerability in Cisco products A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 7.2 |
2018-07-18 | CVE-2018-0347 | Cisco | Command Injection vulnerability in Cisco products A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 7.2 |
2018-07-18 | CVE-2018-0342 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. | 7.2 |
2018-07-18 | CVE-2018-2892 | Oracle | Unspecified vulnerability in Oracle Solaris 10.0/11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Availability Suite Service). | 7.2 |
2018-07-16 | CVE-2018-5239 | Symantec | Unspecified vulnerability in Symantec Norton APP Lock Norton App Lock prior to v1.3.0.332 can be susceptible to a bypass exploit. | 7.2 |
377 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-07-22 | CVE-2018-14505 | Mitmproxy | Improper Input Validation vulnerability in Mitmproxy 4.0.3 mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to tools/web/app.py. | 6.8 |
2018-07-20 | CVE-2018-5067 | Adobe Apple Microsoft | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. | 6.8 |
2018-07-20 | CVE-2018-5065 | Adobe Apple Microsoft | Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. | 6.8 |
2018-07-20 | CVE-2018-5059 | Adobe Apple Microsoft | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. | 6.8 |
2018-07-20 | CVE-2018-5058 | Adobe Apple Microsoft | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. | 6.8 |
2018-07-20 | CVE-2018-5057 | Adobe Apple Microsoft | Incorrect Type Conversion or Cast vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability. | 6.8 |
2018-07-20 | CVE-2018-5052 | Adobe Apple Microsoft | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. | 6.8 |
2018-07-20 | CVE-2018-5045 | Adobe Apple Microsoft | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. | 6.8 |
2018-07-20 | CVE-2018-5043 | Adobe Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. | 6.8 |
2018-07-20 | CVE-2018-5042 | Adobe Apple Microsoft | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. | 6.8 |
2018-07-20 | CVE-2018-5041 | Adobe Apple Microsoft | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. | 6.8 |
2018-07-20 | CVE-2018-5040 | Adobe Apple Microsoft | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. | 6.8 |
2018-07-20 | CVE-2018-5038 | Adobe Apple Microsoft | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. | 6.8 |
2018-07-20 | CVE-2018-5037 | Adobe Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. | 6.8 |
2018-07-20 | CVE-2018-5036 | Adobe Apple Microsoft | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. | 6.8 |
2018-07-20 | CVE-2018-5034 | Adobe Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. | 6.8 |
2018-07-20 | CVE-2018-5032 | Adobe Apple Microsoft | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. | 6.8 |
2018-07-20 | CVE-2018-5030 | Adobe Apple Microsoft | NULL Pointer Dereference vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability. | 6.8 |
2018-07-20 | CVE-2018-5028 | Adobe Apple Microsoft | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. | 6.8 |
2018-07-20 | CVE-2018-5020 | Adobe Apple Microsoft | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. | 6.8 |
2018-07-20 | CVE-2018-5015 | Adobe Apple Microsoft | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. | 6.8 |
2018-07-20 | CVE-2018-5012 | Adobe Apple Microsoft | NULL Pointer Dereference vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability. | 6.8 |
2018-07-20 | CVE-2018-5007 | Adobe Apple Linux Microsoft Redhat | Incorrect Type Conversion or Cast vulnerability in multiple products Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusion vulnerability. | 6.8 |
2018-07-20 | CVE-2018-12794 | Adobe Apple Microsoft | Incorrect Type Conversion or Cast vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability. | 6.8 |
2018-07-20 | CVE-2018-12788 | Adobe Apple Microsoft | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. | 6.8 |
2018-07-20 | CVE-2018-12783 | Adobe Apple Microsoft | Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. | 6.8 |
2018-07-20 | CVE-2018-12776 | Adobe Apple Microsoft | Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. | 6.8 |
2018-07-20 | CVE-2018-12773 | Adobe Apple Microsoft | Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. | 6.8 |
2018-07-20 | CVE-2018-12772 | Adobe Apple Microsoft | Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. | 6.8 |
2018-07-20 | CVE-2018-12771 | Adobe Apple Microsoft | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. | 6.8 |
2018-07-20 | CVE-2018-12770 | Adobe Apple Microsoft | Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. | 6.8 |
2018-07-20 | CVE-2014-2296 | Apereo | XXE vulnerability in Apereo CAS Server XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data. | 6.8 |
2018-07-20 | CVE-2018-14460 | Hdfgroup | Out-of-bounds Read vulnerability in Hdfgroup Hdf5 1.8.20 An issue was discovered in the HDF HDF5 1.8.20 library. | 6.8 |
2018-07-20 | CVE-2018-14459 | Linuxsampler | Out-of-bounds Write vulnerability in Linuxsampler Libgig 4.1.0 An issue was discovered in libgig 4.1.0. | 6.8 |
2018-07-20 | CVE-2018-14458 | Linuxsampler | Out-of-bounds Write vulnerability in Linuxsampler Libgig 4.1.0 An issue was discovered in libgig 4.1.0. | 6.8 |
2018-07-20 | CVE-2018-14457 | Linuxsampler | Out-of-bounds Write vulnerability in Linuxsampler Libgig 4.1.0 An issue was discovered in libgig 4.1.0. | 6.8 |
2018-07-20 | CVE-2018-14456 | Linuxsampler | Out-of-bounds Write vulnerability in Linuxsampler Libgig 4.1.0 An issue was discovered in libgig 4.1.0. | 6.8 |
2018-07-20 | CVE-2018-14455 | Linuxsampler | Out-of-bounds Write vulnerability in Linuxsampler Libgig 4.1.0 An issue was discovered in libgig 4.1.0. | 6.8 |
2018-07-20 | CVE-2018-14454 | Linuxsampler | Out-of-bounds Read vulnerability in Linuxsampler Libgig 4.1.0 An issue was discovered in libgig 4.1.0. | 6.8 |
2018-07-20 | CVE-2018-14453 | Linuxsampler | Out-of-bounds Write vulnerability in Linuxsampler Libgig 4.1.0 An issue was discovered in libgig 4.1.0. | 6.8 |
2018-07-20 | CVE-2018-14452 | Linuxsampler | Out-of-bounds Read vulnerability in Linuxsampler Libgig 4.1.0 An issue was discovered in libgig 4.1.0. | 6.8 |
2018-07-20 | CVE-2018-14451 | Linuxsampler | Out-of-bounds Write vulnerability in Linuxsampler Libgig 4.1.0 An issue was discovered in libgig 4.1.0. | 6.8 |
2018-07-20 | CVE-2018-14450 | Linuxsampler | Out-of-bounds Read vulnerability in Linuxsampler Libgig 4.1.0 An issue was discovered in libgig 4.1.0. | 6.8 |
2018-07-20 | CVE-2018-14449 | Linuxsampler | Out-of-bounds Read vulnerability in Linuxsampler Libgig 4.1.0 An issue was discovered in libgig 4.1.0. | 6.8 |
2018-07-20 | CVE-2018-14447 | Libconfuse Project Debian | Out-of-bounds Read vulnerability in multiple products trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds read. | 6.8 |
2018-07-20 | CVE-2018-14421 | Seacms | Cross-Site Request Forgery (CSRF) vulnerability in Seacms 6.61 SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php). | 6.8 |
2018-07-20 | CVE-2018-14420 | Metinfo | Cross-Site Request Forgery (CSRF) vulnerability in Metinfo 6.0.0 MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI. | 6.8 |
2018-07-18 | CVE-2018-0402 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. | 6.8 |
2018-07-18 | CVE-2018-0379 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. | 6.8 |
2018-07-18 | CVE-2018-14387 | Wondercms | Session Fixation vulnerability in Wondercms An issue was discovered in WonderCMS before 2.5.2. | 6.8 |
2018-07-18 | CVE-2018-2938 | Oracle Netapp | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB). | 6.8 |
2018-07-18 | CVE-2018-2908 | Oracle | Unspecified vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). | 6.8 |
2018-07-17 | CVE-2018-14346 | Debian GNU | Out-of-bounds Write vulnerability in multiple products GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c). | 6.8 |
2018-07-17 | CVE-2018-14338 | Exiv2 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Exiv2 0.26 samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow. | 6.8 |
2018-07-17 | CVE-2018-14331 | Xiaocms | Cross-Site Request Forgery (CSRF) vulnerability in Xiaocms X1 20140305 An issue was discovered in XiaoCms X1 v20140305. | 6.8 |
2018-07-16 | CVE-2018-10840 | Linux Canonical Redhat | Heap-based Buffer Overflow vulnerability in multiple products Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. | 6.6 |
2018-07-20 | CVE-2018-14472 | Wuzhicms | SQL Injection vulnerability in Wuzhicms 4.1.0 An issue was discovered in WUZHI CMS 4.1.0. | 6.5 |
2018-07-18 | CVE-2018-0394 | Cisco | Improper Input Validation vulnerability in Cisco Cloud Services Platform 2100 2.2(4) A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to obtain restricted shell access on an affected system. | 6.5 |
2018-07-18 | CVE-2018-0344 | Cisco | Command Injection vulnerability in Cisco products A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. | 6.5 |
2018-07-18 | CVE-2018-0343 | Cisco | Improper Privilege Management vulnerability in Cisco products A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service (DoS) condition on an affected system. | 6.5 |
2018-07-18 | CVE-2018-10877 | Canonical Linux Debian Redhat | Out-of-bounds Read vulnerability in multiple products Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image. | 6.5 |
2018-07-18 | CVE-2018-3073 | Oracle Netapp | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). | 6.5 |
2018-07-18 | CVE-2018-3037 | Oracle | Unspecified vulnerability in Oracle Flexcube Enterprise Limits and Collateral Management 12.3.0/14.0.0/14.1.0 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 6.5 |
2018-07-18 | CVE-2018-3036 | Oracle | Unspecified vulnerability in Oracle Banking Corporate Lending Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). | 6.5 |
2018-07-18 | CVE-2018-3028 | Oracle | Unspecified vulnerability in Oracle Flexcube Investor Servicing Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 6.5 |
2018-07-18 | CVE-2018-3020 | Oracle | Unspecified vulnerability in Oracle Banking Payments Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). | 6.5 |
2018-07-18 | CVE-2018-2974 | Oracle | Unspecified vulnerability in Oracle Flexcube Universal Banking Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 6.5 |
2018-07-18 | CVE-2018-2920 | Oracle | Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT 8.7.13 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). | 6.5 |
2018-07-18 | CVE-2018-2881 | Oracle | Unspecified vulnerability in Oracle Micros Retail-J Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Database). | 6.5 |
2018-07-18 | CVE-2018-3100 | Oracle | Unspecified vulnerability in Oracle Business Process Management Suite Vulnerability in the Oracle Business Process Management Suite component of Oracle Fusion Middleware (subcomponent: Process Analysis & Discovery). | 6.4 |
2018-07-18 | CVE-2018-2976 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager OPS Center 12.2.2 Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Networking). | 6.4 |
2018-07-18 | CVE-2018-2958 | Oracle | Unspecified vulnerability in Oracle Business Intelligence Publisher Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). | 6.4 |
2018-07-18 | CVE-2018-2904 | Oracle | Unspecified vulnerability in Oracle Communications Eagle Local Number Portability Application Processor 10.0/10.1 Vulnerability in the Oracle Communications EAGLE LNP Application Processor component of Oracle Communications Applications (subcomponent: GUI). | 6.4 |
2018-07-18 | CVE-2018-2900 | Oracle | Unspecified vulnerability in Oracle Business Intelligence Publisher 11.1.1.7.0 Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Layout Tools). | 6.4 |
2018-07-16 | CVE-2017-2638 | Infinispan Redhat | Improper Authentication vulnerability in multiple products It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. | 6.4 |
2018-07-20 | CVE-2018-3771 | Statics Server Project | Cross-site Scripting vulnerability in Statics-Server Project Statics-Server An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser. | 6.1 |
2018-07-20 | CVE-2017-18343 | Sensiolabs | Cross-site Scripting vulnerability in Sensiolabs Symfony The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. | 6.1 |
2018-07-18 | CVE-2018-2978 | Oracle | Unspecified vulnerability in Oracle Hospitality Simphony 2.10/2.8/2.9 Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export). | 6.0 |
2018-07-17 | CVE-2018-14345 | Sddm Project | Improper Authentication vulnerability in Sddm Project Sddm An issue was discovered in SDDM through 0.17.0. | 6.0 |
2018-07-19 | CVE-2016-9574 | Mozilla | Session Fixation vulnerability in Mozilla Network Security Services nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA. | 5.9 |
2018-07-20 | CVE-2018-14474 | Goodoldweb | Open Redirect vulnerability in Goodoldweb Orange Forum 1.4.0 views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the next parameter to /login or /signup. | 5.8 |
2018-07-18 | CVE-2018-14381 | Pagekit | Open Redirect vulnerability in Pagekit Pagekit before 1.0.14 has a /user/login?redirect= open redirect vulnerability. | 5.8 |
2018-07-18 | CVE-2018-3104 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 5.8 |
2018-07-18 | CVE-2018-3103 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 5.8 |
2018-07-18 | CVE-2018-3102 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 5.8 |
2018-07-18 | CVE-2018-3099 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 5.8 |
2018-07-18 | CVE-2018-3098 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 5.8 |
2018-07-18 | CVE-2018-3097 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 5.8 |
2018-07-18 | CVE-2018-3096 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 5.8 |
2018-07-18 | CVE-2018-3095 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 5.8 |
2018-07-18 | CVE-2018-3094 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 5.8 |
2018-07-18 | CVE-2018-3093 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 5.8 |
2018-07-18 | CVE-2018-3092 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 5.8 |
2018-07-18 | CVE-2018-3068 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Human Capital Management Human Resources 9.2 Vulnerability in the PeopleSoft Enterprise HCM Human Resources component of Oracle PeopleSoft Products (subcomponent: Compensation). | 5.8 |
2018-07-18 | CVE-2018-3018 | Oracle | Unspecified vulnerability in Oracle Istore Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Shopping Cart). | 5.8 |
2018-07-18 | CVE-2018-3017 | Oracle | Unspecified vulnerability in Oracle Customer Relationship Management Technical Foundation Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). | 5.8 |
2018-07-18 | CVE-2018-3012 | Oracle | Unspecified vulnerability in Oracle Trade Management Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). | 5.8 |
2018-07-18 | CVE-2018-3010 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 5.8 |
2018-07-18 | CVE-2018-3009 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 5.8 |
2018-07-18 | CVE-2018-3008 | Oracle | Unspecified vulnerability in Oracle Marketing 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). | 5.8 |
2018-07-18 | CVE-2018-3006 | Oracle | Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). | 5.8 |
2018-07-18 | CVE-2018-2999 | Oracle | Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). | 5.8 |
2018-07-18 | CVE-2018-2997 | Oracle | Unspecified vulnerability in Oracle Scripting 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Script Author). | 5.8 |
2018-07-18 | CVE-2018-2995 | Oracle | Unspecified vulnerability in Oracle Istore Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Shopping Cart). | 5.8 |
2018-07-18 | CVE-2018-2993 | Oracle | Unspecified vulnerability in Oracle Customer Relationship Management Technical Foundation Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). | 5.8 |
2018-07-18 | CVE-2018-2992 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 5.8 |
2018-07-18 | CVE-2018-2991 | Oracle | Unspecified vulnerability in Oracle Trade Management Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). | 5.8 |
2018-07-18 | CVE-2018-2990 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). | 5.8 |
2018-07-18 | CVE-2018-2989 | Oracle | Unspecified vulnerability in Oracle Ilearning 6.2 Vulnerability in the Oracle iLearning component of Oracle iLearning (subcomponent: Learner Administration). | 5.8 |
2018-07-18 | CVE-2018-2987 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Console). | 5.8 |
2018-07-18 | CVE-2018-2986 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Workflow). | 5.8 |
2018-07-18 | CVE-2018-2985 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Workflow). | 5.8 |
2018-07-18 | CVE-2018-2965 | Oracle | Unspecified vulnerability in Oracle Primavera Unifier Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). | 5.8 |
2018-07-18 | CVE-2018-2961 | Oracle | Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). | 5.8 |
2018-07-18 | CVE-2018-2960 | Oracle | Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). | 5.8 |
2018-07-18 | CVE-2018-2953 | Oracle | Unspecified vulnerability in Oracle One-To-One Fulfillment Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). | 5.8 |
2018-07-18 | CVE-2018-2950 | Oracle | Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). | 5.8 |
2018-07-18 | CVE-2018-2949 | Oracle | Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). | 5.8 |
2018-07-18 | CVE-2018-2948 | Oracle | Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). | 5.8 |
2018-07-18 | CVE-2018-2946 | Oracle | Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). | 5.8 |
2018-07-18 | CVE-2018-2945 | Oracle | Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). | 5.8 |
2018-07-18 | CVE-2018-2936 | Oracle | Unspecified vulnerability in Oracle Communications Convergence 3.0.1 Vulnerability in the Oracle Communications Messaging Server component of Oracle Communications Applications (subcomponent: Web Client). | 5.8 |
2018-07-18 | CVE-2018-2935 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JSF). | 5.8 |
2018-07-18 | CVE-2018-2929 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). | 5.8 |
2018-07-18 | CVE-2018-2919 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Unified Navigation). | 5.8 |
2018-07-18 | CVE-2018-2899 | Oracle | Unspecified vulnerability in Oracle Flexcube Universal Banking Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 5.8 |
2018-07-18 | CVE-2018-2898 | Oracle | Unspecified vulnerability in Oracle Flexcube Investor Servicing Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 5.8 |
2018-07-18 | CVE-2018-2897 | Oracle | Unspecified vulnerability in Oracle Flexcube Enterprise Limits and Collateral Management 12.3.0/14.0.0/14.1.0 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 5.8 |
2018-07-18 | CVE-2018-2896 | Oracle | Unspecified vulnerability in Oracle Banking Payments Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). | 5.8 |
2018-07-18 | CVE-2018-2895 | Oracle | Unspecified vulnerability in Oracle Banking Corporate Lending Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). | 5.8 |
2018-07-18 | CVE-2018-2891 | Oracle | Unspecified vulnerability in Oracle Retail Bulk Data Integration 16.0 Vulnerability in the Oracle Retail Bulk Data Integration component of Oracle Retail Applications (subcomponent: BDI Job Scheduler). | 5.8 |
2018-07-20 | CVE-2018-3770 | Markdown PDF Project | Path Traversal vulnerability in Markdown-Pdf Project Markdown-Pdf A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files. | 5.5 |
2018-07-19 | CVE-2014-0243 | Check MK Project | Link Following vulnerability in Check MK Project Check MK Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job. | 5.5 |
2018-07-18 | CVE-2018-3064 | Oracle Netapp Canonical Debian Mariadb | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). | 5.5 |
2018-07-18 | CVE-2018-3060 | Oracle Netapp Canonical Mariadb | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). | 5.5 |
2018-07-18 | CVE-2018-3053 | Oracle | Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 16.0.1/16.0.2/17.0.1 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation component of Oracle Retail Applications (subcomponent: Internal Operations). | 5.5 |
2018-07-18 | CVE-2018-3052 | Oracle | Unspecified vulnerability in Oracle Micros Relate Customer Relationship Management Software Vulnerability in the MICROS Relate CRM Software component of Oracle Retail Applications (subcomponent: Internal Operations). | 5.5 |
2018-07-18 | CVE-2018-3051 | Oracle | Unspecified vulnerability in Oracle Flexcube Enterprise Limits and Collateral Management 12.3.0/14.0.0/14.1.0 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 5.5 |
2018-07-18 | CVE-2018-3050 | Oracle | Unspecified vulnerability in Oracle Banking Corporate Lending Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). | 5.5 |
2018-07-18 | CVE-2018-3045 | Oracle | Unspecified vulnerability in Oracle Flexcube Enterprise Limits and Collateral Management 12.3.0/14.0.0/14.1.0 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 5.5 |
2018-07-18 | CVE-2018-3044 | Oracle | Unspecified vulnerability in Oracle Banking Corporate Lending Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). | 5.5 |
2018-07-18 | CVE-2018-3043 | Oracle | Unspecified vulnerability in Oracle Flexcube Enterprise Limits and Collateral Management 12.3.0/14.0.0/14.1.0 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 5.5 |
2018-07-18 | CVE-2018-3042 | Oracle | Unspecified vulnerability in Oracle Banking Corporate Lending Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). | 5.5 |
2018-07-18 | CVE-2018-3035 | Oracle | Unspecified vulnerability in Oracle Flexcube Investor Servicing Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 5.5 |
2018-07-18 | CVE-2018-3032 | Oracle | Unspecified vulnerability in Oracle Flexcube Investor Servicing Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 5.5 |
2018-07-18 | CVE-2018-3031 | Oracle | Unspecified vulnerability in Oracle Flexcube Investor Servicing Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 5.5 |
2018-07-18 | CVE-2018-3027 | Oracle | Unspecified vulnerability in Oracle Banking Payments Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). | 5.5 |
2018-07-18 | CVE-2018-3024 | Oracle | Unspecified vulnerability in Oracle Banking Payments Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). | 5.5 |
2018-07-18 | CVE-2018-3023 | Oracle | Unspecified vulnerability in Oracle Banking Payments Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). | 5.5 |
2018-07-18 | CVE-2018-3016 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). | 5.5 |
2018-07-18 | CVE-2018-3015 | Oracle | Unspecified vulnerability in Oracle Flexcube Universal Banking Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 5.5 |
2018-07-18 | CVE-2018-2998 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: SAML). | 5.5 |
2018-07-18 | CVE-2018-2984 | Oracle | Unspecified vulnerability in Oracle Hospitality Cruise Fleet Management 9.0 Vulnerability in the Oracle Hospitality Cruise Fleet Management System component of Oracle Hospitality Applications (subcomponent: Gangway Activity Web App). | 5.5 |
2018-07-18 | CVE-2018-2981 | Oracle | Unspecified vulnerability in Oracle Flexcube Universal Banking Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 5.5 |
2018-07-18 | CVE-2018-2980 | Oracle | Unspecified vulnerability in Oracle Flexcube Universal Banking Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 5.5 |
2018-07-17 | CVE-2018-6681 | Mcafee | Cross-site Scripting vulnerability in Mcafee Network Security Manager Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface. | 5.4 |
2018-07-18 | CVE-2018-3074 | Oracle Netapp | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). | 5.3 |
2018-07-18 | CVE-2018-2934 | Oracle | Improper Initialization vulnerability in Oracle E-Business Suite 12.1.3 Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). | 5.3 |
2018-07-16 | CVE-2017-15137 | Redhat | Improper Input Validation vulnerability in Redhat Openshift and Openshift Container Platform The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. | 5.3 |
2018-07-18 | CVE-2018-2964 | Oracle Netapp | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). | 5.1 |
2018-07-18 | CVE-2018-2941 | Oracle Netapp | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). | 5.1 |
2018-07-18 | CVE-2018-2932 | Oracle | Unspecified vulnerability in Oracle Supercluster Specific Software Vulnerability in the Oracle SuperCluster Specific Software component of Oracle Sun Systems Products Suite (subcomponent: SuperCluster Virtual Assistant). | 5.1 |
2018-07-18 | CVE-2018-2918 | Oracle | Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT 8.7.13 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). | 5.1 |
2018-07-21 | CVE-2018-14492 | Tendacn | Out-of-bounds Write vulnerability in Tendacn products Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI. | 5.0 |
2018-07-20 | CVE-2018-5068 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 5.0 |
2018-07-20 | CVE-2018-5066 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 5.0 |
2018-07-20 | CVE-2018-5062 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 5.0 |
2018-07-20 | CVE-2018-5026 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 5.0 |
2018-07-20 | CVE-2018-5025 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 5.0 |
2018-07-20 | CVE-2018-5024 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 5.0 |
2018-07-20 | CVE-2018-5023 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 5.0 |
2018-07-20 | CVE-2018-5022 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 5.0 |
2018-07-20 | CVE-2018-5010 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 5.0 |
2018-07-20 | CVE-2018-5008 | Adobe Apple Linux Microsoft Redhat | Out-of-bounds Read vulnerability in multiple products Adobe Flash Player 30.0.0.113 and earlier versions have an Out-of-bounds read vulnerability. | 5.0 |
2018-07-20 | CVE-2018-5006 | Adobe | Server-Side Request Forgery (SSRF) vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. | 5.0 |
2018-07-20 | CVE-2018-5004 | Adobe | Server-Side Request Forgery (SSRF) vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Request Forgery vulnerability. | 5.0 |
2018-07-20 | CVE-2018-12809 | Adobe | Server-Side Request Forgery (SSRF) vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. | 5.0 |
2018-07-20 | CVE-2018-12795 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 5.0 |
2018-07-20 | CVE-2018-12786 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 5.0 |
2018-07-20 | CVE-2018-12768 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 5.0 |
2018-07-20 | CVE-2018-12767 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 5.0 |
2018-07-20 | CVE-2018-12766 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 5.0 |
2018-07-20 | CVE-2018-12765 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 5.0 |
2018-07-20 | CVE-2018-12763 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 5.0 |
2018-07-20 | CVE-2018-12762 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 5.0 |
2018-07-20 | CVE-2018-12757 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 5.0 |
2018-07-20 | CVE-2018-1679 | IBM | Information Exposure vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow an unauthenticated user to obtain sensitive information that could be used in further attacks against the system. | 5.0 |
2018-07-20 | CVE-2018-1398 | IBM | Information Exposure vulnerability in IBM Sterling File Gateway 2.2.0.0 IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote attacker to download certain files that could contain sensitive information. | 5.0 |
2018-07-20 | CVE-2018-14444 | Libdxfrw Project | Out-of-bounds Read vulnerability in Libdxfrw Project Libdxfrw 0.6.3 libdxfrw 0.6.3 has an Integer Overflow in dwgCompressor::decompress18 in dwgutil.cpp, leading to an out-of-bounds read and application crash. | 5.0 |
2018-07-20 | CVE-2016-10727 | Canonical Gnome | Information Exposure vulnerability in multiple products camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
2018-07-20 | CVE-2018-14439 | Eblock | Incorrect Calculation vulnerability in Eblock Eos4J espritblock eos4j, an unofficial SDK for EOS, through 2018-07-12 mishandles floating-point numbers with more than four digits after the decimal point, which might allow attackers to trigger currency transfers of unintended amounts. | 5.0 |
2018-07-20 | CVE-2018-14438 | Wireshark | Improper Input Validation vulnerability in Wireshark In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily. | 5.0 |
2018-07-19 | CVE-2018-14336 | TP Link | Improper Input Validation vulnerability in Tp-Link Wr840N TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses. | 5.0 |
2018-07-19 | CVE-2018-12959 | Aditustoken Project | Improper Input Validation vulnerability in Aditustoken Project Aditustoken The approveAndCall function of a smart contract implementation for Aditus (ADI), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all contract balances into their account). | 5.0 |
2018-07-19 | CVE-2018-14423 | Uclouvain Debian | Divide By Zero vulnerability in multiple products Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). | 5.0 |
2018-07-19 | CVE-2018-5535 | F5 | Improper Input Validation vulnerability in F5 products On F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.5.1-11.6.3 specifically crafted HTTP responses, when processed by a Virtual Server with an associated QoE profile that has Video enabled, may cause TMM to incorrectly buffer response data causing the TMM to restart resulting in a Denial of Service. | 5.0 |
2018-07-19 | CVE-2018-5534 | F5 | Improper Input Validation vulnerability in F5 products Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 12.1.0-12.1.3.1, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic. | 5.0 |
2018-07-19 | CVE-2018-5533 | F5 | Improper Input Validation vulnerability in F5 products Under certain conditions on F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic. | 5.0 |
2018-07-19 | CVE-2018-5532 | F5 | Unspecified vulnerability in F5 products On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the cached name. | 5.0 |
2018-07-19 | CVE-2018-14404 | Canonical Debian Xmlsoft | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. | 5.0 |
2018-07-19 | CVE-2018-14402 | Axmldec Project | Out-of-bounds Write vulnerability in Axmldec Project Axmldec 1.2.0 axmldec 1.2.0 has an out-of-bounds write in the jitana::axml_parser::parse_start_namespace function in lib/jitana/util/axml_parser.cpp. | 5.0 |
2018-07-19 | CVE-2018-14401 | Axml Parser Project | Out-of-bounds Read vulnerability in Axml Parser Project Axml Parser CopyData in AxmlParser.c in AXML Parser through 2018-01-04 has an out-of-bounds read. | 5.0 |
2018-07-18 | CVE-2018-0403 | Cisco | Server-Side Request Forgery (SSRF) vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to retrieve a cleartext password. | 5.0 |
2018-07-18 | CVE-2018-0399 | Cisco | Server-Side Request Forgery (SSRF) vulnerability in Cisco Finesse 11.5(1) Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. | 5.0 |
2018-07-18 | CVE-2018-3101 | Oracle | Unspecified vulnerability in Oracle Webcenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: Portlet Services). | 5.0 |
2018-07-18 | CVE-2018-3072 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Human Resource Management Systems 9.2 Vulnerability in the PeopleSoft HRMS component of Oracle PeopleSoft Products (subcomponent: Candidate Gateway). | 5.0 |
2018-07-18 | CVE-2018-3039 | Oracle | Unspecified vulnerability in Oracle Flexcube Enterprise Limits and Collateral Management 12.3.0/14.0.0/14.1.0 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 5.0 |
2018-07-18 | CVE-2018-3038 | Oracle | Unspecified vulnerability in Oracle Banking Corporate Lending Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). | 5.0 |
2018-07-18 | CVE-2018-3029 | Oracle | Unspecified vulnerability in Oracle Flexcube Investor Servicing Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 5.0 |
2018-07-18 | CVE-2018-3021 | Oracle | Unspecified vulnerability in Oracle Banking Payments Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). | 5.0 |
2018-07-18 | CVE-2018-3007 | Oracle | Unspecified vulnerability in Oracle Tuxedo 12.1.1/12.1.3/12.2.2 Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). | 5.0 |
2018-07-18 | CVE-2018-2996 | Oracle | Unspecified vulnerability in Oracle Applications Manager Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces). | 5.0 |
2018-07-18 | CVE-2018-2994 | Oracle | Unspecified vulnerability in Oracle Istore Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Shopping Cart). | 5.0 |
2018-07-18 | CVE-2018-2975 | Oracle | Unspecified vulnerability in Oracle Flexcube Universal Banking Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 5.0 |
2018-07-18 | CVE-2018-2957 | Oracle | Unspecified vulnerability in Oracle Hospitality Opera Property Management 5.5/5.5.1 Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Logging). | 5.0 |
2018-07-18 | CVE-2018-2955 | Oracle | Unspecified vulnerability in Oracle Hospitality Opera Property Management 5.5/5.5.1 Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Integration). | 5.0 |
2018-07-18 | CVE-2018-2944 | Oracle | Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Monitoring and Diagnostics). | 5.0 |
2018-07-18 | CVE-2018-2937 | Oracle | Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT 8.7.13 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). | 5.0 |
2018-07-18 | CVE-2018-2921 | Oracle | Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT 8.7.13 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). | 5.0 |
2018-07-18 | CVE-2018-2917 | Oracle | Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT 8.7.13 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). | 5.0 |
2018-07-18 | CVE-2018-2915 | Oracle | Unspecified vulnerability in Oracle Hyperion Data Relationship Management 11.1.2.4.330 Vulnerability in the Hyperion Data Relationship Management component of Oracle Hyperion (subcomponent: Access and security). | 5.0 |
2018-07-18 | CVE-2018-2907 | Oracle | Unspecified vulnerability in Oracle Hyperion Financial Reporting 11.1.2 Vulnerability in the Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Security Models). | 5.0 |
2018-07-18 | CVE-2018-2905 | Oracle | Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT 8.7.13 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Services). | 5.0 |
2018-07-18 | CVE-2018-14371 | Eclipse | Path Traversal vulnerability in Eclipse Mojarra The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. | 5.0 |
2018-07-17 | CVE-2018-14363 | Debian Neomutt | Path Traversal vulnerability in multiple products An issue was discovered in NeoMutt before 2018-07-16. | 5.0 |
2018-07-17 | CVE-2018-14355 | Debian Mutt Neomutt Canonical | Path Traversal vulnerability in multiple products An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. | 5.0 |
2018-07-17 | CVE-2018-1612 | IBM | Information Exposure vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) could allow a remote attacker to bypass authentication and obtain sensitive information. | 5.0 |
2018-07-17 | CVE-2018-13860 | Trivum | Information Exposure vulnerability in Trivum C4 Professional Firmware 8.76 MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the "/xml/menu/getObjectEditor.xml" URL, using a "?oid=systemSetup&id=_0" or "?oid=systemUsers&id=_0" GET request. | 5.0 |
2018-07-17 | CVE-2018-13864 | Lightbend Microsoft | Path Traversal vulnerability in Lightbend Play Framework A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. | 5.0 |
2018-07-17 | CVE-2018-14337 | Mruby Debian | Integer Overflow or Wraparound vulnerability in multiple products The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length. | 5.0 |
2018-07-16 | CVE-2018-10857 | GIT Annex Project Debian | Information Exposure vulnerability in multiple products git-annex is vulnerable to a private data exposure and exfiltration attack. | 5.0 |
2018-07-16 | CVE-2018-10859 | GIT Annex Project Debian | Information Exposure vulnerability in multiple products git-annex is vulnerable to an Information Exposure when decrypting files. | 5.0 |
2018-07-16 | CVE-2018-0385 | Cisco | Improper Input Validation vulnerability in Cisco Firepower Management Center A vulnerability in the detection engine parsing of Security Socket Layer (SSL) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. | 5.0 |
2018-07-16 | CVE-2018-0384 | Cisco | Protection Mechanism Failure vulnerability in Cisco Firepower Management Center A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a URL-based access control policy that is configured to block traffic for an affected system. | 5.0 |
2018-07-16 | CVE-2018-0383 | Cisco | Protection Mechanism Failure vulnerability in Cisco Firepower Management Center 6.2.2.1/6.2.3/6.3.0 A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the transfer of files to an affected system via FTP. | 5.0 |
2018-07-16 | CVE-2018-0370 | Cisco | Unspecified vulnerability in Cisco Firepower Management Center 6.1.0.7/6.2.0.5/6.2.2.2 A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause one of the detection engine processes to run out of memory and thus slow down traffic processing. | 5.0 |
2018-07-16 | CVE-2018-0369 | Cisco | Improper Input Validation vulnerability in Cisco Staros A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service (DoS) condition. | 5.0 |
2018-07-16 | CVE-2018-11717 | Zohocorp | Information Exposure Through Log Files vulnerability in Zohocorp Manageengine Desktop Central An issue was discovered in Zoho ManageEngine Desktop Central before 100251. | 5.0 |
2018-07-16 | CVE-2018-11716 | Zohocorp | Information Exposure Through Log Files vulnerability in Zohocorp Manageengine Desktop Central An issue was discovered in Zoho ManageEngine Desktop Central before 100230. | 5.0 |
2018-07-16 | CVE-2017-7468 | Haxx | Improper Certificate Validation vulnerability in Haxx Libcurl In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. | 5.0 |
2018-07-16 | CVE-2018-14089 | Virgo Zodiactoken Project | Improper Input Validation vulnerability in Virgo Zodiactoken Project Virgo Zodiactoken An issue was discovered in a smart contract implementation for Virgo_ZodiacToken, an Ethereum token. | 5.0 |
2018-07-16 | CVE-2018-14085 | Userwallet Project | Improper Input Validation vulnerability in Userwallet Project Userwallet An issue was discovered in a smart contract implementation for UserWallet 0x0a7bca9FB7AfF26c6ED8029BB6f0F5D291587c42, an Ethereum token. | 5.0 |
2018-07-18 | CVE-2018-3081 | Oracle Netapp Canonical Debian Mariadb Redhat | Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). | 4.9 |
2018-07-18 | CVE-2018-3080 | Oracle Netapp | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). | 4.9 |
2018-07-18 | CVE-2018-3079 | Oracle Netapp | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). | 4.9 |
2018-07-18 | CVE-2018-3078 | Oracle Netapp | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). | 4.9 |
2018-07-18 | CVE-2018-3075 | Oracle Netapp | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). | 4.9 |
2018-07-18 | CVE-2018-3067 | Oracle Netapp | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). | 4.9 |
2018-07-18 | CVE-2018-3066 | Oracle Netapp Canonical Debian Mariadb Redhat | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). | 4.9 |
2018-07-18 | CVE-2018-3049 | Oracle | Unspecified vulnerability in Oracle Flexcube Enterprise Limits and Collateral Management 12.3.0/14.0.0/14.1.0 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 4.9 |
2018-07-18 | CVE-2018-3048 | Oracle | Unspecified vulnerability in Oracle Banking Corporate Lending Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). | 4.9 |
2018-07-18 | CVE-2018-3034 | Oracle | Unspecified vulnerability in Oracle Flexcube Investor Servicing Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 4.9 |
2018-07-18 | CVE-2018-3026 | Oracle | Unspecified vulnerability in Oracle Banking Payments Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). | 4.9 |
2018-07-18 | CVE-2018-3019 | Oracle | Unspecified vulnerability in Oracle Flexcube Universal Banking Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 4.9 |
2018-07-18 | CVE-2018-2903 | Oracle | Unspecified vulnerability in Oracle Solaris 10.0/11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). | 4.9 |
2018-07-18 | CVE-2018-3057 | Oracle | Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT 8.7.13 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). | 4.6 |
2018-07-18 | CVE-2018-2924 | Oracle | Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT 8.7.13 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). | 4.6 |
2018-07-18 | CVE-2018-3090 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 4.4 |
2018-07-18 | CVE-2018-3089 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 4.4 |
2018-07-18 | CVE-2018-3088 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 4.4 |
2018-07-18 | CVE-2018-3087 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 4.4 |
2018-07-18 | CVE-2018-3086 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 4.4 |
2018-07-18 | CVE-2018-3085 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 4.4 |
2018-07-18 | CVE-2018-2956 | Oracle | Unspecified vulnerability in Oracle Hospitality Opera Property Management 5.5/5.5.1 Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Integration). | 4.4 |
2018-07-18 | CVE-2018-2954 | Oracle | Unspecified vulnerability in Oracle Order Management Vulnerability in the Oracle Order Management component of Oracle E-Business Suite (subcomponent: Product Diagnostic Tools). | 4.4 |
2018-07-22 | CVE-2018-14500 | Joyplus CMS Project | Cross-site Scripting vulnerability in Joyplus-Cms Project Joyplus-Cms 1.6.0 joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter. | 4.3 |
2018-07-20 | CVE-2018-5063 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-5061 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-5060 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-5056 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-5055 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-5054 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-5053 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-5051 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-5050 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-5049 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-5048 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-5047 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-5046 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-5044 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-5039 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-5035 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-5033 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-5031 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-5029 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-5027 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-5019 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-5018 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-5017 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-5016 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-5014 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-12803 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-12793 | Adobe Apple Microsoft | Incorrect Type Conversion or Cast vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability. | 4.3 |
2018-07-20 | CVE-2018-12790 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-12789 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-12781 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-12780 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-12779 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-12777 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-12774 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-12764 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-12761 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. | 4.3 |
2018-07-20 | CVE-2018-14471 | GNU | NULL Pointer Dereference vulnerability in GNU Libredwg dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service (NULL pointer dereference and SEGV) via a crafted dwg file. | 4.3 |
2018-07-20 | CVE-2018-14448 | Untrunc Project | NULL Pointer Dereference vulnerability in Untrunc Project Untrunc 20180607 Codec::parse in track.cpp in Untrunc through 2018-06-07 has a NULL pointer dereference via a crafted MP4 file because of improper interaction with libav. | 4.3 |
2018-07-20 | CVE-2018-14445 | Axiosys | Infinite Loop vulnerability in Axiosys Bento4 1.5.1624 In Bento4 v1.5.1-624, AP4_File::ParseStream in Ap4File.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 file. | 4.3 |
2018-07-20 | CVE-2018-14443 | GNU | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Libredwg get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV). | 4.3 |
2018-07-20 | CVE-2018-14422 | Sanscms | Cross-site Scripting vulnerability in Sanscms 0.7 blog/index.php in SansCMS 0.7 has XSS via the q parameter. | 4.3 |
2018-07-20 | CVE-2018-14415 | Icmsdev | Cross-site Scripting vulnerability in Icmsdev Icms An issue was discovered in idreamsoft iCMS before 7.0.10. | 4.3 |
2018-07-20 | CVE-2018-14437 | Imagemagick Canonical | Missing Release of Resource after Effective Lifetime vulnerability in multiple products ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. | 4.3 |
2018-07-20 | CVE-2018-14436 | Imagemagick Canonical | Missing Release of Resource after Effective Lifetime vulnerability in multiple products ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. | 4.3 |
2018-07-20 | CVE-2018-14435 | Imagemagick Canonical | Missing Release of Resource after Effective Lifetime vulnerability in multiple products ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. | 4.3 |
2018-07-20 | CVE-2018-14434 | Imagemagick Canonical | Missing Release of Resource after Effective Lifetime vulnerability in multiple products ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. | 4.3 |
2018-07-19 | CVE-2018-14395 | Debian Ffmpeg | Divide By Zero vulnerability in multiple products libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format. | 4.3 |
2018-07-19 | CVE-2018-14394 | Ffmpeg | Divide By Zero vulnerability in Ffmpeg libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file. | 4.3 |
2018-07-19 | CVE-2018-14392 | Mybb | Cross-site Scripting vulnerability in Mybb NEW Threads 1.0/1.1 The New Threads plugin before 1.2 for MyBB has XSS. | 4.3 |
2018-07-18 | CVE-2018-0401 | Cisco | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. | 4.3 |
2018-07-18 | CVE-2018-0400 | Cisco | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. | 4.3 |
2018-07-18 | CVE-2018-0396 | Cisco | Cross-site Scripting vulnerability in Cisco Unified Communications Manager IM and Presence Service 11.5/12.0 A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. | 4.3 |
2018-07-18 | CVE-2018-0390 | Cisco | Cross-site Scripting vulnerability in Cisco Webex Meetings 2.0 A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based (DOM-based) cross-site scripting (XSS) attack against the user of the web interface of an affected system. | 4.3 |
2018-07-18 | CVE-2018-0380 | Cisco | Unspecified vulnerability in Cisco Webex Meetings Online Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. | 4.3 |
2018-07-18 | CVE-2018-7546 | Kingsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Kingsoft Jinshan PDF and WPS Office wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 allows remote attackers to cause a denial of service via a crafted pdf file. | 4.3 |
2018-07-18 | CVE-2018-8042 | Apache | Information Exposure Through an Error Message vulnerability in Apache Ambari Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. | 4.3 |
2018-07-18 | CVE-2018-14382 | Instantcms | Cross-site Scripting vulnerability in Instantcms 2.10.1 InstantCMS 2.10.1 has /redirect?url= XSS. | 4.3 |
2018-07-18 | CVE-2018-14380 | Graylog | Cross-site Scripting vulnerability in Graylog In Graylog before 2.4.6, XSS was possible in typeahead components, related to components/common/TypeAheadInput.jsx and components/search/QueryInput.ts. | 4.3 |
2018-07-18 | CVE-2018-5232 | Atlassian | Cross-site Scripting vulnerability in Atlassian Jira The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuetype parameter. | 4.3 |
2018-07-18 | CVE-2017-18103 | Atlassian | Improper Input Validation vulnerability in Atlassian Http Library The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of application/mathml+xml. | 4.3 |
2018-07-18 | CVE-2018-2977 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). | 4.3 |
2018-07-18 | CVE-2018-2973 | Oracle Redhat Netapp HP | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). | 4.3 |
2018-07-18 | CVE-2018-2972 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). | 4.3 |
2018-07-18 | CVE-2018-2968 | Oracle | Unspecified vulnerability in Oracle Primavera Unifier Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). | 4.3 |
2018-07-18 | CVE-2018-2966 | Oracle | Unspecified vulnerability in Oracle Primavera Unifier Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). | 4.3 |
2018-07-18 | CVE-2018-2959 | Oracle | Unspecified vulnerability in Oracle Siebel UI Framework 18.0 Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). | 4.3 |
2018-07-18 | CVE-2018-2940 | Oracle HP Redhat Netapp | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). | 4.3 |
2018-07-18 | CVE-2018-2906 | Oracle | Unspecified vulnerability in Oracle Hardware Management Pack 11.3 Vulnerability in the Hardware Management Pack component of Oracle Sun Systems Products Suite (subcomponent: Ipmitool). | 4.3 |
2018-07-18 | CVE-2018-2901 | Oracle | Unspecified vulnerability in Oracle Solaris 10.0/11.2 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). | 4.3 |
2018-07-18 | CVE-2018-2598 | Oracle | Unspecified vulnerability in Oracle Mysql Workbench Vulnerability in the MySQL Workbench component of Oracle MySQL (subcomponent: Workbench: Security: Encryption). | 4.3 |
2018-07-17 | CVE-2018-14347 | Debian GNU | Infinite Loop vulnerability in multiple products GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c). | 4.3 |
2018-07-17 | CVE-2018-14333 | Teamviewer | Information Exposure vulnerability in Teamviewer TeamViewer through 13.1.1548 stores a password in Unicode format within TeamViewer.exe process memory between "[00 88] and "[00 00 00]" delimiters, which might make it easier for attackers to obtain sensitive information by leveraging an unattended workstation on which TeamViewer has disconnected but remains running. | 4.3 |
2018-07-16 | CVE-2017-17541 | Fortinet | Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature. | 4.3 |
2018-07-16 | CVE-2018-0366 | Cisco | Cross-site Scripting vulnerability in Cisco web Security Appliance 10.1.2003/10.5.1276 A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
2018-07-16 | CVE-2018-0361 | Clamav Debian | Improper Input Validation vulnerability in multiple products ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file. | 4.3 |
2018-07-16 | CVE-2018-0360 | Clamav Canonical Debian | Integer Overflow or Wraparound vulnerability in multiple products ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. | 4.3 |
2018-07-16 | CVE-2018-13387 | Atlassian | Cross-site Scripting vulnerability in Atlassian Jira The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter as the fix for CVE-2017-18039 was incomplete. | 4.3 |
2018-07-20 | CVE-2018-1470 | IBM | Information Exposure vulnerability in IBM Sterling File Gateway 2.2.0.0 IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote authenticated attacker to obtain sensitive information displayed in the URL that could lead to further attacks against the system. | 4.0 |
2018-07-20 | CVE-2017-1633 | IBM | Information Exposure vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator 5.2 through 5.2.6 could allow an authenticated attacker to obtain sensitive variable name information using specially crafted HTTP requests. | 4.0 |
2018-07-19 | CVE-2018-1587 | IBM | Information Exposure vulnerability in IBM products IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 could reveal technical error messages to allow an adversary to gain information about the application and database that could be used to conduct further attacks. | 4.0 |
2018-07-18 | CVE-2018-0393 | Cisco | Unspecified vulnerability in Cisco products A Read-Only User Effect Change vulnerability in the Policy Builder interface of Cisco Policy Suite could allow an authenticated, remote attacker to make policy changes in the Policy Builder interface. | 4.0 |
2018-07-18 | CVE-2018-3105 | Oracle | Unspecified vulnerability in Oracle SOA Suite Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middleware (subcomponent: Health Care FastPath). | 4.0 |
2018-07-18 | CVE-2018-3077 | Oracle Netapp Canonical | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). | 4.0 |
2018-07-18 | CVE-2018-3076 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise CS Financial AID 9.0/9.2 Vulnerability in the PeopleSoft Enterprise CS Financial Aid component of Oracle PeopleSoft Products (subcomponent: ISIR Processing). | 4.0 |
2018-07-18 | CVE-2018-3071 | Oracle Netapp Canonical | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). | 4.0 |
2018-07-18 | CVE-2018-3070 | Oracle Netapp Canonical Debian | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). | 4.0 |
2018-07-18 | CVE-2018-3069 | Oracle | Unspecified vulnerability in Oracle Agile Product Lifecycle Management for Process 6.2.0.0 Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: Installation). | 4.0 |
2018-07-18 | CVE-2018-3065 | Oracle Netapp Canonical | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). | 4.0 |
2018-07-18 | CVE-2018-3063 | Oracle Debian Netapp Canonical Mariadb | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). | 4.0 |
2018-07-18 | CVE-2018-3061 | Oracle Netapp Canonical | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). | 4.0 |
2018-07-18 | CVE-2018-3058 | Oracle Netapp Canonical Debian Mariadb Redhat | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). | 4.0 |
2018-07-18 | CVE-2018-3056 | Oracle Netapp Canonical | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). | 4.0 |
2018-07-18 | CVE-2018-3054 | Oracle Netapp Canonical | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). | 4.0 |
2018-07-18 | CVE-2018-3041 | Oracle | Unspecified vulnerability in Oracle Flexcube Enterprise Limits and Collateral Management 12.3.0/14.0.0/14.1.0 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 4.0 |
2018-07-18 | CVE-2018-3040 | Oracle | Unspecified vulnerability in Oracle Banking Corporate Lending Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). | 4.0 |
2018-07-18 | CVE-2018-3030 | Oracle | Unspecified vulnerability in Oracle Flexcube Investor Servicing Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 4.0 |
2018-07-18 | CVE-2018-3022 | Oracle | Unspecified vulnerability in Oracle Banking Payments Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). | 4.0 |
2018-07-18 | CVE-2018-3014 | Oracle | Unspecified vulnerability in Oracle Hospitality Opera Property Management 5.5/5.5.1 Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Reports). | 4.0 |
2018-07-18 | CVE-2018-3013 | Oracle | Unspecified vulnerability in Oracle Hospitality Opera Property Management 5.5/5.5.1 Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Report Server Config). | 4.0 |
2018-07-18 | CVE-2018-2988 | Oracle | Unspecified vulnerability in Oracle Marketing Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Products). | 4.0 |
2018-07-18 | CVE-2018-2979 | Oracle | Unspecified vulnerability in Oracle Flexcube Universal Banking Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 4.0 |
2018-07-18 | CVE-2018-2970 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search Functionality). | 4.0 |
2018-07-18 | CVE-2018-2969 | Oracle | Unspecified vulnerability in Oracle Primavera Unifier Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). | 4.0 |
2018-07-18 | CVE-2018-2963 | Oracle | Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). | 4.0 |
2018-07-18 | CVE-2018-2947 | Oracle | Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). | 4.0 |
2018-07-18 | CVE-2018-2927 | Oracle | Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT 8.7.13 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: HTTP data path subsystems). | 4.0 |
2018-07-18 | CVE-2018-2925 | Oracle | Unspecified vulnerability in Oracle Business Intelligence Publisher Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Server). | 4.0 |
2018-07-18 | CVE-2018-2916 | Oracle | Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT 8.7.13 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). | 4.0 |
2018-07-18 | CVE-2018-2882 | Oracle | Unspecified vulnerability in Oracle Micros Retail-J Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Interfaces). | 4.0 |
2018-07-18 | CVE-2018-10871 | Fedoraproject Debian | Cleartext Storage of Sensitive Information vulnerability in multiple products 389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. | 4.0 |
2018-07-17 | CVE-2018-0706 | Qnap | Unspecified vulnerability in Qnap Q'Center Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information. | 4.0 |
47 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-07-18 | CVE-2018-2952 | Oracle Debian Canonical HP Redhat Netapp | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). | 3.7 |
2018-07-18 | CVE-2018-2888 | Oracle | Unspecified vulnerability in Oracle Micros Retail-J Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). | 3.7 |
2018-07-20 | CVE-2014-4150 | S48 | Link Following vulnerability in S48 Scheme48 The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to arbitrary files via a symlink attack on /tmp/s48lose.tmp. | 3.6 |
2018-07-18 | CVE-2018-2962 | Oracle | Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). | 3.6 |
2018-07-18 | CVE-2018-2939 | Oracle | Unspecified vulnerability in Oracle Database Server Vulnerability in the Core RDBMS component of Oracle Database Server. | 3.6 |
2018-07-20 | CVE-2018-1563 | IBM | Cross-site Scripting vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) is vulnerable to cross-site scripting. | 3.5 |
2018-07-20 | CVE-2018-14419 | Metinfo | Cross-site Scripting vulnerability in Metinfo 6.0.0 MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page. | 3.5 |
2018-07-19 | CVE-2018-1585 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. | 3.5 |
2018-07-19 | CVE-2018-1536 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. | 3.5 |
2018-07-19 | CVE-2018-1535 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. | 3.5 |
2018-07-19 | CVE-2018-1529 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through 6.0.5 and IBM Rational Requirements Composer 5.0 through 5.0.2 are vulnerable to cross-site scripting. | 3.5 |
2018-07-18 | CVE-2018-14388 | Joyplus CMS Project | Cross-site Scripting vulnerability in Joyplus-Cms Project Joyplus-Cms 1.6.0 joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_device array parameter. | 3.5 |
2018-07-18 | CVE-2018-14082 | Freelancewebdesignerchennai | Cross-site Scripting vulnerability in Freelancewebdesignerchennai JOB Portal 3.0.1 PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has Cross-site Scripting (XSS) via the search bar. | 3.5 |
2018-07-18 | CVE-2018-12429 | Jeesns | Cross-site Scripting vulnerability in Jeesns 1.2.1 JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie. | 3.5 |
2018-07-18 | CVE-2018-3062 | Oracle Netapp Canonical | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). | 3.5 |
2018-07-18 | CVE-2018-3047 | Oracle | Unspecified vulnerability in Oracle Flexcube Enterprise Limits and Collateral Management 12.3.0/14.0.0/14.1.0 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 3.5 |
2018-07-18 | CVE-2018-3046 | Oracle | Unspecified vulnerability in Oracle Banking Corporate Lending Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). | 3.5 |
2018-07-18 | CVE-2018-3033 | Oracle | Unspecified vulnerability in Oracle Flexcube Investor Servicing Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 3.5 |
2018-07-18 | CVE-2018-3025 | Oracle | Unspecified vulnerability in Oracle Banking Payments Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). | 3.5 |
2018-07-18 | CVE-2018-3004 | Oracle | Unspecified vulnerability in Oracle Database Server Vulnerability in the Java VM component of Oracle Database Server. | 3.5 |
2018-07-18 | CVE-2018-2982 | Oracle | Unspecified vulnerability in Oracle Flexcube Universal Banking Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). | 3.5 |
2018-07-18 | CVE-2018-2767 | Oracle Debian Canonical Redhat Mariadb Netapp | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). | 3.5 |
2018-07-16 | CVE-2018-13832 | Techotronic | Cross-site Scripting vulnerability in ONE Favicon Multiple Persistent cross-site scripting (XSS) issues in the Techotronic all-in-one-favicon (aka All In One Favicon) plugin 4.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via Apple-Text, GIF-Text, ICO-Text, PNG-Text, or JPG-Text. | 3.5 |
2018-07-16 | CVE-2018-5229 | Atlassian | Cross-site Scripting vulnerability in Atlassian Universal Plugin Manager The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names. | 3.5 |
2018-07-18 | CVE-2018-3055 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 3.3 |
2018-07-17 | CVE-2018-14329 | Htslib | Race Condition vulnerability in Htslib 1.8 In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack. | 3.3 |
2018-07-18 | CVE-2018-3084 | Oracle Netapp | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Core / Client). | 2.8 |
2018-07-18 | CVE-2018-3082 | Oracle Netapp | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). | 2.7 |
2018-07-20 | CVE-2018-1564 | IBM | Information Exposure vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow a local user with administrator privileges to obtain user passwords found in debugging messages. | 2.1 |
2018-07-20 | CVE-2017-1575 | IBM | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Sterling File Gateway 2.2.0.0 IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) uses weaker than expected cryptographic algorithms that could allow a local attacker to decrypt highly sensitive information. | 2.1 |
2018-07-20 | CVE-2017-1544 | IBM | Information Exposure vulnerability in IBM Sterling File Gateway 2.2.0.0 IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) caches usernames and passwords in browsers that could be used by a local attacker to obtain sensitive information. | 2.1 |
2018-07-19 | CVE-2018-5540 | F5 | Incorrect Permission Assignment for Critical Resource vulnerability in F5 products On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up. | 2.1 |
2018-07-18 | CVE-2018-0392 | Cisco | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco products A vulnerability in the CLI of Cisco Policy Suite could allow an authenticated, local attacker to access files owned by another user. | 2.1 |
2018-07-18 | CVE-2018-3005 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 2.1 |
2018-07-18 | CVE-2018-3003 | Oracle | Unspecified vulnerability in Oracle Hospitality Cruise Fleet Management 9.0 Vulnerability in the Oracle Hospitality Cruise Fleet Management System component of Oracle Hospitality Applications (subcomponent: Fleet Management System Suite). | 2.1 |
2018-07-18 | CVE-2018-3002 | Oracle | Unspecified vulnerability in Oracle Hospitality Cruise Fleet Management 9.0 Vulnerability in the Oracle Hospitality Cruise Fleet Management System component of Oracle Hospitality Applications (subcomponent: Fleet Management System Suite). | 2.1 |
2018-07-18 | CVE-2018-3001 | Oracle | Unspecified vulnerability in Oracle Hospitality Cruise Shipboard Property Management System 8.0 Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: SPMS Suite). | 2.1 |
2018-07-18 | CVE-2018-3000 | Oracle | Unspecified vulnerability in Oracle Hospitality Cruise Shipboard Property Management System 8.0 Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: SPMS Suite). | 2.1 |
2018-07-18 | CVE-2018-2967 | Oracle | Unspecified vulnerability in Oracle Primavera Unifier Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). | 2.1 |
2018-07-18 | CVE-2018-2951 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Configuration Manager). | 2.1 |
2018-07-18 | CVE-2018-2923 | Oracle | Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT 8.7.13 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Services). | 2.1 |
2018-07-16 | CVE-2018-0368 | Cisco | Unspecified vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module 1.1Base A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, local attacker to access sensitive information on an affected system. | 2.1 |
2018-07-16 | CVE-2018-13980 | Zeta Producer | Path Traversal vulnerability in Zeta-Producer Zeta Producer The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated file disclosure if the plugin "filebrowser" is installed, because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal. | 2.1 |
2018-07-16 | CVE-2014-2079 | X File Explorer Project Debian | Permissions, Privileges, and Access Controls vulnerability in multiple products X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba and NFS shares. | 2.1 |
2018-07-19 | CVE-2018-14332 | Clementine Player | NULL Pointer Dereference vulnerability in Clementine-Player Clementine 1.3.1 An issue was discovered in Clementine Music Player 1.3.1. | 1.9 |
2018-07-18 | CVE-2018-3091 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 1.9 |
2018-07-16 | CVE-2013-0522 | IBM | Information Exposure vulnerability in IBM Lotus Notes The Notes Client Single Logon feature in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3, and 9.0 on Windows allows local users to discover passwords via vectors involving an unspecified operating system communication mechanism for password transmission between Windows and Notes. | 1.9 |