US-CERT - SB18-239: Vulnerability Summary for the Week of August 20, 2018
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no high vulnerabilities recorded this week. |
Medium Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no medium vulnerabilities recorded this week. |
Low Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no low vulnerabilities recorded this week. |
Severity Not Yet Assigned
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
accupos -- accupos |
AccuPOS 2017.8 is installed with the insecure "Authenticated Users: Modify" permission for files within the installation path. This may allow local attackers to compromise the integrity of critical resource and executable files. | 2018-08-23 | not yet calculated | CVE-2018-15809 MISC |
actiontec -- t2200h_t2200h-31.128l.03_devices | fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices allows OS Command Injection via shell metacharacters in the smbdUserid or smbdPasswd field. | 2018-08-19 | not yet calculated | CVE-2018-15553 MISC |
advanced_package_tool -- advanced_package_tool |
The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail. | 2018-08-20 | not yet calculated | CVE-2018-0501 MISC MISC MISC UBUNTU |
amazon -- aws_cli_version |
The Amazon Web Services (AWS) CLI version 1.15.85 (and possibly earlier versions) does not require the owners flag when describing images, which makes it easier for remote attackers to trigger the loading of an undesired AMI by setting similar image properties (i.e., name), as exploited in the wild during August 2018 with a Monero miner AMI instead of the expected Ubuntu AMI. | 2018-08-24 | not yet calculated | CVE-2018-15869 MISC |
ansible -- ansible_tower |
Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users into visiting a malicious site and hijacking the authtoken cookie. | 2018-08-22 | not yet calculated | CVE-2018-10884 BID CONFIRM |
apache -- cayenne |
This affects Apache Cayenne 4.1.M1, 3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1, 4.0.B2, 4.0.RC1, 3.1, 3.1.1, 3.1.2. CayenneModeler is a desktop GUI tool shipped with Apache Cayenne and intended for editing Cayenne ORM models stored as XML files. If an attacker tricks a user of CayenneModeler into opening a malicious XML file, the attacker will be able to instruct the XML parser built into CayenneModeler to transfer files from a local machine to a remote machine controlled by the attacker. The cause of the issue is XML parser processing XML External Entity (XXE) declarations included in XML. The vulnerability is addressed in Cayenne by disabling XXE processing in all operations that require XML parsing. | 2018-08-22 | not yet calculated | CVE-2018-11758 MLIST |
apache -- sentry |
An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry before 2.0.1. This can allow an attacker unauthorized access to the partitioned data of a Sentry protected table and can allow an attacker to remove data from a Sentry protected table. | 2018-08-23 | not yet calculated | CVE-2018-8028 MISC |
apache -- struts |
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper action(s) have no or wildcard namespace. Same possibility when using url tag which doesn't have value and action set and in same time, its upper action(s) have no or wildcard namespace. | 2018-08-22 | not yet calculated | CVE-2018-11776 CONFIRM BID SECTRACK CONFIRM MISC CONFIRM |
bd -- alaris_plus_medical_syringe_pumps |
Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA) versions 2.3.6 and prior are affected by an improper authentication vulnerability where the software does not perform authentication for functionality that requires a provable user identity, where it may allow a remote attacker to gain unauthorized access to various Alaris Syringe pumps and impact the intended operation of the pump when it is connected to a terminal server via the serial port. | 2018-08-23 | not yet calculated | CVE-2018-14786 CONFIRM MISC |
beijing_ruoshen_technology -- xiuno_bbs |
The editor in Xiuno BBS 4.0.4 allows stored XSS. | 2018-08-19 | not yet calculated | CVE-2018-15559 MISC |
belkin -- wemo_insight_smart_plug | Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug allows remote attackers to bypass local security protection via a crafted HTTP post packet. | 2018-08-21 | not yet calculated | CVE-2018-6692 CONFIRM |
bloop -- airmail | An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that OpenURL is the default URL handler. A navigation request is processed by the default URL handler only if the currentEvent is NX_LMOUSEUP or NX_OMOUSEUP. An attacker may abuse HTML elements with an EventHandler for a chance to validate navigation requests for URLs that are processed during the NX_LMOUSEUP event triggered by clicking an email. | 2018-08-21 | not yet calculated | CVE-2018-15670 MISC |
bloop -- airmail | An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The "send" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the "send" command with the "attachment_" prefix designate attachment parameters. If the value of an attachment parameter corresponds to an accessible file path, the file is attached to the outbound message. In addition, relative file paths are acceptable attachment parameter values. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the "send" command, thus leading to automatic transmission of an email with designated attachments from the target account to a target address. | 2018-08-21 | not yet calculated | CVE-2018-15668 MISC |
bloop -- airmail | An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter. | 2018-08-21 | not yet calculated | CVE-2018-15669 MISC |
bloop -- airmail |
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. It registers and uses the airmail:// URL scheme. The "send" command in the URL scheme allows an external application to send arbitrary emails from an active account without authentication. The handler has no restriction on who can use its functionality. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the "send" command, thus leading to automatic transmission of an attacker crafted email from the target account. | 2018-08-21 | not yet calculated | CVE-2018-15667 MISC |
cms_computers -- cmsuno | CMSUno before 1.5.3 has XSS via the title field. | 2018-08-19 | not yet calculated | CVE-2018-15567 MISC |
cobbler -- cobbler | Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler-api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931. | 2018-08-20 | not yet calculated | CVE-2018-1000226 CONFIRM MISC |
cobbler -- cobbler |
Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via "network connectivity". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler-api). | 2018-08-20 | not yet calculated | CVE-2018-1000225 CONFIRM MISC |
cobbler -- cobbler |
A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation. | 2018-08-22 | not yet calculated | CVE-2016-9605 CONFIRM |
containous -- traefik |
Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable. | 2018-08-20 | not yet calculated | CVE-2018-15598 MISC MISC MISC MISC |
couchbase -- server |
An issue was discovered in Couchbase Server. Authenticated users can send arbitrary Erlang code to the 'diag/eval' endpoint of the REST API (available by default on TCP/8091 and/or TCP/18091). The executed code in the underlying operating system will run with the privileges of the user running Couchbase server. | 2018-08-24 | not yet calculated | CVE-2018-15728 BUGTRAQ |
curl -- curl |
curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server. | 2018-08-23 | not yet calculated | CVE-2003-1605 BID MISC |
d-link -- dir-615_routers | Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request. | 2018-08-25 | not yet calculated | CVE-2018-15875 MISC |
d-link -- dir-615_routers | Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request. | 2018-08-25 | not yet calculated | CVE-2018-15874 MISC |
d-link -- eyeon_baby_monitor | D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code execution vulnerability. A UDP "Discover" service, which provides multiple functions such as changing the passwords and getting basic information, was installed on the device. A remote attacker can send a crafted UDP request to finderd to perform stack overflow and execute arbitrary code with root privilege on the device. | 2018-08-24 | not yet calculated | CVE-2017-11563 FULLDISC MISC |
d-link -- eyeon_baby_monitor | The D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has multiple command injection vulnerabilities in the web service framework. An attacker can forge malicious HTTP requests to execute commands; authentication is required before executing the attack. | 2018-08-24 | not yet calculated | CVE-2017-11564 FULLDISC MISC |
damicms -- damicms | An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit. | 2018-08-25 | not yet calculated | CVE-2018-15844 MISC |
davegamble/cjson -- davegamble/cjson | Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could be either local or over a network. This vulnerability appears to have been fixed in 1.7.3. | 2018-08-20 | not yet calculated | CVE-2018-1000216 CONFIRM |
davegamble/cjson -- davegamble/cjson | Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network interface then can be exploited over a network, otherwise just local.. This vulnerability appears to have been fixed in 1.7.4. | 2018-08-20 | not yet calculated | CVE-2018-1000217 CONFIRM |
davegamble/cjson -- davegamble/cjson |
Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This vulnerability appears to have been fixed in 1.7.7. | 2018-08-20 | not yet calculated | CVE-2018-1000215 CONFIRM |
daveismyname/simple-cms -- daveismyname/simple-cms |
An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via admin/?delpage=8. | 2018-08-19 | not yet calculated | CVE-2018-15564 MISC |
daveismyname/simple-cms -- daveismyname/simple-cms | An issue was discovered in daveismyname simple-cms through 2014-03-11. admin/addpage.php does not require authentication for adding a page. This can also be exploited via CSRF. | 2018-08-19 | not yet calculated | CVE-2018-15565 MISC MISC |
dell -- 2335dn_printers |
On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.15(2335dn MFP) 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the HTML source code of the Email Settings webpage. In some cases, authentication can be achieved with the blank default password for the admin account. NOTE: the vendor indicates that this is an "End Of Support Life" product. | 2018-08-23 | not yet calculated | CVE-2018-15748 MISC |
dom4j -- dom4j |
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later. | 2018-08-20 | not yet calculated | CVE-2018-1000632 CONFIRM CONFIRM MISC |
dropbear -- dropbear |
The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase. | 2018-08-20 | not yet calculated | CVE-2018-15599 MISC MISC MISC |
easylogin -- easylogin_pro |
An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize call that can be exploited for remote code execution in the decrypt function, if the attacker knows the key. | 2018-08-24 | not yet calculated | CVE-2018-15576 MISC EXPLOIT-DB |
eclipse_rdf4j -- eclipse_rdf4j |
Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted RDF file. | 2018-08-20 | not yet calculated | CVE-2018-1000644 MISC CONFIRM |
egg-scripts -- egg-scripts |
A command injection vulnerability in egg-scripts <v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument. | 2018-08-24 | not yet calculated | CVE-2018-3786 CONFIRM CONFIRM MISC |
elefant_cms -- elefant_cms |
apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism. | 2018-08-20 | not yet calculated | CVE-2018-15601 MISC |
emerson -- deltav | DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files. | 2018-08-21 | not yet calculated | CVE-2018-14795 BID MISC |
emerson -- deltav | DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution. | 2018-08-21 | not yet calculated | CVE-2018-14793 BID MISC |
emerson -- deltav_dcs | Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution. | 2018-08-23 | not yet calculated | CVE-2018-14797 BID MISC |
emerson -- deltav_dcs |
Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products. | 2018-08-23 | not yet calculated | CVE-2018-14791 BID MISC |
ffmpeg -- ffmpeg |
The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 4.0.2 does not check for an empty audio packet, leading to an assertion failure. | 2018-08-23 | not yet calculated | CVE-2018-15822 MISC |
fledrcms -- fledrcms |
An issue was discovered in fledrCMS through 2014-02-03. There is a CSRF vulnerability that can change the administrator's password via index.php?p=done&savedata=1. | 2018-08-25 | not yet calculated | CVE-2018-15846 MISC |
flexo_cms -- flexo_cms |
An issue was discovered in Flexo CMS v0.1.6. There is a CSRF vulnerability that can add an administrator via /admin/user/add. | 2018-08-25 | not yet calculated | CVE-2018-15851 MISC |
flightairmap -- flightairmap |
FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting (XSS) vulnerability in GET variable used within registration sub menu page that can result in unauthorised actions and access to data, stealing session information. This vulnerability appears to have been fixed in after commit 22b09a3. | 2018-08-20 | not yet calculated | CVE-2018-1000642 MISC CONFIRM |
foreman -- foreman |
A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id. | 2018-08-22 | not yet calculated | CVE-2017-2662 CONFIRM CONFIRM |
gchq/stroom -- gchq/stroom |
Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted XML file. | 2018-08-20 | not yet calculated | CVE-2018-1000651 MISC CONFIRM |
gear_software -- multiple_products |
GEAR Software products that include GEARAspiWDM.sys, 2.2.5.0, allow local users to cause a denial of service (Race Condition and BSoD on Windows) by not checking that user-mode memory is available right before writing to it. A check is only performed at the beginning of a long subroutine. | 2018-08-24 | not yet calculated | CVE-2018-15499 MISC MISC |
getsimple_cms -- getsimple_cms |
GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field. | 2018-08-25 | not yet calculated | CVE-2018-15843 MISC |
geutebrueck -- re_porter | Geutebrueck re_porter 16 before 7.8.974.20 has a possibility of unauthenticated access to sensitive information including usernames and hashes via a direct request for /statistics/gscsetup.xml on TCP port 12003. | 2018-08-21 | not yet calculated | CVE-2018-15534 MISC EXPLOIT-DB |
geutebrueck -- re_porter |
A reflected cross-site scripting vulnerability exists in Geutebrueck re_porter 16 before 7.8.974.20 by appending a query string to /modifychannel/exec or /images/*.png on TCP port 12005. | 2018-08-21 | not yet calculated | CVE-2018-15533 MISC EXPLOIT-DB |
github -- electron | GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution. | 2018-08-23 | not yet calculated | CVE-2018-15685 MISC |
gleez_cms -- gleez_cms | There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add. | 2018-08-25 | not yet calculated | CVE-2018-15845 MISC |
gnu -- gnutls | A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets. | 2018-08-22 | not yet calculated | CVE-2018-10846 BID CONFIRM MISC CONFIRM |
gnu -- gnutls | It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets. | 2018-08-22 | not yet calculated | CVE-2018-10845 BID CONFIRM MISC CONFIRM |
gnu -- gnutls |
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets. | 2018-08-22 | not yet calculated | CVE-2018-10844 BID CONFIRM MISC CONFIRM |
gnu -- libtasn1 |
GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file. | 2018-08-20 | not yet calculated | CVE-2018-1000654 CONFIRM |
godot_engine -- godot_engine |
Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in (De)Serialization functions (core/io/marshalls.cpp) that can result in DoS (packet of death), possible leak of uninitialized memory. This attack appear to be exploitable via A malformed packet is received over the network by a Godot application that uses built-in serialization (e.g. game server, or game client). Could be triggered by multiplayer opponent. This vulnerability appears to have been fixed in 2.1.5, 3.0.6, master branch after commit feaf03421dda0213382b51aff07bd5a96b29487b. | 2018-08-20 | not yet calculated | CVE-2018-1000224 CONFIRM CONFIRM CONFIRM |
hdf -- hdf5 | An issue was discovered in the HDF HDF5 1.10.2 library. A SIGFPE is raised in the function H5D__chunk_init() of H5Dchunk.c during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. | 2018-08-21 | not yet calculated | CVE-2018-15672 MISC |
hdf -- hdf5 |
An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack consumption has been detected in the function H5P__get_cb() in H5Pint.c during an attempted parse of a crafted HDF file. This results in denial of service. | 2018-08-21 | not yet calculated | CVE-2018-15671 MISC |
huawei -- multiple_firewall_products | Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Due to improper handling of the malformed messages, an attacker may sent crafted packets to the affected device to exploit these vulnerabilities. Successful exploit the vulnerability could lead to device deny of service. | 2018-08-21 | not yet calculated | CVE-2017-17311 CONFIRM |
huawei -- multiple_firewall_products | Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Due to improper handling of the malformed messages, an attacker may sent crafted packets to the affected device to exploit these vulnerabilities. Successful exploit the vulnerability could lead to device deny of service. | 2018-08-21 | not yet calculated | CVE-2017-17312 CONFIRM |
huawei -- multiple_firewall_products | Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbacher RSA padding oracle. Cause a Bleichenbacher oracle attack. Successful exploit this vulnerability can impact IPSec tunnel security. | 2018-08-21 | not yet calculated | CVE-2017-17305 CONFIRM |
ibm -- api_connect |
IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 143744. | 2018-08-22 | not yet calculated | CVE-2018-1599 CONFIRM XF |
ibm -- maximo_asset_managment |
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145968. | 2018-08-24 | not yet calculated | CVE-2018-1699 XF CONFIRM |
ibm -- multiple_rational_products | Multiple IBM Rational products are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 135655. | 2018-08-20 | not yet calculated | CVE-2017-1753 XF CONFIRM |
ibm -- multiple_rational_products |
Multiple IBM Rational products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138425. | 2018-08-20 | not yet calculated | CVE-2018-1394 XF CONFIRM |
ibm -- sdk_java_technology_edition |
A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681. | 2018-08-20 | not yet calculated | CVE-2018-1517 CONFIRM BID XF |
ibm -- sdk_java_technology_edition |
The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882. | 2018-08-20 | not yet calculated | CVE-2018-1656 CONFIRM BID XF |
ibm -- security_access_manager_appliance |
IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running. IBM X-Force ID: 147370. | 2018-08-24 | not yet calculated | CVE-2018-1722 SECTRACK XF CONFIRM |
ibm -- websphere_applicaiton_server_liberty |
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication SPI for Containers (JASPIC). This can happen when the Application Server is configured to permit access on non-secure (http) port and using JASPIC or JSR375 authentication. | 2018-08-24 | not yet calculated | CVE-2018-1755 SECTRACK XF CONFIRM |
imagemagick -- imagemagick | In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. | 2018-08-21 | not yet calculated | CVE-2018-15607 BID MISC |
insteon -- insteon_hub | An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the firmware version that is going to be installed and thus allows for flashing older firmware images. To trigger this vulnerability, an attacker needs to impersonate the remote server 'cache.insteon.com' and serve any signed firmware image. | 2018-08-23 | not yet calculated | CVE-2018-3833 MISC |
insteon -- insteon_hub | An exploitable denial of service vulnerability exists in Insteon Hub running firmware version 1012. Leftover demo functionality allows for arbitrarily rebooting the device without authentication. An attacker can send a UDP packet to trigger this vulnerability. | 2018-08-23 | not yet calculated | CVE-2017-16348 MISC |
insteon -- insteon_hub | An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the device. To trigger this vulnerability, an attacker can upload an MPFS binary via the '/mpfsupload' HTTP form and later on upload the firmware via a POST request to 'firmware.htm'. | 2018-08-23 | not yet calculated | CVE-2018-3832 MISC |
insteon -- insteon_hub | An exploitable buffer overflow vulnerability exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. A strcpy overflows the buffer insteon_pubnub.channel_cc_r, which has a size of 16 bytes. An attacker can send an arbitrarily long "c_r" parameter in order to exploit this vulnerability. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. | 2018-08-23 | not yet calculated | CVE-2017-14452 MISC |
insteon -- insteon_hub_2245-222_devices | On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A strcpy overflows the buffer insteon_pubnub.channel_ad_r, which has a size of 16 bytes. An attacker can send an arbitrarily long "ad_r" parameter in order to exploit this vulnerability. | 2018-08-23 | not yet calculated | CVE-2017-14453 MISC |
insteon -- insteon_hub_2245-222_devices | On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A strcpy overflows the buffer insteon_pubnub.channel_ak, which has a size of 16 bytes. An attacker can send an arbitrarily long "ak" parameter in order to exploit this vulnerability. | 2018-08-23 | not yet calculated | CVE-2017-14455 MISC |
insteon -- insteon_hub_2245-222_devices | On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. At 0x9d01ef24 the value for the s_offset key is copied using strcpy to the buffer at $sp+0x2b0. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2018-08-23 | not yet calculated | CVE-2017-16337 MISC |
jabref -- jabref |
JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted MsBib file. This vulnerability appears to have been fixed in after commit 89f855d. | 2018-08-20 | not yet calculated | CVE-2018-1000652 MISC CONFIRM |
java_system_solutions -- sso_plugin_for_bmc_myit |
Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. A remote attacker can abuse this issue to inject client-side scripts into the "select_sso()" function. The payload is triggered when the victim opens a prepared /ux/jss-sso/arslogin?[XSS] link and then clicks the "Login" button. | 2018-08-21 | not yet calculated | CVE-2018-15528 MISC BUGTRAQ |
jenkins -- jenkins | A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL. | 2018-08-23 | not yet calculated | CVE-2018-1999042 CONFIRM |
jenkins -- jenkins | A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials. | 2018-08-23 | not yet calculated | CVE-2018-1999043 CONFIRM |
jenkins -- jenkins | A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled. | 2018-08-23 | not yet calculated | CVE-2018-1999045 CONFIRM |
jenkins -- jenkins | A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update center. | 2018-08-23 | not yet calculated | CVE-2018-1999047 CONFIRM |
jenkins -- jenkins | A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop. | 2018-08-23 | not yet calculated | CVE-2018-1999044 CONFIRM |
jenkins -- jenkins | A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection log for any agent. | 2018-08-23 | not yet calculated | CVE-2018-1999046 CONFIRM |
jerryscript -- jerryscript |
JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726c8b3793. Analysing history it seems that the issue has been present since commit 64a340ffeb8809b2b66bbe32fd443a8b79fdd860 contains a CWE-476: NULL Pointer Dereference vulnerability in Triggering undefined behavior at jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray-prototype.c:598 (passing NULL to memcpy as 2nd argument) results in null pointer dereference (segfault) at jerry-core/jmem/jmem-heap.c:463 that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute specially crafted javascript code. This vulnerability appears to have been fixed in after commit 87897849f6879df10e8ad68a41bf8cf507edf710. | 2018-08-20 | not yet calculated | CVE-2018-1000636 CONFIRM |
jsish -- jsish |
Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsi_ValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault. This attack appear to be exploitable via a crafted javascript code. This vulnerability appears to have been fixed in 2.4.67. | 2018-08-20 | not yet calculated | CVE-2018-1000655 CONFIRM |
latexdraw -- latexdraw |
LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible rce. This attack appear to be exploitable via Specially crafted SVG file. | 2018-08-20 | not yet calculated | CVE-2018-1000639 MISC MISC |
libbpg -- libbpg |
A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL pointer dereference issue due to missing check of the return value of function malloc in the BPG encoder. This vulnerability appeared while converting a malicious JPEG file to BPG. | 2018-08-22 | not yet calculated | CVE-2017-2575 MLIST BID |
libgd -- libgd |
Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5. | 2018-08-20 | not yet calculated | CVE-2018-1000222 CONFIRM |
libgit2 -- libgit2 |
In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS. | 2018-08-17 | not yet calculated | CVE-2018-15501 MISC MISC MISC MISC MISC MLIST MISC |
libming -- libming | An invalid memory address dereference was discovered in decompileSingleArgBuiltInFunctionCall in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | 2018-08-25 | not yet calculated | CVE-2018-15871 MISC |
libming -- libming |
An invalid memory address dereference was discovered in decompileGETVARIABLE in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | 2018-08-25 | not yet calculated | CVE-2018-15870 MISC |
librehealthio/lh-ehr -- librehealthio/lh-ehr | LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled input. | 2018-08-20 | not yet calculated | CVE-2018-1000649 MISC MISC |
librehealthio/lh-ehr -- librehealthio/lh-ehr |
LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled variable in import templates function. | 2018-08-20 | not yet calculated | CVE-2018-1000645 MISC CONFIRM |
librehealthio/lh-ehr -- librehealthio/lh-ehr | LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter. | 2018-08-20 | not yet calculated | CVE-2018-1000647 MISC MISC |
librehealthio/lh-ehr -- librehealthio/lh-ehr | LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution. | 2018-08-20 | not yet calculated | CVE-2018-1000646 MISC MISC |
librehealthio/lh-ehr -- librehealthio/lh-ehr | LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters. | 2018-08-20 | not yet calculated | CVE-2018-1000650 MISC CONFIRM |
librehealthio/lh-ehr -- librehealthio/lh-ehr | LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters. | 2018-08-20 | not yet calculated | CVE-2018-1000648 MISC MISC |
libvirt -- libvirt |
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing. | 2018-08-20 | not yet calculated | CVE-2015-5160 REDHAT MLIST CONFIRM CONFIRM CONFIRM |
libvirt -- libvirt |
A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service. | 2018-08-22 | not yet calculated | CVE-2017-2635 CONFIRM CONFIRM |
linux -- linux_kernel | lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal. | 2018-08-21 | not yet calculated | CVE-2018-10932 CONFIRM CONFIRM CONFIRM |
linux -- linux_kernel | arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. | 2018-08-20 | not yet calculated | CVE-2018-15594 MISC BID MISC MISC MISC |
linux -- linux_kernel |
The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM (aka pam). | 2018-08-23 | not yet calculated | CVE-2018-6558 MISC MISC MISC MISC |
linux -- linux_kernel |
The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks. | 2018-08-19 | not yet calculated | CVE-2018-15572 MISC MISC MISC |
linux -- linux_kernel |
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation. | 2018-08-21 | not yet calculated | CVE-2018-10902 BID SECTRACK CONFIRM MISC |
mapr -- converged_data_platform_and_mapr-xd |
An issue was discovered in the MapR File System in MapR Converged Data Platform and MapR-XD 6.x and earlier. Under certain conditions, it is possible for MapR ticket credentials to become compromised, allowing a user to escalate their privileges to act as (aka impersonate) any other user, including cluster administrators, aka bug# 31935. This affects all users who have enabled security on the MapR platform and is fixed in mapr-patch-5.2.1.42646.GA-20180731093831, mapr-patch-5.2.2.44680.GA-20180802011430, mapr-patch-6.0.0.20171109191718.GA-20180802011420, and mapr-patch-6.0.1.20180404222005.GA-20180806214919. | 2018-08-23 | not yet calculated | CVE-2018-15804 CONFIRM |
mikrotik -- routeros | Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system via a crafted HTTP POST request. | 2018-08-23 | not yet calculated | CVE-2018-1157 CONFIRM CONFIRM MISC |
mikrotik -- routeros | Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An authenticated remote attacker can crash the HTTP server by rapidly authenticating and disconnecting. | 2018-08-23 | not yet calculated | CVE-2018-1159 CONFIRM CONFIRM MISC |
mikrotik -- routeros | Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. | 2018-08-23 | not yet calculated | CVE-2018-1158 CONFIRM CONFIRM MISC |
mikrotik -- routeros |
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system. | 2018-08-23 | not yet calculated | CVE-2018-1156 CONFIRM CONFIRM MISC |
minicms -- minicms |
MiniCMS version 1.1 contains a Cross Site Scripting (XSS) vulnerability in https://ift.tt/2MmKxuS that can result in code injection. | 2018-08-20 | not yet calculated | CVE-2018-1000638 MISC |
my_little_forum -- my_little_forum | my little forum 2.4.12 allows CSRF for deletion of users. | 2018-08-19 | not yet calculated | CVE-2018-15569 MISC |
mybb -- mybb |
An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF. | 2018-08-24 | not yet calculated | CVE-2018-11502 MISC EXPLOIT-DB |
national_payments_corporation_of_india -- bhim_app_for_android | The National Payments Corporation of India BHIM application 1.3 for Android does not properly restrict use of the OTP feature, which makes it easier for attackers to bypass authentication. | 2018-08-24 | not yet calculated | CVE-2017-9819 MISC |
national_payments_corporation_of_india -- bhim_app_for_android | The National Payments Corporation of India BHIM application 1.3 for Android uses a custom keypad for which the input element is available to the Accessibility service, which makes it easier for attackers to bypass authentication. | 2018-08-24 | not yet calculated | CVE-2017-9820 MISC |
national_payments_corporation_of_india -- bhim_app_for_android | The National Payments Corporation of India BHIM application 1.3 for Android relies on three hardcoded strings (AK-NPCIMB, IM-NPCIBM, and VK-NPCIBM) for SMS validation, which makes it easier for attackers to bypass authentication. | 2018-08-24 | not yet calculated | CVE-2017-9821 MISC |
national_payments_corporation_of_india -- bhim_app_for_android |
The National Payments Corporation of India BHIM application 1.3 for Android relies on a four-digit passcode, which makes it easier for attackers to obtain access. | 2018-08-24 | not yet calculated | CVE-2017-9818 MISC |
nec -- aterm_wg2600hp2 | An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don't require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmware version, and network status (ex.: curl -X http://[IP]/aterm_httpif.cgi/negotiate -d "REQ_ID=SUPPORT_IF_GET"). | 2018-08-24 | not yet calculated | CVE-2017-12575 FULLDISC |
netwave -- ip_camera | Information disclosure in Netwave IP camera at get_status.cgi (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information from the device. | 2018-08-24 | not yet calculated | CVE-2018-11654 MISC |
netwave -- ip_camera |
Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information about the network configuration like the network SSID and password. | 2018-08-24 | not yet calculated | CVE-2018-11653 MISC |
node.js -- node.js |
In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written. | 2018-08-21 | not yet calculated | CVE-2018-12115 BID REDHAT REDHAT CONFIRM |
node.js -- node.js |
In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer's` internal "fill" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information. | 2018-08-21 | not yet calculated | CVE-2018-7166 REDHAT CONFIRM |
ome -- open_microscopy_environment_omero | The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains an Improper Access Control vulnerability in User management that can result in administrative user with privilege restrictions logging in as a more powerful administrator. This attack appear to be exploitable via Use user administration privilege to set the password of a more powerful administrator. This vulnerability appears to have been fixed in 5.4.7. | 2018-08-20 | not yet calculated | CVE-2018-1000634 CONFIRM CONFIRM |
ome -- open_microscopy_environment_omero | The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains a Information Exposure Through Sent Data vulnerability in OMERO.server that can result in an Attacker gaining full administrative access to server and may be able to disable it. This vulnerability appears to have been fixed in 5.4.7. | 2018-08-20 | not yet calculated | CVE-2018-1000635 CONFIRM CONFIRM |
ome -- open_microscopy_environment_omero |
The Open Microscopy Environment OMERO.web version prior to 5.4.7 contains an Information Exposure Through Log Files vulnerability in the login form and change password form that can result in User's password being revealed. Attacker can log in as that user. This attack appear to be exploitable via an attacker reading the web server log. This vulnerability appears to have been fixed in 5.4.7. | 2018-08-20 | not yet calculated | CVE-2018-1000633 CONFIRM CONFIRM |
openemr -- openemr | OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'scan' parameter in line #41 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitable via The victim must visit on a specially crafted URL.. | 2018-08-20 | not yet calculated | CVE-2018-1000219 MISC CONFIRM |
openemr -- openemr |
OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'file' parameter in line #43 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitable via The victim must visit on a specially crafted URL.. | 2018-08-20 | not yet calculated | CVE-2018-1000218 MISC CONFIRM |
openssh -- openssh |
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. | 2018-08-17 | not yet calculated | CVE-2018-15473 MISC SECTRACK MISC MISC MLIST DEBIAN EXPLOIT-DB EXPLOIT-DB |
owasp -- antisamy | OWASP OWASP ANTISAMY version 1.5.7 and earlier contains a Cross Site Scripting (XSS) vulnerability in AntiSamy.scan() - for both SAX & DOM that can result in Cross Site Scripting. | 2018-08-20 | not yet calculated | CVE-2018-1000643 MISC |
oxid -- eshop |
An issue was discovered in the Paymorrow module 1.0.0 before 1.0.2 and 2.0.0 before 2.0.1 for OXID eShop. An attacker can bypass delivery-address change detection if the payment module doesn't use eShop's checkout procedure properly. To do so, the attacker must change the delivery address to one that is not verified by the Paymorrow module. | 2018-08-20 | not yet calculated | CVE-2018-14020 CONFIRM CONFIRM |
oxid -- multiple_products |
An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0. An attacker could gain access to the admin panel or a customer account when using the password reset function. To do so, it is required to own a domain name similar to the one the victim uses for their e-mail accounts. | 2018-08-20 | not yet calculated | CVE-2018-12579 CONFIRM CONFIRM |
pallets_project -- flash |
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. | 2018-08-20 | not yet calculated | CVE-2018-1000656 CONFIRM CONFIRM |
pango -- pango |
libpango in Pango before 1.42.4, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text. | 2018-08-24 | not yet calculated | CVE-2018-15120 MISC CONFIRM CONFIRM MLIST UBUNTU |
philips -- intellispace_cardiovascular_products | In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges. | 2018-08-22 | not yet calculated | CVE-2018-14789 MISC CONFIRM |
philips -- intellispace_cardiovascular_products |
In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 2.x or prior and Xcelera Version 4.1 or prior), an attacker with escalated privileges could access folders which contain executables where authenticated users have write permissions, and could then execute arbitrary code with local administrative permissions. | 2018-08-22 | not yet calculated | CVE-2018-14787 MISC CONFIRM |
philips -- pagewriter | In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords. | 2018-08-22 | not yet calculated | CVE-2018-14801 BID MISC CONFIRM |
philips -- pagewriter |
In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities. | 2018-08-22 | not yet calculated | CVE-2018-14799 BID MISC CONFIRM |
phpmyadmin -- phpmyadmin |
An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature. | 2018-08-24 | not yet calculated | CVE-2018-15605 SECTRACK CONFIRM CONFIRM |
phpwhois -- phpwhois |
phpWhois allows remote attackers to execute arbitrary code via a crafted whois record. | 2018-08-20 | not yet calculated | CVE-2015-5243 MISC CONFIRM CONFIRM CONFIRM MISC CONFIRM |
pimcore -- pimcore |
Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions. | 2018-08-24 | not yet calculated | CVE-2018-14059 MISC FULLDISC EXPLOIT-DB MISC |
pkgconf -- pkgconf |
pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow vulnerability in dequote() that can result in dequote() function returns 1-byte allocation if initial length is 0, leading to buffer overflow. This attack appear to be exploitable via specially crafted .pc file. This vulnerability appears to have been fixed in 1.5.3. | 2018-08-20 | not yet calculated | CVE-2018-1000221 CONFIRM |
planex -- cs-qr20 | An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command. | 2018-08-24 | not yet calculated | CVE-2017-12576 FULLDISC |
planex -- cs-qr20 | An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password") is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission. | 2018-08-24 | not yet calculated | CVE-2017-12577 FULLDISC |
planex -- cs-w50hd_devices | An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack. | 2018-08-24 | not yet calculated | CVE-2017-12573 FULLDISC |
planex -- cs-w50hd_devices | An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; the account can't be modified or deleted. | 2018-08-24 | not yet calculated | CVE-2017-12574 FULLDISC |
portfoliocms -- portfoliocms | An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true. | 2018-08-25 | not yet calculated | CVE-2018-15848 MISC |
portfoliocms -- portfoliocms | An issue was discovered in portfolioCMS 1.0.5. There is CSRF to update the website settings via admin/aboutus.php. | 2018-08-25 | not yet calculated | CVE-2018-15849 MISC |
posim -- evo | POSIM EVO 15.13 for Windows includes hardcoded database credentials for the "root" database user. "root" access to POSIM EVO's database may result in a breach of confidentiality, integrity, or availability or allow for attackers to remotely execute code on associated POSIM EVO clients. | 2018-08-23 | not yet calculated | CVE-2018-15808 MISC |
posim -- evo |
POSIM EVO 15.13 for Windows includes an "Emergency Override" administrative account that may be accessed through POSIM's "override" feature. This Override prompt expects a code that is computed locally using a deterministic algorithm. This code may be generated by an attacker and used to bypass any POSIM EVO login prompt. | 2018-08-23 | not yet calculated | CVE-2018-15807 MISC |
postgresql -- postgresql |
The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software. | 2018-08-20 | not yet calculated | CVE-2016-7048 CONFIRM CONFIRM |
puppet -- puppet_enterprise |
When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4.14, and is fixed in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. It scored an 8.5 CVSS score. | 2018-08-24 | not yet calculated | CVE-2018-11749 CONFIRM |
puppycms -- puppycms | An issue was discovered in puppyCMS 5.1. There is an XSS vulnerability via menu.php in the "Add Page/URL" URL link field. | 2018-08-25 | not yet calculated | CVE-2018-15847 MISC |
pycryptodome -- pycryptodome |
PyCryptodome before 3.6.6 has an integer overflow in the data_len variable in AESNI.c, related to the AESNI_encrypt and AESNI_decrypt functions, leading to the mishandling of messages shorter than 16 bytes. | 2018-08-19 | not yet calculated | CVE-2018-15560 MISC MISC |
pyro -- pyro |
pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks. | 2018-08-20 | not yet calculated | CVE-2011-2765 CONFIRM CONFIRM CONFIRM |
red_hat -- cloudforms_management_engine_5 |
Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems (using callback). | 2018-08-22 | not yet calculated | CVE-2017-7528 CONFIRM |
red_hat -- openstack_enterprise |
A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allow directory traversal with '..' and it grants full passwordless root access to the validations user. | 2018-08-22 | not yet calculated | CVE-2017-2627 CONFIRM |
red_hat -- satellite_5 |
It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a PostgreSQL server using a specially crafted X.509 certificate. | 2018-08-22 | not yet calculated | CVE-2017-7513 CONFIRM |
redaxo -- redaxo_cms | An issue was discovered in REDAXO CMS 4.7.2. There is a CSRF vulnerability that can add an administrator account via index.php?page=user. | 2018-08-25 | not yet calculated | CVE-2018-15850 MISC |
rsa -- archer |
The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1, contains a SQL injection vulnerability. A malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to read certain data. Embedded WorkPoint is upgraded to version 4.10.16, which contains a fix for the vulnerability. | 2018-08-24 | not yet calculated | CVE-2018-11065 FULLDISC BID SECTRACK |
rsa -- netwitness_platform_and_security_analytics |
RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. A remote authenticated malicious RSA NetWitness Server user with an Admin or Operator role could exploit this vulnerability to execute arbitrary commands on the server with root privileges. | 2018-08-24 | not yet calculated | CVE-2018-11061 FULLDISC BID SECTRACK SECTRACK |
rust -- rust |
Rust Programming Language Rust standard library version Commit bfa0e1f58acf1c28d500c34ed258f09ae021893e and later; stable release 1.3.0 and later contains a Buffer Overflow vulnerability in std::collections::vec_deque::VecDeque::reserve() function that can result in Arbitrary code execution, but no proof-of-concept exploit is currently published.. This vulnerability appears to have been fixed in after commit fdfafb510b1a38f727e920dccbeeb638d39a8e60; stable release 1.22.0 and later. | 2018-08-20 | not yet calculated | CVE-2018-1000657 CONFIRM CONFIRM |
samba -- samba | A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All versions of Samba from 4.8.0 onwards are vulnerable | 2018-08-22 | not yet calculated | CVE-2018-1140 BID CONFIRM CONFIRM CONFIRM CONFIRM |
samba -- samba | A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Directory Domain Controller configuration. Samba versions before 4.7.9 and 4.8.4 are vulnerable. | 2018-08-22 | not yet calculated | CVE-2018-10918 BID CONFIRM CONFIRM UBUNTU CONFIRM |
samba -- samba | The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable. | 2018-08-22 | not yet calculated | CVE-2018-10919 BID CONFIRM CONFIRM UBUNTU DEBIAN CONFIRM |
samba -- samba |
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client. | 2018-08-22 | not yet calculated | CVE-2018-1139 BID CONFIRM CONFIRM UBUNTU CONFIRM |
samba -- samba |
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable. | 2018-08-22 | not yet calculated | CVE-2018-10858 BID CONFIRM CONFIRM UBUNTU DEBIAN CONFIRM |
samsung -- smartthings_hub_sth-eth-250 | An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in turn leads to a SQL injection in the video-core database. An attacker can send a series of HTTP requests to trigger this vulnerability. | 2018-08-23 | not yet calculated | CVE-2018-3879 MISC |
samsung -- smartthings_hub_sth-eth-250 | An exploitable buffer overflow vulnerability exists in the camera "create" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the "state" field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | 2018-08-23 | not yet calculated | CVE-2018-3905 MISC |
samsung -- smartthings_hub_sth-eth-250 | An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, 'on_url' callback. An attacker can send an HTTP request to trigger this vulnerability. | 2018-08-23 | not yet calculated | CVE-2018-3907 MISC |
samsung -- smartthings_hub_sth-eth-250 | An exploitable buffer overflow vulnerability exists in the camera "replace" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the URL field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | 2018-08-23 | not yet calculated | CVE-2018-3902 MISC |
samsung -- smartthings_hub_sth-eth-250 | An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, 'onmessagecomplete' callback. An attacker can send an HTTP request to trigger this vulnerability. | 2018-08-23 | not yet calculated | CVE-2018-3909 MISC |
samsung -- smartthings_hub_sth-eth-250 | On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. A strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "user" value in order to exploit this vulnerability. | 2018-08-23 | not yet calculated | CVE-2018-3863 MISC |
samsung -- smartthings_hub_sth-eth-250 | An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strcpy at [8] overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long 'callbackUrl' value in order to exploit this vulnerability. | 2018-08-23 | not yet calculated | CVE-2018-3866 MISC |
samsung -- smartthings_hub_sth-eth-250 | An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly handles the answer received from a smart camera, leading to a buffer overflow on the stack. An attacker can send a series of HTTP requests to trigger this vulnerability. | 2018-08-23 | not yet calculated | CVE-2018-3867 MISC |
samsung -- smartthings_hub_sth-eth-250 | An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely extracts the fields from the "clips" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send a series of HTTP requests to trigger this vulnerability. | 2018-08-23 | not yet calculated | CVE-2018-3919 MISC |
samsung -- smartthings_hub_sth-eth-250 | An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles existing records inside its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | 2018-08-23 | not yet calculated | CVE-2018-3880 MISC |
samsung -- smartthings_hub_sth-eth-250 | Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. A strncpy overflows the destination buffer, which has a size of 16 bytes. An attacker can send an arbitrarily long "region" value in order to exploit this vulnerability. | 2018-08-23 | not yet calculated | CVE-2018-3878 MISC |
samsung -- smartthings_hub_sth-eth-250 | An exploitable buffer overflow vulnerability exists in the remote video-host communication of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely parses the AWSELB cookie while communicating with remote video-host servers, leading to a buffer overflow on the heap. An attacker able to impersonate the remote HTTP servers could trigger this vulnerability. | 2018-08-23 | not yet calculated | CVE-2018-3925 MISC |
samsung -- smartthings_hub_sth-eth-250 | On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The strcpy call overflows the destination buffer, which has a size of 16 bytes. An attacker can send an arbitrarily long "region" value in order to exploit this vulnerability. | 2018-08-23 | not yet calculated | CVE-2018-3917 MISC |
samsung -- smartthings_hub_sth-eth-250 | An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages, leading to partially controlled requests generated toward the internal video-core process. An attacker can send an HTTP request to trigger this vulnerability. | 2018-08-23 | not yet calculated | CVE-2018-3911 MISC |
samsung -- smartthings_hub_sth-eth-250 | An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts the videoHostUrl field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | 2018-08-23 | not yet calculated | CVE-2018-3872 MISC |
samsung -- smartthings_hub_sth-eth-250 | On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. The strcpy call overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long "secretKey" value in order to exploit this vulnerability. | 2018-08-23 | not yet calculated | CVE-2018-3912 MISC |
samsung -- smartthings_hub_sth-eth-250 | On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The memcpy call overflows the destination buffer, which has a size of 512 bytes. An attacker can send an arbitrarily long "url" value in order to overwrite the saved-PC with 0x42424242. | 2018-08-23 | not yet calculated | CVE-2018-3903 MISC |
samsung -- smartthings_hub_sth-eth-250 |
An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this vulnerability. | 2018-08-23 | not yet calculated | CVE-2018-3856 MISC |
signal_messenger -- open_whisper_signal |
Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage. | 2018-08-20 | not yet calculated | CVE-2018-14023 MISC MISC |
soundtouch -- soundtouch |
soundtouch version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() that can result in arbitrary code execution. This attack appear to be exploitable via victim must open maliocius file in soundstretch utility. | 2018-08-20 | not yet calculated | CVE-2018-1000223 CONFIRM |
spice -- spice |
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. | 2018-08-17 | not yet calculated | CVE-2018-10873 CONFIRM CONFIRM UBUNTU |
swoole -- swoole |
The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV. | 2018-08-17 | not yet calculated | CVE-2018-15503 MISC MISC MISC |
symantec -- encryption_management_server |
The Symantec Encryption Management Server (SEMS) product, prior to version 3.4.2 MP1, may be susceptible to a denial of service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. | 2018-08-20 | not yet calculated | CVE-2018-5243 BID SECTRACK CONFIRM |
symantec -- norton_ppower_eraser_and_symdiag |
Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. | 2018-08-22 | not yet calculated | CVE-2018-5238 BID CONFIRM |
symantec -- norton_utilities | Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. | 2018-08-22 | not yet calculated | CVE-2018-5235 BID CONFIRM |
technicolor -- tc7200.20_cable_modem_devices |
Technicolor TC7200.20 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. | 2018-08-25 | not yet calculated | CVE-2018-15852 MISC |
tecrail -- responsive_filemanager | /filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal. | 2018-08-24 | not yet calculated | CVE-2018-15536 FULLDISC |
tecrail -- responsive_filemanager |
/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is outside of that directory, aka Directory Traversal. | 2018-08-24 | not yet calculated | CVE-2018-15535 FULLDISC |
tp5cms -- tp5cms | tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html q parameter. | 2018-08-19 | not yet calculated | CVE-2018-15566 MISC |
tp5cms -- tp5cms | tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html. | 2018-08-19 | not yet calculated | CVE-2018-15568 MISC |
tridium -- niagara | An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system. | 2018-08-20 | not yet calculated | CVE-2017-16748 BID MISC |
tridium -- niagara | A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials. | 2018-08-20 | not yet calculated | CVE-2017-16744 BID MISC |
ubuntu -- ubuntu |
The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled. | 2018-08-21 | not yet calculated | CVE-2018-6557 SECTRACK UBUNTU |
ucopia -- wireless_appliance_devices | Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices using firmware version 5.1.x before 5.1.13 allows authenticated remote attackers to escape the shell and escalate their privileges by adding a LocalCommand to the SSH configuration file in the user home folder. | 2018-08-21 | not yet calculated | CVE-2018-15481 MISC |
victoralagwu/cmssite -- victoralagwu/cmssite |
An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the Author field of the "Leave a Comment" screen. | 2018-08-20 | not yet calculated | CVE-2018-15603 MISC |
villagedefrance -- opencart-overclocked |
OpenCart-Overclocked version <=1.11.1 contains a Cross Site Scripting (XSS) vulnerability in User input entered unsanitised within JS function in the template that can result in Unauthorised actions and access to data, stealing session information, denial of service. This attack appear to be exploitable via Malicious input passed in GET parameter. | 2018-08-20 | not yet calculated | CVE-2018-1000640 MISC CONFIRM |
waimai -- super_cms |
In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter. | 2018-08-19 | not yet calculated | CVE-2018-15570 MISC |
wi2be -- smart_hp_wmt | Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to obtain sensitive information via /Status/SystemStatusRpm.esp. | 2018-08-20 | not yet calculated | CVE-2018-14079 MISC |
wi2be -- smart_hp_wmt | Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to reset the admin password via the /ConfigWizard/ChangePwd.esp?2admin URL (Attackers can login using the "admin" username with password "admin" after a successful attack). | 2018-08-20 | not yet calculated | CVE-2018-14078 MISC |
wi2be -- smart_hp_wmt |
Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to backup the device configuration via a direct request to /Maintenance/configfile.cfg. | 2018-08-20 | not yet calculated | CVE-2018-14077 MISC |
wolfcms -- wolfcms | WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter. | 2018-08-25 | not yet calculated | CVE-2018-15842 MISC |
x.org -- libx11 | An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact. | 2018-08-24 | not yet calculated | CVE-2018-14599 MLIST SECTRACK CONFIRM CONFIRM MLIST |
x.org -- libx11 | An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution. | 2018-08-24 | not yet calculated | CVE-2018-14600 MLIST SECTRACK CONFIRM CONFIRM MLIST |
x.org -- libx11 | An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault). | 2018-08-24 | not yet calculated | CVE-2018-14598 MLIST SECTRACK CONFIRM CONFIRM MLIST |
xkbcommon -- xkbcommon | Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled. | 2018-08-25 | not yet calculated | CVE-2018-15859 MISC MISC |
xkbcommon -- xkbcommon | Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file. | 2018-08-25 | not yet calculated | CVE-2018-15858 MISC MISC |
xkbcommon -- xkbcommon | Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled. | 2018-08-25 | not yet calculated | CVE-2018-15855 MISC MISC |
xkbcommon -- xkbcommon | An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files. | 2018-08-25 | not yet calculated | CVE-2018-15856 MISC MISC |
xkbcommon -- xkbcommon | An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file. | 2018-08-25 | not yet calculated | CVE-2018-15857 MISC MISC |
xkbcommon -- xkbcommon | Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure. | 2018-08-25 | not yet calculated | CVE-2018-15861 MISC MISC |
xkbcommon -- xkbcommon | Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created. | 2018-08-25 | not yet calculated | CVE-2018-15864 MISC MISC |
xkbcommon -- xkbcommon | Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression. | 2018-08-25 | not yet calculated | CVE-2018-15863 MISC MISC |
xkbcommon -- xkbcommon | Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers. | 2018-08-25 | not yet calculated | CVE-2018-15862 MISC MISC |
xkbcommon -- xkbcommon |
Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation. | 2018-08-25 | not yet calculated | CVE-2018-15853 MISC MISC |
xkbcommon -- xkbcommon |
Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly. | 2018-08-25 | not yet calculated | CVE-2018-15854 MISC MISC |
yeswiki -- yeswiki |
YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of information. | 2018-08-20 | not yet calculated | CVE-2018-1000641 MISC MISC |
zutils -- zutils |
zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed in 1.8-pre2. | 2018-08-20 | not yet calculated | CVE-2018-1000637 CONFIRM MLIST |
zzcms -- zzcms |
zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. This attack appear to be exploitable via running zzcms in nginx. | 2018-08-20 | not yet calculated | CVE-2018-1000653 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/bulletins/SB18-239-0
Comments
Post a Comment