US-CERT - SB18-155: Vulnerability Summary for the Week of May 28, 2018
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no high vulnerabilities recorded this week. |
Medium Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no medium vulnerabilities recorded this week. |
Low Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no low vulnerabilities recorded this week. |
Severity Not Yet Assigned
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
1000ch -- dwebp-bin |
dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. dwebp-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10633 MISC |
aerospike -- aerospike-client-nodejs |
aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-29 | not yet calculated | CVE-2016-10558 MISC |
air-sdk -- air-sdk |
air-sdk is a NPM wrapper for the Adobe AIR SDK. air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10603 MISC |
airbrake -- node-airbrake |
The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending. This goes against common best practice, which is to use HTTPS. | 2018-05-31 | not yet calculated | CVE-2016-10530 MISC MISC |
alexyoung -- jadedown |
jadedown is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in. | 2018-05-31 | not yet calculated | CVE-2016-10520 MISC |
andzdroid -- paypal-ipn |
paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would fool any application which does not explicitly check for test_ipn in production. | 2018-05-29 | not yet calculated | CVE-2014-10067 MISC MISC |
appgyver -- steroids |
Steroids is PhoneGap on Steroids, providing native UI elements, multiple WebViews and enhancements for better developer productivity. steroids downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10581 MISC |
appium -- appium-chromedriver |
appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-31 | not yet calculated | CVE-2016-10557 MISC |
apple -- safari |
webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as distributed in Safari Technology Preview Release 57, mishandle an unset pageURL, leading to an application crash. | 2018-06-01 | not yet calculated | CVE-2018-11646 MISC MISC |
appnitro -- machform |
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter. | 2018-05-26 | not yet calculated | CVE-2018-6409 MISC EXPLOIT-DB MISC |
appnitro -- machform |
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter. | 2018-05-26 | not yet calculated | CVE-2018-6410 MISC EXPLOIT-DB MISC |
appnitro -- machform |
An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection. | 2018-05-26 | not yet calculated | CVE-2018-6411 MISC EXPLOIT-DB MISC |
arian -- selenium-wrapper |
selenium-wrapper is a selenium server wrapper, including installation and chrome webdriver. selenium-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10628 MISC |
arrayfire -- arrayfire-js |
arrayfire-js is a module for ArrayFire for the Node.js platform. arrayfire-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10598 MISC |
artifex -- ghostscript |
psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977. | 2018-06-01 | not yet calculated | CVE-2018-11645 MISC MISC |
artiomshapovalov -- tomita-parser |
tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-29 | not yet calculated | CVE-2016-10666 MISC |
arve0 -- node-geoip-country |
geoip-lite-country is a stripped down version of geoip-lite, supporting only country lookup. geoip-lite-country before 1.1.4 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | 2018-05-29 | not yet calculated | CVE-2016-10568 MISC |
atob -- atob |
atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below. | 2018-05-29 | not yet calculated | CVE-2018-3745 MISC |
auth0 -- node-jsonwebtoken | In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family). | 2018-05-29 | not yet calculated | CVE-2015-9235 MISC MISC MISC MISC |
barretts -- node-iedriver |
iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-31 | not yet calculated | CVE-2016-10562 MISC |
bem-archive -- imageoptim |
imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10596 MISC |
bionode -- bionode-sra |
bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | 2018-06-01 | not yet calculated | CVE-2016-10613 MISC |
bitmain -- antminer_d3_and_l3+_and_s9_devices |
Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Execution via the system restore function. | 2018-05-31 | not yet calculated | CVE-2018-11220 EXPLOIT-DB |
bloodaxe -- npm-native-opencv |
native-opencv is the OpenCV library installed via npm native-opencv downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-29 | not yet calculated | CVE-2016-10658 MISC |
bluesmoon -- node-geoip |
adamvr-geoip-lite is a light weight native JavaScript implementation of GeoIP API from MaxMind adamvr-geoip-lite downloads geoip resources over HTTP, which leaves it vulnerable to MITM attacks. This impacts the integrity and availability of this geoip data that may alter the decisions made by an application using this data. | 2018-05-29 | not yet calculated | CVE-2016-10680 MISC |
bmw -- multiple_vehicles | The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network. | 2018-05-31 | not yet calculated | CVE-2018-9318 BID MISC MISC |
bmw -- multiple_vehicles |
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware updates, and consequently obtain a root shell. | 2018-05-31 | not yet calculated | CVE-2018-9322 BID MISC MISC |
bmw -- multiple_vehicles |
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a remote attack via Bluetooth when in pairing mode, leading to a Head Unit reboot. | 2018-05-31 | not yet calculated | CVE-2018-9313 BID MISC MISC |
bmw -- multiple_vehicles |
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in. | 2018-05-31 | not yet calculated | CVE-2018-9320 BID MISC MISC |
bmw -- multiple_vehicles |
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in. | 2018-05-31 | not yet calculated | CVE-2018-9312 BID MISC MISC |
bmw -- multiple_vehicles |
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows an attack by an attacker who has direct physical access. | 2018-05-31 | not yet calculated | CVE-2018-9314 BID MISC MISC |
bmw -- multiple_vehicles |
The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network. | 2018-05-31 | not yet calculated | CVE-2018-9311 BID MISC MISC |
broccoli -- broccoli |
broccoli-closure is a Closure compiler plugin for Broccoli. broccoli-closure before 1.3.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-29 | not yet calculated | CVE-2016-10635 MISC |
brother -- hl-l2340d_and_hl-l2380dw_series_printers |
Cross-site scripting (XSS) vulnerability on Brother HL-L2340D and HL-L2380DW series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html. | 2018-06-01 | not yet calculated | CVE-2018-11581 MISC |
bulain -- grunt-webdriver-qunit |
grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in grunt grunt-webdriver-qunit downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10606 MISC |
caspervonb -- bitty |
Bitty is a development web server tool that functions similar to `python -m SimpleHTTPServer`. Version 0.2.10 has a directory traversal vulnerability that is exploitable via the URL path in GET requests. | 2018-05-31 | not yet calculated | CVE-2016-10561 MISC |
clippercms -- clippercms |
ClipperCMS 1.3.3 allows Session Fixation. | 2018-05-30 | not yet calculated | CVE-2018-11571 MISC |
clippercms -- clippercms |
ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -> Manage modules -> edit" action to the manager/ URI. | 2018-05-30 | not yet calculated | CVE-2018-11572 MISC |
cloudcmd -- console-io |
console-io is a module that allows users to implement a web console in their application. A malicious user could bypass the authentication and execute any command that the user who is running the console-io application 2.2.13 and earlier is able to run. This means that if console-io was running from root, the attacker would have full access to the system. This vulnerability exists because the console-io application does not configure socket.io to require authentication, which allows a malicious user to connect via a websocket to send commands and receive the response. | 2018-05-31 | not yet calculated | CVE-2016-10532 MISC |
cmseasy -- cmseasy |
An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin. | 2018-06-02 | not yet calculated | CVE-2018-11679 MISC MISC |
cmseasy -- cmseasy |
An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate. | 2018-06-02 | not yet calculated | CVE-2018-11680 MISC |
cnpm -- node-operadriver |
operadriver is a Opera Driver for Selenium. operadriver versions below 0.2.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-31 | not yet calculated | CVE-2016-10565 MISC |
cobalt-cli -- cobalt-cli |
cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks. | 2018-06-01 | not yet calculated | CVE-2016-10597 MISC |
codecanyon.net -- easyservice_billing |
The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0. | 2018-05-25 | not yet calculated | CVE-2018-11443 MISC EXPLOIT-DB |
codecanyon.net -- easyservice_billing |
A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role. | 2018-05-25 | not yet calculated | CVE-2018-11445 MISC EXPLOIT-DB |
codecanyon.net -- easyservice_billing |
A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0. | 2018-05-25 | not yet calculated | CVE-2018-11444 MISC EXPLOIT-DB |
codecanyon.net -- easyservice_billing |
A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation. | 2018-05-25 | not yet calculated | CVE-2018-11442 MISC EXPLOIT-DB |
coderaiser -- node-restafary |
restafary is a REpresentful State Transfer API for Creating, Reading, Using, Deleting files on a server from the web. Restafary before 1.6.1 is able to set up a root path, which should only allow it to run inside of that root path it specified. | 2018-05-31 | not yet calculated | CVE-2016-10528 MISC |
connected-web -- product-monitor |
product-monitor is a HTML/JavaScript template for monitoring a product by encouraging product developers to gather all the information about the status of a product, including live monitoring, statistics, endpoints, and test results into one place. product-monitor versions below 2.2.5 download JavaScript resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-29 | not yet calculated | CVE-2016-10567 MISC |
creatiwity -- witycms |
Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general. | 2018-05-28 | not yet calculated | CVE-2018-11512 MISC MISC EXPLOIT-DB |
cscms -- cscms |
An issue was discovered in CScms v4.1. A Cross-site request forgery (CSRF) vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator's username and password via /admin.php/sys/editpass_save. | 2018-05-29 | not yet calculated | CVE-2018-11527 MISC |
dalekjs -- dalek-browser-chrome |
dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10604 MISC |
dalekjs -- dalek-browser-chrome-canary |
dalek-browser-chrome-canary provides Google Chrome bindings for DalekJS. dalek-browser-chrome-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-29 | not yet calculated | CVE-2016-10584 MISC |
dalekjs -- dalek-browser-ie |
dalek-browser-ie is Internet Explorer bindings for DalekJS. dalek-browser-ie downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10605 MISC |
dalekjs -- dalek-browser-ie |
dalek-browser-ie-canary is Internet Explorer bindings for DalekJS. dalek-browser-ie-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10612 MISC |
danielcardoso -- html-pages |
The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL. | 2018-05-29 | not yet calculated | CVE-2018-3744 MISC MISC |
danielfm -- jshamcrest | jshamcrest is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in to the emailAddress validator. | 2018-05-31 | not yet calculated | CVE-2016-10521 MISC |
dataiku -- dataiku_dss |
The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pictures visibility. | 2018-05-28 | not yet calculated | CVE-2018-10732 MISC MISC |
davidmarkclements -- install-nw |
install-nw is a module which quickly and robustly installs and caches NW.js. install-nw versions below 1.1.5 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-29 | not yet calculated | CVE-2016-10566 MISC |
dchem -- node-ibapi |
ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-29 | not yet calculated | CVE-2016-10593 MISC |
dcodeio -- closurecompiler.js |
closurecompiler is a Closure Compiler for node.js. closurecompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10582 MISC |
ddopson -- node-sauce-connect |
sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar program for establishing a secure tunnel for intranet testing. sauce-connect downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10599 MISC |
dell_emc -- recoverpoint_and_recoverpoint_for_vms |
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. An authenticated malicious user with access to the RecoverPoint log files may obtain the exposed LDAP password to use it in further attacks. | 2018-05-29 | not yet calculated | CVE-2018-1241 FULLDISC BID |
dell_emc -- recoverpoint_and_recoverpoint_for_vms |
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to execute arbitrary commands on the affected system with root privilege. | 2018-05-29 | not yet calculated | CVE-2018-1235 FULLDISC BID |
dell_emc -- recoverpoint_and_recoverpoint_for_vms |
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files that require root permission cannot be read. | 2018-05-29 | not yet calculated | CVE-2018-1242 FULLDISC BID |
delta_electronics -- automation_tpeditor |
In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution. | 2018-05-25 | not yet calculated | CVE-2018-8871 BID MISC |
dirtyhairy -- node-libxl |
libxl provides Node bindings for the libxl library for reading and writing excel (XLS and XLSX) spreadsheets. libxl downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10585 MISC |
domainmod -- domainmod |
DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter. | 2018-05-30 | not yet calculated | CVE-2018-11559 MISC |
domainmod -- domainmod |
DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_first_name parameter. | 2018-05-30 | not yet calculated | CVE-2018-11558 MISC |
dtao -- fancy-server |
Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory. | 2018-05-31 | not yet calculated | CVE-2014-10066 MISC |
dtsearch -- dtsearch |
A stack exhaustion vulnerability in the search function of dtSearch 7.90.8538.1 and prior allows remote attackers to cause a denial of service condition by sending a specially crafted HTTP request. | 2018-05-29 | not yet calculated | CVE-2018-11488 MISC MISC MISC |
dwyl -- hapi-auth-jwt2 |
When attempting to allow authentication mode `try` in hapi, hapi-auth-jwt2 version 5.1.1 introduced an issue whereby people could bypass authentication. | 2018-05-29 | not yet calculated | CVE-2016-10525 MISC MISC MISC |
electron-userland -- electron-packager |
electron-packager is a command line tool that packages Electron source code into `.app` and `.exe` packages. along with Electron. The `--strict-ssl` command line option in electron-packager >= 5.2.1 <= 6.0.0 || >=6.0.0 <= 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a man in the middle attack. | 2018-05-31 | not yet calculated | CVE-2016-10534 MISC MISC |
ems_software -- ems_master_calendar |
Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS. | 2018-06-01 | not yet calculated | CVE-2018-11628 MISC MISC |
eosio -- eos |
An issue was discovered in EOS.IO DAWN 4.2. plugins/net_plugin/net_plugin.cpp does not limit the number of P2P connections from the same source IP address. | 2018-05-29 | not yet calculated | CVE-2018-11548 MISC |
espruino -- espruino |
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Information Disclosure with user crafted input files via a Buffer Overflow or Out-of-bounds Read during syntax parsing of certain for loops in jsparse.c. | 2018-05-31 | not yet calculated | CVE-2018-11598 MISC MISC MISC MISC MISC |
espruino -- espruino |
Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via an Out-of-bounds Read during syntax parsing in which certain height validation is missing in libs/graphics/jswrap_graphics.c. | 2018-05-31 | not yet calculated | CVE-2018-11592 MISC MISC MISC |
espruino -- espruino |
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and potential Information Disclosure with a user crafted input file via a Buffer Overflow during syntax parsing because strncpy is misused in jslex.c. | 2018-05-31 | not yet calculated | CVE-2018-11593 MISC MISC MISC |
espruino -- espruino |
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing of "VOID" tokens in jsparse.c. | 2018-05-31 | not yet calculated | CVE-2018-11594 MISC MISC MISC |
espruino -- espruino |
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because a check for '\0' is made for the wrong array element in jsvar.c. | 2018-05-31 | not yet calculated | CVE-2018-11596 MISC MISC |
espruino -- espruino |
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because of a missing check for stack exhaustion with many '{' characters in jsparse.c. | 2018-05-31 | not yet calculated | CVE-2018-11597 MISC MISC |
espruino -- espruino |
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Escalation of Privileges with a user crafted input file via a Buffer Overflow during syntax parsing, because strncat is misused. | 2018-05-31 | not yet calculated | CVE-2018-11595 MISC MISC MISC MISC MISC |
espruino -- espruino |
Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via a NULL pointer dereference during syntax parsing. This was addressed by adding validation for a debug trace print statement in jsvar.c. | 2018-05-31 | not yet calculated | CVE-2018-11591 MISC MISC MISC |
espruino -- espruino |
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via an integer overflow during syntax parsing. This was addressed by fixing stack size detection on Linux in jsutils.c. | 2018-05-31 | not yet calculated | CVE-2018-11590 MISC MISC MISC |
eversport -- node-unicodetable |
unicode loads unicode data downloaded from unicode.org into nodejs. Unicode before 9.0.0 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. | 2018-05-29 | not yet calculated | CVE-2016-10578 MISC |
exiv2 -- exiv2 |
Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. | 2018-05-29 | not yet calculated | CVE-2018-11531 CONFIRM |
f5 -- big-ip |
A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxied traffic, or other potentially sensitive customer data. | 2018-06-01 | not yet calculated | CVE-2018-5525 SECTRACK CONFIRM |
f5 -- big-ip |
Under certain conditions, on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.6.1 HF2-11.6.3.1, virtual servers configured with Client SSL or Server SSL profiles which make use of network hardware security module (HSM) functionality are exposed and impacted by this issue. | 2018-06-01 | not yet calculated | CVE-2018-5524 SECTRACK CONFIRM |
f5 -- big-ip |
On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impacted by this issue. | 2018-06-01 | not yet calculated | CVE-2018-5513 SECTRACK CONFIRM |
f5 -- big-ip |
Under certain conditions, on F5 BIG-IP ASM 13.1.0-13.1.0.5, Behavioral DOS (BADOS) protection may fail during an attack. | 2018-06-01 | not yet calculated | CVE-2018-5526 SECTRACK CONFIRM |
f5 -- big-ip |
Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a "Zip Bomb" attack. | 2018-06-01 | not yet calculated | CVE-2017-6153 SECTRACK CONFIRM |
f5 -- big-ip |
On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS. | 2018-06-01 | not yet calculated | CVE-2018-5521 SECTRACK CONFIRM |
f5 -- big-ip |
On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. | 2018-06-01 | not yet calculated | CVE-2018-5523 SECTRACK SECTRACK CONFIRM |
f5 -- big-ip |
On F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, when processing DIAMETER transactions with carefully crafted attribute-value pairs, TMM may crash. | 2018-06-01 | not yet calculated | CVE-2018-5522 CONFIRM |
felixrieseberg -- windows-build-tools |
windows-build-tools is a module for installing C++ Build Tools for Windows using npm. windows-build-tools versions below 1.0.0 download resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-29 | not yet calculated | CVE-2017-16003 MISC MISC |
fengmk2 -- node-curl |
httpsync is a port of libcurl to node.js. httpsync downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10614 MISC |
fibjs -- fibjs |
fibjs is a runtime for javascript applictions built on google v8 JS. fibjs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10621 MISC |
flif-hub -- flif |
An issue was discovered in Free Lossless Image Format (FLIF) 0.3. An attacker can trigger a long loop in image_load_pnm in image/image-pnm.cpp. | 2018-05-28 | not yet calculated | CVE-2018-11507 MISC |
florianholzapfel -- express-restify-mongoose |
express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send a request for `GET /User?distinct=password` and get all the passwords for all the users in the database, despite the field being set to private. This can be used for other private data if the malicious user knew what was set as private for specific routes. | 2018-05-31 | not yet calculated | CVE-2016-10533 MISC MISC |
fortinet -- fortiauthenticator |
A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator below 5.3.0 versions "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header. | 2018-05-31 | not yet calculated | CVE-2018-9186 CONFIRM |
fortinet -- fortios |
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal. | 2018-05-25 | not yet calculated | CVE-2017-14185 BID CONFIRM |
fresc81 -- node-curses |
curses is bindings for the native curses library, a full featured console IO library. curses downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10615 MISC |
gaelb -- massif |
massif is a Phantomjs fork massif downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-29 | not yet calculated | CVE-2016-10682 MISC |
gaoxuyan -- gaoxuyan | gaoxuyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | 2018-05-29 | not yet calculated | CVE-2017-16153 MISC MISC |
gergelyke -- apk-parser2 |
apk-parser2 is a module which extracts Android Manifest info from an APK file. apk-parser2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10632 MISC |
giflib -- giflib |
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact. | 2018-05-26 | not yet calculated | CVE-2018-11490 BID MISC |
giflib -- giflib |
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact. | 2018-05-26 | not yet calculated | CVE-2018-11489 BID MISC |
giggio -- node-chromedriver |
Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver before 2.26.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10579 MISC |
git -- git |
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. | 2018-05-30 | not yet calculated | CVE-2018-11233 BID SECTRACK MISC |
git -- git |
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. | 2018-05-30 | not yet calculated | CVE-2018-11235 BID SECTRACK MISC MISC DEBIAN EXPLOIT-DB |
gitlab -- community_edition_and_enterprise_edition |
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability. | 2018-05-31 | not yet calculated | CVE-2018-10379 CONFIRM |
google -- android |
The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings. | 2018-05-29 | not yet calculated | CVE-2018-11544 MISC |
google -- android |
The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output. | 2018-05-26 | not yet calculated | CVE-2018-11505 MISC EXPLOIT-DB |
graphviz -- graphviz |
NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file. | 2018-05-30 | not yet calculated | CVE-2018-10196 CONFIRM MISC FEDORA FEDORA |
graylog -- graylog |
Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js. | 2018-06-01 | not yet calculated | CVE-2018-11650 MISC MISC |
graylog -- graylog |
Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.jsx, components/dashboard/EditDashboardModal.jsx, and pages/ShowDashboardPage.jsx. | 2018-06-01 | not yet calculated | CVE-2018-11651 MISC MISC |
greencms -- greencms |
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin account via index.php?m=admin&c=access&a=adduserhandle. | 2018-06-01 | not yet calculated | CVE-2018-11671 MISC |
greencms -- greencms |
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to execute arbitrary PHP code via the content parameter to index.php?m=admin&c=media&a=fileconnect. | 2018-06-01 | not yet calculated | CVE-2018-11670 MISC |
groupon -- selenium-download |
selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-29 | not yet calculated | CVE-2016-10559 MISC |
hakatashi -- kindlegen |
Kindlegen is a simple Node.js wrapper of the official kindlegen program. Kindlegen versions before 1.1.0 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10575 MISC |
hapijs -- hapi |
Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. Instead of sending a HTTP 500 error back to the sender, hapi node module before 11.1.3 will continue to hold the socket open until timed out (default node timeout is 2 minutes). | 2018-05-29 | not yet calculated | CVE-2015-9241 MISC MISC MISC |
hapijs -- hapi |
call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call versions 2.0.1-3.0.1 that does not validate empty parameters, which could result in invalid input bypassing the route validation rules. | 2018-05-31 | not yet calculated | CVE-2016-10543 MISC MISC |
hapijs -- hapi |
Hapi versions less than 11.0.0 implement CORS incorrectly and allowed for configurations that at best returned inconsistent headers and at worst allowed cross-origin activities that were expected to be forbidden. If the connection has CORS enabled but one route has it off, and the route is not GET, the OPTIONS prefetch request will return the default CORS headers and then the actual request will go through and return no CORS headers. This defeats the purpose of turning CORS on the route. | 2018-05-31 | not yet calculated | CVE-2015-9236 MISC MISC MISC |
hapijs -- hapi |
When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have those restrictions overridden by less restrictive defaults (e.g. origin defaults to all origins `*`). | 2018-05-29 | not yet calculated | CVE-2015-9243 MISC MISC |
hapijs -- inert |
The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when `showHidden` is false. | 2018-05-29 | not yet calculated | CVE-2014-10068 MISC MISC MISC |
haproxy -- haproxy |
Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function. | 2018-05-25 | not yet calculated | CVE-2018-11469 BID CONFIRM UBUNTU |
haxefoundation -- npm-haxe |
haxe is a cross-platform toolkit haxe downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10602 MISC |
hcl -- ivr_systems |
A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller's physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller's earpiece). | 2018-05-30 | not yet calculated | CVE-2018-11518 MISC MISC MISC MISC |
headless-browser-lite -- headless-browser-lite |
headless-browser-lite is a minimal npm installer for phantomjs and slimerjs with no external dependencies. headless-browser-lite downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10625 MISC |
hekto -- hekto |
Open redirect in hekto <=0.2.3 when target domain name is used as html filename on server. | 2018-06-01 | not yet calculated | CVE-2018-3743 MISC |
hokaccha -- jwt-simple |
Since "algorithm" isn't enforced in jwt.decode()in jwt-simple 0.3.0 and earlier, a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants. | 2018-05-31 | not yet calculated | CVE-2016-10555 MISC MISC MISC MISC |
huawei -- espace_desktop |
There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the eSpace Desktop to hang up, and the function will restore to normal after restarting the eSpace Desktop. | 2018-06-01 | not yet calculated | CVE-2018-7976 CONFIRM |
huawei -- multiple_smart_phones |
Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processing of malicious parameters. An attacker may trick a target user into installing a malicious APK and launch attacks using a pre-installed app with specific permissions. Successful exploit could allow the app to send specific parameters to the smart phone driver, which will result in system restart. | 2018-06-01 | not yet calculated | CVE-2017-17171 CONFIRM |
huawei -- servers |
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users. | 2018-06-01 | not yet calculated | CVE-2018-7949 CONFIRM |
huawei -- servers |
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system. | 2018-06-01 | not yet calculated | CVE-2018-7951 CONFIRM |
huawei -- servers |
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system. | 2018-06-01 | not yet calculated | CVE-2018-7950 CONFIRM |
hue -- hue |
Hue 3.12 has XSS via the /pig/save/ name and script parameters. | 2018-06-01 | not yet calculated | CVE-2018-11649 MISC |
hyperledger -- iroha |
Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block signature verification bypass in the transaction and block validator allowing a single node to sign a transaction and/or block multiple times, each with a random nonce, and have other validating nodes accept them as separate valid signatures. | 2018-06-01 | not yet calculated | CVE-2018-3756 CONFIRM |
hypery2k -- galenframework-cli |
galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-31 | not yet calculated | CVE-2016-10560 MISC |
i18next -- i18next |
i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but is not. This vulnerability affects i18next 2.0.0 and later. | 2018-05-29 | not yet calculated | CVE-2017-16010 MISC MISC |
ibm -- api_connect |
IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 142430. | 2018-05-31 | not yet calculated | CVE-2018-1532 CONFIRM XF |
ibm -- content_navigator |
IBM Content Navigator 2.0.3, 3.0.0, 3.0.1, 3.0.2, and 3.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141219. | 2018-05-31 | not yet calculated | CVE-2018-1496 CONFIRM XF |
ibm -- db2_for_linux_and_unix_and_windows |
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140045. | 2018-05-25 | not yet calculated | CVE-2018-1450 CONFIRM XF |
ibm -- flashsystem_v840_and_v900_products |
IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148. | 2018-05-29 | not yet calculated | CVE-2018-1495 CONFIRM CONFIRM XF |
ibm -- security_guardium_big_data_intelligence |
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 137767. | 2018-05-29 | not yet calculated | CVE-2018-1369 CONFIRM XF |
ibm -- security_guardium_big_data_intelligence |
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137777. | 2018-05-29 | not yet calculated | CVE-2018-1376 CONFIRM XF |
ibm -- security_guardium_big_data_intelligence |
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 137769. | 2018-05-29 | not yet calculated | CVE-2018-1370 CONFIRM XF |
ibm -- security_guardium_big_data_intelligence |
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 137776. | 2018-05-29 | not yet calculated | CVE-2018-1375 CONFIRM XF |
ibm -- security_guardium_big_data_intelligence |
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 136471. | 2018-05-29 | not yet calculated | CVE-2017-1768 CONFIRM XF |
ibm -- storwize_v7000_unified_management_web_interface |
The IBM Storwize V7000 Unified management Web interface 1.6 exposes internal cluster details to unauthenticated users. IBM X-Force ID: 140398. | 2018-05-25 | not yet calculated | CVE-2018-1467 CONFIRM BID XF |
ibm -- urbancode_deploy | IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547. | 2018-05-25 | not yet calculated | CVE-2017-1752 CONFIRM BID XF |
ibmdb -- node-ibm_db |
ibm_db is an asynchronous/synchronous interface for node.js to IBM DB2 and IBM Informix. ibm_db before 1.0.2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-29 | not yet calculated | CVE-2016-10577 MISC MISC |
igniteui -- igniteui |
igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol. | 2018-05-31 | not yet calculated | CVE-2016-10552 MISC |
imagemagick -- imagemagick | In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file. | 2018-06-01 | not yet calculated | CVE-2018-11656 CONFIRM |
imagemagick -- imagemagick |
In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file. | 2018-05-31 | not yet calculated | CVE-2018-11624 MISC |
imagemagick -- imagemagick |
In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file. | 2018-06-01 | not yet calculated | CVE-2018-11655 CONFIRM |
imagemagick -- imagemagick |
In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file. | 2018-05-31 | not yet calculated | CVE-2018-11625 MISC |
imsobear -- node-browser |
node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks. | 2018-06-01 | not yet calculated | CVE-2016-10618 MISC |
install-g-test -- install-g-test |
install-g-test downloads resources over HTTP, which leaves it vulnerable to MITM attacks. | 2018-06-01 | not yet calculated | CVE-2016-10630 MISC |
ipfs -- npm-go-ipfs-dep |
During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this module and could allow for further compromise. | 2018-05-31 | not yet calculated | CVE-2016-10563 MISC MISC |
isaacs -- csrf-lite |
csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enables an attacker to guess the secret in no more than (16*18)288 guesses, instead of the 16^18 guesses required were the timing attack not present. | 2018-05-31 | not yet calculated | CVE-2016-10535 MISC MISC |
isaacs -- minimatch |
Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter. | 2018-05-31 | not yet calculated | CVE-2016-10540 MISC |
janpot -- mongodb-instance |
mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instance downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-31 | not yet calculated | CVE-2016-10572 MISC |
jashkenas -- backbone |
backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the `Model#Escape` function of backbone 0.3.3 and earlier, if a user is able to supply input. This is due to the regex that's replacing things to miss the conversion of things such as `<` to `<`. | 2018-05-31 | not yet calculated | CVE-2016-10537 MISC MISC |
jefflembeck -- pngcrush-installer |
pngcrush-installer is an installer for Pngcrush. pngcrush-installer versions below 1.8.10 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-29 | not yet calculated | CVE-2016-10570 MISC |
jfhbrook -- node-ecstatic |
Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header. | 2018-05-29 | not yet calculated | CVE-2015-9242 MISC MISC MISC |
jigowatt -- php_login_&_user_management |
An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt "PHP Login & User Management" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user to upload .php files to the web server via a profile avatar field. This results in arbitrary code execution by requesting the .php file. | 2018-05-29 | not yet calculated | CVE-2018-11392 MISC BUGTRAQ CONFIRM |
jonschlinkert -- remarkable |
Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content. | 2018-05-31 | not yet calculated | CVE-2014-10065 MISC MISC |
jser -- jser-stat |
jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | 2018-06-01 | not yet calculated | CVE-2016-10592 MISC MISC |
jshttp -- negotiator |
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string. | 2018-05-31 | not yet calculated | CVE-2016-10539 MISC |
jugglinmike -- selenium-chromedriver |
selenium-chromedriver is a simple utility for downloading the Selenium Webdriver for Google Chrome selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10624 MISC |
jvminstall -- jvminstall |
jvminstall is a module for downloading and unpacking jvm to local system. jvminstall downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10631 MISC |
k-kinzal -- scala-bin |
scala-bin is a binary wrapper for Scala. scala-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-29 | not yet calculated | CVE-2016-10627 MISC |
k-kinzal -- scalajs-standalone-bin |
scala-standalone-bin is a Binary wrapper for ScalaJS. scala-standalone-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10634 MISC |
karimsa -- pennyworth |
pennyworth is a natural language templating engine. pennyworth downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | 2018-06-01 | not yet calculated | CVE-2016-10619 MISC |
keystonejs -- keystone |
Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. A correct password is still required to complete sign in. | 2018-05-29 | not yet calculated | CVE-2015-9240 MISC |
killmag10 -- nodeschnaps |
nodeschnaps is a NodeJS compatibility layer for Java (Rhino). nodeschnaps downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10622 MISC |
koorchik -- node-mystem3 |
mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10626 MISC |
kubernetes -- kubernetes |
In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files. | 2018-06-01 | not yet calculated | CVE-2018-1002100 CONFIRM CONFIRM MISC |
legion_of_the_bouncy_castle -- bouncy_castle_jce_provider | In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure. | 2018-06-01 | not yet calculated | CVE-2016-1000338 CONFIRM |
liblouis -- liblouis |
Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. | 2018-05-30 | not yet calculated | CVE-2018-11577 MISC MISC |
liblouis -- liblouis |
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c. | 2018-05-25 | not yet calculated | CVE-2018-11440 BID MISC |
libmobi -- libmobi |
The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file. | 2018-05-30 | not yet calculated | CVE-2018-11437 FULLDISC |
libmobi -- libmobi |
The buffer_addraw function in buffer.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file. | 2018-05-30 | not yet calculated | CVE-2018-11436 FULLDISC |
libmobi -- libmobi |
The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allows remote attackers to cause remote code execution (heap-based buffer overflow) via a crafted mobi file. | 2018-05-30 | not yet calculated | CVE-2018-11438 FULLDISC |
libmobi -- libmobi |
The mobi_parse_mobiheader function in read.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file. | 2018-05-30 | not yet calculated | CVE-2018-11432 FULLDISC |
libmobi -- libmobi |
The mobi_decompress_huffman_internal function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file. | 2018-05-30 | not yet calculated | CVE-2018-11435 FULLDISC |
libmobi -- libmobi |
The mobi_get_kf8boundary_seqnumber function in util.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file. | 2018-05-30 | not yet calculated | CVE-2018-11433 FULLDISC |
libmobi -- libmobi |
The buffer_fill64 function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file. | 2018-05-30 | not yet calculated | CVE-2018-11434 FULLDISC |
liluo -- ipip |
ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | 2018-06-01 | not yet calculated | CVE-2016-10594 MISC |
linux -- linux_kernel |
The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex. | 2018-05-28 | not yet calculated | CVE-2018-11508 MISC BID MISC MISC MISC |
linux -- linux_kernel |
The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call. | 2018-05-28 | not yet calculated | CVE-2018-11506 MISC MISC MISC |
little_cms -- little_cms |
tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file. | 2018-05-30 | not yet calculated | CVE-2018-11556 MISC MISC |
little_cms -- little_cms |
tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file. | 2018-05-30 | not yet calculated | CVE-2018-11555 MISC MISC |
ljharb -- qs |
The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example, in a web application, other requests would not be processed while this blocking is occurring. | 2018-05-31 | not yet calculated | CVE-2014-10064 MISC |
lutron_electronics -- multiple_products |
Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y. | 2018-06-02 | not yet calculated | CVE-2018-11681 MISC |
lutron_electronics -- multiple_products |
Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y. | 2018-06-02 | not yet calculated | CVE-2018-11682 MISC |
lutron_electronics -- multiple_products |
Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y. | 2018-06-02 | not yet calculated | CVE-2018-11629 MISC |
macacajs -- macaca-chromedriver |
macaca-chromedriver-zxa is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver-zxa downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10623 MISC |
macacajs -- macaca-chromedriver |
macaca-chromedriver is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver before 1.0.29 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-29 | not yet calculated | CVE-2016-10586 MISC |
mahara -- mahara |
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara credentials. | 2018-06-01 | not yet calculated | CVE-2018-11195 CONFIRM CONFIRM |
mahara -- mahara |
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning the usernames that are already taken by people registered in the system rather than masking that information. | 2018-05-30 | not yet calculated | CVE-2018-11565 CONFIRM CONFIRM |
mahara -- mahara |
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 can be used as medium to transmit viruses by placing infected files into a Leap2A archive and uploading that to Mahara. In contrast to other ZIP files that are uploaded, ClamAV (when activated) does not check Leap2A archives for viruses, allowing malicious files to be available for download. While files cannot be executed on Mahara itself, Mahara can be used to transfer such files to user computers. | 2018-06-01 | not yet calculated | CVE-2018-11196 CONFIRM CONFIRM |
markedjs -- marked |
marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (`sanitize: true`) to inject a `javascript:` URL. This flaw exists because `&#xNNanything;` gets parsed to what it could and leaves the rest behind, resulting in just `anything;` being left. | 2018-05-31 | not yet calculated | CVE-2016-10531 MISC MISC MISC |
mcafee -- data_loss_prevention_endpoint |
Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility. | 2018-05-25 | not yet calculated | CVE-2018-6664 BID SECTRACK CONFIRM |
md4c -- md4c | md_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based buffer over-read because md_is_link_label mishandles loop termination. | 2018-05-29 | not yet calculated | CVE-2018-11547 MISC |
md4c -- md4c |
md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one error. | 2018-05-29 | not yet calculated | CVE-2018-11546 MISC |
md4c -- md4c |
md4c before 0.2.5 has a heap-based buffer overflow because md_split_simple_pairing_mark mishandles splits. | 2018-05-29 | not yet calculated | CVE-2018-11536 MISC |
md4c -- md4c |
md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because md_is_link_label mishandles the case of a link label composed solely of backslash escapes. | 2018-05-29 | not yet calculated | CVE-2018-11545 MISC |
miniupnp -- ngiflib |
ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in DecodeGifImg. | 2018-05-30 | not yet calculated | CVE-2018-11575 MISC MISC |
miniupnp -- ngiflib |
ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg and LoadGif. | 2018-06-01 | not yet calculated | CVE-2018-11657 MISC |
miniupnp -- ngiflib |
GifIndexToTrueColor in ngiflib.c in MiniUPnP ngiflib 0.4 has a Segmentation fault. | 2018-05-30 | not yet calculated | CVE-2018-11578 MISC MISC |
miniupnp -- ngiflib |
ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor. | 2018-05-30 | not yet calculated | CVE-2018-11576 MISC MISC |
misp -- misp |
An issue was discovered in MISP 2.4.91. A vulnerability in app/View/Elements/eventattribute.ctp allows reflected XSS if a user clicks on a malicious link for an event view and then clicks on the deleted attributes quick filter. | 2018-05-30 | not yet calculated | CVE-2018-11562 CONFIRM |
modx -- revolution |
MODX Revolution 2.6.3 has XSS. | 2018-06-01 | not yet calculated | CVE-2018-10382 CONFIRM CONFIRM |
moodle -- moodle | An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection. | 2018-05-25 | not yet calculated | CVE-2018-1133 BID CONFIRM |
moodle -- moodle |
An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL. | 2018-05-25 | not yet calculated | CVE-2018-1135 BID CONFIRM |
moodle -- moodle |
An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL. | 2018-05-25 | not yet calculated | CVE-2018-1134 BID CONFIRM |
moodle -- moodle |
An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users. | 2018-05-25 | not yet calculated | CVE-2018-1136 BID CONFIRM |
moodle -- moodle |
An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack. | 2018-05-25 | not yet calculated | CVE-2018-1137 BID CONFIRM |
moox -- reduce-css-calc |
Arbitrary code execution is possible in reduce-css-calc node module <=1.2.4 through crafted css. This makes cross sites scripting (XSS) possible on the client and arbitrary code injection possible on the server and user input is passed to the `calc` function. | 2018-05-31 | not yet calculated | CVE-2016-10548 MISC MISC |
mozilla -- nunjucks |
Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as `name[]=<script>alert(1)</script>`, it is possible to bypass autoescaping and inject content into the DOM. | 2018-05-31 | not yet calculated | CVE-2016-10547 MISC MISC MISC |
mqttjs -- mqtt-packet |
MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted MQTT packets to crash the application, making a DoS attack feasible with very little bandwidth. | 2018-05-31 | not yet calculated | CVE-2016-10523 MISC MISC MISC |
mybb -- mybb |
An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. The XSS is located in the mod notes textarea. | 2018-05-28 | not yet calculated | CVE-2018-11430 EXPLOIT-DB |
mybb -- mybb |
An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field. | 2018-05-29 | not yet calculated | CVE-2018-11532 MISC EXPLOIT-DB |
myscada -- mypro |
mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010. | 2018-05-28 | not yet calculated | CVE-2018-11517 MISC MISC |
mysqljs -- mysqljs |
mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | 2018-05-29 | not yet calculated | CVE-2017-16047 MISC |
mysqljs -- mysql |
Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection. | 2018-05-29 | not yet calculated | CVE-2015-9244 MISC MISC |
natus -- xltek_neuroworks_8 | An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. | 2018-06-01 | not yet calculated | CVE-2017-2858 MISC |
natus -- xltek_neuroworks_8 |
An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. | 2018-06-01 | not yet calculated | CVE-2017-2852 MISC |
natus -- xltek_neuroworks_8 |
An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. | 2018-06-01 | not yet calculated | CVE-2017-2860 MISC |
nch_software -- axon_pbx |
There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable application. | 2018-06-01 | not yet calculated | CVE-2018-11552 FULLDISC |
nch_software -- axon_pbx |
AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file is loaded by 'pbxsetup.exe' improperly. | 2018-06-01 | not yet calculated | CVE-2018-11551 FULLDISC |
nikto -- nikto |
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report. | 2018-06-01 | not yet calculated | CVE-2018-11652 MISC |
node-js-libs -- cli |
The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to. | 2018-05-31 | not yet calculated | CVE-2016-10538 MISC MISC MISC |
node-tkinter -- node-tkinter |
node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | 2018-05-29 | not yet calculated | CVE-2017-16062 MISC |
nodeca -- embedza |
embedza is a module to create HTML snippets/embeds from URLs using info from oEmbed, Open Graph, meta tags. embedza versions below 1.2.4 download JavaScript resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-31 | not yet calculated | CVE-2016-10569 MISC |
ntfserver -- ntfserver |
ntfserver is a Network Testing Framework Server. ntfserver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-29 | not yet calculated | CVE-2016-10650 MISC |
nuuo -- nvrmini_2_devices |
upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files. | 2018-05-29 | not yet calculated | CVE-2018-11523 MISC EXPLOIT-DB |
nwjs -- nw |
nw is an installer for nw.js. nw downloads zipped resources over HTTP, It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10588 MISC |
oliversalzburg -- i18n-node-angular |
i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of Service or content injection. | 2018-05-31 | not yet calculated | CVE-2016-10524 MISC MISC |
omphalos -- crud-file-server |
crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path. | 2018-05-29 | not yet calculated | CVE-2018-3733 MISC MISC |
openframeproject -- openframe-glslviewer |
openframe-glsviewer is a Openframe extension which adds support for shaders via glslViewer. openframe-glsviewer downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10607 MISC |
openframeproject -- openframe-image |
openframe-image is an Openframe extension which adds support for images via fbi. openframe-image downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | 2018-06-01 | not yet calculated | CVE-2016-10616 MISC |
openlayers -- closure-util |
closure-utils is Utilities for Closure Library based projects. closure-utils downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10583 MISC |
pdf-image -- pdf-image |
Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter. | 2018-06-01 | not yet calculated | CVE-2018-3757 CONFIRM MISC |
pdfinfojs -- pdfinfojs |
The pdfinfojs NPM module versions <= 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine. | 2018-06-01 | not yet calculated | CVE-2018-3746 MISC |
phpscriptsmall.com -- naukri_clone_script |
PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dangerous Type in edit_resume_det.php, as demonstrated by changing .docx to .php. | 2018-05-28 | not yet calculated | CVE-2018-11514 MISC |
poco -- poco |
poco - The POCO libraries, downloads source file resources used for compilation over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-29 | not yet calculated | CVE-2016-10659 MISC |
pouchdb -- pouchdb |
An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands. | 2018-05-31 | not yet calculated | CVE-2016-10546 MISC |
probablycorey -- atom-node-module-installer |
atom-node-module-installer installs node modules for atom-shell applications. atom-node-module-installer binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10620 MISC |
pulpiks -- node-mystem |
mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-29 | not yet calculated | CVE-2016-10698 MISC |
putaoshu -- jdf-sass |
jdf-sass is a fork from node-sass, jdf use only. jdf-sass downloads executable resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested file with an attacker controlled file if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10595 MISC |
quest -- dr_series_disk_backup | Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 29 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11171 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 21 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11163 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 23 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11165 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 24 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11166 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 25 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11167 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 22 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11164 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 20 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11162 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 18 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11160 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 19 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11161 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 26 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11168 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 27 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11169 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 33 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11175 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 34 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11176 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 32 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11174 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 31 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11173 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 28 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11170 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 30 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11172 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 17 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11159 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 16 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11158 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 6 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11148 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 7 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11149 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 5 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11147 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 4 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11146 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 1 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11143 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 3 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11145 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 8 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11150 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 9 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11151 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 14 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11156 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 15 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11157 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 13 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11155 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 12 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11154 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 10 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11152 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 11 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11153 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 35 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11177 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 2 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11144 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 46 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11188 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 45 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11187 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 43 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11185 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 42 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11184 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of 6). | 2018-06-01 | not yet calculated | CVE-2018-11189 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6). | 2018-06-01 | not yet calculated | CVE-2018-11190 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6). | 2018-06-01 | not yet calculated | CVE-2018-11194 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6). | 2018-06-01 | not yet calculated | CVE-2018-11193 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6). | 2018-06-01 | not yet calculated | CVE-2018-11192 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6). | 2018-06-01 | not yet calculated | CVE-2018-11191 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 41 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11183 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 44 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11186 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 39 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11181 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 37 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11179 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 36 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11178 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 40 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11182 MISC FULLDISC MISC |
quest -- dr_series_disk_backup |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 38 of 46). | 2018-06-01 | not yet calculated | CVE-2018-11180 MISC FULLDISC MISC |
quest -- kace_system_management_appliance |
The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks. | 2018-05-31 | not yet calculated | CVE-2018-11135 MISC |
quest -- kace_system_management_appliance |
The 'reportID' parameter received by the '/common/run_report.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, an error-based type). | 2018-05-31 | not yet calculated | CVE-2018-11140 MISC |
quest -- kace_system_management_appliance |
The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. This script is vulnerable to command injection via the unsanitized user input 'TEST_SERVER' sent to the script via the POST method. | 2018-05-31 | not yet calculated | CVE-2018-11139 MISC |
quest -- kace_system_management_appliance |
The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system. | 2018-05-31 | not yet calculated | CVE-2018-11138 MISC |
quest -- kace_system_management_appliance |
The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, a blind time-based type). | 2018-05-31 | not yet calculated | CVE-2018-11136 MISC |
quest -- kace_system_management_appliance |
The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script. | 2018-05-31 | not yet calculated | CVE-2018-11137 MISC |
quest -- kace_system_management_appliance |
In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue managed that runs with root privileges and only allows a set of commands. One of the available commands allows changing any user's password (including root). A low-privilege user could abuse this feature by changing the password of the 'kace_support' account, which comes disabled by default but has full sudo privileges. | 2018-05-31 | not yet calculated | CVE-2018-11134 MISC |
quest -- kace_system_management_appliance |
In order to perform actions that require higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue that runs daemonized with root privileges and only allows a set of commands to be executed. A command injection vulnerability exists within this message queue which allows low-privilege users to append arbitrary commands that will be run as root. | 2018-05-31 | not yet calculated | CVE-2018-11132 MISC |
quest -- kace_system_management_appliance |
The 'fmt' parameter of the '/common/run_cross_report.php' script in the the Quest KACE System Management Appliance 8.0.318 is vulnerable to cross-site scripting. | 2018-05-31 | not yet calculated | CVE-2018-11133 MISC |
quest -- kace_system_management_appliance |
The 'systemui/settings_network.php' and 'systemui/settings_patching.php' scripts in the Quest KACE System Management Appliance 8.0.318 are accessible only from localhost. This restriction can be bypassed by modifying the 'Host' and 'X_Forwarded_For' HTTP headers in a POST request. An anonymous user can abuse this vulnerability to execute critical functions without authorization. | 2018-05-31 | not yet calculated | CVE-2018-11142 MISC |
quest -- kace_system_management_appliance |
The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be at any location where the 'www' user has write permissions. | 2018-05-31 | not yet calculated | CVE-2018-11141 MISC |
ralphbean -- ansi2html |
ansi2html is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in. | 2018-05-31 | not yet calculated | CVE-2015-9239 MISC |
redien -- limbus-buildgen |
limbus-buildgen is a "build anywhere" build system. limbus-buildgen versions below 0.1.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-29 | not yet calculated | CVE-2016-10674 MISC |
riot -- compiler |
The riot-compiler version version 2.3.21 has an issue in a regex (Catastrophic Backtracking) thats make it unusable under certain conditions. | 2018-05-31 | not yet calculated | CVE-2016-10527 MISC MISC |
robot -- robot-js |
robot-js is a module for native system automation for node.js. robot-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10608 MISC |
robotwebtools -- groslibjs |
roslib-socketio - The standard ROS Javascript Library fork for add support to socket.io roslib-socketio downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-29 | not yet calculated | CVE-2016-10681 MISC |
rondaful -- m1_wristband_smart_band_1_devices |
Rondaful M1 Wristband Smart Band 1 devices allow remote attackers to send an arbitrary number of call or SMS notifications via crafted Bluetooth Low Energy (BLE) traffic. | 2018-05-31 | not yet calculated | CVE-2018-11631 MISC |
rse -- node-prince |
Prince is a Node API for executing XML/HTML to PDF renderer PrinceXML via prince(1) CLI. prince downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-29 | not yet calculated | CVE-2016-10591 MISC |
rubenv -- apk-parser |
apk-parser is a tool to extract Android Manifest info from an APK file. apk-parser versions below 0.1.6 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-31 | not yet calculated | CVE-2016-10564 MISC |
ruckus -- icx7450-48_devices |
A reflected XSS vulnerability on Ruckus ICX7450-48 devices allows remote attackers to inject arbitrary web script or HTML. | 2018-05-29 | not yet calculated | CVE-2018-11027 BUGTRAQ |
ruckus -- smartzone |
Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3.5.1, 3.6.0, and 3.6.1 (Essentials and High Scale) on vSZ, SZ-100, SZ-300, and SCG-200 devices allows remote attackers to obtain sensitive information or modify data. | 2018-05-31 | not yet calculated | CVE-2018-11036 MISC |
samsung -- s7_edge_device |
A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463. | 2018-05-29 | not yet calculated | CVE-2018-10751 MISC CONFIRM EXPLOIT-DB |
schedmd -- slurm |
SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields). | 2018-05-30 | not yet calculated | CVE-2018-10995 MISC MISC |
seacms -- seacms |
SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter. | 2018-05-30 | not yet calculated | CVE-2018-11583 MISC |
searchblox -- searchblox |
servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass. | 2018-06-01 | not yet calculated | CVE-2018-11538 MISC MISC EXPLOIT-DB |
sela -- sela |
SELA (aka SimplE Lossless Audio) v0.1.2-alpha has a stack-based buffer overflow in the core/apev2.c init_apev2_keys function. | 2018-05-31 | not yet calculated | CVE-2018-11626 MISC |
selenium-standalone-painful -- selenium-standalone-painful |
selenium-standalone-painful installs a start-selenium command line to start a standalone selenium server with chrome-driver. selenium-standalone-painful downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-29 | not yet calculated | CVE-2016-10679 MISC |
sequelize -- sequelize |
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier. | 2018-05-31 | not yet calculated | CVE-2016-10553 MISC MISC |
sequelize -- sequelize |
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escaping. | 2018-05-31 | not yet calculated | CVE-2016-10554 MISC MISC |
sequelize -- sequelize |
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the `limit` or `order` parameters, a malicious user can put in their own SQL statements. This affects sequelize 3.16.0 and earlier. | 2018-05-31 | not yet calculated | CVE-2016-10550 MISC MISC |
sequelize -- sequelize |
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This causes potential SQL injection in sequelize 3.19.3 and earlier, where a malicious user could put `["test", "'); DELETE TestTable WHERE Id = 1 --')"]` inside of ``` database.query('SELECT * FROM TestTable WHERE Name IN (:names)', { replacements: { names: directCopyOfUserInput } }); ``` and cause the SQL statement to become `SELECT Id FROM Table WHERE Name IN ('test', '\'); DELETE TestTable WHERE Id = 1 --')`. In Postgres, MSSQL, and SQLite, the backslash has no special meaning. This causes the the statement to delete whichever Id has a value of 1 in the TestTable table. | 2018-05-29 | not yet calculated | CVE-2016-10556 MISC MISC |
serve -- serve |
Information exposure through directory listings in serve 6.5.3 allows directory listing and file access even when they have been set to be ignored. | 2018-06-01 | not yet calculated | CVE-2018-3809 MISC |
sexstatic -- sexstatic |
XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name. | 2018-06-01 | not yet calculated | CVE-2018-3755 MISC |
shama -- nodewebkit |
nodewebkit is an installer for node-webkit. nodewebkit downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10580 MISC |
silverwind -- droppy |
Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under his control and delete others. | 2018-05-31 | not yet calculated | CVE-2016-10529 MISC |
sinatra -- sinatra |
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception. | 2018-05-31 | not yet calculated | CVE-2018-11627 MISC MISC |
sitemakin -- site_login_and_access_control |
An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. The parameter "my_item_search" in users.php is exploitable using SQL injection. | 2018-05-29 | not yet calculated | CVE-2018-11535 MISC EXPLOIT-DB |
socketio -- engine.io-client |
engine.io-client is the client for engine.io, the implementation of a transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. The vulnerability is related to the way that node.js handles the `rejectUnauthorized` setting. If the value is something that evaluates to false, certificate verification will be disabled. This is problematic as engine.io-client 1.6.8 and earlier passes in an object for settings that includes the rejectUnauthorized property, whether it has been set or not. If the value has not been explicitly changed, it will be passed in as `null`, resulting in certificate verification being turned off. | 2018-05-31 | not yet calculated | CVE-2016-10536 MISC MISC MISC |
spunjs -- selenium-binaries |
selenium-binaries downloads Selenium related binaries for your OS. selenium-binaries downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-29 | not yet calculated | CVE-2016-10589 MISC |
stattic -- stattic |
stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path. | 2018-05-29 | not yet calculated | CVE-2018-3734 MISC |
strider-cd -- strider-sauce |
strider-sauce is Sauce Labs / Selenium support for Strider. strider-sauce downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-29 | not yet calculated | CVE-2016-10611 MISC |
strongswan -- strongswan |
In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket. | 2018-05-31 | not yet calculated | CVE-2018-5388 CERT-VN BID CONFIRM |
substack -- shell-quote |
The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ">" and "<" operator used for redirection in shell. Applications that depend on shell-quote may also be vulnerable. A malicious user could perform code injection. | 2018-05-31 | not yet calculated | CVE-2016-10541 MISC |
sudo -- sudo |
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges. | 2018-05-29 | not yet calculated | CVE-2016-7076 REDHAT BID CONFIRM CONFIRM |
swangful -- chromedriver126 |
chromedriver126 is chromedriver version 1.26 for linux OS. chromedriver126 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10609 MISC |
symantec -- advanced_secure_gateway_and_proxysg |
Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles. | 2018-05-29 | not yet calculated | CVE-2018-5241 BID SECTRACK CONFIRM |
synology -- drive |
Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or folders via unspecified vectors. | 2018-06-01 | not yet calculated | CVE-2018-8922 CONFIRM |
synology -- drive |
Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. | 2018-06-01 | not yet calculated | CVE-2018-8921 CONFIRM |
taglib -- taglib |
The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file. | 2018-05-30 | not yet calculated | CVE-2018-11439 FULLDISC |
the_sails_company -- sails |
Sails is an MVC style framework for building realtime web applications. Version 0.12.7 and lower have an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This would allow an attacker to make AJAX requests to vulnerable hosts through cross site scripting or a malicious HTML Document, effectively bypassing the Same Origin Policy. Note that this is only an issue when `allRoutes` is set to `true` and `origin` is set to `*` or left commented out in the sails CORS config file. The problem can be compounded when the cors `credentials` setting is not provided. At that point authenticated cross domain requests are possible. | 2018-05-31 | not yet calculated | CVE-2016-10549 MISC MISC MISC |
the_sails_company -- waterline-sequel |
waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's `like`, `contains`, `startsWith`, or `endsWith` will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in waterline-sequel 0.50 that will get executed and have full access to the database. | 2018-05-29 | not yet calculated | CVE-2016-10551 MISC MISC |
tkinter -- tkinter |
tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | 2018-05-29 | not yet calculated | CVE-2017-16061 MISC |
tobli -- baryton-saxophone |
baryton-saxophone is a module to install and launch Selenium Server for Mac, Linux and Windows. baryton-saxophone versions below 3.0.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-29 | not yet calculated | CVE-2016-10573 MISC |
toni89 -- nw-with-arm |
nw-with-arm is a NW Installer including ARM-Build. nw-with-arm downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10629 MISC |
tp-link -- ipc_tl-ipc223(p)-6_and_tl-ipc323k-d_and_tl-ipc325(kp)-*_and_tl-ipc40a-4_devices |
TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters. | 2018-05-30 | not yet calculated | CVE-2018-11481 MISC |
tp-link -- ipc_tl-ipc223(p)-6_and_tl-ipc323k-d_and_tl-ipc325(kp)-*_and_tl-ipc40a-4_devices |
/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password. | 2018-05-30 | not yet calculated | CVE-2018-11482 MISC |
tschaub -- grunt-gh-pages |
A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly available then the credentials should be considered compromised. | 2018-05-31 | not yet calculated | CVE-2016-10526 MISC MISC |
ubuntu -- ubuntu |
Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc/<global pid>/ does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc/<global pid>/ does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, and 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17. | 2018-05-31 | not yet calculated | CVE-2018-6552 UBUNTU |
unetworking -- uwebsockets |
uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data will then inflate up to 256mb and crash the node process by exceeding V8's maximum string size. This affects uws >=0.10.0 <=0.10.8. | 2018-05-31 | not yet calculated | CVE-2016-10544 MISC MISC |
unisys -- stealth_solution |
In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth Solution, an encryption key may be left in memory. | 2018-05-30 | not yet calculated | CVE-2018-7534 CONFIRM |
uxebu -- webdrvr |
webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver / IEDriver / IOSDriver / Ghostdriver. webdrvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-29 | not yet calculated | CVE-2016-10601 MISC |
vadimdemedes -- secure-compare |
secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, meaning the check passed for any two strings of the same length. | 2018-05-31 | not yet calculated | CVE-2015-9238 MISC MISC |
vgate -- icar_2_wifi_obd2_dongle_devices |
An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The dongle opens an unprotected wireless LAN that cannot be configured with encryption or a password. This enables anyone within the range of the WLAN to connect to the network without authentication. | 2018-05-30 | not yet calculated | CVE-2018-11476 FULLDISC MISC |
vgate -- icar_2_wifi_obd2_dongle_devices |
An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The OBD port is used to receive measurement data and debug information from the car. This on-board diagnostics feature can also be used to send commands to the car (different for every vendor / car product line / car). No authentication is needed, which allows attacks from the local Wi-Fi network. | 2018-05-30 | not yet calculated | CVE-2018-11478 FULLDISC MISC |
vgate -- icar_2_wifi_obd2_dongle_devices |
An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The data packets that are sent between the iOS or Android application and the OBD dongle are not encrypted. The combination of this vulnerability with the lack of wireless network protection exposes all transferred car data to the public. | 2018-05-30 | not yet calculated | CVE-2018-11477 FULLDISC MISC |
videolan -- vlc_media_player |
The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file. | 2018-05-28 | not yet calculated | CVE-2018-11516 MISC BID |
vmolsa -- webrtc-native |
webrtc-native uses WebRTC from chromium project. webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10600 MISC |
vmware -- horizon_client_for_linux |
VMware Horizon Client for Linux (4.x before 4.8.0 and prior) contains a local privilege escalation vulnerability due to insecure usage of SUID binary. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on a Linux machine where Horizon Client is installed. | 2018-05-29 | not yet calculated | CVE-2018-6964 BID SECTRACK CONFIRM |
vseryakov --- backendjs |
bkjs-wand is imagemagick wand support for node.js and backendjs bkjs-wand versions lower than 0.3.2 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-31 | not yet calculated | CVE-2016-10571 MISC |
wasdk -- wasdk |
wasdk is a toolkit for creating WebAssembly modules. wasdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10587 MISC |
websockets -- ws |
A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but internally ws always transforms all data that we need to send to a Buffer instance and that is where the vulnerability existed. ws didn't do any checks for the type of data it was sending. With buffers in node when you allocate it when a number instead of a string it will allocate the amount of bytes. | 2018-05-31 | not yet calculated | CVE-2016-10518 MISC MISC MISC |
websockets -- ws |
ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier. | 2018-05-31 | not yet calculated | CVE-2016-10542 MISC MISC |
webtorrent -- bittorrent-dht |
A security issue was found in bittorrent-dht before 5.1.3 that allows someone to send a specific series of messages to a listening peer and get it to reveal internal memory. | 2018-05-31 | not yet calculated | CVE-2016-10519 MISC MISC |
wordpress -- wordpress |
The wpForo plugin through 2018-02-05 for WordPress has SQL Injection via a search with the /forum/ wpfo parameter. | 2018-05-28 | not yet calculated | CVE-2018-11515 MISC MISC |
wordpress -- wordpress |
class-woo-banner-management.php in the MULTIDOTS WooCommerce Category Banner Management plugin 1.1.0 for WordPress has an Unauthenticated Settings Change Vulnerability, related to certain wp_ajax_nopriv_ usage. Anyone can change the plugin's setting by simply sending a request with a wbm_save_shop_page_banner_data action. | 2018-05-30 | not yet calculated | CVE-2018-11579 MISC MISC |
wordpress -- wordpress |
The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. It allows an attacker to inject malicious JavaScript code on the WooCommerce -> Orders admin page. The attack is possible by modifying the "referral_site" cookie to have an XSS payload, and placing an order. | 2018-06-01 | not yet calculated | CVE-2018-11485 MISC |
wordpress -- wordpress |
An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings. The function woo_checkout_settings_page in the file class-woo-checkout-for-digital-goods-admin.php doesn't do any check against wp-admin/admin-post.php Cross-site request forgery (CSRF) and user capabilities. | 2018-05-31 | not yet calculated | CVE-2018-11633 MISC MISC |
wordpress -- wordpress |
Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for WordPress because of insufficient input sanitization, as demonstrated by the s parameter. In some (but not all) cases, the '<' and '>' characters have < and > representations. | 2018-05-30 | not yet calculated | CVE-2018-11568 MISC |
wordpress -- wordpress |
An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting (XSS) vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CSS textarea field, which will be loaded on every site page. | 2018-06-01 | not yet calculated | CVE-2018-11486 MISC |
wordpress -- wordpress |
An issue was discovered in mass-pages-posts-creator.php in the MULTIDOTS Mass Pages/Posts Creator plugin 1.2.2 for WordPress. Any logged in user can launch Mass Pages/Posts creation with custom content. There is no nonce or user capability check, so anyone can launch a DoS attack against a site and create hundreds of thousands of posts with custom content. | 2018-05-30 | not yet calculated | CVE-2018-11580 MISC MISC |
wordpress -- wordpress |
Blind SQL injection in coupon_code in the MemberMouse plugin 2.2.8 and prior for WordPress allows an unauthenticated attacker to dump the WordPress MySQL database via an applyCoupon action in an admin-ajax.php request. | 2018-05-28 | not yet calculated | CVE-2018-11309 MISC |
wordpress -- wordpress |
An issue was discovered in the MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugin 1.0.8 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings via wp-admin/admin-post.php CSRF. There's no nonce or capability check in the whatsapp_share_setting_add_update() function. | 2018-05-31 | not yet calculated | CVE-2018-11632 MISC MISC |
wuzhi_cms -- wuzhi_cms |
WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI. | 2018-05-29 | not yet calculated | CVE-2018-11528 MISC |
wuzhi_cms -- wuzhi_cms |
An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring. | 2018-05-29 | not yet calculated | CVE-2018-11549 MISC |
yannicked -- node-cue-sdk |
cue-sdk-node is a Corsair Cue SDK wrapper for node.js. cue-sdk-node downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server. | 2018-05-29 | not yet calculated | CVE-2016-10590 MISC |
yiban – easy_class_education_platform |
YIBAN Easy class education platform 2.0 has XSS via the articlelist.php k parameter. | 2018-05-30 | not yet calculated | CVE-2018-11557 MISC |
yootheme -- pagekit_cms |
Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/poc.svg" that will point to http://localhost/pagekit/storage/poc.svg. When a user comes along to click that link, it will trigger a XSS attack. | 2018-06-01 | not yet calculated | CVE-2018-11564 MISC MISC |
yosoro -- yosoro |
Yosoro 1.0.4 has stored XSS. | 2018-06-01 | not yet calculated | CVE-2018-11522 MISC CONFIRM EXPLOIT-DB |
zazukoians -- fuseki |
Fuseki server wrapper and management API in fuseki before 1.0.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10576 MISC |
zertz -- unicode-json |
unicode-json is a unicode lookup table. unicode-json before 2.0.0 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | 2018-06-01 | not yet calculated | CVE-2016-10610 MISC |
zhao0 -- node-apk-parser3 |
apk-parser3 is a module to extract Android Manifest info from an APK file. apk-parser3 versions before 0.1.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10574 MISC |
zimbra -- zimbra_collaboration_suite |
Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token. | 2018-05-30 | not yet calculated | CVE-2015-7610 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
zimbra -- zimbra_collaboration_suite |
Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group. | 2018-05-30 | not yet calculated | CVE-2018-10939 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
zoho -- manageengine_adaudit_plus | Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection. | 2018-05-29 | not yet calculated | CVE-2018-10466 CONFIRM |
zuker -- box2d-native |
box2d-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | 2018-06-01 | not yet calculated | CVE-2016-10617 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/bulletins/SB18-155
Comments
Post a Comment