| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2018-15505 |
|
|
2018-08-18 |
N/A |
| An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the... |
| CVE-2018-15504 |
|
|
2018-08-18 |
N/A |
| An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or... |
| CVE-2018-15503 |
|
|
2018-08-18 |
N/A |
| The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV. |
| CVE-2018-15501 |
|
|
2018-08-18 |
N/A |
| In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS. |
| CVE-2018-15495 |
|
|
2018-08-18 |
N/A |
| /filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value. |
| CVE-2018-15494 |
|
|
2018-08-18 |
N/A |
| In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. |
| CVE-2018-15492 |
|
|
2018-08-18 |
N/A |
| A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification. |
| CVE-2018-15491 |
|
|
2018-08-18 |
N/A |
| A vulnerability in the permission and encryption implementation of Zemana Anti-Logger 1.9.3.527 and prior (fixed in 1.9.3.602) allows an attacker to take control of the whitelisting feature (MyRules2.ini under %LOCALAPPDATA%\Zemana\ZALSDK) to... |
| CVE-2018-15482 |
|
|
2018-08-17 |
N/A |
| Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006. |
| CVE-2018-14982 |
|
|
2018-08-17 |
N/A |
| Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004. |
| CVE-2018-14981 |
|
|
2018-08-17 |
N/A |
| Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. The LG ID is LVE-SMP-180005. |
| CVE-2018-1061 |
1 Python |
1 Python |
2018-08-17 |
5.0 |
| python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. |
| CVE-2018-1060 |
1 Python |
1 Python |
2018-08-17 |
5.0 |
| python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. |
| CVE-2018-15473 |
|
|
2018-08-17 |
N/A |
| OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and... |
| CVE-2018-6622 |
|
|
2018-08-17 |
N/A |
| An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not... |
| CVE-2018-15471 |
|
|
2018-08-17 |
N/A |
| An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to... |
| CVE-2018-15470 |
|
|
2018-08-17 |
N/A |
| An issue was discovered in Xen through 4.11.x. The logic in oxenstored for handling writes depended on the order of evaluation of expressions making up a tuple. As indicated in section 7.7.3 "Operations on data structures" of the OCaml manual,... |
| CVE-2018-15469 |
|
|
2018-08-17 |
N/A |
| An issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting... |
| CVE-2018-15468 |
|
|
2018-08-17 |
N/A |
| An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be... |
| CVE-2018-14058 |
|
|
2018-08-17 |
N/A |
| Pimcore before 5.3.0 allows SQL Injection via the REST web service API. |
