US-CERT - SB18-260: Vulnerability Summary for the Week of September 10, 2018
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no high vulnerabilities recorded this week. |
Medium Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no medium vulnerabilities recorded this week. |
Low Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no low vulnerabilities recorded this week. |
Severity Not Yet Assigned
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
absolute -- ctes_windows_agent | An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security permissions on the %ProgramData%\CTES folder and sub-folders may allow write access to low-privileged user accounts. This allows unauthorized replacement of service program executable (EXE) or dynamically loadable library (DLL) files, causing elevated (SYSTEM) user access. Configuration control files or data files under this folder could also be similarly modified to affect service process behavior. | 2018-09-08 | not yet calculated | CVE-2018-16715 CONFIRM |
ansible -- tower |
A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the database. | 2018-09-11 | not yet calculated | CVE-2016-7070 CONFIRM CONFIRM |
apache -- activemq_client |
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default. | 2018-09-10 | not yet calculated | CVE-2018-11775 CONFIRM BID SECTRACK |
apache -- mesos |
When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. Parsing chunked HTTP requests with trailers can lead to a libprocess crash too because of the mistakenly planted assertion. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable. | 2018-09-13 | not yet calculated | CVE-2018-1330 |
artifex -- ghostscript |
An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509. | 2018-09-10 | not yet calculated | CVE-2018-16802 MISC MISC CONFIRM MLIST MLIST MISC |
asus -- gt-ac5300_routers | Stack-based buffer overflow on the ASUS GT-AC5300 router through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact by setting a long sh_path0 value and then sending an appGet.cgi?hook=select_list("Storage_x_SharedPath") request, because ej_select_list in router/httpd/web.c uses strcpy. | 2018-09-13 | not yet calculated | CVE-2018-17022 MISC |
asus -- gt-ac5300_routers | Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 routers with firmware through 3.0.0.4.384_32738 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm. | 2018-09-13 | not yet calculated | CVE-2018-17023 MISC |
asus -- gt-ac5300_routers | Cross-site scripting (XSS) vulnerability on ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allows remote attackers to inject arbitrary web script or HTML via the appGet.cgi hook parameter. | 2018-09-13 | not yet calculated | CVE-2018-17021 MISC |
asus -- gt-ac5300_routers |
ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allow remote attackers to cause a denial of service via a single "GET / HTTP/1.1\r\n" line. | 2018-09-13 | not yet calculated | CVE-2018-17020 MISC |
avaya -- ip_office |
A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2. | 2018-09-12 | not yet calculated | CVE-2018-15610 CONFIRM |
b3log/solo -- b3log/solo |
In b3log Solo 2.9.3, XSS in the Input page under the Publish Articles menu, with an ID of linkAddress stored in the link JSON field, allows remote attackers to inject arbitrary Web scripts or HTML via a crafted site name provided by an administrator. | 2018-09-10 | not yet calculated | CVE-2018-16805 MISC |
baijiacms -- baijiacms | An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClipboard.swf id parameter, aka "Non-standard use of the flash component." | 2018-09-08 | not yet calculated | CVE-2018-16725 MISC |
baijiacms -- baijiacms |
An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request. | 2018-09-08 | not yet calculated | CVE-2018-16724 MISC |
bigtree -- bigtree_cms |
BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php. | 2018-09-13 | not yet calculated | CVE-2018-17030 MISC |
blogcms -- blogcms |
BlogCMS through 2016-10-25 has XSS via a comment. | 2018-09-10 | not yet calculated | CVE-2018-16779 MISC |
bro -- bro |
In Bro through 2.5.5, there is a DoS in IRC protocol names command parsing in analyzer/protocol/irc/IRC.cc. | 2018-09-13 | not yet calculated | CVE-2018-17019 MISC |
bro -- bro |
In Bro through 2.5.5, there is a memory leak potentially leading to DoS in scripts/base/protocols/krb/main.bro in the Kerberos protocol parser. | 2018-09-10 | not yet calculated | CVE-2018-16807 MISC |
bullguard -- multiple_products |
BullGuard Safe Browsing 18.1.355 allows XSS on Google, Bing, and Yahoo! pages via domains indexed in search results. | 2018-09-15 | not yet calculated | CVE-2018-17061 MISC |
cisco-config-manager -- cisco-config-manager |
K-Net Cisco Configuration Manager through 2014-11-19 has XSS via devices.php. | 2018-09-14 | not yet calculated | CVE-2018-17051 MISC |
cms_maelostore -- cms_maelostore |
An issue was discovered in CMS MaeloStore V.1.5.0. There is a CSRF vulnerability that can change the administrator password via admin/modul/users/aksi_users.php?act=update. | 2018-09-14 | not yet calculated | CVE-2018-17045 MISC |
cqu-lankers -- cqu-lankers |
CQU-LANKERS through 2017-11-02 has XSS via the public/api.php callback parameter in an uploadpic action. | 2018-09-14 | not yet calculated | CVE-2018-17049 MISC |
cscms -- cscms | CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data. | 2018-09-08 | not yet calculated | CVE-2018-16731 MISC MISC |
cscms -- cscms | \upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save. | 2018-09-08 | not yet calculated | CVE-2018-16732 MISC MISC |
cscms -- cscms |
\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name. | 2018-09-08 | not yet calculated | CVE-2018-16730 MISC MISC |
d-link -- dir-600m_devices |
D-Link DIR-600M devices allow XSS via the Hostname and Username fields in the Dynamic DNS Configuration page. | 2018-09-12 | not yet calculated | CVE-2018-16605 MISC |
d-link -- dir-816_a2_1.10_b05_devices | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is invoked. | 2018-09-15 | not yet calculated | CVE-2018-17064 MISC |
d-link -- dir-816_a2_1.10_b05_devices | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters. | 2018-09-15 | not yet calculated | CVE-2018-17063 MISC |
d-link -- dir-816_a2_1.10_b05_devices | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter. | 2018-09-15 | not yet calculated | CVE-2018-17066 MISC |
d-link -- dir-816_a2_1.10_b05_devices | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address. | 2018-09-15 | not yet calculated | CVE-2018-17067 MISC |
d-link -- dir-816_a2_1.10_b05_devices | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address. | 2018-09-15 | not yet calculated | CVE-2018-17065 MISC |
d-link -- dir-816_a2_1.10_b05_devices | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter. | 2018-09-15 | not yet calculated | CVE-2018-17068 MISC |
daum_communications -- potplayer |
A heap-based buffer overflow in PotPlayerMini.exe in PotPlayer 1.7.8556 allows remote attackers to execute arbitrary code via a .wav file with large BytesPerSec and SamplesPerSec values, and a small Data_Chunk_Size value. | 2018-09-10 | not yet calculated | CVE-2018-16797 MISC |
daylight_studio -- fuel_cms | FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. | 2018-09-09 | not yet calculated | CVE-2018-16763 MISC |
daylight_studio -- fuel_cms |
FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items. | 2018-09-09 | not yet calculated | CVE-2018-16762 MISC |
dbf2txt -- dbf2txt |
An issue has been found in dbf2txt through 2012-07-19. It is a infinite loop. | 2018-09-14 | not yet calculated | CVE-2018-17042 MISC MISC |
dell_emc -- vplex_geosynchrony |
Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a MITM attack on the VPN traffic. | 2018-09-11 | not yet calculated | CVE-2018-11078 SECTRACK FULLDISC |
doc2txt -- doc2txt | An issue has been found in doc2txt through 2014-03-19. It is a heap-based buffer overflow in the function Storage::init in Storage.cpp, called from parse_doc in parse_doc.cpp. | 2018-09-14 | not yet calculated | CVE-2018-17043 MISC MISC |
docker -- moby |
An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root certificate) to authenticate. | 2018-09-10 | not yet calculated | CVE-2018-12608 MISC |
dotcms -- dotcms |
dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters. | 2018-09-12 | not yet calculated | CVE-2018-16980 MISC |
drools_workbench -- drools_workbench |
Drools Workbench contains a path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host. | 2018-09-10 | not yet calculated | CVE-2016-7041 REDHAT REDHAT REDHAT REDHAT BID SECTRACK CONFIRM |
dusaurabh/php -- dusaurabh/php |
Complete Responsive CMS Blog through 2018-05-20 has XSS via a comment. | 2018-09-10 | not yet calculated | CVE-2018-16780 MISC |
e107 -- e107 |
e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter. | 2018-09-12 | not yet calculated | CVE-2018-16389 MISC CONFIRM |
e107 -- e107 |
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type. | 2018-09-12 | not yet calculated | CVE-2018-16388 MISC CONFIRM |
easycms -- easycms |
EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field. | 2018-09-10 | not yet calculated | CVE-2018-16773 MISC |
easycms -- easycms |
The removeXSS function in App/Common/common.php (called from App/Modules/Index/Action/SearchAction.class.php) in EasyCMS v1.4 allows XSS via an onhashchange event. | 2018-09-09 | not yet calculated | CVE-2018-16759 MISC |
elefant_cms -- elefant_cms | An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in /designer/add/stylesheet.php by using a .php extension in the New Stylesheet Name field in conjunction with <?php content, because of insufficient input validation in apps/designer/handlers/csspreview.php. | 2018-09-12 | not yet calculated | CVE-2018-16975 MISC MISC MISC |
elefant_cms -- elefant_cms |
An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file, and then using a filename that ends in .php followed by space characters (for bypassing the blacklist). | 2018-09-12 | not yet calculated | CVE-2018-16974 MISC MISC MISC |
ethereum -- go_ethereum |
In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block. | 2018-09-08 | not yet calculated | CVE-2018-16733 MISC |
eventum -- eventum |
Eventum before 3.4.0 has an open redirect vulnerability. | 2018-09-09 | not yet calculated | CVE-2018-16761 MISC |
f5 -- big-ip_apm | On BIG-IP APM 11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0, and 13.1.0-13.1.0.3, APMD may core when processing SAML Assertion or response containing certain elements. | 2018-09-13 | not yet calculated | CVE-2018-5549 CONFIRM |
f5 -- big-ip_apm |
On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts. | 2018-09-13 | not yet calculated | CVE-2018-5548 CONFIRM |
f5 -- big-ip |
A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, 11.6.0-11.6.3, and 12.1.0-12.1.3 discloses the BIG-IP software version in rewritten pages. | 2018-09-13 | not yet calculated | CVE-2018-15310 CONFIRM |
f5 -- websafe_alert_server | On F5 WebSafe Alert Server 1.0.0-4.2.6, a malicious, authenticated user can execute code on the alert server by using a maliciously crafted payload. | 2018-09-13 | not yet calculated | CVE-2018-5545 CONFIRM |
feindura -- feindura |
feindura 2.0.7 allows XSS via the tags field of a new page created at index.php?category=0&page=new. | 2018-09-12 | not yet calculated | CVE-2018-16728 MISC |
ffjpeg -- ffjpeg |
ffjpeg.dll in ffjpeg before 2018-08-22 allows remote attackers to cause a denial of service (FPE signal) via a progressive JPEG file that lacks an AC Huffman table. | 2018-09-10 | not yet calculated | CVE-2018-16781 MISC |
foreman -- foreman | foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resources instead of none (mirroring an administrator's view). The user's actions are still limited by their assigned permissions, e.g. to control viewing, editing and deletion. | 2018-09-10 | not yet calculated | CVE-2016-7078 BID CONFIRM CONFIRM CONFIRM MLIST CONFIRM |
foreman -- foreman |
foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6. | 2018-09-10 | not yet calculated | CVE-2016-7077 BID CONFIRM CONFIRM CONFIRM |
frappe_technologies -- erpnext | An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The sort_by and start parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required. | 2018-09-12 | not yet calculated | CVE-2018-3884 MISC |
frappe_technologies -- erpnext | An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The order_by parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required. | 2018-09-12 | not yet calculated | CVE-2018-3885 MISC |
frappe_technologies -- erpnext | An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The employee and sort_order parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required. | 2018-09-12 | not yet calculated | CVE-2018-3883 MISC |
frappe_technologies -- erpnext |
An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The searchfield parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required. | 2018-09-12 | not yet calculated | CVE-2018-3882 MISC |
freebsd_project -- freebsd | In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is disabled by default. This results in the possibility a poorly written process could be cause a stack overflow. | 2018-09-12 | not yet calculated | CVE-2017-1083 MISC |
freebsd_project -- freebsd | In FreeBSD before 11.2-RELEASE, an application which calls setrlimit() to increase RLIMIT_STACK may turn a read-only memory region below the stack into a read-write region. A specially crafted executable could be exploited to execute arbitrary code in the user context. | 2018-09-12 | not yet calculated | CVE-2017-1085 EXPLOIT-DB MISC |
freebsd_project -- freebsd | In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4-STABLE, and 10.4-RELEASE-p12, insufficient validation in the ELF header parser could allow a malicious ELF binary to cause a kernel crash or disclose kernel memory. | 2018-09-12 | not yet calculated | CVE-2018-6924 SECTRACK FREEBSD |
freebsd_project -- freebsd | In FreeBSD before 11.2-RELEASE, multiple issues with the implementation of the stack guard-page reduce the protections afforded by the guard-page. This results in the possibility a poorly written process could be cause a stack overflow. | 2018-09-12 | not yet calculated | CVE-2017-1084 EXPLOIT-DB EXPLOIT-DB MISC |
freebsd_project -- freebsd |
In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the qsort algorithm has a deterministic recursion pattern. Feeding a pathological input to the algorithm can lead to excessive stack usage and potential overflow. Applications that use qsort to handle large data set may crash if the input follows the pathological pattern. | 2018-09-12 | not yet calculated | CVE-2017-1082 MISC |
fuji_electric -- v-server_lite |
A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior. | 2018-09-13 | not yet calculated | CVE-2018-10637 BID MISC |
furuno -- felcom_250_and_500_devices | FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. This includes the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext. | 2018-09-10 | not yet calculated | CVE-2018-16705 MISC MISC |
furuno -- felcom_250_and_500_devices |
FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the Admin, Log and Service accounts, as well as the password for the protected "SMS" panel via /cgi-bin/sm_changepassword.cgi and /cgi-bin/sm_sms_changepasswd.cgi. | 2018-09-10 | not yet calculated | CVE-2018-16591 MISC MISC |
gitolite -- gitolite |
Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access. | 2018-09-12 | not yet calculated | CVE-2018-16976 MISC MISC MISC |
gogs -- gogs |
In Gogs 0.11.53, an attacker can use a crafted .eml file to trigger MIME type sniffing, which leads to XSS, as demonstrated by Internet Explorer, because an "X-Content-Type-Options: nosniff" header is not sent. | 2018-09-13 | not yet calculated | CVE-2018-17031 MISC |
golang/go -- golang/go |
The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of <template><object>, <template><applet>, or <template><marquee>. This is related to HTMLTreeBuilder.cpp in WebKit. | 2018-09-15 | not yet calculated | CVE-2018-17075 MISC MISC MISC |
gpp_software -- gpp |
GPP through 2.25 will try to use more memory space than is available on the stack, leading to a segmentation fault or possibly unspecified other impact via a crafted file. | 2018-09-15 | not yet calculated | CVE-2018-17076 MISC |
hiscout -- grc_suite |
HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files with Dangerous Types. | 2018-09-13 | not yet calculated | CVE-2018-16796 BUGTRAQ MISC |
hongcms -- hongcms |
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete. | 2018-09-10 | not yet calculated | CVE-2018-16774 MISC |
hoosk -- hoosk | Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new. | 2018-09-10 | not yet calculated | CVE-2018-16772 MISC |
hoosk -- hoosk |
Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php. | 2018-09-10 | not yet calculated | CVE-2018-16771 MISC |
huawei -- alp-l09_smartphones | Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient input validation vulnerability due to lack of parameter check. An attacker tricks the user who has root privilege to install a crafted application, the application may modify the specific data to exploit the vulnerability. Successful exploit could allow the attacker to execute arbitrary code. | 2018-09-12 | not yet calculated | CVE-2018-7923 CONFIRM |
huawei -- alp-l09_smartphones |
Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient input validation vulnerability due to lack of parameter check. An attacker tricks the user who has root privilege to install a crafted application, the application may modify the specific data to exploit the vulnerability. Successful exploit could allow the attacker to execute arbitrary code. | 2018-09-12 | not yet calculated | CVE-2018-7922 CONFIRM |
huawei -- b315s-22_products |
Huawei B315s-22 products with software of 21.318.01.00.26 have an information leak vulnerability. Unauthenticated adjacent attackers may exploit this vulnerability to obtain device information. | 2018-09-12 | not yet calculated | CVE-2018-7921 CONFIRM |
huawei -- multiple_products | Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with the versions before VNS-L53C605B120CUSTC605D103, the versions before CAM-L03C605B143CUSTC605D008, the versions before CAM-L21C10B145, the versions before CAM-L21C185B156, the versions before CAM-L21C223B133, the versions before CAM-L21C432B210, the versions before CAM-L21C464B170, the versions before CAM-L21C636B245, the versions before Berlin-L21C10B372, the versions before Berlin-L21C185B363, the versions before Berlin-L21C464B137, the versions before Berlin-L23C605B161, the versions before FRD-L09C10B387, the versions before FRD-L09C185B387, the versions before FRD-L09C432B398, the versions before FRD-L09C636B387, the versions before FRD-L19C10B387, the versions before FRD-L19C432B399, the versions before FRD-L19C636B387 have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can disable the boot wizard by enable the talkback function. As a result, the FRP function is bypassed. | 2018-09-12 | not yet calculated | CVE-2018-7939 CONFIRM |
huawei -- smart_phones_with_leland_software |
Some Huawei smart phones with software of Leland-AL00 8.0.0.114(C636), Leland-AL00A 8.0.0.171(C00) have a denial of service (DoS) vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the parameter, successful exploitation can cause the smartphone black screen until restarting the phone. | 2018-09-12 | not yet calculated | CVE-2018-7906 CONFIRM |
ibm -- connections | IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. By submitting suitable payloads, an attacker could exploit this vulnerability to induce the Connections server to attack other systems. IBM X-Force ID: 148946. | 2018-09-14 | not yet calculated | CVE-2018-1791 XF CONFIRM |
ibm -- datascap_fastdoc_capture | IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed. IBM X-Force ID: 148691. | 2018-09-12 | not yet calculated | CVE-2018-1773 BID XF CONFIRM |
ibm -- maximo_asset_management |
IBM Maximo Asset Management 7.6 through 7.6.3 could allow an unauthenticated attacker to obtain sensitive information from error messages. IBM X-Force ID: 145967. | 2018-09-13 | not yet calculated | CVE-2018-1698 XF CONFIRM |
ibm -- open_pages_grc_platform |
IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow an attacker to obtain sensitive information from error log files. IBM X-Force ID: 134001. | 2018-09-10 | not yet calculated | CVE-2017-1679 XF CONFIRM |
ibm -- qradar |
IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 143121. | 2018-09-11 | not yet calculated | CVE-2018-1571 BID XF CONFIRM |
ibm -- security_identity_governance_and_intelligence | IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM X-Force ID: 148599. | 2018-09-07 | not yet calculated | CVE-2018-1756 CONFIRM XF EXPLOIT-DB |
ibm -- websphere_application_server |
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security under certain conditions. This could result in a downgrade of TLS protocol. A remote attacker could exploit this vulnerability to perform man-in-the-middle attacks. IBM X-Force ID: 147292. | 2018-09-14 | not yet calculated | CVE-2018-1719 XF CONFIRM |
ibm -- websphere_application_server |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024. | 2018-09-07 | not yet calculated | CVE-2018-1567 SECTRACK XF CONFIRM |
imagemagick -- imagemagick | In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found. | 2018-09-09 | not yet calculated | CVE-2018-16750 MISC |
imagemagick -- imagemagick |
In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file. | 2018-09-09 | not yet calculated | CVE-2018-16749 MISC MISC |
imageworsener -- imageworsener |
libimageworsener.a in ImageWorsener 1.3.2 has a buffer overflow in the bmpr_read_rle_internal function in imagew-bmp.c. | 2018-09-10 | not yet calculated | CVE-2018-16782 MISC |
infinispan -- infinispan |
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks. | 2018-09-11 | not yet calculated | CVE-2016-0750 BID REDHAT REDHAT CONFIRM CONFIRM CONFIRM |
informaction -- noscript_classic | NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking via the text/html;/json Content-Type value. | 2018-09-13 | not yet calculated | CVE-2018-16983 MISC MISC MISC |
intel -- active_management_technology |
Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network. | 2018-09-12 | not yet calculated | CVE-2018-3616 CONFIRM CONFIRM |
intel -- baseboard_management_controller |
Privilege escalation in Intel Baseboard Management Controller (BMC) firmware before version 1.43.91f76955 may allow an unprivileged user to potentially execute arbitrary code or perform denial of service over the network. | 2018-09-12 | not yet calculated | CVE-2018-12171 CONFIRM |
intel -- centrino_wireless_n_and_advanced_n_adapters |
A STOP error (BSoD) in the ibtfltcoex.sys driver for Intel Centrino Wireless N and Intel Centrino Advanced N adapters may allow an unauthenticated user to potentially send a malformed L2CAP Connection Request is sent to the Intel Bluetooth device via the network. | 2018-09-12 | not yet calculated | CVE-2018-3669 CONFIRM |
intel -- computing_improvement_program |
Privilege escalation in file permissions in Intel Computing Improvement Program before version 2.2.0.03942 may allow an authenticated user to potentially execute code as administrator via local access. | 2018-09-12 | not yet calculated | CVE-2018-12168 CONFIRM |
intel -- data_center_manager_sdk |
Escalation of privilege in Reference UI in Intel Data Center Manager SDK 5.0 and before may allow an unauthorized remote unauthenticated user to potentially execute code via administrator privileges. | 2018-09-12 | not yet calculated | CVE-2018-3679 CONFIRM |
intel -- data_center_migration_center_software |
DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory permissions via local access. | 2018-09-12 | not yet calculated | CVE-2018-12160 CONFIRM |
intel -- distribution_for_python |
Default install directory permissions in Intel Distribution for Python (IDP) version 2018 may allow an unprivileged user to escalate privileges via local access. | 2018-09-12 | not yet calculated | CVE-2018-12175 CONFIRM |
intel -- driver_and_support_assistant |
Privilege escalation in file permissions in Intel Driver and Support Assistant before 3.5.0.1 may allow an authenticated user to potentially execute code as administrator via local access. | 2018-09-12 | not yet calculated | CVE-2018-12148 CONFIRM |
intel -- extreme_tuning_utility | Buffer overflow in installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially cause a buffer overflow potentially leading to a denial of service via local access. | 2018-09-12 | not yet calculated | CVE-2018-12151 CONFIRM |
intel -- extreme_tuning_utility | Escalation of privilege in Installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially execute code or disclose information as administrator via local access. | 2018-09-12 | not yet calculated | CVE-2018-12150 CONFIRM |
intel -- extreme_tuning_utility |
Buffer overflow in input handling in Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially deny service to the application via local access. | 2018-09-12 | not yet calculated | CVE-2018-12149 CONFIRM |
intel -- firmware | A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access. | 2018-09-12 | not yet calculated | CVE-2018-3655 CONFIRM CONFIRM |
intel -- firmware | Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access. | 2018-09-12 | not yet calculated | CVE-2018-3658 CONFIRM CONFIRM |
intel -- firmware | A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access. | 2018-09-12 | not yet calculated | CVE-2018-3659 CONFIRM |
intel -- firmware | Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access. | 2018-09-12 | not yet calculated | CVE-2018-3657 CONFIRM CONFIRM |
intel -- firmware |
A vulnerability in Power Management Controller firmware in systems using specific Intel Converged Security and Management Engine (CSME) before version 12.0.6 or Intel Server Platform Services firmware before version 4.x.04 may allow a privileged user to potentially escalate privileges or disclose information via local access. | 2018-09-12 | not yet calculated | CVE-2018-3643 CONFIRM CONFIRM |
intel -- intel-sa-00086_detection_tool |
Code injection vulnerability in INTEL-SA-00086 Detection Tool before version 1.2.7.0 may allow a privileged user to potentially execute arbitrary code via local access. | 2018-09-12 | not yet calculated | CVE-2018-3686 CONFIRM |
intel -- iot_developers_toolkit |
A DLL injection vulnerability in the Intel IoT Developers Kit 4.0 installer may allow an authenticated user to potentially escalate privileges using file modification via local access. | 2018-09-12 | not yet calculated | CVE-2018-12163 CONFIRM |
intel -- nuc_kits |
Improper input validation in firmware for Intel NUC Kits may allow a privileged user to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access. | 2018-09-12 | not yet calculated | CVE-2018-12176 CONFIRM |
intel -- openvino_toolkit_for_windows |
Directory permissions in the Intel OpenVINO Toolkit for Windows before version 2018.1.265 may allow an authenticated user to potentially execute code using default directory permissions via local access. | 2018-09-12 | not yet calculated | CVE-2018-12162 CONFIRM |
inteno -- dg400_wu7u_elion3.11.6-170614_1328_devices |
Inteno DG400 WU7U_ELION3.11.6-170614_1328 devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses, as demonstrated by macof. | 2018-09-11 | not yet calculated | CVE-2018-16950 MISC |
jhead -- jhead |
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT handling. | 2018-09-15 | not yet calculated | CVE-2018-16554 MISC MISC |
json -- json |
JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json.y. | 2018-09-15 | not yet calculated | CVE-2018-17072 MISC |
kamailio -- kamailio |
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash for To tags. (An additional error is present in the check_via_address core function: this function also misses input validation.) This could result in denial of service and potentially the execution of arbitrary code. | 2018-09-07 | not yet calculated | CVE-2018-16657 MLIST MISC DEBIAN |
lg -- supersign_cms | LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080. | 2018-09-14 | not yet calculated | CVE-2018-16706 MISC |
lg -- supersign_cms | LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs. | 2018-09-14 | not yet calculated | CVE-2018-16287 MISC |
lg -- supersign_cms | LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs. | 2018-09-14 | not yet calculated | CVE-2018-16288 MISC |
lg -- supersign_cms |
LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits. | 2018-09-14 | not yet calculated | CVE-2018-16286 MISC |
lg --multiple_devices_with_smart_ip_cameras_1508190 |
LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials and configuration information for the camera device. An attacker is able to discover the backup filename via reading the system logs or report data, or just by brute-forcing the backup filename pattern. It may be possible to authenticate to the admin account with the admin password. | 2018-09-11 | not yet calculated | CVE-2018-16946 MISC EXPLOIT-DB |
libtiff -- libtiff | A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp. | 2018-09-13 | not yet calculated | CVE-2018-17000 MISC |
linux -- linux_kernel |
A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest. | 2018-09-11 | not yet calculated | CVE-2018-10853 CONFIRM CONFIRM CONFIRM MLIST MLIST MLIST MISC |
linux -- linux_kernel |
A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients. | 2018-09-10 | not yet calculated | CVE-2018-14625 CONFIRM MISC |
lizard -- lizard | In Lizard (formerly LZ5) 2.0, use of an invalid memory address was discovered in LZ5_compress_continue in lz5_compress.c, related to LZ5_compress_fastSmall and MEM_read32. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | 2018-09-13 | not yet calculated | CVE-2018-16985 MISC |
lone_wolf_technologies -- loading_docs |
Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-08-13 allow remote attackers to download any confidential files via https requests for predictable URLs. | 2018-09-12 | not yet calculated | CVE-2018-15502 MISC |
mgetty -- mgetty | An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow. | 2018-09-13 | not yet calculated | CVE-2018-16743 MISC |
mgetty -- mgetty | An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter. | 2018-09-13 | not yet calculated | CVE-2018-16742 MISC |
mgetty -- mgetty | An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it. | 2018-09-13 | not yet calculated | CVE-2018-16745 MISC |
mgetty -- mgetty | An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used. | 2018-09-13 | not yet calculated | CVE-2018-16744 MISC |
mgetty -- mgetty |
An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the "faxq-helper activate <jobid>" command. | 2018-09-13 | not yet calculated | CVE-2018-16741 MLIST DEBIAN MISC |
microsoft -- c_sdk |
A spoofing vulnerability exists for the Azure IoT Device Provisioning for the C SDK library using the HTTP protocol on Windows platform, aka "Azure IoT SDK Spoofing Vulnerability." This affects C SDK. | 2018-09-12 | not yet calculated | CVE-2018-8479 BID CONFIRM |
microsoft -- chakracore | A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8354, CVE-2018-8456, CVE-2018-8457, CVE-2018-8459. | 2018-09-12 | not yet calculated | CVE-2018-8391 BID CONFIRM |
microsoft -- edge | An information disclosure vulnerability exists when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. | 2018-09-12 | not yet calculated | CVE-2018-8366 BID SECTRACK CONFIRM |
microsoft -- edge | An remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge PDF Remote Code Execution Vulnerability." This affects Microsoft Edge. | 2018-09-12 | not yet calculated | CVE-2018-8464 BID SECTRACK CONFIRM |
microsoft -- edge | A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. | 2018-09-12 | not yet calculated | CVE-2018-8425 BID SECTRACK CONFIRM |
microsoft -- edge | An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8463. | 2018-09-12 | not yet calculated | CVE-2018-8469 BID SECTRACK CONFIRM |
microsoft -- edge | An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8469. | 2018-09-12 | not yet calculated | CVE-2018-8463 BID SECTRACK CONFIRM |
microsoft -- edge_and_chakracore | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8465, CVE-2018-8467. | 2018-09-12 | not yet calculated | CVE-2018-8466 BID SECTRACK CONFIRM |
microsoft -- edge_and_chakracore | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8466, CVE-2018-8467. | 2018-09-12 | not yet calculated | CVE-2018-8465 BID SECTRACK CONFIRM |
microsoft -- edge_and_chakracore | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8391, CVE-2018-8456, CVE-2018-8457, CVE-2018-8459. | 2018-09-12 | not yet calculated | CVE-2018-8354 BID SECTRACK CONFIRM |
microsoft -- edge_and_chakracore | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8465, CVE-2018-8466. | 2018-09-12 | not yet calculated | CVE-2018-8467 BID SECTRACK CONFIRM |
microsoft -- edge_and_chakracore | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8465, CVE-2018-8466, CVE-2018-8467. | 2018-09-12 | not yet calculated | CVE-2018-8367 BID SECTRACK CONFIRM |
microsoft -- edge_and_chakracore | A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8354, CVE-2018-8391, CVE-2018-8457, CVE-2018-8459. | 2018-09-12 | not yet calculated | CVE-2018-8456 BID SECTRACK CONFIRM |
microsoft -- edge_and_chakracore | A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8354, CVE-2018-8391, CVE-2018-8456, CVE-2018-8457. | 2018-09-12 | not yet calculated | CVE-2018-8459 BID SECTRACK CONFIRM |
microsoft -- internet_explorer | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8447. | 2018-09-12 | not yet calculated | CVE-2018-8461 BID SECTRACK CONFIRM |
microsoft -- internet_explorer_11 | A security feature bypass vulnerability exists in Internet Explorer due to how scripts are handled that allows a universal cross-site scripting (UXSS) condition, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 11. | 2018-09-12 | not yet calculated | CVE-2018-8470 BID SECTRACK CONFIRM |
microsoft -- internet_explorer |
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8461. | 2018-09-12 | not yet calculated | CVE-2018-8447 BID SECTRACK CONFIRM |
microsoft -- lync | A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka "Lync for Mac 2011 Security Feature Bypass Vulnerability." This affects Microsoft Lync. | 2018-09-12 | not yet calculated | CVE-2018-8474 BID SECTRACK CONFIRM |
microsoft -- multiple_products | A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8354, CVE-2018-8391, CVE-2018-8456, CVE-2018-8459. | 2018-09-12 | not yet calculated | CVE-2018-8457 BID SECTRACK CONFIRM |
microsoft -- multiple_products | A remote code execution vulnerability exists when Windows does not properly handle specially crafted image files, aka "Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-09-12 | not yet calculated | CVE-2018-8475 BID SECTRACK CONFIRM |
microsoft -- multiple_products | A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0. | 2018-09-12 | not yet calculated | CVE-2018-8421 BID SECTRACK CONFIRM |
microsoft -- multiple_products | An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8442, CVE-2018-8443, CVE-2018-8445, CVE-2018-8446. | 2018-09-12 | not yet calculated | CVE-2018-8419 BID SECTRACK CONFIRM |
microsoft -- multiple_products | An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka "Windows SMB Information Disclosure Vulnerability." This affects Windows Server 2012, Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2. | 2018-09-12 | not yet calculated | CVE-2018-8444 BID CONFIRM |
microsoft -- multiple_products | An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka "Windows Registry Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-09-12 | not yet calculated | CVE-2018-8410 BID SECTRACK CONFIRM |
microsoft -- multiple_products | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8422. | 2018-09-12 | not yet calculated | CVE-2018-8424 BID CONFIRM |
microsoft -- multiple_products | An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-09-12 | not yet calculated | CVE-2018-8434 BID SECTRACK CONFIRM |
microsoft -- multiple_products | A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 2018-09-12 | not yet calculated | CVE-2018-8449 BID SECTRACK CONFIRM |
microsoft -- multiple_products | A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8439. | 2018-09-12 | not yet calculated | CVE-2018-0965 BID SECTRACK CONFIRM |
microsoft -- multiple_products | An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver fails to properly handle objects in memory, aka "Windows Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-09-12 | not yet calculated | CVE-2018-8271 BID SECTRACK CONFIRM |
microsoft -- multiple_products | An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers, aka "Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. | 2018-09-12 | not yet calculated | CVE-2018-8452 BID SECTRACK CONFIRM |
microsoft -- multiple_products | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8442, CVE-2018-8443, CVE-2018-8445. | 2018-09-12 | not yet calculated | CVE-2018-8446 BID SECTRACK CONFIRM |
microsoft -- multiple_products | An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | 2018-09-12 | not yet calculated | CVE-2018-8455 BID SECTRACK CONFIRM |
microsoft -- multiple_products | An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 2018-09-12 | not yet calculated | CVE-2018-8462 BID SECTRACK CONFIRM |
microsoft -- multiple_products | An elevation of privilege vulnerability exists when Windows, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-09-12 | not yet calculated | CVE-2018-8468 BID CONFIRM |
microsoft -- multiple_products | A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | 2018-09-12 | not yet calculated | CVE-2018-8335 BID SECTRACK CONFIRM |
microsoft -- multiple_products | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8443, CVE-2018-8445, CVE-2018-8446. | 2018-09-12 | not yet calculated | CVE-2018-8442 BID SECTRACK CONFIRM |
microsoft -- multiple_products | An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-09-12 | not yet calculated | CVE-2018-8440 BID SECTRACK MISC MISC CONFIRM |
microsoft -- multiple_products | A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | 2018-09-12 | not yet calculated | CVE-2018-8332 BID SECTRACK CONFIRM |
microsoft -- multiple_products | A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0965. | 2018-09-12 | not yet calculated | CVE-2018-8439 BID SECTRACK CONFIRM |
microsoft -- multiple_products | An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. | 2018-09-12 | not yet calculated | CVE-2018-8429 BID SECTRACK CONFIRM |
microsoft -- multiple_products | An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka "Microsoft Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. | 2018-09-12 | not yet calculated | CVE-2018-8315 BID SECTRACK CONFIRM |
microsoft -- multiple_products | An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory, aka "Microsoft Graphics Component Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-09-12 | not yet calculated | CVE-2018-8433 BID CONFIRM |
microsoft -- multiple_products | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8424. | 2018-09-12 | not yet calculated | CVE-2018-8422 CONFIRM |
microsoft -- multiple_products | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8436, CVE-2018-8437. | 2018-09-12 | not yet calculated | CVE-2018-8438 BID SECTRACK CONFIRM |
microsoft -- multiple_products | A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8392. | 2018-09-12 | not yet calculated | CVE-2018-8393 BID SECTRACK CONFIRM |
microsoft -- multiple_products | A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1. | 2018-09-12 | not yet calculated | CVE-2018-8409 BID CONFIRM |
microsoft -- multiple_products | A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source, aka "Windows Hyper-V Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 2018-09-12 | not yet calculated | CVE-2018-8435 BID SECTRACK CONFIRM |
microsoft -- multiple_products | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8419, CVE-2018-8442, CVE-2018-8443, CVE-2018-8445, CVE-2018-8446. | 2018-09-12 | not yet calculated | CVE-2018-8336 BID SECTRACK CONFIRM |
microsoft -- multiple_products | A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8393. | 2018-09-12 | not yet calculated | CVE-2018-8392 BID SECTRACK CONFIRM |
microsoft -- multiple_products | A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-09-12 | not yet calculated | CVE-2018-8420 BID SECTRACK CONFIRM |
microsoft -- multiple_products | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8442, CVE-2018-8445, CVE-2018-8446. | 2018-09-12 | not yet calculated | CVE-2018-8443 BID SECTRACK CONFIRM |
microsoft -- odata |
A denial of service vulnerability exists when OData Library improperly handles web requests, aka "OData Denial of Service Vulnerability." This affects Microsoft.Data.OData. | 2018-09-12 | not yet calculated | CVE-2018-8269 BID CONFIRM |
microsoft -- office | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office. | 2018-09-12 | not yet calculated | CVE-2018-8331 BID SECTRACK CONFIRM |
microsoft -- sharepoint | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8431. | 2018-09-12 | not yet calculated | CVE-2018-8428 BID CONFIRM |
microsoft -- sharepoint | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. | 2018-09-12 | not yet calculated | CVE-2018-8426 BID SECTRACK CONFIRM |
microsoft -- sharepoint | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8428. | 2018-09-12 | not yet calculated | CVE-2018-8431 BID SECTRACK CONFIRM |
microsoft -- windows | A security feature bypass vulnerability exists when Windows Subsystem for Linux improperly handles case sensitivity, aka "Windows Subsystem for Linux Security Feature Bypass Vulnerability." This affects Windows 10, Windows 10 Servers. | 2018-09-12 | not yet calculated | CVE-2018-8337 BID CONFIRM |
microsoft -- windows_10_and_windows_10_servers | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8436, CVE-2018-8438. | 2018-09-12 | not yet calculated | CVE-2018-8437 BID SECTRACK CONFIRM |
microsoft -- windows_10_and_windows_10_servers | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8437, CVE-2018-8438. | 2018-09-12 | not yet calculated | CVE-2018-8436 BID SECTRACK CONFIRM |
microsoft -- windows_10_and_windows_10_servers | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8442, CVE-2018-8443, CVE-2018-8446. | 2018-09-12 | not yet calculated | CVE-2018-8445 BID SECTRACK CONFIRM |
microsoft -- windows_10_and_windows_10_servers | An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability." This affects Windows 10, Windows 10 Servers. | 2018-09-12 | not yet calculated | CVE-2018-8441 BID SECTRACK CONFIRM |
microsoft -- word_and_office | A remote code execution vulnerability exists in Microsoft Word if a user opens a specially crafted PDF file, aka "Word PDF Remote Code Execution Vulnerability." This affects Microsoft Word, Microsoft Office. | 2018-09-12 | not yet calculated | CVE-2018-8430 BID SECTRACK CONFIRM |
minicms -- minicms |
MiniCMS 1.10, when Internet Explorer is used, allows XSS via a crafted URI because $_SERVER['REQUEST_URI'] is mishandled. | 2018-09-14 | not yet calculated | CVE-2018-17039 MISC |
mongodb -- mongodb |
_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer. | 2018-09-10 | not yet calculated | CVE-2018-16790 MISC |
monstra -- cms |
Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=edit_snippet&filename=google-analytics URI, which allows attackers to execute arbitrary PHP code by placing this code after a <?php substring. | 2018-09-10 | not yet calculated | CVE-2018-15886 MISC |
monstra -- cms |
In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR). | 2018-09-10 | not yet calculated | CVE-2018-16608 MISC |
monstra_cms -- monstra_cms | admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page action for a page with no special role. | 2018-09-13 | not yet calculated | CVE-2018-17025 MISC |
monstra_cms -- monstra_cms |
admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an add_page action. | 2018-09-13 | not yet calculated | CVE-2018-17024 MISC |
monstra_cms -- monstra_cms | admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page&name=error404 action, a different vulnerability than CVE-2018-10121. | 2018-09-13 | not yet calculated | CVE-2018-17026 MISC |
monstra_cms -- monstra_cms | Monstra CMS V3.0.4 has XSS when ones tries to register an account with a crafted password parameter to users/registration, a different vulnerability than CVE-2018-11473. | 2018-09-12 | not yet calculated | CVE-2018-16978 MISC |
monstra_cms -- monstra_cms | Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943. | 2018-09-12 | not yet calculated | CVE-2018-16979 MISC |
monstra_cms -- monstra_cms |
Monstra CMS V3.0.4 has an information leakage risk (e.g., PATH, DOCUMENT_ROOT, and SERVER_ADMIN) in libraries/Gelato/ErrorHandler/Resources/Views/Errors/exception.php. | 2018-09-12 | not yet calculated | CVE-2018-16977 MISC |
nasm -- nasm | Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file. | 2018-09-13 | not yet calculated | CVE-2018-16999 MISC |
new_digital_group -- smarty |
Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement. | 2018-09-11 | not yet calculated | CVE-2018-16831 MISC |
nordvpn -- nordvpn | An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges. | 2018-09-07 | not yet calculated | CVE-2018-3952 BID MISC |
nothings/stb -- nothings/stb |
stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function. | 2018-09-12 | not yet calculated | CVE-2018-16981 MISC |
obike -- obike_bicycle_sharing_service |
oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable nonce used in the locking protocol. | 2018-09-14 | not yet calculated | CVE-2018-16242 BUGTRAQ |
opc_foundation -- opc_ua_applications |
Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests. | 2018-09-14 | not yet calculated | CVE-2018-12086 CONFIRM |
opc_foundation -- opc_ua_java_and_.net_legacy_stack |
An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service. | 2018-09-14 | not yet calculated | CVE-2018-12585 CONFIRM |
open_chinese_convert -- open_chinese_convert | Open Chinese Convert (OpenCC) 1.0.5 allows attackers to cause a denial of service (segmentation fault) because BinaryDict::NewFromFile in BinaryDict.cpp may have out-of-bounds keyOffset and valueOffset values via a crafted .ocd file. | 2018-09-12 | not yet calculated | CVE-2018-16982 MISC |
openafs_foundation -- openafs | An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections. | 2018-09-11 | not yet calculated | CVE-2018-16949 CONFIRM |
openafs_foundation -- openafs | An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory. | 2018-09-11 | not yet calculated | CVE-2018-16948 CONFIRM |
openafs_foundation -- openafs |
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, including dumping/restoring volume contents and manipulating the backup database. For example, an unauthenticated attacker can replace any volume's content with arbitrary data. | 2018-09-11 | not yet calculated | CVE-2018-16947 CONFIRM |
openssl -- openssl |
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys. | 2018-09-10 | not yet calculated | CVE-2016-7056 REDHAT BID SECTRACK REDHAT REDHAT REDHAT REDHAT CONFIRM MISC CONFIRM CONFIRM CONFIRM CONFIRM MLIST CONFIRM DEBIAN |
openstack -- neutron | Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due to the Open vSwitch integration bridge being connected to the instance during migration. When connected to the integration bridge, all traffic for instances using the same Open vSwitch instance would potentially be visible to the migrated guest, as the required Open vSwitch VLAN filters are only applied post-migration. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3, 11.0.5 are vulnerable. | 2018-09-10 | not yet calculated | CVE-2018-14636 CONFIRM CONFIRM CONFIRM |
openstack -- neutron |
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable. | 2018-09-10 | not yet calculated | CVE-2018-14635 CONFIRM CONFIRM CONFIRM |
openstack -- rabbitmq |
The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. This could potentially allow an attacker to serve malicious code to the image builder and install in the resultant container image. Version of openstack-rabbitmq-container and openstack-containers as shipped with Red Hat Openstack 12, 13, 14 are believed to be vulnerable. | 2018-09-10 | not yet calculated | CVE-2018-14620 CONFIRM |
pacemaker -- pacemaker |
An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine. | 2018-09-10 | not yet calculated | CVE-2016-7035 REDHAT REDHAT MLIST BID CONFIRM CONFIRM MLIST GENTOO |
pektron -- passve_keyless_entry_and_start |
A Pektron Passive Keyless Entry and Start (PKES) system, as used on the Tesla Model S and possibly other vehicles, relies on the DST40 cipher, which makes it easier for attackers to obtain access via an approach involving a 5.4 TB precomputation, followed by wake-frame reception and two challenge/response operations, to clone a key fob within a few seconds. | 2018-09-10 | not yet calculated | CVE-2018-16806 MISC |
pivotal_cloud_foundry -- elastic_runtime |
Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present. | 2018-09-11 | not yet calculated | CVE-2016-0715 CONFIRM |
pivotal_spring -- ampq |
Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit. | 2018-09-14 | not yet calculated | CVE-2018-11087 CONFIRM |
pluck -- pluck |
Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files. | 2018-09-12 | not yet calculated | CVE-2018-16729 MISC |
powerdns-- powerdns | An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding the response to the initial client. On a 32-bit system, the pointer arithmetic used when parsing the received response to remove that record might trigger an undefined behavior leading to a crash. | 2018-09-11 | not yet calculated | CVE-2016-7069 BID CONFIRM CONFIRM |
powerdns-- powerdns | An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading to the possibility of parsing records that are not covered by the TSIG signature. | 2018-09-11 | not yet calculated | CVE-2016-7074 CONFIRM CONFIRM DEBIAN |
powerdns-- powerdns | An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and terminates the whole PowerDNS process. While it's more complicated for an unauthorized attacker to make the web server run out of file descriptors since its connection will be closed just after being accepted, it might still be possible. | 2018-09-10 | not yet calculated | CVE-2016-7072 CONFIRM CONFIRM DEBIAN |
powerdns-- powerdns | An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in AXFRRetriever, leading to a possible replay attack. | 2018-09-11 | not yet calculated | CVE-2016-7073 CONFIRM CONFIRM DEBIAN |
powerdns-- powerdns |
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query containing a large number of records can be used to take advantage of that behaviour. | 2018-09-11 | not yet calculated | CVE-2016-7068 CONFIRM CONFIRM DEBIAN DEBIAN |
processmaker -- processmaker_enterprise_core |
Multiple exploitable SQL Injection vulnerabilities exists in ProcessMaker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain setups access the underlying operating system. | 2018-09-10 | not yet calculated | CVE-2016-9048 MISC |
protonvpn -- protonvpn | An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the system's privileges. | 2018-09-07 | not yet calculated | CVE-2018-4010 BID MISC |
pulse_secure -- pulse_client |
Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client's network connectivity, and trigger a connection to a crafted proxy server with an invalid SSL certificate that allows certification-manager access, leading to the ability to browse local files and execute local programs. | 2018-09-12 | not yet calculated | CVE-2018-7572 MISC |
qnap -- qts |
Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application. | 2018-09-14 | not yet calculated | CVE-2018-0718 CONFIRM |
radare -- radare2 |
In radare2 before 2.9.0, a heap overflow vulnerability exists in the read_module_referenced_functions function in libr/anal/flirt.c via a crafted flirt signature file. | 2018-09-12 | not yet calculated | CVE-2018-15834 CONFIRM CONFIRM |
razorcms -- razorcms | razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component. | 2018-09-12 | not yet calculated | CVE-2018-16727 MISC |
razorcms -- razorcms |
razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component. | 2018-09-12 | not yet calculated | CVE-2018-16726 MISC |
red_hat -- 389_directory_server |
A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service. | 2018-09-14 | not yet calculated | CVE-2018-14638 CONFIRM CONFIRM |
red_hat -- 389_directory_server |
A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort. | 2018-09-11 | not yet calculated | CVE-2018-10935 CONFIRM MLIST |
red_hat -- cloudforms |
It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM. | 2018-09-10 | not yet calculated | CVE-2016-7071 REDHAT CONFIRM |
red_hat -- gluster_storage |
Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user. | 2018-09-11 | not yet calculated | CVE-2018-1127 SECTRACK REDHAT CONFIRM CONFIRM |
red_hat -- openshift_container_platform | A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim. | 2018-09-11 | not yet calculated | CVE-2018-10937 BID CONFIRM CONFIRM CONFIRM |
red_hat -- openshift_enterprise |
It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate. | 2018-09-10 | not yet calculated | CVE-2016-7075 REDHAT CONFIRM CONFIRM |
red_hat -- undertow |
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak. | 2018-09-11 | not yet calculated | CVE-2018-1114 REDHAT REDHAT MISC CONFIRM MISC |
red_hat -- cloudforms |
A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access. | 2018-09-11 | not yet calculated | CVE-2016-7047 BID REDHAT REDHAT CONFIRM |
red_hat -- jboss_enterprise_application_platform | It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations. | 2018-09-11 | not yet calculated | CVE-2016-7066 REDHAT CONFIRM |
red_hat -- jboss_enterprise_application_platform |
An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information. | 2018-09-10 | not yet calculated | CVE-2016-7061 REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT BID REDHAT REDHAT REDHAT REDHAT CONFIRM |
roundcube -- roundcube |
In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings). | 2018-09-09 | not yet calculated | CVE-2018-16736 MISC MISC |
rsa -- bsafe_crypto_j | RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover a RSA key. | 2018-09-11 | not yet calculated | CVE-2018-11070 SECTRACK SECTRACK FULLDISC |
rsa -- bsafe_micro_edition_suite |
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue. | 2018-09-14 | not yet calculated | CVE-2018-11058 FULLDISC |
rsa -- bsafe_ssl_j | RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material. | 2018-09-11 | not yet calculated | CVE-2018-11068 SECTRACK FULLDISC |
rsa -- bsafe_ssl_j | RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key. | 2018-09-11 | not yet calculated | CVE-2018-11069 SECTRACK FULLDISC |
samsung -- smartthings_hub | An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "correlationId" value in order to exploit this vulnerability. | 2018-09-10 | not yet calculated | CVE-2018-3896 MISC |
samsung -- smartthings_hub | An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "callbackUrl" value in order to exploit this vulnerability. | 2018-09-10 | not yet calculated | CVE-2018-3897 MISC |
samsung -- smartthings_hub_sth-eth-250-firmware |
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy overflows the destination buffer, which has a size of 2,000 bytes. An attacker can send an arbitrarily long "sessionToken" value in order to exploit this vulnerability. | 2018-09-10 | not yet calculated | CVE-2018-3875 MISC |
sap -- adaptive_server_enterprise | Under certain conditions SAP Adaptive Server Enterprise, version 16.0, allows some privileged users to access information which would otherwise be restricted. | 2018-09-11 | not yet calculated | CVE-2018-2457 MISC CONFIRM |
sap -- business_one | Under certain conditions, Crystal Report using SAP Business One, versions 9.2 and 9.3, connection type allows an attacker to access information which would otherwise be restricted. | 2018-09-11 | not yet calculated | CVE-2018-2458 BID MISC CONFIRM |
sap -- business_one_android_application |
SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. This allows attacker to do MITM attack. | 2018-09-11 | not yet calculated | CVE-2018-2460 BID MISC CONFIRM |
sap -- enterprise_financial_services | SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_2) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 2018-09-11 | not yet calculated | CVE-2018-2454 BID MISC CONFIRM |
sap -- enterprise_financial_services | SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_SEPA) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 2018-09-11 | not yet calculated | CVE-2018-2455 BID MISC CONFIRM |
sap -- hana |
SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash. | 2018-09-11 | not yet calculated | CVE-2018-2465 BID MISC CONFIRM |
sap -- hcm_fiori_people_profile |
Missing authorization check in SAP HCM Fiori "People Profile" (GBX01 HR version 6.0) for an authenticated user which may result in an escalation of privileges. | 2018-09-11 | not yet calculated | CVE-2018-2461 BID MISC CONFIRM |
sap -- hybris_commerce |
The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC. | 2018-09-11 | not yet calculated | CVE-2018-2463 MISC CONFIRM |
sap -- mobile_platform_offline_odata_application | Users of an SAP Mobile Platform (version 3.0) Offline OData application, which uses Offline OData-supplied delta tokens (which is on by default), occasionally receive some data values of a different user. | 2018-09-11 | not yet calculated | CVE-2018-2459 BID MISC CONFIRM |
sap -- netweaver_as_java | The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability. | 2018-09-11 | not yet calculated | CVE-2018-2452 BID MISC CONFIRM |
sap -- netweaver_business_intelligence | In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source. | 2018-09-11 | not yet calculated | CVE-2018-2462 BID MISC CONFIRM |
sap -- webdynpro_java |
SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability. | 2018-09-11 | not yet calculated | CVE-2018-2464 BID MISC CONFIRM |
siemens -- scalance_x300_x408_and_x414 |
A vulnerability has been identified in SCALANCE X300 (All versions < V4.0.0), SCALANCE X408 (All versions < V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The device will automatically reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the vulnerability. Neither valid credentials nor interaction by a legitimate user is required to exploit the vulnerability. There is no confidentiality or integrity impact, only availability is temporarily impacted. This vulnerability could be triggered by publicly available tools. | 2018-09-12 | not yet calculated | CVE-2018-13807 BID CONFIRM MISC |
siemens -- simatic_wincc_oa |
A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14. This vulnerability could be exploited by an attacker with network access to port 5678/TCP of the SIMATIC WinCC OA V3.14 server. Successful exploitation requires no user privileges and no user interaction. This vulnerability could allow an attacker to compromise integrity and availability of the SIMATIC WinCC OA system. At the time of advisory publication no public exploitation of this vulnerability was known. | 2018-09-12 | not yet calculated | CVE-2018-13799 BID CONFIRM |
siemens -- td_keypad_designer |
A vulnerability has been identified in SIEMENS TD Keypad Designer (All versions). A DLL hijacking vulnerability exists in all versions of SIEMENS TD Keypad Designer which could allow an attacker to execute code with the permission of the user running TD Designer. The attacker must have write access to the directory containing the TD project file in order to exploit the vulnerability. A legitimate user with higher privileges than the attacker must open the TD project in order for this vulnerability to be exploited. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2018-09-12 | not yet calculated | CVE-2018-13806 CONFIRM |
spice-client -- spice-client |
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code. | 2018-09-11 | not yet calculated | CVE-2018-10893 CONFIRM MLIST |
squashteam -- squash_tm |
Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code. | 2018-09-13 | not yet calculated | CVE-2018-16987 MISC MISC |
stmicroelectrics -- stm32f0_series_devices |
Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection. | 2018-09-12 | not yet calculated | CVE-2017-18347 MISC MISC MISC |
subsonic -- music_streamer_application_for_android |
The Subsonic Music Streamer application 4.4 for Android has Improper Certificate Validation of the Subsonic server certificate, which might allow man-in-the-middle attackers to obtain interaction data. | 2018-09-11 | not yet calculated | CVE-2018-15898 MISC FULLDISC |
synametrics_technologies -- synaman | Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials. | 2018-09-14 | not yet calculated | CVE-2018-10814 MISC EXPLOIT-DB |
synametrics_technologies -- synaman |
Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page. | 2018-09-14 | not yet calculated | CVE-2018-10763 MISC EXPLOIT-DB |
tecnick -- tcpdf |
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. | 2018-09-14 | not yet calculated | CVE-2018-17057 MISC |
tildeslash -- monit |
Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service. | 2018-09-10 | not yet calculated | CVE-2016-7067 BID CONFIRM CONFIRM MLIST |
torproject -- tor_browser |
Tor Browser on Windows before 8.0 allows remote attackers to bypass the intended anonymity feature and discover a client IP address, a different vulnerability than CVE-2017-16541. User interaction is required to trigger this vulnerability. | 2018-09-14 | not yet calculated | CVE-2017-16639 MISC BUGTRAQ MISC |
tp-link -- tl-wr886n_6.0_2.3.4_and_tl-wr886n_7.0_1.1.0_devices |
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wlan_access name. | 2018-09-13 | not yet calculated | CVE-2018-17004 MISC |
tp-link -- tl-wr886n_6.0_2.3.4_and_tl-wr886n_7.0_1.1.0_devices | An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for time_switch name. | 2018-09-13 | not yet calculated | CVE-2018-17018 MISC |
tp-link -- tl-wr886n_6.0_2.3.4_and_tl-wr886n_7.0_1.1.0_devices | An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall lan_manage mac2. | 2018-09-13 | not yet calculated | CVE-2018-17006 MISC |
tp-link -- tl-wr886n_6.0_2.3.4_and_tl-wr886n_7.0_1.1.0_devices | An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g bandwidth. | 2018-09-13 | not yet calculated | CVE-2018-17010 MISC |
tp-link -- tl-wr886n_6.0_2.3.4_and_tl-wr886n_7.0_1.1.0_devices | An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info para sun. | 2018-09-13 | not yet calculated | CVE-2018-17011 MISC |
tp-link -- tl-wr886n_6.0_2.3.4_and_tl-wr886n_7.0_1.1.0_devices | An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g isolate. | 2018-09-13 | not yet calculated | CVE-2018-17009 MISC |
tp-link -- tl-wr886n_6.0_2.3.4_and_tl-wr886n_7.0_1.1.0_devices | An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_wds_2g ssid. | 2018-09-13 | not yet calculated | CVE-2018-17007 MISC |
tp-link -- tl-wr886n_6.0_2.3.4_and_tl-wr886n_7.0_1.1.0_devices | An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g power. | 2018-09-13 | not yet calculated | CVE-2018-17008 MISC |
tp-link -- tl-wr886n_6.0_2.3.4_and_tl-wr886n_7.0_1.1.0_devices | An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info set_block_flag up_limit. | 2018-09-13 | not yet calculated | CVE-2018-17012 MISC |
tp-link -- tl-wr886n_6.0_2.3.4_and_tl-wr886n_7.0_1.1.0_devices | An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall dmz enable. | 2018-09-13 | not yet calculated | CVE-2018-17005 MISC |
tp-link -- tl-wr886n_6.0_2.3.4_and_tl-wr886n_7.0_1.1.0_devices | An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ip_mac_bind name. | 2018-09-13 | not yet calculated | CVE-2018-17014 MISC |
tp-link -- tl-wr886n_6.0_2.3.4_and_tl-wr886n_7.0_1.1.0_devices | An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for reboot_timer name. | 2018-09-13 | not yet calculated | CVE-2018-17016 MISC |
tp-link -- tl-wr886n_6.0_2.3.4_and_tl-wr886n_7.0_1.1.0_devices | An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for protocol wan wan_rate. | 2018-09-13 | not yet calculated | CVE-2018-17013 MISC |
tp-link -- tl-wr886n_6.0_2.3.4_and_tl-wr886n_7.0_1.1.0_devices | An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for dhcpd udhcpd enable. | 2018-09-13 | not yet calculated | CVE-2018-17017 MISC |
tp-link -- tl-wr886n_6.0_2.3.4_and_tl-wr886n_7.0_1.1.0_devices | An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ddns phddns username. | 2018-09-13 | not yet calculated | CVE-2018-17015 MISC |
translate-man -- translate-man |
translate man before 2018-08-21 has XSS via containers/outputBox/outputBox.vue and store/index.js. | 2018-09-14 | not yet calculated | CVE-2018-17046 MISC |
ucms -- ucms | user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escalation from the normal user level of 1 to the superuser level of 3. | 2018-09-14 | not yet calculated | CVE-2018-17037 MISC |
ucms -- ucms |
UCMS 1.4.6 has XSS via the install/index.php mysql_dbname parameter. | 2018-09-14 | not yet calculated | CVE-2018-17034 MISC |
ucms -- ucms | An issue was discovered in UCMS 1.4.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php. | 2018-09-14 | not yet calculated | CVE-2018-17036 MISC |
ucms -- ucms | UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter. | 2018-09-14 | not yet calculated | CVE-2018-17035 MISC |
university_of_nebraska-lincoln -- unl-cms | An issue was discovered in UNL-CMS 7.59. A CSRF attack can update the website settings via ?q=admin%2Fconfig%2Fsystem%2Fsite-information&render=overlay&render=overlay. | 2018-09-15 | not yet calculated | CVE-2018-17070 MISC |
university_of_nebraska-lincoln -- unl-cms |
An issue was discovered in UNL-CMS 7.59. A CSRF attack can create new content via ?q=node%2Fadd%2Farticle&render=overlay&render=overlay. | 2018-09-15 | not yet calculated | CVE-2018-17069 MISC |
victoralagwu/cmssite -- victoralagwu/cmssite |
An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the site name in the "Categories" menu. | 2018-09-10 | not yet calculated | CVE-2018-16775 MISC |
victoralagwu/cmssite -- victoralagwu/cmssite | wityCMS 0.6.2 has XSS via the "Site Name" field found in the "Contact" "Configuration" page. | 2018-09-10 | not yet calculated | CVE-2018-16776 MISC |
vmware -- airwatch_agent_for_ios |
The AirWatch Agent for iOS prior to 5.8.1 contains a data protection vulnerability whereby the files and keychain entries in the Agent are not encrypted. | 2018-09-11 | not yet calculated | CVE-2018-6975 SECTRACK CONFIRM |
vmware -- content_locker_for_ios |
The VMware Content Locker for iOS prior to 4.14 contains a data protection vulnerability in the SQLite database. This vulnerability relates to unencrypted filenames and associated metadata in SQLite database for the Content Locker. | 2018-09-11 | not yet calculated | CVE-2018-6976 SECTRACK CONFIRM |
wavm -- wavm | In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::else_. | 2018-09-10 | not yet calculated | CVE-2018-16765 MISC |
wavm -- wavm | In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because a certain new_allocator allocate call fails. | 2018-09-10 | not yet calculated | CVE-2018-16770 MISC |
wavm -- wavm | In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because libRuntime.so!llvm::InstructionCombiningPass::runOnFunction is mishandled. | 2018-09-10 | not yet calculated | CVE-2018-16769 MISC |
wavm -- wavm | In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::popAndValidateOperand. | 2018-09-10 | not yet calculated | CVE-2018-16767 MISC |
wavm -- wavm | In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because Errors::unreachable() is reached. | 2018-09-10 | not yet calculated | CVE-2018-16766 MISC |
wavm -- wavm | In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in IR::FunctionValidationContext::end. | 2018-09-10 | not yet calculated | CVE-2018-16768 MISC |
wavm -- wavm |
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an IR::FunctionValidationContext::catch_all heap-based buffer over-read. | 2018-09-10 | not yet calculated | CVE-2018-16764 MISC |
webroot -- secureanyware |
Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that lacks root privileges. | 2018-09-12 | not yet calculated | CVE-2018-16962 CONFIRM |
webtales -- rubedo_cms |
Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI. | 2018-09-11 | not yet calculated | CVE-2018-16836 MISC EXPLOIT-DB |
wernsey/bitmap -- wernsey/bitmap |
wernsey/bitmap before 2018-08-18 allows a NULL pointer dereference via a 4-bit image. | 2018-09-15 | not yet calculated | CVE-2018-17073 MISC |
wisetail -- learning_ecosystem | Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to access non-purchased course contents (quiz / test) via a modified id parameter. | 2018-09-12 | not yet calculated | CVE-2018-16971 MISC |
wisetail -- learning_ecosystem |
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter. | 2018-09-12 | not yet calculated | CVE-2018-16970 MISC |
wordpress -- wordpress | The Feed Statistics plugin before 4.0 for WordPress has an Open Redirect via the feed-stats-url parameter. | 2018-09-15 | not yet calculated | CVE-2018-17074 MISC MISC MISC MISC |
wordpress -- wordpress |
The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request because set_transient is used in file_folder_manager.php and there is an echo of lang in lib\wpfilemanager.php. | 2018-09-07 | not yet calculated | CVE-2018-16363 MISC MISC CONFIRM MISC |
xunfeng -- xunfeng |
CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host HTTP header. | 2018-09-11 | not yet calculated | CVE-2018-16832 MISC |
xunfeng -- xunfeng |
xunfeng 0.2.0 allows command execution via CSRF because masscan.py mishandles backquote characters, a related issue to CVE-2018-16832. | 2018-09-11 | not yet calculated | CVE-2018-16951 MISC |
yiqicms -- yiqicms |
An issue was discovered in yiqicms through 2016-11-20. There is stored XSS in comment.php because a length limit can be bypassed. | 2018-09-15 | not yet calculated | CVE-2018-17077 MISC |
yzmcms -- yzmcms |
In YzmCMS 5.1, stored XSS exists via the admin/system_manage/user_config_add.html title parameter. | 2018-09-14 | not yet calculated | CVE-2018-17044 MISC |
zoho -- manageengine_desktop_central | An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. | 2018-09-12 | not yet calculated | CVE-2018-13412 MISC CONFIRM |
zoho -- manageengine_desktop_central |
An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. | 2018-09-12 | not yet calculated | CVE-2018-13411 MISC CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/bulletins/SB18-260
Comments
Post a Comment