US-CERT - SB18-267: Vulnerability Summary for the Week of September 17, 2018
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no high vulnerabilities recorded this week. |
Medium Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no medium vulnerabilities recorded this week. |
Low Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no low vulnerabilities recorded this week. |
Severity Not Yet Assigned
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
accusoft -- prizmdoc |
Accusoft PrizmDoc version 13.3 and earlier contains a Stored Cross-Site Scripting issue through a crafted PDF file. | 2018-09-18 | not yet calculated | CVE-2018-15546 CONFIRM MISC |
apache -- camel |
Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal. | 2018-09-17 | not yet calculated | CVE-2018-8041 CONFIRM BID CONFIRM |
apache -- karaf |
In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access. This can be locked down a bit by using chroot to change the root directory to protect files outside of the Karaf install directory; it can be further locked down by defining a security manager policy that limits file system access to those directories beneath the Karaf home that are necessary for the system to run. However, this still allows anyone with ssh access to the Karaf process to read and write a large number of files as the Karaf process user. | 2018-09-18 | not yet calculated | CVE-2018-11786 CONFIRM CONFIRM MLIST |
apache -- karaf |
In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part of the console is a Gogo shell/console that gives access to the command line console of Karaf via a Web browser, and when navigated to it is available at .../system/console/gogo. Trying to go directly to that URL does require authentication. And optional bundle that some applications use is the Pax Web Extender Whiteboard, it is part of the pax-war feature and perhaps others. When it is installed, the Gogo console becomes available at another URL .../gogo/, and that URL is not secured giving access to the Karaf console to unauthenticated users. A mitigation for the issue is to manually stop/uninstall Gogo plugin bundle that is installed with the webconsole feature, although of course this removes the console from the .../system/console application, not only from the unauthenticated endpoint. One could also stop/uninstall the Pax Web Extender Whiteboard, but other components/applications may require it and so their functionality would be reduced/compromised. | 2018-09-18 | not yet calculated | CVE-2018-11787 CONFIRM CONFIRM MLIST |
apache -- mesos |
Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT). In Apache Mesos versions pre-1.4.2, 1.5.0, 1.5.1, 1.6.0 the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timing attack because instead of a constant-time string comparison routine a standard `==` operator has been used. A malicious actor can therefore abuse the timing difference of when the JWT validation function returns to reveal the correct HMAC value. | 2018-09-21 | not yet calculated | CVE-2018-8023 MLIST |
apache -- spamassassin |
A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2. | 2018-09-17 | not yet calculated | CVE-2018-11780 BID MLIST |
apache -- spamassassin |
Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. | 2018-09-17 | not yet calculated | CVE-2018-11781 MLIST |
apache -- spamassassin |
A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the "open" event is immediately followed by a "close" event - even if the tag *does not* close in the HTML being parsed. Because of this, we are missing the "text" event to deal with the object normally. This can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. The issue is possibly a bug or design decision in HTML::Parser that specifically impacts the way Apache SpamAssassin uses the module with poorly formed html. The exploit has been seen in the wild but not believed to have been purposefully part of a Denial of Service attempt. We are concerned that there may be attempts to abuse the vulnerability in the future. | 2018-09-17 | not yet calculated | CVE-2017-15705 BID MLIST |
apache -- tika |
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack. | 2018-09-19 | not yet calculated | CVE-2018-11761 MLIST |
apache -- tika |
In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file. | 2018-09-19 | not yet calculated | CVE-2018-11762 MLIST |
apache -- tika |
In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser. | 2018-09-19 | not yet calculated | CVE-2018-8017 MLIST |
artifex -- ghostscript |
Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. | 2018-09-19 | not yet calculated | CVE-2018-17183 MISC MISC |
asus -- gt-ac5300 |
blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a timestap parameter. | 2018-09-17 | not yet calculated | CVE-2018-17127 MISC |
atlassian -- fisheye_and_crucible |
The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability. | 2018-09-18 | not yet calculated | CVE-2018-13398 CONFIRM CONFIRM |
atlassian -- jira | The DEISER "Profields - Project Custom Fields" app before 6.0.2 for Jira has Incorrect Access Control. | 2018-09-21 | not yet calculated | CVE-2018-16281 CONFIRM |
audiofile -- audiofile |
An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert. | 2018-09-16 | not yet calculated | CVE-2018-17095 MISC MISC |
avaya -- aura_orchestration_designer |
A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1. | 2018-09-21 | not yet calculated | CVE-2018-15612 CONFIRM |
avaya -- aura_orchestration_designer |
A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1. | 2018-09-21 | not yet calculated | CVE-2018-15613 CONFIRM |
bitcoin_core -- bitcoin_core |
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash. | 2018-09-19 | not yet calculated | CVE-2018-17144 MISC MISC MISC MISC |
blackberry -- enterprise_mobility_server |
A directory traversal vulnerability in the Connect Service of the BlackBerry Enterprise Mobility Server (BEMS) 2.8.17.29 and earlier could allow an attacker to retrieve arbitrary files in the context of a BEMS administrator account. | 2018-09-19 | not yet calculated | CVE-2018-8889 CONFIRM |
browserify-hmr -- browserify-hmr |
An issue was discovered in Browserify-HMR. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1:3123/ connection from any origin. | 2018-09-21 | not yet calculated | CVE-2018-14730 MISC MISC |
bullguard -- safe_browsing |
BullGuard Safe Browsing before 18.1.355.9 allows XSS on Google, Bing, and Yahoo! pages via domains indexed in search results. | 2018-09-15 | not yet calculated | CVE-2018-17061 MISC CONFIRM |
circontrol -- circarlife |
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information disclosure due to lack of authentication for /html/device-id. | 2018-09-18 | not yet calculated | CVE-2018-16671 MISC |
circontrol -- circarlife |
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository. | 2018-09-18 | not yet calculated | CVE-2018-16668 MISC |
circontrol -- circarlife |
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html. | 2018-09-18 | not yet calculated | CVE-2018-16670 MISC |
circontrol -- open_charge_point_protocol |
An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the ocpp and circarlife panels. | 2018-09-18 | not yet calculated | CVE-2018-16669 MISC |
cloud_foundry_foundation -- container_runtime |
Cloud Foundry Container Runtime (kubo-release), versions prior to 0.14.0, may leak UAA and vCenter credentials to application logs. A malicious user with the ability to read the application logs could use these credentials to escalate privileges. | 2018-09-17 | not yet calculated | CVE-2018-1223 CONFIRM |
cloud_foundry_foundation -- garden-runc |
Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. A remote authenticated malicious user may create and delete apps with crafted file attributes to cause a denial of service for new app instances or scaling up of existing apps. | 2018-09-18 | not yet calculated | CVE-2018-11084 CONFIRM |
cscms -- cscms |
CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php. | 2018-09-17 | not yet calculated | CVE-2018-17125 MISC MISC |
cscms -- cscms |
CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php. | 2018-09-17 | not yet calculated | CVE-2018-17126 MISC MISC |
cuppacms -- cuppacms |
Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name. | 2018-09-21 | not yet calculated | CVE-2018-17300 MISC |
dedecms -- dedecms |
DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring. | 2018-09-21 | not yet calculated | CVE-2018-16784 MISC |
dedecms -- dedecms |
DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php. | 2018-09-21 | not yet calculated | CVE-2018-16786 MISC |
dedecms -- dedecms |
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell | 2018-09-19 | not yet calculated | CVE-2018-16785 MISC |
dell_emc -- isilon_onefs | Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the isi_drive_d process by sending specially crafted input data to the affected system. This process will then be restarted. | 2018-09-18 | not yet calculated | CVE-2018-11071 FULLDISC |
donlinkage -- donlinkage |
An issue was discovered in DonLinkage 6.6.8. It allows remote attackers to obtain potentially sensitive information via a direct request for files/temporary.txt. | 2018-09-16 | not yet calculated | CVE-2018-17091 MISC |
donlinkage -- donlinkage |
An issue was discovered in DonLinkage 6.6.8. The modules /pages/bazy/bazy_adresow.php and /pages/proxy/add.php are vulnerable to stored XSS that can be triggered by closing <textarea> followed by <script></script> tags. | 2018-09-16 | not yet calculated | CVE-2018-17090 MISC |
donlinkage -- donlinkage |
An issue was discovered in DonLinkage 6.6.8. SQL injection in /pages/proxy/php.php and /pages/proxy/add.php can be exploited via specially crafted input, allowing an attacker to obtain information from a database. The vulnerability can only be triggered by an authorized user. | 2018-09-16 | not yet calculated | CVE-2018-17092 MISC |
easycms -- easycms |
App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173. | 2018-09-17 | not yet calculated | CVE-2018-17113 MISC |
elastic -- elastic_cloud_enterprise |
In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known. | 2018-09-19 | not yet calculated | CVE-2018-3825 CONFIRM CONFIRM |
elastic -- elastic_cloud_enterprise |
Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An attacker with access to the logging cluster may obtain leaked credentials and perform authenticated actions using these credentials. | 2018-09-19 | not yet calculated | CVE-2018-3828 CONFIRM CONFIRM |
elastic -- elastic_cloud_enterprise |
In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data. | 2018-09-19 | not yet calculated | CVE-2018-3829 CONFIRM CONFIRM |
elastic -- elasticsearch_alerting_and_monitoring |
Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames. This could allow an authenticated Elasticsearch user to improperly view these details. | 2018-09-19 | not yet calculated | CVE-2018-3831 CONFIRM CONFIRM |
elastic -- elasticsearch_repository-azure | A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin. When the repository-azure plugin is set to log at TRACE level Azure credentials can be inadvertently logged. | 2018-09-19 | not yet calculated | CVE-2018-3827 CONFIRM CONFIRM |
elastic -- elasticsearch |
In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. When the access_key and security_key parameters are set using the _snapshot API they can be exposed as plain text by users able to query the _snapshot API. | 2018-09-19 | not yet calculated | CVE-2018-3826 CONFIRM CONFIRM |
elastic -- x-pack_machine_learning |
X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. Users with manage_ml permissions could create jobs containing malicious data as part of their configuration that could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of other ML users viewing the results of the jobs. | 2018-09-19 | not yet calculated | CVE-2018-3823 CONFIRM CONFIRM |
elastic -- x-pack_machine_learning |
X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of that other ML user. | 2018-09-19 | not yet calculated | CVE-2018-3824 CONFIRM CONFIRM |
enalean -- tuleap |
An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated after a user changes its password. | 2018-09-21 | not yet calculated | CVE-2018-17298 MISC MISC MISC |
espocrm -- espocrm | Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /#Email/view saved draft message. | 2018-09-21 | not yet calculated | CVE-2018-17302 MISC |
espocrm -- espocrm |
Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /#Account in the search panel. | 2018-09-21 | not yet calculated | CVE-2018-17301 MISC |
ethereum -- coinlancer_token | The onlyOwner modifier of a smart contract implementation for Coinlancer (CL), an Ethereum ERC20 token, has a potential access control vulnerability. All contract users can access functions that use this onlyOwner modifier, because the comparison between msg.sender and owner is incorrect. | 2018-09-18 | not yet calculated | CVE-2018-17111 MISC |
ethereum -- minttoken_token | In the mintToken function of a smart contract implementation for Substratum (SUB), an Ethereum ERC20 token, the administrator can control mintedAmount, leverage an integer overflow, and modify a user account's balance arbitrarily. | 2018-09-21 | not yet calculated | CVE-2018-12511 MISC |
ethereum -- minttoken_token | The mintToken function of a smart contract implementation for PolyAi (AI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-09-21 | not yet calculated | CVE-2018-17050 MISC |
exiv2 -- exiv2 | Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file. | 2018-09-19 | not yet calculated | CVE-2018-17230 MISC |
exiv2 -- exiv2 | An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference. | 2018-09-20 | not yet calculated | CVE-2018-17282 MISC |
exiv2 -- exiv2 | Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file. | 2018-09-19 | not yet calculated | CVE-2018-17229 MISC |
foreman -- foreman |
An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context. | 2018-09-21 | not yet calculated | CVE-2018-14643 BID REDHAT CONFIRM CONFIRM |
foscam -- c1_indoor_hd_camera | An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a buffer overflow resulting in overwriting arbitrary data. | 2018-09-19 | not yet calculated | CVE-2017-2875 MISC |
foscam -- c1_indoor_hd_camera | An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server. | 2018-09-17 | not yet calculated | CVE-2017-2856 MISC |
foscam -- c1_indoor_hd_camera | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SoftAP configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 2018-09-19 | not yet calculated | CVE-2017-2873 MISC |
foscam -- c1_indoor_hd_camera | An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a buffer overflow resulting in overwriting arbitrary data. | 2018-09-19 | not yet calculated | CVE-2017-2876 MISC |
foscam -- c1_indoor_hd_camera | An information disclosure vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 can allow for a user to retrieve sensitive information without authentication. | 2018-09-17 | not yet calculated | CVE-2017-2874 MISC |
foscam -- c1_indoor_hd_camera | Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. Before any firmware upgrades in this image are flashed to the device, binaries as well as arguments to shell commands contained in the image are executed with elevated privileges. | 2018-09-17 | not yet calculated | CVE-2017-2872 MISC |
foscam -- c1_indoor_hd_camera | A missing error check exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 could allow an attacker to reset the user accounts to factory defaults, without authentication. | 2018-09-19 | not yet calculated | CVE-2017-2877 MISC |
foscam -- c1_indoor_hd_camera | An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server. | 2018-09-19 | not yet calculated | CVE-2017-2855 MISC |
foscam -- c1_indoor_hd_camera | An exploitable buffer overflow vulnerability exists in the UPnP implementation used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted UPnP discovery response can cause a buffer overflow resulting in overwriting arbitrary data. An attacker needs to be in the same subnetwork and reply to a discovery message to trigger this vulnerability. | 2018-09-19 | not yet calculated | CVE-2017-2879 MISC |
foscam -- c1_indoor_hd_camera | An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server. | 2018-09-17 | not yet calculated | CVE-2017-2857 MISC |
foscam -- c1_indoor_hd_camera |
An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 2018-09-19 | not yet calculated | CVE-2017-2878 MISC |
foscam -- c1_indoor_hd_camera |
An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server. | 2018-09-17 | not yet calculated | CVE-2017-2854 MISC |
gitolite -- gitolite | gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup. | 2018-09-21 | not yet calculated | CVE-2013-7203 CONFIRM FEDORA MLIST |
gitolite -- gitolite |
gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating (1) ~/.gitolite.rc, (2) ~/.gitolite, or (3) ~/repositories/gitolite-admin.git on fresh installs. | 2018-09-21 | not yet calculated | CVE-2013-4451 CONFIRM CONFIRM MLIST BID |
golang -- go | The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call. | 2018-09-17 | not yet calculated | CVE-2018-17143 MISC |
golang -- go | The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call. | 2018-09-17 | not yet calculated | CVE-2018-17142 MISC |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in WMA handler. | 2018-09-18 | not yet calculated | CVE-2018-11869 CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, during wlan association, driver allocates memory. In case the mem allocation fails driver does a mem free though the memory was not allocated. | 2018-09-18 | not yet calculated | CVE-2018-11842 CONFIRM CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check while calculating the MPDU data length will cause an integer overflow and then to buffer overflow in WLAN function. | 2018-09-19 | not yet calculated | CVE-2018-11886 CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on the length of array while accessing can lead to an out of bound read in WLAN HOST function. | 2018-09-19 | not yet calculated | CVE-2018-11891 CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a buffer over-read can occur In the WMA NDP event handler functions due to lack of validation of input value event_info which is received from FW. | 2018-09-18 | not yet calculated | CVE-2018-11297 CONFIRM CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing diag event after associating to a network out of bounds read occurs if ssid of the network joined is greater than max limit. | 2018-09-19 | not yet calculated | CVE-2018-11897 CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, LUT configuration is passed down to driver from userspace via ioctl. Simultaneous update from userspace while kernel drivers are updating LUT registers can lead to race condition. | 2018-09-18 | not yet calculated | CVE-2018-11818 CONFIRM CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing start bss request from upper layer, out of bounds read occurs if ssid length is greater than maximum. | 2018-09-19 | not yet calculated | CVE-2018-11898 CONFIRM CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WLAN handler indication from the firmware gets the information for 4 access categories. While processing this information only the first 3 AC information is copied due to the improper conditional logic used to compare with the max number of categories. | 2018-09-18 | not yet calculated | CVE-2018-11294 CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in policy mgr unit test if mode parameter in wlan function is given an out of bound value it can cause an out of bound access while accessing the PCL table. | 2018-09-19 | not yet calculated | CVE-2018-11883 CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the function for writing device values into flash, uninitialized memory can be written to flash. | 2018-09-18 | not yet calculated | CVE-2017-15844 CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to OOB access in WLAN HOST. | 2018-09-19 | not yet calculated | CVE-2018-11902 CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check of input received from userspace before copying into buffer can lead to potential array overflow in WLAN. | 2018-09-18 | not yet calculated | CVE-2018-11302 CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, callback executed from the other thread has freed memory which is also used in wlan function and may result in to a "Use after free" scenario. | 2018-09-18 | not yet calculated | CVE-2018-11300 CONFIRM CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in wma_ndp_confirm_event_handler and wma_ndp_indication_event_handler, ndp_cfg len and num_ndp_app_info is from fw. If they are not checked, it may cause buffer over-read once the value is too large. | 2018-09-18 | not yet calculated | CVE-2018-11293 CONFIRM CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check Validation in WLAN function can lead to driver writes the default rsn capabilities to the memory not allocated to the frame. | 2018-09-19 | not yet calculated | CVE-2018-11895 CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when requesting rssi timeout, access invalid memory may occur since local variable 'context' stack data of wlan function is free. | 2018-09-19 | not yet calculated | CVE-2018-11889 CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of input size validation before copying to buffer in PMIC function can lead to heap overflow. | 2018-09-18 | not yet calculated | CVE-2018-11832 CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possibility of invalid memory access while processing driver command in WLAN function. | 2018-09-19 | not yet calculated | CVE-2018-11878 CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in nan response event handler. | 2018-09-18 | not yet calculated | CVE-2018-11868 CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing preferred network offload scan results integer overflow may lead to buffer overflow when large frame length is received from FW. | 2018-09-19 | not yet calculated | CVE-2018-11894 CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper check In the WMA API for the inputs received from the firmware and then fills the same to the host structure will lead to OOB write. | 2018-09-18 | not yet calculated | CVE-2018-11852 CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from caller function used as an array index for WMA interfaces can lead to OOB write in WLAN HOST. | 2018-09-19 | not yet calculated | CVE-2018-11903 CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing vendor scan request, when input argument - length of request IEs is greater than maximum can lead to a buffer overflow. | 2018-09-19 | not yet calculated | CVE-2018-11893 CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on buffer length while processing debug log event from firmware can lead to an integer overflow. | 2018-09-18 | not yet calculated | CVE-2018-11301 CONFIRM CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing the keystore in LK, an integer overflow vulnerability exists which may potentially lead to a buffer overflow. | 2018-09-18 | not yet calculated | CVE-2017-15828 CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack fo check on return value in WMA response handler can lead to potential use after free. | 2018-09-18 | not yet calculated | CVE-2018-11843 CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, asynchronous callbacks received a pointer to a callers local variable. Should the caller return early (e.g., timeout), the callback will dereference an invalid pointer. | 2018-09-19 | not yet calculated | CVE-2018-11904 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a gpt update, an out of bounds memory access may potentially occur. | 2018-09-18 | not yet calculated | CVE-2017-15825 CONFIRM CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on input received to calculate the buffer length can lead to out of bound write to kernel stack. | 2018-09-18 | not yet calculated | CVE-2018-11851 CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a potential buffer over flow could occur while processing the ndp event due to lack of check on the message length. | 2018-09-18 | not yet calculated | CVE-2018-11860 CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WMA handler carries a fixed event data from the firmware to the host . If the length and anqp length from this event data exceeds the max length, an OOB write would happen. | 2018-09-18 | not yet calculated | CVE-2018-11295 CONFIRM CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper validation of array index in WMA roam synchronization handler can lead to OOB write. | 2018-09-18 | not yet calculated | CVE-2018-11827 CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when WLAN FW has not filled the vdev id correctly in stats events then WLAN host driver tries to access interface array without proper bound check which can lead to invalid memory access and as a side effect kernel panic or page fault. | 2018-09-18 | not yet calculated | CVE-2018-11299 CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a message from firmware in WLAN handler, a buffer overwrite can occur. | 2018-09-18 | not yet calculated | CVE-2018-11296 CONFIRM CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the WLAN driver command ioctl a temporary buffer used to construct the reply message may be freed twice. | 2018-09-18 | not yet calculated | CVE-2018-11840 CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check can lead to out-of-bounds access in WLAN function. | 2018-09-18 | not yet calculated | CVE-2018-11836 CONFIRM CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check of input received from firmware to calculate the length of WMA roam synch buffer can lead to buffer overwrite during memcpy. | 2018-09-18 | not yet calculated | CVE-2018-11863 CONFIRM CONFIRM |
google -- android | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on integer overflow while calculating memory can lead to Buffer overflow in WLAN ext scan handler. | 2018-09-18 | not yet calculated | CVE-2018-11826 CONFIRM CONFIRM |
google -- android |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated with devm_kzalloc is automatically released by the kernel if the probe function fails with an error code. This may result in data corruption. | 2018-09-18 | not yet calculated | CVE-2018-11270 CONFIRM CONFIRM CONFIRM |
google -- android |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while relocating kernel images with a specially crafted boot image, an out of bounds access can occur. | 2018-09-19 | not yet calculated | CVE-2018-3573 CONFIRM CONFIRM |
google -- android |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, 'voice_svc_dev' is allocated as a device-managed resource. If error 'cdev_alloc_err' occurs, 'device_destroy' will free all associated resources, including 'voice_svc_dev' leading to a double free. | 2018-09-18 | not yet calculated | CVE-2018-11273 CONFIRM CONFIRM CONFIRM CONFIRM |
google -- android |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possible buffer overflow while incrementing the log_buf of type uint64_t in memcpy function, since the log_buf pointer can access the memory beyond the size to store the data after pointer increment. | 2018-09-18 | not yet calculated | CVE-2018-11265 CONFIRM CONFIRM CONFIRM |
google -- android |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing user-space there is no size validation of the NAT entry input. If the user input size of the NAT entry is greater than the max allowed size, memory exhaustion will occur. | 2018-09-18 | not yet calculated | CVE-2018-11280 CONFIRM CONFIRM |
google -- android |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing global variable "debug_client" in multi-thread manner, Use after free issue occurs | 2018-09-18 | not yet calculated | CVE-2018-11286 CONFIRM CONFIRM |
google -- android |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, userspace can request ION cache maintenance on a secure ION buffer for which the ION_FLAG_SECURE ion flag is not set and cause the kernel to attempt to perform cache maintenance on memory which does not belong to HLOS. | 2018-09-19 | not yet calculated | CVE-2018-3574 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
google -- android |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing SET_PASSPOINT_LIST vendor command HDD does not make sure that the realm string that gets passed by upper-layer is NULL terminated. This may lead to buffer overflow as strlen is used to get realm string length to construct the PASSPOINT WMA command. | 2018-09-18 | not yet calculated | CVE-2018-11298 CONFIRM CONFIRM CONFIRM |
google -- android |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow may occur when payload size is extremely large. | 2018-09-18 | not yet calculated | CVE-2018-11274 CONFIRM CONFIRM |
google -- android |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while loading a user application in qseecom, an integer overflow could potentially occur if the application partition size is rounded up to page_size. | 2018-09-18 | not yet calculated | CVE-2017-15818 CONFIRM CONFIRM |
google -- android |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when flashing image using FastbootLib if size is not divisible by block size, information leak occurs. | 2018-09-18 | not yet calculated | CVE-2018-11275 CONFIRM CONFIRM |
google -- android |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a race condition while accessing num of clients in DIAG services can lead to out of boundary access. | 2018-09-19 | not yet calculated | CVE-2018-5905 CONFIRM CONFIRM CONFIRM CONFIRM |
google -- android |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers. If start code is not found in entire buffer, there is over-fetch beyond allocation length. This leads to page fault. | 2018-09-18 | not yet calculated | CVE-2018-11278 CONFIRM CONFIRM |
google -- android |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, double free of memory allocation is possible in Kernel when it explicitly tries to free that memory on driver probe failure, since memory allocated is automatically freed on probe. | 2018-09-18 | not yet calculated | CVE-2018-11276 CONFIRM CONFIRM CONFIRM |
google -- android |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while calling IPA_IOC_MDFY_RT_RULE IPA IOCTL, header entry is not checked before use. If IPA_IOC_MDFY_RT_RULE IOCTL called for header entries formerly deleted, a Use after free condition will occur. | 2018-09-18 | not yet calculated | CVE-2018-11281 CONFIRM CONFIRM CONFIRM CONFIRM |
haproxy -- hpack_decoder |
A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service. | 2018-09-21 | not yet calculated | CVE-2018-14645 CONFIRM MLIST |
hdf -- hdf5 |
A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207. | 2018-09-20 | not yet calculated | CVE-2018-17237 MISC |
hdf -- hdf5 |
Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file. | 2018-09-20 | not yet calculated | CVE-2018-17234 MISC |
hdf -- hdf5 |
A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack. | 2018-09-20 | not yet calculated | CVE-2018-17233 MISC |
huawei -- mate10_smartphones |
Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset Protection (FRP) bypass vulnerability. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then perform some specific operations. Successful exploit could allow the attacker bypass the FRP protection to access the system setting page. | 2018-09-18 | not yet calculated | CVE-2018-7991 CONFIRM |
huawei -- mate_rs_smartphones |
Huawei Mate RS smartphones with the versions before NEO-AL00D 8.1.0.167(C786) have a lock-screen bypass vulnerability. An attacker could unlock and use the phone through certain operations. | 2018-09-18 | not yet calculated | CVE-2018-7929 CONFIRM |
hutool -- hutool |
The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive. | 2018-09-21 | not yet calculated | CVE-2018-17297 MISC |
hylafax -- fax_software |
HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file. | 2018-09-21 | not yet calculated | CVE-2018-17141 CONFIRM MLIST MLIST BUGTRAQ DEBIAN MISC |
ibm -- business_process_manager |
IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145109. | 2018-09-20 | not yet calculated | CVE-2018-1674 XF CONFIRM |
ibm -- db2_for_linux_and_unix_and_windows |
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability in db2cacpy that could allow a local user to read any file on the system. IBM X-Force ID: 145502. | 2018-09-21 | not yet calculated | CVE-2018-1685 SECTRACK XF CONFIRM |
ibm -- db2_for_linux_and_unix_and_windows |
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 146364. | 2018-09-21 | not yet calculated | CVE-2018-1710 XF CONFIRM |
ibm -- db2_for_linux_and_unix_and_windows |
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modificaiton of columns of existing tasks. IBM X-Force ID: 146369. | 2018-09-21 | not yet calculated | CVE-2018-1711 XF CONFIRM |
ibm -- gpfs |
IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system. IBM X-Force ID: 148805. | 2018-09-19 | not yet calculated | CVE-2018-1782 XF CONFIRM |
ibm -- sterling_b2b_integrator |
IBM Sterling B2B Integrator Standard Edition 5.2.6.0 and 6.2.6.1 could allow a local user to obtain highly sensitive information during a short time period when installation is occuring. IBM X-Force ID: 149607. | 2018-09-20 | not yet calculated | CVE-2018-1800 XF CONFIRM |
ibm -- tivoli_monitoring |
IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039. | 2018-09-19 | not yet calculated | CVE-2017-1794 XF CONFIRM |
iceni -- argus |
An exploitable heap overflow vulnerability exists in the ipStringCreate function of Iceni Argus Version 6.6.05. A specially crafted pdf file can cause an integer overflow resulting in heap overflow. An attacker can send file to trigger this vulnerability. | 2018-09-17 | not yet calculated | CVE-2017-2777 MISC |
insteon -- insteon_hub | An exploitable information leak vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly checks the number of GET parameters supplied, leading to an arbitrarily controlled information leak on the whole device memory. An attacker can send an authenticated HTTP request to trigger this vulnerability. | 2018-09-17 | not yet calculated | CVE-2017-14443 MISC |
intel -- core_processor |
Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication. | 2018-09-21 | not yet calculated | CVE-2018-12169 CONFIRM |
jhead -- jhead | The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data length. This is analogous to the CVE-2016-3822 integer overflow in exif.c. This gpsinfo.c vulnerability is unrelated to the CVE-2018-16554 gpsinfo.c vulnerability. | 2018-09-16 | not yet calculated | CVE-2018-17088 MISC |
joomla! -- joomla! | The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter. | 2018-09-20 | not yet calculated | CVE-2018-17254 EXPLOIT-DB |
joomla! -- joomla! | The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php. | 2018-09-20 | not yet calculated | CVE-2018-14592 CONFIRM |
kibana -- kibana |
Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 2018-09-19 | not yet calculated | CVE-2018-3830 CONFIRM CONFIRM |
lg -- supersign_cms |
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail. | 2018-09-21 | not yet calculated | CVE-2018-17173 MISC |
lg -- supersign_cms |
LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs. | 2018-09-14 | not yet calculated | CVE-2018-16288 MISC EXPLOIT-DB |
liblouis -- liblouis | The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries. | 2018-09-21 | not yet calculated | CVE-2018-17294 MISC MISC |
libmp4v2 -- libmp4v2 | The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp in libmp4v2 2.1.0 mishandles compatibleBrand while processing a crafted mp4 file, which leads to a heap-based buffer over-read, causing denial of service. | 2018-09-20 | not yet calculated | CVE-2018-17235 MISC |
libmp4v2 -- libmp4v2 | The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0 internally calls free() on a invalid pointer, raising a SIGABRT signal. | 2018-09-20 | not yet calculated | CVE-2018-17236 MISC |
libsvg2 -- libsvg2 | An issue was discovered in libsvg2 through 2012-10-19. The svgGetNextPathField function in svg_string.c returns its input pointer in certain circumstances, which might result in a memory leak caused by wasteful malloc calls. | 2018-09-22 | not yet calculated | CVE-2018-17332 MISC |
libsvg2 -- libsvg2 | An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in the svgGetNextPathField function in svg_string.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because a strncpy copy limit is miscalculated. | 2018-09-22 | not yet calculated | CVE-2018-17334 MISC |
libsvg2 -- libsvg2 | An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in svgStringToLength in svg_types.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because sscanf is misused. | 2018-09-22 | not yet calculated | CVE-2018-17333 MISC |
libtiff -- libtiff |
An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. | 2018-09-16 | not yet calculated | CVE-2018-17101 MISC BID MISC |
libtiff -- libtiff |
An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. | 2018-09-16 | not yet calculated | CVE-2018-17100 MISC MISC |
limesurvey -- limesurvey |
In LimeSurvey 3.14.7, HTML Injection and Stored XSS have been discovered in the appendix via the surveyls_title parameter to /index.php?r=admin/survey/sa/insert. | 2018-09-21 | not yet calculated | CVE-2018-17003 MISC |
link-net -- lw-n605r_devices |
LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases. | 2018-09-20 | not yet calculated | CVE-2018-16752 MISC EXPLOIT-DB |
linksys -- velop |
Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface). This occurs because shell metacharacters in the query string are mishandled by ShellExecute, as demonstrated by the zbtest.cgi?cmd=level&level= substring. This can also be exploited via CSRF. | 2018-09-19 | not yet calculated | CVE-2018-17208 MISC |
linux -- kernel |
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations. | 2018-09-19 | not yet calculated | CVE-2018-17182 MISC MISC MISC |
linux -- kernel |
An issue was discovered in the Linux kernel through 4.18.6. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem. | 2018-09-21 | not yet calculated | CVE-2018-16597 CONFIRM CONFIRM |
linux -- kernel |
A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configuration of a victim host, an attacker can trigger this crash remotely, thus leading to a remote denial-of-service. | 2018-09-18 | not yet calculated | CVE-2018-14641 CONFIRM CONFIRM MLIST |
lucky9io -- lucky9io | The fallback function of a simple lottery smart contract implementation for Lucky9io, an Ethereum gambling game, generates a random value with the publicly readable variable entry_number. This variable is private, yet it is readable by eth.getStorageAt function. Also, attackers can purchase a ticket at a low price by directly calling the fallback function with small msg.value, because the developer set the currency unit incorrectly. Therefore, it allows attackers to always win and get rewards. | 2018-09-18 | not yet calculated | CVE-2018-17071 MISC |
matrix -- synapse |
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation. | 2018-09-18 | not yet calculated | CVE-2018-16515 CONFIRM FEDORA CONFIRM |
mcafee -- application_and_change_control |
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility. | 2018-09-18 | not yet calculated | CVE-2017-3912 BID CONFIRM |
mcafee -- application_and_change_control |
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system. | 2018-09-18 | not yet calculated | CVE-2018-6690 CONFIRM |
mcafee -- endpoint_security_for_linux_threat_prevention | An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbitrary files. | 2018-09-18 | not yet calculated | CVE-2018-6693 CONFIRM |
metinfo -- metinfo |
MetInfo 6.1.0 has XSS in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1 field. | 2018-09-17 | not yet calculated | CVE-2018-17129 MISC |
micro_focus -- arcsight_management_center |
A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be remotely exploited to allow Directory Traversal. | 2018-09-20 | not yet calculated | CVE-2018-6500 CONFIRM |
micro_focus -- arcsight_management_center |
A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Reflected Cross-site Scripting (XSS). | 2018-09-20 | not yet calculated | CVE-2018-6502 CONFIRM |
micro_focus -- arcsight_management_center |
A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File Downloads. | 2018-09-20 | not yet calculated | CVE-2018-6505 CONFIRM |
micro_focus -- arcsight_management_center |
Potential security vulnerability of Insufficient Access Controls has been identified in ArcSight Management Center (ArcMC) for versions prior to 2.81. This vulnerability could be exploited to allow for insufficient access controls. | 2018-09-20 | not yet calculated | CVE-2018-6501 CONFIRM |
micro_focus -- arcsight_management_center |
A potential Access Control vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for vulnerable Access Controls. | 2018-09-20 | not yet calculated | CVE-2018-6503 CONFIRM |
micro_focus -- arcsight_management_center |
A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Cross-Site Request Forgery (CSRF). | 2018-09-20 | not yet calculated | CVE-2018-6504 CONFIRM |
microsoft -- active_directory_federation_services_windows_server |
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls. | 2018-09-18 | not yet calculated | CVE-2018-16794 MISC FULLDISC BID BUGTRAQ |
microsoft -- exchange_server |
Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page. | 2018-09-21 | not yet calculated | CVE-2018-16793 MISC FULLDISC BUGTRAQ |
microweber -- microweber |
An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user. | 2018-09-16 | not yet calculated | CVE-2018-17104 CONFIRM MISC CONFIRM |
monstra -- cms |
admin/index.php in Monstra CMS 3.0.4 allows arbitrary file deletion via id=filesmanager&path=uploads/.......//./.......//./&delete_file= requests. | 2018-09-18 | not yet calculated | CVE-2018-16819 MISC MISC |
monstra -- cms |
admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./.......//./ requests. | 2018-09-18 | not yet calculated | CVE-2018-16820 MISC MISC |
moodle -- moodle |
moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter. | 2018-09-17 | not yet calculated | CVE-2018-14631 CONFIRM BID CONFIRM CONFIRM |
moodle -- moodle |
moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy 'drag and drop into text' (ddwtos) type quiz questions, it was possible to inject and execute PHP code from within the imported questions, either intentionally or by importing questions from an untrusted source. | 2018-09-17 | not yet calculated | CVE-2018-14630 CONFIRM BID CONFIRM CONFIRM FULLDISC MISC |
moxa -- edr-810 |
A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI. | 2018-09-20 | not yet calculated | CVE-2018-16282 MISC CONFIRM |
mybb -- mybb |
A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode. | 2018-09-17 | not yet calculated | CVE-2018-17128 MISC |
navigate -- cms |
Navigate CMS 2.8 has Reflected XSS via the navigate.php fid parameter. | 2018-09-20 | not yet calculated | CVE-2018-17255 MISC |
neato_robotics -- botvac |
A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all. | 2018-09-18 | not yet calculated | CVE-2018-17176 MISC |
neato_robotics -- botvac |
An issue was discovered on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands (sent to /bin/webserver on port 8081) if they already have an active session. Commands like forward, back, arc-left, arc-right, pivot-left, and pivot-right are executed even though the web socket replies with { "message" : "invalid authorization header" }. Without an active session, commands are still interpreted, but (except for eco-on and eco-off) have no effect, since without active driving, a driving direction does not change anything. | 2018-09-18 | not yet calculated | CVE-2018-17178 MISC |
neato_robotics -- botvac |
An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called "black box" logs (event logs and core dumps) to a USB stick. These logs are RC4-encrypted with a 9-character password of *^JEd4W!I that is obfuscated by hiding it within a custom /bin/rc4_crypt binary. | 2018-09-18 | not yet calculated | CVE-2018-17177 MISC |
nmap4j -- nmap4j | nmap4j 1.1.0 allows attackers to execute arbitrary commands via shell metacharacters in an includeHosts call. | 2018-09-19 | not yet calculated | CVE-2018-17228 MISC |
nmealib -- nmealib | A stack-based buffer overflow was discovered in the xtimor NMEA library (aka nmealib) 0.5.3. nmea_parse() in parser.c allows an attacker to trigger denial of service (even arbitrary code execution in a certain context) in a product using this library via malformed data. | 2018-09-21 | not yet calculated | CVE-2018-17174 MISC |
nuuo -- nvrmini2 |
NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists. | 2018-09-19 | not yet calculated | CVE-2018-1150 CONFIRM MISC |
nuuo -- nvrmini2 |
cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests. | 2018-09-19 | not yet calculated | CVE-2018-1149 CONFIRM CONFIRM MISC |
open-xchange -- webmail |
Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag. | 2018-09-18 | not yet calculated | CVE-2017-6913 MISC CONFIRM |
open_vswitch -- open_vswitch |
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding. | 2018-09-19 | not yet calculated | CVE-2018-17206 MISC |
open_vswitch -- openvswitch | An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default. | 2018-09-19 | not yet calculated | CVE-2018-17204 MISC |
open_vswitch -- openvswitch |
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash. | 2018-09-19 | not yet calculated | CVE-2018-17205 MISC |
opmantek -- open-audit | Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field. | 2018-09-19 | not yet calculated | CVE-2018-16607 MISC |
oracle -- webcenter_interaction_portal |
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The portal component is delivered with an insecure default User Profile community configuration that allows anonymous users to retrieve the account names of all portal users via /portal/server.pt/user/user/ requests. When WCI is synchronised with Active Directory (AD), this vulnerability can expose the account names of all AD users. | 2018-09-17 | not yet calculated | CVE-2018-16959 BID MISC |
oracle -- webcenter_interaction_portal |
The AjaxControl component of Oracle WebCenter Interaction Portal 10.3.3 does not validate the names of pages when processing page rename requests. Pages can be renamed to include characters unsupported for URIs by the web server hosting the WCI Portal software (such as IIS). Renaming pages to include unsupported characters, such as 0x7f, prevents these pages from being accessed over the web server, causing a Denial of Service (DoS) to the page. | 2018-09-17 | not yet calculated | CVE-2018-16956 BID MISC |
oracle -- webcenter_interaction_portal |
The login function of Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). The content of the in_hi_redirect parameter, when prefixed with the https:// scheme, is unsafely reflected in a HTML META tag in the HTTP response. | 2018-09-17 | not yet calculated | CVE-2018-16955 BID MISC |
oracle -- webcenter_interaction_portal |
The AjaxView::DisplayResponse() function of the portalpages.dll assembly in Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). User input from the name parameter is unsafely reflected in the server response. | 2018-09-17 | not yet calculated | CVE-2018-16953 BID MISC |
oracle -- webcenter_interaction_portal |
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The login function of the portal is vulnerable to insecure redirection (also called an open redirect). The in_hi_redirect parameter is not validated by the application after a successful login. | 2018-09-17 | not yet calculated | CVE-2018-16954 BID MISC |
oracle -- webcenter_interaction_portal |
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NET_SessionID primary session cookie, when Internet Information Services (IIS) with ASP.NET is used, is not protected with the HttpOnly attribute. The attribute cannot be enabled by customers. Consequently, this cookie is exposed to session hijacking attacks should an adversary be able to execute JavaScript in the origin of the portal installation. | 2018-09-17 | not yet calculated | CVE-2018-16958 BID MISC |
oracle -- webcenter_interaction_portal |
The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design. The impact is sensitive actions in the portal (such as changing a portal user's password). | 2018-09-17 | not yet calculated | CVE-2018-16952 BID MISC |
oracle -- webcenter_interaction |
The Oracle WebCenter Interaction 10.3.3 search service queryd.exe binary is compiled with the i1g2s3c4 hardcoded password. Authentication to the Oracle WCI search service uses this hardcoded password and cannot be customised by customers. An adversary able to access this service over a network could perform search queries to extract large quantities of sensitive information from the WCI installation. | 2018-09-17 | not yet calculated | CVE-2018-16957 BID MISC |
otcms -- otcms |
An issue was discovered in OTCMS 3.61. XSS exists in admin/share_switch.php via these parameters: fieldName fieldName2 tabName. | 2018-09-16 | not yet calculated | CVE-2018-17086 MISC |
otcms -- otcms |
An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php via these parameters: dataTypeCN dataMode dataModeStr. | 2018-09-16 | not yet calculated | CVE-2018-17085 MISC |
parcel -- parcel-bundler |
An issue was discovered in HMRServer.js in Parcel parcel-bundler. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1 connection (with a random TCP port number) from any origin. The random port number can be found by connecting to http://127.0.0.1 and reading the "new WebSocket" line in the source code. | 2018-09-21 | not yet calculated | CVE-2018-14731 MISC CONFIRM CONFIRM |
patatasfritas -- patatawifi | FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the io_mode, ap_mode, io_action, io_in_iface, io_in_set, io_in_ip, io_in_mask, io_in_gw, io_out_iface, io_out_set, io_out_mask, io_out_gw, iface, or domain parameter to /www/script/config_iface.php, or the newSSID, hostapd_secure, hostapd_wpa_passphrase, or supplicant_ssid parameter to /www/page_config.php. | 2018-09-21 | not yet calculated | CVE-2018-17317 MISC MISC |
php -- php |
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c. | 2018-09-16 | not yet calculated | CVE-2018-17082 MISC MISC MISC MISC MLIST |
phpmywind -- phpmywind |
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting. | 2018-09-17 | not yet calculated | CVE-2018-17133 MISC |
phpmywind -- phpmywind |
admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter. | 2018-09-17 | not yet calculated | CVE-2018-17132 MISC |
phpmywind -- phpmywind |
PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header, | 2018-09-17 | not yet calculated | CVE-2018-17130 MISC |
phpmywind -- phpmywind |
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field. | 2018-09-17 | not yet calculated | CVE-2018-17131 MISC |
phpmywind -- phpmywind |
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field. | 2018-09-17 | not yet calculated | CVE-2018-17134 MISC |
pivotal -- applications_service |
Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role. | 2018-09-17 | not yet calculated | CVE-2018-11086 CONFIRM |
pivotal -- applications_service |
Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role. | 2018-09-17 | not yet calculated | CVE-2018-11088 CONFIRM |
pivotal -- cloud_cache |
Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser password in plain text during BOSH deployment logs. A malicious user with access to the logs could escalate their privileges using this password. | 2018-09-17 | not yet calculated | CVE-2018-1198 CONFIRM |
podofo_project -- podofo |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseToUnicode. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5673. | 2018-09-17 | not yet calculated | CVE-2018-14320 MISC |
prezi -- next |
Prezi Next 1.3.101.11 has a documented purpose of creating HTML5 presentations but has SE_DEBUG_PRIVILEGE on Windows, which might allow attackers to bypass intended access restrictions. | 2018-09-17 | not yet calculated | CVE-2018-17137 MISC |
processmaker -- processmaker_enterprise_core |
A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability. | 2018-09-17 | not yet calculated | CVE-2016-9045 MISC |
python -- marshmallow_library | In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields (if the schema is being filtered dynamically using the "only" option, and there is a user role that produces an empty value for "only"). | 2018-09-18 | not yet calculated | CVE-2018-17175 MISC MISC MISC |
python_software_foundation -- python |
Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace. | 2018-09-18 | not yet calculated | CVE-2018-1000802 CONFIRM CONFIRM CONFIRM MISC |
qbee -- multisensor_camera |
The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera. | 2018-09-18 | not yet calculated | CVE-2018-16225 MISC FULLDISC |
qualcomm -- android | In Snapdragon (Automobile ,Mobile) in version MSM8996AU, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, a crafted HLOS client can modify the structure in memory passed to a QSEE application between the time of check and the time of use, resulting in arbitrary writes to TZ kernel memory regions. | 2018-09-20 | not yet calculated | CVE-2017-18302 SECTRACK CONFIRM CONFIRM |
qualcomm -- android | In Small Cell SoC and Snapdragon (Automobile, Mobile, Wear) in version FSM9055, FSM9955, MDM9607, MDM9640, MDM9650, MSM8909W, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, providing the NULL argument of ICE regulator while processing create key IOCTL results in system restart. | 2018-09-20 | not yet calculated | CVE-2017-18301 SECTRACK CONFIRM CONFIRM |
qualcomm -- android | In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, on TZ cold boot the CNOC_QDSS RG0 locked by xBL_SEC is cleared by TZ. | 2018-09-20 | not yet calculated | CVE-2017-18314 CONFIRM CONFIRM |
qualcomm -- android |
In Snapdragon (Automobile, Mobile, Wear) in version MDM9607, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDM429, SDM439, SDM632, Snapdragon_High_Med_2016, when a Trusted Application has opened the SPI/I2C interface to a particular device, it is possible for another Trusted Application to read the data on this open interface by calling the SPI/I2C read function. | 2018-09-20 | not yet calculated | CVE-2017-18280 SECTRACK CONFIRM CONFIRM |
qualcomm -- android |
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG in use. | 2018-09-20 | not yet calculated | CVE-2018-11290 CONFIRM CONFIRM CONFIRM |
qualcomm -- android |
In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016, a double free of ASN1 heap memory used for EUTRA CAP container occurs during UTRAN to LTE Capability inquiry procedure. | 2018-09-20 | not yet calculated | CVE-2018-11982 CONFIRM |
qualcomm -- android |
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, lack of input validation in WLANWMI command handlers can lead to integer & heap overflows. | 2018-09-20 | not yet calculated | CVE-2018-11292 CONFIRM CONFIRM CONFIRM |
qualcomm -- android |
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, a potential buffer overflow exists when parsing TFTP options. | 2018-09-20 | not yet calculated | CVE-2018-11269 CONFIRM |
qualcomm -- android |
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests (for privacy reasons) is not done properly due to a flawed RNG which produces repeating output much earlier than expected. | 2018-09-20 | not yet calculated | CVE-2018-5871 CONFIRM CONFIRM |
qualcomm -- android |
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, incorrect control flow implementation in Video while checking buffer sufficiency. | 2018-09-20 | not yet calculated | CVE-2018-11287 CONFIRM CONFIRM |
qualcomm -- android |
In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, the com.qualcomm.embms is a vendor package deployed in the system image which has an inadequate permission level and allows any application installed from Play Store to request this permission at install-time. The system application interfaces with the Radio Interface Layer leading to potential access control issue. | 2018-09-20 | not yet calculated | CVE-2018-11277 CONFIRM |
qualcomm -- android |
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, a potential buffer overflow exists when parsing TFTP options. | 2018-09-20 | not yet calculated | CVE-2018-11268 CONFIRM |
qualcomm -- android |
In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG which produced repeating output much earlier than expected. | 2018-09-20 | not yet calculated | CVE-2018-5837 CONFIRM CONFIRM |
qualcomm -- android |
In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, cryptographic issues due to the random number generator was not a strong one in NAN. | 2018-09-20 | not yet calculated | CVE-2018-11291 CONFIRM |
qualcomm -- android |
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, while parsing FLAC file with corrupted picture block, a buffer over-read can occur. | 2018-09-20 | not yet calculated | CVE-2018-11285 CONFIRM CONFIRM |
qualcomm -- android |
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, when sending an malformed XML data to deviceprogrammer/firehose it may do an out of bounds buffer write allowing a region of memory to be filled with 0x20. | 2018-09-20 | not yet calculated | CVE-2018-11267 CONFIRM |
quickapps -- quickappscms |
An issue was discovered in QuickAppsCMS (aka QACMS) through 2.0.0-beta2. A CSRF vulnerability can change the administrator password via the user/me URI. | 2018-09-16 | not yet calculated | CVE-2018-17102 MISC MISC |
red_hat -- undertow |
An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests. | 2018-09-18 | not yet calculated | CVE-2018-14642 CONFIRM |
ricoh -- mp_2001_printer |
On the RICOH MP 2001 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | 2018-09-21 | not yet calculated | CVE-2018-17002 MISC |
ricoh -- sp_4510sf_printer |
On the RICOH SP 4510SF printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | 2018-09-21 | not yet calculated | CVE-2018-17001 MISC |
rockwell_automation -- rslinx_classic | Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code. | 2018-09-20 | not yet calculated | CVE-2018-14829 MISC MISC |
rockwell_automation -- rslinx_classic | Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality. | 2018-09-20 | not yet calculated | CVE-2018-14827 MISC |
rockwell_automation -- rslinx_classic |
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote, unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818, causing the RSLinx Classic application to terminate. The user will need to manually restart the software to regain functionality. | 2018-09-20 | not yet calculated | CVE-2018-14821 MISC MISC |
samsung -- smarthings_hub-sth-eth-250 | An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "startTime" value in order to exploit this vulnerability. | 2018-09-21 | not yet calculated | CVE-2018-3894 MISC |
samsung -- smarthings_hub-sth-eth-250 |
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 160 bytes. An attacker can send an arbitrarily long "directory" value in order to exploit this vulnerability. | 2018-09-21 | not yet calculated | CVE-2018-3877 MISC |
samsung -- smarthings_hub_sth-eth-250 |
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket" value in order to exploit this vulnerability. | 2018-09-21 | not yet calculated | CVE-2018-3915 MISC |
samsung -- smarthings_hub_sth-eth-250 |
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long "secretKey" value in order to exploit this vulnerability. | 2018-09-21 | not yet calculated | CVE-2018-3873 MISC |
samsung -- smarthings_hub_sth-eth-250 |
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 2000 bytes. An attacker can send an arbitrarily long "sessionToken" value in order to exploit this vulnerability. | 2018-09-21 | not yet calculated | CVE-2018-3914 MISC |
samsung -- smarthings_hub_sth-eth-250 |
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket" value in order to exploit this vulnerability. | 2018-09-21 | not yet calculated | CVE-2018-3876 MISC |
samsung -- smarthings_hub_sth-eth-250 |
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long "accessKey" value in order to exploit this vulnerability. | 2018-09-21 | not yet calculated | CVE-2018-3913 MISC |
samsung -- smarthings_hub_sth-eth-250 |
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long "accessKey" value in order to exploit this vulnerability. | 2018-09-21 | not yet calculated | CVE-2018-3874 MISC |
samsung -- smarthings_hub |
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | 2018-09-21 | not yet calculated | CVE-2018-3906 MISC |
samsung -- wifiscan |
An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "cameraIp" value in order to exploit this vulnerability. | 2018-09-20 | not yet calculated | CVE-2018-3865 MISC |
samsung -- wifiscan |
An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "password" value in order to exploit this vulnerability. | 2018-09-20 | not yet calculated | CVE-2018-3864 MISC |
sbi -- sbibuddy |
The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow attackers to perform Account Takeover attacks by intercepting a security-question response during the initial configuration of the application. | 2018-09-16 | not yet calculated | CVE-2018-17108 MISC |
seacms -- seacms |
SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests. | 2018-09-21 | not yet calculated | CVE-2018-16821 MISC MISC |
seacms -- seacms |
An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action. | 2018-09-21 | not yet calculated | CVE-2018-17321 MISC |
seacms -- seacms |
SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter. | 2018-09-21 | not yet calculated | CVE-2018-16822 MISC MISC |
seacms -- seacms |
An issue was discovered in SeaCMS 6.64. XSS exists in admin_video.php via the action, area, type, yuyan, jqtype, v_isunion, v_recycled, v_ismoney, or v_ispsd parameter. | 2018-09-16 | not yet calculated | CVE-2018-17062 MISC |
simple_pos_pool -- simple_pos |
Simple POS 4.0.24 allows SQL Injection via a products/get_products/ columns[0][search][value] parameter in the management panel, as demonstrated by products/get_products/1. | 2018-09-17 | not yet calculated | CVE-2018-17110 EXPLOIT-DB |
slack-archive-bot -- slack-archive-bot | SQL injection vulnerability in archivebot.py in docmarionum1 Slack ArchiveBot (aka slack-archive-bot) before 2018-09-19 allows remote attackers to execute arbitrary SQL commands via the text parameter to cursor.execute(). | 2018-09-20 | not yet calculated | CVE-2018-17232 MISC |
smarty -- smarty |
Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files. | 2018-09-18 | not yet calculated | CVE-2018-13982 MISC CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
snap_creek -- duplicator |
An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution. | 2018-09-19 | not yet calculated | CVE-2018-17207 MISC MISC |
softcase -- t-router |
An issue was discovered on SoftCase T-Router build 20112017 devices. A remote attacker can read and write to arbitrary files on the system as root, as demonstrated by code execution after writing to a crontab file. This is fixed in production builds as of Spring 2018. | 2018-09-21 | not yet calculated | CVE-2018-11241 MISC |
softcase -- t-router |
An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on the 'exec command' feature of the T-Router protocol. If the command syntax is correct, there is code execution both on the other modem and on the main servers. This is fixed in production builds as of Spring 2018. | 2018-09-21 | not yet calculated | CVE-2018-11240 MISC |
soundtouch -- soundtouch | The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. | 2018-09-16 | not yet calculated | CVE-2018-17096 MISC MISC |
soundtouch -- soundtouch |
The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch. | 2018-09-16 | not yet calculated | CVE-2018-17097 MISC MISC |
soundtouch -- soundtouch |
The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch. | 2018-09-16 | not yet calculated | CVE-2018-17098 MISC MISC |
subsonic -- media_server |
An XSS issue was discovered in Subsonic Media Server 6.1.1. The podcast subscription form is affected by a stored XSS vulnerability in the add parameter to podcastReceiverAdmin.view; no administrator access is required. By injecting a JavaScript payload, this flaw could be used to manipulate a user's session, or elevate privileges by targeting an administrative user. | 2018-09-21 | not yet calculated | CVE-2018-9282 MISC |
subsonic -- subsonic |
An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal session information of a victim. | 2018-09-21 | not yet calculated | CVE-2018-14691 MISC |
subsonic -- subsonic |
An issue was discovered in Subsonic 6.1.1. The radio settings are affected by three stored cross-site scripting vulnerabilities in the name[x], streamUrl[x], homepageUrl[x] parameters (where x is an integer) to internetRadioSettings.view that could be used to steal session information of a victim. | 2018-09-21 | not yet calculated | CVE-2018-14688 MISC |
subsonic -- subsonic |
An issue was discovered in Subsonic 6.1.1. The general settings are affected by two stored cross-site scripting vulnerabilities in the title and subtitle parameters to generalSettings.view that could be used to steal session information of a victim. | 2018-09-21 | not yet calculated | CVE-2018-14690 MISC |
subsonic -- subsonic |
An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the name[x], sourceformats[x], targetFormat[x], step1[x], and step2[x] parameters (where x is an integer) to transcodingSettings.view that could be used to steal session information of a victim. | 2018-09-21 | not yet calculated | CVE-2018-14689 MISC |
symantec -- messaging_gateway |
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible. | 2018-09-19 | not yet calculated | CVE-2018-12243 BID CONFIRM |
symantec -- messaging_gateway |
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network. | 2018-09-19 | not yet calculated | CVE-2018-12242 BID CONFIRM |
tec4data -- smartcooler |
Tec4Data SmartCooler, all versions prior to firmware 180806, the device responds to a remote unauthenticated reboot command that may be used to perform a denial of service attack. | 2018-09-20 | not yet calculated | CVE-2018-14796 MISC |
thewebfosters -- ultimatepos |
UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type. | 2018-09-17 | not yet calculated | CVE-2018-17139 EXPLOIT-DB |
tinyftp -- tinyftpd |
In Tinyftp Tinyftpd 1.1, a buffer overflow exists in the text variable of the do_mkd function in the ftpproto.c file. An attacker can overwrite ebp via a long pathname. | 2018-09-16 | not yet calculated | CVE-2018-17106 MISC |
torproject.org -- tor_browser | Tor Browser on Windows before 8.0 allows remote attackers to bypass the intended anonymity feature and discover a client IP address, a different vulnerability than CVE-2017-16541. User interaction is required to trigger this vulnerability. | 2018-09-14 | not yet calculated | CVE-2017-16639 MISC BID BUGTRAQ MISC |
ubisoft -- uplay_desktop_client |
upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. | 2018-09-20 | not yet calculated | CVE-2018-15832 EXPLOIT-DB |
ucms -- ucms | An issue was discovered in UCMS 1.4.6. aaddpost.php has stored XSS via the sadmin/aindex.php minfo parameter in a sadmin_aaddpost action. | 2018-09-21 | not yet calculated | CVE-2018-17320 MISC |
udisks -- udisks | UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings. | 2018-09-22 | not yet calculated | CVE-2018-17336 MISC |
vectra_networks -- cognito_brain_and_sensor | CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability. | 2018-09-21 | not yet calculated | CVE-2018-14889 CONFIRM |
vectra_networks -- cognito_brain_and_sensor |
Vectra Networks Cognito Brain and Sensor before 4.2 contains a cross-site scripting (XSS) vulnerability in the Web Management Console. | 2018-09-21 | not yet calculated | CVE-2018-14890 CONFIRM |
vectra_networks -- cognito_brain_and_sensor |
Management Console in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local privilege escalation vulnerability. | 2018-09-21 | not yet calculated | CVE-2018-14891 CONFIRM |
wallabag -- wallabag |
The Wallabag application 2.2.3 to 2.3.2 is affected by one cross-site scripting (XSS) vulnerability that is stored within the configuration page. This vulnerability enables the execution of a JavaScript payload each time an administrator visits the configuration page. The vulnerability can be exploited with authentication and used to target administrators and steal their sessions. | 2018-09-21 | not yet calculated | CVE-2018-11352 MISC |
wanscam -- hw0021_ip_camera |
There exists a partial Denial of Service vulnerability in Wanscam HW0021 IP Cameras. An attacker could craft a malicious POST request to crash the ONVIF service on such a device. | 2018-09-21 | not yet calculated | CVE-2018-13111 MISC |
wavm -- wavm |
An issue was discovered in WAVM before 2018-09-16. The run function in Programs/wavm/wavm.cpp does not check whether there is Emscripten memory to store the command-line arguments passed by the input WebAssembly file's main function, which allows attackers to cause a denial of service (application crash by NULL pointer dereference) or possibly have unspecified other impact by crafting certain WebAssembly files. | 2018-09-21 | not yet calculated | CVE-2018-17293 MISC MISC |
wavm -- wavm |
An issue was discovered in WAVM before 2018-09-16. The loadModule function in Include/Inline/CLI.h lacks checking of the file length before a file magic comparison, allowing attackers to cause a Denial of Service (application crash caused by out-of-bounds read) by crafting a file that has fewer than 4 bytes. | 2018-09-21 | not yet calculated | CVE-2018-17292 MISC MISC |
webpack_dev_server -- webpack_dev_server |
An issue was discovered in lib/Server.js in webpack-dev-server before 3.1.6. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1:8080/ connection from any origin. | 2018-09-21 | not yet calculated | CVE-2018-14732 MISC CONFIRM CONFIRM |
wecon -- plc_editor |
WECON PLC Editor version 1.3.3U may allow an attacker to execute code under the current process when processing project files. | 2018-09-19 | not yet calculated | CVE-2018-14792 MISC |
western_digital -- my_cloud_device |
It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called "cgi_get_ipv6" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter "flag" with the value "1" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie. | 2018-09-18 | not yet calculated | CVE-2018-17153 BID MISC MISC |
wordpress -- wordpress |
The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS via the title parameter in a ql_insert action to wp-admin/admin.php. | 2018-09-17 | not yet calculated | CVE-2018-17140 EXPLOIT-DB |
wordpress -- wordpress |
The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS via the wp-content/plugins/jibu-pro/quiz_action.php name (aka Quiz Name) field. | 2018-09-17 | not yet calculated | CVE-2018-17138 EXPLOIT-DB |
xar -- xar | An issue has been discovered in mackyle xar 1.6.1. There is a NULL pointer dereference in xar_unserialize in lib/archive.c. | 2018-09-16 | not yet calculated | CVE-2018-17094 MISC |
xar -- xar | An issue has been discovered in mackyle xar 1.6.1. There is a NULL pointer dereference in xar_get_path in lib/util.c. | 2018-09-16 | not yet calculated | CVE-2018-17093 MISC |
yunucms -- yunucms |
Cross-site scripting (XSS) vulnerability in index.php/index/category/index in YUNUCMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the area parameter. | 2018-09-21 | not yet calculated | CVE-2018-17322 MISC |
zoho -- manageengine_desktop_central |
Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI. | 2018-09-21 | not yet calculated | CVE-2018-16833 MISC |
zoho -- manageengine_opmanager |
Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection. | 2018-09-20 | not yet calculated | CVE-2018-17243 CONFIRM |
zoho -- manageengine_opsmanager |
Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter. | 2018-09-20 | not yet calculated | CVE-2018-17283 MISC MISC |
zoho -- manageengine_supportcenter |
In Zoho ManageEngine SupportCenter Plus 8.1.0, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter. | 2018-09-21 | not yet calculated | CVE-2018-16965 MISC |
zzcms -- zzcms |
zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via a Client-Ip HTTP header. | 2018-09-17 | not yet calculated | CVE-2018-17136 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/bulletins/SB18-267-0
Comments
Post a Comment