LiveActive security incident?Get immediate response
CVE archive

August 2018

Browse CVE records published in August 2018, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 1017 matching CVEs · Page 3 of 21.

Unknown · CVSS Not scored

CVE-2018-1000636: JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726c8b3793.

JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726c8b3793. Analysing history it seems that the issue has been present since commit 64a340ffeb8809b2b66bbe32fd443a8b79fdd860 contains a CWE-476: NULL Pointer Dereference vulnerability in Triggering undefined behavior at jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray-prototype.c:598 (passing NULL to memcpy as 2nd argument) results in null pointer dereference (segfault) at jerry-core/jmem/jmem-heap.c:463 that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute specially crafted javascript code. This vulnerability appears to have been fixed in after commit 87897849f6879df10e8ad68a41bf8cf507edf710.

Published Aug 20, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2018-1000224: Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6.

Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in (De)Serialization functions (core/io/marshalls.cpp) that can result in DoS (packet of death), possible leak of uninitialized memory. This attack appear to be exploitable via A malformed packet is received over the network by a Godot application that uses built-in serialization (e.g. game server, or game client). Could be triggered by multiplayer opponent. This vulnerability appears to have been fixed in 2.1.5, 3.0.6, master branch after commit feaf03421dda0213382b51aff07bd5a96b29487b.

Published Aug 20, 2018 · Updated Sep 17, 2024

High · CVSS 8.8

CVE-2018-3924: An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF R...

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.

Published Aug 1, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2018-1000642: FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting (XSS) vulnerability in GET variable use...

FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting (XSS) vulnerability in GET variable used within registration sub menu page that can result in unauthorised actions and access to data, stealing session information. This vulnerability appears to have been fixed in after commit 22b09a3.

Published Aug 20, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2018-5546: The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and mac...

The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or assume super-user privileges on the local client host.

Published Aug 17, 2018 · Updated Sep 17, 2024

High · CVSS 8.6

CVE-2018-3833: An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013.

An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the firmware version that is going to be installed and thus allows for flashing older firmware images. To trigger this vulnerability, an attacker needs to impersonate the remote server 'cache.insteon.com' and serve any signed firmware image.

Published Aug 23, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2018-8040: Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is config...

Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.

Published Aug 29, 2018 · Updated Sep 17, 2024

High · CVSS 7.5

CVE-2018-3912: On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecu...

On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. The strcpy call overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long "secretKey" value in order to exploit this vulnerability.

Published Aug 23, 2018 · Updated Sep 17, 2024

Critical · CVSS 9.1

CVE-2018-3909: An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThin...

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, 'onmessagecomplete' callback. An attacker can send an HTTP request to trigger this vulnerability.

Published Aug 24, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2018-1000634: The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains an Improper Access Control vul...

The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains an Improper Access Control vulnerability in User management that can result in administrative user with privilege restrictions logging in as a more powerful administrator. This attack appear to be exploitable via Use user administration privilege to set the password of a more powerful administrator. This vulnerability appears to have been fixed in 5.4.7.

Published Aug 20, 2018 · Updated Sep 17, 2024

High · CVSS 8.8

CVE-2018-3879: An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server o...

An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in turn leads to a SQL injection in the video-core database. An attacker can send a series of HTTP requests to trigger this vulnerability.

Published Aug 23, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2018-1000655: Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsi_ValueCopyMo...

Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsi_ValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault. This attack appear to be exploitable via a crafted javascript code. This vulnerability appears to have been fixed in 2.4.67.

Published Aug 20, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2018-6970: VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior...

VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesn't apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems.

Published Aug 13, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2018-11048: Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appli...

Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request.

Published Aug 10, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2018-5489: NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which...

NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which may have been intended to be restricted to administrators or privileged users. 7MTT versions below 2.0 do not enforce user authorization rules on file information and status that it has previously collected. The released version of 7MTT has been updated to maintain and verify authorization rules for file information, status and utilities.

Published Aug 3, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2018-14801: In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacke...

In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords.

Published Aug 22, 2018 · Updated Sep 17, 2024

Critical · CVSS 9.1

CVE-2018-3908: An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThin...

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. With the implementation of the on_body callback, defined by sub_41734, an attacker can send an HTTP request to trigger this vulnerability.

Published Aug 28, 2018 · Updated Sep 17, 2024

High · CVSS 8.5

CVE-2018-3905: An exploitable buffer overflow vulnerability exists in the camera "create" feature of video-core's HTTP ser...

An exploitable buffer overflow vulnerability exists in the camera "create" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the "state" field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.

Published Aug 23, 2018 · Updated Sep 17, 2024

High · CVSS 7.5

CVE-2018-3917: On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecu...

On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The strcpy call overflows the destination buffer, which has a size of 16 bytes. An attacker can send an arbitrarily long "region" value in order to exploit this vulnerability.

Published Aug 23, 2018 · Updated Sep 17, 2024

High · CVSS 8.8

CVE-2018-6498: Micro Focus Container Deployment Foundation (CDF), Remote Code Execution

Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution.

Published Aug 30, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2018-1999033: An exposure of sensitive information vulnerability exists in Jenkins Anchore Container Image Scanner Plugin...

An exposure of sensitive information vulnerability exists in Jenkins Anchore Container Image Scanner Plugin 10.16 and earlier in AnchoreBuilder.java that allows attackers with Item/ExtendedRead permission or file system access to the Jenkins master to obtain the password stored in this plugin's configuration.

Published Aug 1, 2018 · Updated Sep 17, 2024

Critical · CVSS 9.1

CVE-2018-11061: RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are...

RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. A remote authenticated malicious RSA NetWitness Server user with an Admin or Operator role could exploit this vulnerability to execute arbitrary commands on the server with root privileges.

Published Aug 24, 2018 · Updated Sep 17, 2024

Critical · CVSS 9.9

CVE-2018-3903: On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorr...

On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The memcpy call overflows the destination buffer, which has a size of 512 bytes. An attacker can send an arbitrarily long "url" value in order to overwrite the saved-PC with 0x42424242.

Published Aug 23, 2018 · Updated Sep 17, 2024

High · CVSS 8.8

CVE-2018-3847: Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO li...

Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.

Published Aug 1, 2018 · Updated Sep 17, 2024

High · CVSS 8.2

CVE-2018-3880: An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' function...

An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles existing records inside its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.

Published Aug 23, 2018 · Updated Sep 17, 2024

Medium · CVSS 5.4

CVE-2018-1422: IBM Jazz Foundation products (IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.5) a...

IBM Jazz Foundation products (IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.5) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139025.

Published Aug 6, 2018 · Updated Sep 17, 2024

High · CVSS 7.8

CVE-2018-7685: libzypp does not reevaluate malicious rpms once downloaded

The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download.

Published Aug 31, 2018 · Updated Sep 17, 2024