US-CERT - SB18-323: Vulnerability Summary for the Week of November 12, 2018
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no high vulnerabilities recorded this week. |
Medium Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no medium vulnerabilities recorded this week. |
Low Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no low vulnerabilities recorded this week. |
Severity Not Yet Assigned
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
amazon -- payfort | The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in a success.php echo statement. | 2018-11-14 | not yet calculated | CVE-2018-19187 BID MISC |
amazon -- payfort | The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the success.php fort_id parameter. | 2018-11-14 | not yet calculated | CVE-2018-19188 BID MISC MISC |
amazon -- payfort | The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in an error.php echo statement. | 2018-11-14 | not yet calculated | CVE-2018-19189 BID MISC |
amazon -- payfort | The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the error.php error_msg parameter. | 2018-11-14 | not yet calculated | CVE-2018-19190 BID MISC |
amazon -- payfort |
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the route.php paymentMethod parameter. | 2018-11-14 | not yet calculated | CVE-2018-19186 MISC |
apache -- hadoop |
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file. | 2018-11-13 | not yet calculated | CVE-2018-8009 BID MISC |
apache -- qpid_proton-j |
The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with options to configure this explicitly or select a certificate verification mode with or without hostname verification being performed. The latter hostname verifying mode was not implemented in Apache Qpid Proton-J versions 0.3 to 0.29.0, with attempts to use it resulting in an exception. This left only the option to verify the certificate is trusted, leaving such a client vulnerable to Man In The Middle (MITM) attack. Uses of the Proton-J protocol engine which do not utilise the optional transport TLS wrapper are not impacted, e.g. usage within Qpid JMS. Uses of Proton-J utilising the optional transport TLS wrapper layer that wish to enable hostname verification must be upgraded to version 0.30.0 or later and utilise the VerifyMode#VERIFY_PEER_NAME configuration, which is now the default for client mode usage unless configured otherwise. | 2018-11-13 | not yet calculated | CVE-2018-17187 BID MISC MISC MISC |
baidu -- baidu_browser |
Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-11-15 | not yet calculated | CVE-2018-0692 JVN |
bakeshop_inventory_system_web_application -- bakeshop_inventory_system_web_application | Bakeshop Inventory System 1.0 has SQL injection via the login screen, related to include/publicfunction.vb. | 2018-11-16 | not yet calculated | CVE-2018-18804 MISC EXPLOIT-DB |
bluestacks -- bluestacks_app_player_for_windows_and_bluestacks_app_player_for_macos |
BlueStacks App Player (BlueStacks App Player for Windows 3.0.0 to 4.31.55, BlueStacks App Player for macOS 2.0.0 and later) allows an attacker on the same network segment to bypass access restriction to gain unauthorized access. | 2018-11-15 | not yet calculated | CVE-2018-0701 JVN MISC |
bsen_ordering_software_web_application -- bsen_ordering_software_web_application | The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or index.php?q=single-item&id=[SQL]. | 2018-11-16 | not yet calculated | CVE-2018-18801 MISC EXPLOIT-DB |
centreon -- centreon | Centreon 3.4.x allows SNMP trap SQL Injection. | 2018-11-14 | not yet calculated | CVE-2018-19281 MISC |
centreon -- centreon | Centreon 3.4.x has XSS via the resource name or macro expression of a poller macro. | 2018-11-14 | not yet calculated | CVE-2018-19280 MISC |
centreon -- centreon |
Centreon 3.4.x allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI. | 2018-11-16 | not yet calculated | CVE-2018-19312 MISC |
centreon -- centreon |
Centreon 3.4.x allows SQL Injection via the main.php searchH parameter. | 2018-11-14 | not yet calculated | CVE-2018-19271 MISC MISC |
centreon -- centreon |
Centreon 3.4.x allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen. | 2018-11-16 | not yet calculated | CVE-2018-19311 MISC |
charles -- charles |
An XML External Entity (XXE) vulnerability exists in the Charles 4.2.7 import/export setup option. If a user imports a "Charles Settings.xml" file from an attacker, an intranet network may be accessed and information may be leaked. | 2018-11-13 | not yet calculated | CVE-2018-19244 MISC |
cisco -- advanced_malware_protection_for_endpoints_on_windows |
A vulnerability in the DLL loading component of Cisco Advanced Malware Protection (AMP) for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or take other actions to prevent detection of unauthorized intrusions. To exploit this vulnerability, the attacker would need to have administrative credentials on the Windows system. The vulnerability is due to the improper validation of resources loaded by a system process at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. A successful exploit could allow the attacker to disable the targeted system's scanning services and ultimately prevent the system from being protected from further intrusion. There are no workarounds that address this vulnerability. | 2018-11-13 | not yet calculated | CVE-2018-15452 BID CISCO |
ckeditor -- ckeditor |
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste. | 2018-11-14 | not yet calculated | CVE-2018-17960 MISC MISC |
clippercms -- clippercms |
ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an attacker to perform actions for an admin (or any user with the file upload capability). With this vulnerability, one can automatically upload files (by default, it allows html, pdf, xml, zip, and many other file types). A file can be accessed publicly under the "/assets/files" directory. | 2018-11-10 | not yet calculated | CVE-2018-19135 MISC EXPLOIT-DB |
curriculum_evaluation_system_web_application -- curriculum_evaluation_system_web_application |
Curriculum Evaluation System 1.0 allows SQL Injection via the login screen, related to frmCourse.vb and includes/user.vb. | 2018-11-16 | not yet calculated | CVE-2018-18803 MISC EXPLOIT-DB |
cybozu -- garoon |
Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors. | 2018-11-15 | not yet calculated | CVE-2018-0673 JVN MISC |
dell_emc -- recoverpoint | Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI. | 2018-11-13 | not yet calculated | CVE-2018-15771 BID SECTRACK FULLDISC |
dell_emc -- recoverpoint |
Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI. | 2018-11-13 | not yet calculated | CVE-2018-15772 BID SECTRACK FULLDISC |
dell_emc -- rsa_bsafe_micro_edition_suite | RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used. | 2018-11-16 | not yet calculated | CVE-2018-15769 BID SECTRACK FULLDISC |
digium -- asterisk |
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length. | 2018-11-14 | not yet calculated | CVE-2018-19278 MISC MISC |
dilicms -- dilicms |
An issue discovered in DiliCMS 2.4.0. There is a CSRF vulnerability that can delete a user or group via an admin/index.php/user/del/1 or admin/index.php/role/del/2 URI. | 2018-11-15 | not yet calculated | CVE-2018-19291 MISC |
domainmod -- domainmod |
DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter. | 2018-11-09 | not yet calculated | CVE-2018-19136 MISC EXPLOIT-DB |
eclipse -- mosquitto |
In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. $test/test, then an assert is triggered that should otherwise not be reachable and Mosquitto will exit. | 2018-11-15 | not yet calculated | CVE-2018-12543 CONFIRM |
ethereum -- go-ethereum | cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to cause a denial of service (SEGV) via crafted bytecode. | 2018-11-11 | not yet calculated | CVE-2018-19184 MISC |
ethereum -- py-evm | Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation._stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed indefinitely without gas being paid." | 2018-11-11 | not yet calculated | CVE-2018-18920 MISC MISC MISC MISC |
ethereumjs -- ethereumjs-vm |
ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm.runCode failure and REVERT) via a "code: Buffer.from(my_code, 'hex')" attribute. | 2018-11-11 | not yet calculated | CVE-2018-19183 MISC |
feitian_japan -- securecore_standard_edition |
SecureCore Standard Edition Version 2.x allows an attacker to bypass the product 's authentication to log in to a Windows PC. | 2018-11-15 | not yet calculated | CVE-2018-16160 JVN |
foxit_software -- foxit_reader | The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x00000000000d11bb" issue. | 2018-11-17 | not yet calculated | CVE-2018-19347 MISC MISC |
foxit_software -- foxit_reader | The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x000000000012dff5" issue. | 2018-11-17 | not yet calculated | CVE-2018-19348 MISC MISC MISC MISC |
foxit_software -- foxit_reader | The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader!std::basic_ostream >::operator<<+0x0000000000087906" issue. | 2018-11-17 | not yet calculated | CVE-2018-19341 MISC MISC |
foxit_software -- foxit_reader | The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read), obtain sensitive information, or possibly have unspecified other impact via a U3D sample because of a "Data from Faulting Address controls Code Flow starting at U3DBrowser!PlugInMain+0x00000000000f43ff" issue. | 2018-11-17 | not yet calculated | CVE-2018-19343 MISC MISC |
foxit_software -- foxit_reader | The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address may be used as a return value starting at U3DBrowser!PlugInMain+0x0000000000031a75" issue. | 2018-11-17 | not yet calculated | CVE-2018-19344 MISC MISC |
foxit_software -- foxit_reader | The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at U3DBrowser!PlugInMain+0x0000000000053f8b" issue. | 2018-11-17 | not yet calculated | CVE-2018-19345 MISC MISC |
foxit_software -- foxit_reader | The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x00000000000d11ea" issue. | 2018-11-17 | not yet calculated | CVE-2018-19346 MISC MISC |
foxit_software -- foxit_reader |
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation starting at U3DBrowser+0x000000000000347a" issue. | 2018-11-17 | not yet calculated | CVE-2018-19342 MISC MISC MISC MISC |
fxc -- multiple products |
Cross-site scripting vulnerability in multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions) allows attacker with administrator rights to inject arbitrary web script or HTML via the administrative page. | 2018-11-15 | not yet calculated | CVE-2018-0679 JVN MISC |
google -- android | In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111450417 | 2018-11-14 | not yet calculated | CVE-2018-9540 BID CONFIRM |
google -- android | In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111874331 | 2018-11-14 | not yet calculated | CVE-2018-9521 BID CONFIRM |
google -- android | In the ClearKey CAS descrambler, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-113027383 | 2018-11-14 | not yet calculated | CVE-2018-9539 BID CONFIRM |
google -- android | In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused. This could lead to local escalation of privilege in the system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112550251 | 2018-11-14 | not yet calculated | CVE-2018-9522 BID CONFIRM |
google -- android | In ixheaacd_over_lap_add1_armv8 of ixheaacd_overlap_add1.s there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112551721 | 2018-11-14 | not yet calculated | CVE-2018-9528 CONFIRM |
google -- android | In vorbis_book_decodev_set of codebook.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112159345 | 2018-11-14 | not yet calculated | CVE-2018-9527 BID CONFIRM |
google -- android | In onCheckedChanged of BluetoothPairingController.java, there is a possible way to retrieve contact information due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-72872376 | 2018-11-14 | not yet calculated | CVE-2018-9457 BID CONFIRM |
google -- android | In BTA_HdRegisterApp of bta_hd_api.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113111784 | 2018-11-14 | not yet calculated | CVE-2018-9545 BID CONFIRM |
google -- android | In CAacDecoder_DecodeFrame of aacdecode.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112891564 | 2018-11-14 | not yet calculated | CVE-2018-9537 BID CONFIRM |
google -- android | In avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111450531 | 2018-11-14 | not yet calculated | CVE-2018-9541 BID CONFIRM |
google -- android | In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFI_CHANGED, there is a possible permissions bypass due to a confused deputy. This could lead to local escalation of privilege, allowing a local attacker to change device settings, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111330641 | 2018-11-14 | not yet calculated | CVE-2018-9525 BID CONFIRM |
google -- android | In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112765917 | 2018-11-14 | not yet calculated | CVE-2018-9532 CONFIRM |
google -- android | In function SMF_ParseMetaEvent of file eas_smf.c there is incorrect input validation causing an infinite loop. This could lead to a remote temporary DoS with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-68664359 | 2018-11-14 | not yet calculated | CVE-2018-9347 BID CONFIRM |
google -- android | In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112662184 | 2018-11-14 | not yet calculated | CVE-2018-9536 BID CONFIRM |
google -- android | In ixheaacd_dec_data_init of ixheaacd_create.c there is a possible out of write read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112766520 | 2018-11-14 | not yet calculated | CVE-2018-9533 CONFIRM |
google -- android | In AudioSpecificConfig_Parse of tpdec_asc.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112661641 | 2018-11-14 | not yet calculated | CVE-2018-9531 BID CONFIRM |
google -- android | In ixheaacd_mps_getstridemap of ixheaacd_mps_parse.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112857941 | 2018-11-14 | not yet calculated | CVE-2018-9534 CONFIRM |
google -- android | In functionality implemented in System UI, there are insufficient protections implemented around overlay windows. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-34170870 | 2018-11-14 | not yet calculated | CVE-2018-9524 BID CONFIRM |
google -- android | A Elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-76222002. | 2018-11-14 | not yet calculated | CVE-2018-9580 CONFIRM |
google -- android | In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112159033 | 2018-11-14 | not yet calculated | CVE-2018-9526 BID CONFIRM |
google -- android | In Parcel.writeMapInternal of Parcel.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112859604 | 2018-11-14 | not yet calculated | CVE-2018-9523 BID CONFIRM |
google -- android | In ixheaacd_tns_ar_filter_dec of ixheaacd_aac_tns.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112609715 | 2018-11-14 | not yet calculated | CVE-2018-9530 CONFIRM |
google -- android | In register_app of btif_hd.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113037220 | 2018-11-14 | not yet calculated | CVE-2018-9544 BID CONFIRM |
google -- android | In avrc_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111896861 | 2018-11-14 | not yet calculated | CVE-2018-9542 BID CONFIRM |
google -- android | In ixheaacd_individual_ch_stream of ixheaacd_channel.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112551874 | 2018-11-14 | not yet calculated | CVE-2018-9529 CONFIRM |
google -- android | In ixheaacd_reset_acelp_data_fix of ixheaacd_lpc.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112858010 | 2018-11-14 | not yet calculated | CVE-2018-9535 CONFIRM |
google -- android | In f2fs_format_utils.c WITH_BLKDISCARD is not defined, which may cause the data partition to not be wiped at factory reset, leading to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112868088 | 2018-11-14 | not yet calculated | CVE-2018-9543 BID CONFIRM |
google -- chrome |
Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6063 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome |
Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6067 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome |
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6065 BID REDHAT CONFIRM MISC DEBIAN EXPLOIT-DB |
google -- chrome |
Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6064 BID REDHAT CONFIRM MISC DEBIAN EXPLOIT-DB |
google -- chrome |
Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-17474 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome |
Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes . | 2018-11-14 | not yet calculated | CVE-2018-6080 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome |
Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6082 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome |
A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6061 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome |
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-17475 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome |
Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6057 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome |
Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-17468 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome |
Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6066 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome |
Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-17462 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome |
Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-17467 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome |
Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-17466 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome |
Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-17465 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome |
Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6062 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome |
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | 2018-11-14 | not yet calculated | CVE-2018-17473 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome |
Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-17477 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome |
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-17464 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome |
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-17463 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 2018-11-14 | not yet calculated | CVE-2018-6072 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome |
Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-17476 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome |
Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6083 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome |
Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6060 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome |
Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-17472 BID CONFIRM MISC |
google -- chrome |
Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. | 2018-11-14 | not yet calculated | CVE-2018-17469 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome |
Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-17471 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6076 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6068 BID CONFIRM MISC DEBIAN |
google -- chrome | XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6081 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6079 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | 2018-11-14 | not yet calculated | CVE-2018-6078 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6077 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6074 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6073 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6069 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. | 2018-11-14 | not yet calculated | CVE-2018-6070 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 2018-11-14 | not yet calculated | CVE-2018-6071 BID REDHAT CONFIRM MISC DEBIAN |
google -- chrome | Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction. | 2018-11-14 | not yet calculated | CVE-2018-6075 BID REDHAT CONFIRM MISC DEBIAN |
google -- gvisor |
pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows attackers to overwrite memory locations in processes running as root (but not escape the sandbox) via vectors involving IPC_RMID shmctl calls, because reference counting is mishandled. | 2018-11-17 | not yet calculated | CVE-2018-19333 MISC MISC |
greencms -- greencms |
GreenCMS v2.3.0603 allows remote authenticated administrators to delete arbitrary files by modifying a base64-encoded pathname in an m=admin&c=media&a=delfilehandle&id= call, related to the m=admin&c=media&a=restorefile delete button. | 2018-11-17 | not yet calculated | CVE-2018-19329 MISC |
guriddo -- guriddo_form_php |
Guriddo Form PHP 5.3 has XSS via the demos/jqform/defaultnodb/default.php OrderID, ShipName, ShipAddress, ShipCity, ShipPostalCode, ShipCountry, Freight, or details parameter. | 2018-11-17 | not yet calculated | CVE-2018-19340 MISC |
harfbuzz -- harfbuzz |
HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh. | 2018-11-15 | not yet calculated | CVE-2015-9274 MISC |
hiroshi_yuki -- yukiwiki |
Cross-site scripting vulnerability in YukiWiki 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2018-11-15 | not yet calculated | CVE-2018-0699 JVN MISC |
hiroshi_yuki -- yukiwiki |
YukiWiki 2.1.3 and earlier does not process a particular request properly that may allow consumption of large amounts of CPU and memory resources and may result in causing a denial of service condition. | 2018-11-15 | not yet calculated | CVE-2018-0700 JVN MISC |
huawei -- emily-al00a_smartphones | The radio module of some Huawei smartphones Emily-AL00A The versions before 8.1.0.171(C00) have a lock-screen bypass vulnerability. An unauthenticated attacker could start third-part input method APP through certain operations to bypass lock-screen by exploit this vulnerability. | 2018-11-13 | not yet calculated | CVE-2018-7925 CONFIRM |
huawei -- multiple_smartphones |
Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone. | 2018-11-13 | not yet calculated | CVE-2018-7910 CONFIRM |
huawei -- watch_2 | Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have an improper authorization vulnerability. Due to improper permission configuration for specific operations, an attacker who obtained the Huawei ID bound to the watch can bypass permission verification to perform specific operations and modify some data on the watch. | 2018-11-13 | not yet calculated | CVE-2018-7926 CONFIRM |
ibm -- case_manager |
IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a "zip slip" vulnerability which could allow a remote attacker to execute code using directory traversal techniques. IBM X-Force ID: 151970. | 2018-11-12 | not yet calculated | CVE-2018-1884 CONFIRM XF |
ibm -- jazz_reporting_service |
The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 through 6.0.6 could allow an authenticated user to obtain sensitive information beyond its assigned privileges. IBM X-Force ID: 144579. | 2018-11-16 | not yet calculated | CVE-2018-1639 XF CONFIRM |
ibm -- spectrum_protect |
IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871. | 2018-11-12 | not yet calculated | CVE-2018-1786 CONFIRM BID XF |
ibm -- websphere_application_server |
The Installation Verification Tool of IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144588 | 2018-11-15 | not yet calculated | CVE-2018-1643 SECTRACK XF CONFIRM |
ibm -- websphere_application_server |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 149428. | 2018-11-12 | not yet calculated | CVE-2018-1798 CONFIRM BID SECTRACK XF |
ibm -- websphere_application_server |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives (EBA) could allow a local attacker to traverse directories on the system. By persuading a victim to extract a specially-crafted ZIP archive containing "dot dot slash" sequences (../), an attacker could exploit this vulnerability to write to arbitrary files on the system. Note: This vulnerability is known as "Zip-Slip". IBM X-Force ID: 149427. | 2018-11-16 | not yet calculated | CVE-2018-1797 SECTRACK XF CONFIRM |
ibm -- websphere_commerce |
IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828. | 2018-11-13 | not yet calculated | CVE-2018-1808 SECTRACK XF CONFIRM |
ibm -- websphere_mq |
IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947. | 2018-11-13 | not yet calculated | CVE-2018-1792 BID XF CONFIRM |
inova_software -- inova_partner | Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass via insecure direct object reference. | 2018-11-16 | not yet calculated | CVE-2018-15693 MISC |
inova_software -- inova_partner |
Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass and data manipulation in certain functions. | 2018-11-16 | not yet calculated | CVE-2018-15692 MISC |
intel -- driver_&_support_assistant |
Insufficient input validation in the Intel Driver & Support Assistant before 3.6.0.4 may allow an unauthenticated user to potentially enable information disclosure via adjacent access. | 2018-11-14 | not yet calculated | CVE-2018-3621 CONFIRM |
intel -- media_server_studio |
Improper directory permissions in the installer for the Intel Media Server Studio may allow unprivileged users to potentially enable an escalation of privilege via local access. | 2018-11-14 | not yet calculated | CVE-2018-3697 CONFIRM |
intel -- parallel_studio_xe_2018 |
Heap overflow in Intel Trace Analyzer 2018 in Intel Parallel Studio XE 2018 Update 3 may allow an authenticated user to potentially escalate privileges via local access. | 2018-11-14 | not yet calculated | CVE-2018-12174 CONFIRM |
intel -- raid_web_console_for_windows | Authentication bypass in the Intel RAID Web Console 3 for Windows before 4.186 may allow an unprivileged user to potentially gain administrative privileges via local access. | 2018-11-14 | not yet calculated | CVE-2018-3696 CONFIRM |
intel -- raid_web_console_for_windows | Cross-site scripting in the Intel RAID Web Console v3 for Windows may allow an unauthenticated user to elevate privilege via remote access. | 2018-11-14 | not yet calculated | CVE-2018-3699 CONFIRM |
intel -- rapid_store_technology |
Insufficient input validation in installer in Intel Rapid Store Technology (RST) before version 16.7 may allow an unprivileged user to potentially elevate privileges or cause an installer denial of service via local access. | 2018-11-14 | not yet calculated | CVE-2018-3635 CONFIRM |
intel -- ready_mode_technology |
Improper file permissions in the installer for the Intel Ready Mode Technology may allow an unprivileged user to potentially gain privileged access via local access. | 2018-11-14 | not yet calculated | CVE-2018-3698 CONFIRM |
jeesns -- jeesns | In JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java allows stored XSS via an HTML EMBED element, a different vulnerability than CVE-2018-17886. | 2018-11-11 | not yet calculated | CVE-2018-19178 MISC |
jpressprojects -- jpress | In JPress v1.0-rc.5, there is stored XSS via each of the first three input fields to the starter-tomcat-1.0/admin/setting URI, as demonstrated by the web_name parameter. | 2018-11-11 | not yet calculated | CVE-2018-19170 MISC |
jtbc(php) -- jtbc(php) |
An issue was discovered in JTBC(PHP) 3.0.1.7. aboutus/manage.php?type=action&action=add allows CSRF. | 2018-11-17 | not yet calculated | CVE-2018-19327 MISC |
krisoft -- k-iwi_framework_1775 |
K-iwi Framework 1775 has SQL Injection via the admin/user/group/update user_group_id parameter or the admin/user/user/update user_id parameter. | 2018-11-16 | not yet calculated | CVE-2018-18755 MISC EXPLOIT-DB |
laobancms -- laobancms | An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/art.php?typeid=1 biaoti parameter. | 2018-11-12 | not yet calculated | CVE-2018-19229 MISC |
laobancms -- laobancms | An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies. | 2018-11-12 | not yet calculated | CVE-2018-19224 MISC |
laobancms -- laobancms | An issue was discovered in LAOBANCMS 2.0. admin/mima.php has CSRF. | 2018-11-12 | not yet calculated | CVE-2018-19225 MISC |
laobancms -- laobancms | An issue was discovered in LAOBANCMS 2.0. It allows XSS via the first input field to the admin/type.php?id=1 URI. | 2018-11-12 | not yet calculated | CVE-2018-19223 MISC |
laobancms -- laobancms | An issue was discovered in LAOBANCMS 2.0. It allows arbitrary file deletion via ../ directory traversal in the admin/pic.php del parameter, as demonstrated by deleting install/install.txt to permit a reinstallation. | 2018-11-12 | not yet calculated | CVE-2018-19228 MISC |
laobancms -- laobancms | An issue was discovered in LAOBANCMS 2.0. It allows SQL Injection via the admin/login.php guanliyuan parameter. | 2018-11-12 | not yet calculated | CVE-2018-19221 MISC |
laobancms -- laobancms | An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists. | 2018-11-12 | not yet calculated | CVE-2018-19222 MISC |
laobancms -- laobancms | An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to list .txt files via a direct request for the /data/0/admin.txt URI. | 2018-11-12 | not yet calculated | CVE-2018-19226 MISC |
laobancms -- laobancms |
An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI. | 2018-11-12 | not yet calculated | CVE-2018-19220 MISC |
laobancms -- laobancms |
LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal. | 2018-11-17 | not yet calculated | CVE-2018-19328 MISC |
laobancms -- laobancms |
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/liuyan.php neirong[] parameter. | 2018-11-12 | not yet calculated | CVE-2018-19227 MISC |
laolisafe -- kimsq | kimsQ Rb 2.3.0 allows XSS via the second input field to the /?r=home&mod=mypage&page=info URI. | 2018-11-17 | not yet calculated | CVE-2018-19324 MISC |
lenovo -- chassis_management_module | Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets. | 2018-11-16 | not yet calculated | CVE-2018-9073 CONFIRM |
lenovo -- chassis_management_module | Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate to password lengths, expiration, and lockout configuration. | 2018-11-16 | not yet calculated | CVE-2018-9071 CONFIRM |
lenovo -- lenovo_and_ibm_system_x_servers | A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors. | 2018-11-16 | not yet calculated | CVE-2018-9085 CONFIRM |
lenovo -- thinkserver-branded_servers | In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users. | 2018-11-16 | not yet calculated | CVE-2018-9086 CONFIRM |
library_management_system_web_application -- library_management_system_web_application | Library Management System 1.0 has SQL Injection via the "Search for Books" screen. | 2018-11-16 | not yet calculated | CVE-2018-18796 MISC |
libsass -- libsass | In LibSass 3.5-stable, there is an illegal address access at Sass::Eval::operator that will lead to a DoS attack. | 2018-11-12 | not yet calculated | CVE-2018-19219 MISC |
libsass -- libsass |
In LibSass 3.5-stable, there is an illegal address access at Sass::Parser::parse_css_variable_value_token that will lead to a DoS attack. | 2018-11-12 | not yet calculated | CVE-2018-19218 MISC |
libtiff -- libtiff |
In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset. | 2018-11-12 | not yet calculated | CVE-2018-19210 MISC BID |
libwebm -- libwebm |
In libwebm through 2018-10-03, there is an abort caused by libwebm::Webm2Pes::InitWebmParser() that will lead to a DoS attack. | 2018-11-12 | not yet calculated | CVE-2018-19212 MISC |
libwpd -- libwpd |
In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h. | 2018-11-12 | not yet calculated | CVE-2018-19208 MISC |
life_sciences_computing_corporation -- opendolphin | OpenDolphin 2.7.0 and earlier allows authenticated attackers to obtain other users credentials such as a user ID and/or its password via unspecified vectors. | 2018-11-15 | not yet calculated | CVE-2018-16162 JVN MISC |
life_sciences_computing_corporation -- opendolphin | OpenDolphin 2.7.0 and earlier allows authenticated attackers to bypass authentication to create and/or delete other users accounts via unspecified vectors. | 2018-11-15 | not yet calculated | CVE-2018-16163 JVN MISC |
life_sciences_computing_corporation -- opendolphin |
OpenDolphin 2.7.0 and earlier allows authenticated users to gain administrative privileges and perform unintended operations. | 2018-11-15 | not yet calculated | CVE-2018-16161 JVN MISC |
linux -- linux_kernel | In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction. | 2018-11-16 | not yet calculated | CVE-2018-18955 MISC BID MISC MISC MISC MISC EXPLOIT-DB |
local_server_web_application -- local_server_web_application |
Local Server 1.0.9 has a Buffer Overflow via crafted data on Port 4008. | 2018-11-16 | not yet calculated | CVE-2018-18756 MISC |
losant -- arduino_mqtt_client |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Losant Arduino MQTT Client prior to V2.7. User interaction is not required to exploit this vulnerability. The specific flaw exists within the parsing of MQTT PUBLISH packets. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6436. | 2018-11-13 | not yet calculated | CVE-2018-17614 MISC MISC |
metabase -- metabase |
Cross-site scripting vulnerability in Metabase version 0.29.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2018-11-15 | not yet calculated | CVE-2018-0697 JVN MISC |
micro_focus -- service_manager |
A potential unauthorized disclosure of data vulnerability has been identified in Micro Focus Service Manager versions: 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51. The vulnerability could be exploited to release unauthorized disclosure of data. | 2018-11-13 | not yet calculated | CVE-2018-18591 CONFIRM |
microsoft -- .net_core | A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka ".NET Core Tampering Vulnerability." This affects .NET Core 2.1. | 2018-11-13 | not yet calculated | CVE-2018-8416 BID SECTRACK CONFIRM |
microsoft -- azure_app_service_on_azure_stack | A Cross-site Scripting (XSS) vulnerability exists when Azure App Services on Azure Stack does not properly sanitize user provided input, aka "Azure App Service Cross-site Scripting Vulnerability." This affects Azure App. | 2018-11-13 | not yet calculated | CVE-2018-8600 BID CONFIRM |
microsoft -- chakracore_and_edge | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8557, CVE-2018-8588. | 2018-11-13 | not yet calculated | CVE-2018-8556 BID SECTRACK CONFIRM |
microsoft -- chakracore_and_edge | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588. | 2018-11-13 | not yet calculated | CVE-2018-8541 BID SECTRACK CONFIRM |
microsoft -- chakracore_and_edge | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588. | 2018-11-13 | not yet calculated | CVE-2018-8543 BID SECTRACK CONFIRM |
microsoft -- chakracore_and_edge | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588. | 2018-11-13 | not yet calculated | CVE-2018-8542 BID SECTRACK CONFIRM |
microsoft -- chakracore_and_edge | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8588. | 2018-11-13 | not yet calculated | CVE-2018-8557 BID SECTRACK CONFIRM |
microsoft -- chakracore_and_edge | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588. | 2018-11-13 | not yet calculated | CVE-2018-8551 BID SECTRACK CONFIRM |
microsoft -- chakracore_and_edge | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557. | 2018-11-13 | not yet calculated | CVE-2018-8588 BID SECTRACK CONFIRM |
microsoft -- chakracore_and_edge | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588. | 2018-11-13 | not yet calculated | CVE-2018-8555 BID SECTRACK CONFIRM |
microsoft -- dynamics_365 | A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability." This affects Microsoft Dynamics 365. | 2018-11-13 | not yet calculated | CVE-2018-8609 BID CONFIRM |
microsoft -- dynamics_365 | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8607, CVE-2018-8608. | 2018-11-13 | not yet calculated | CVE-2018-8606 BID CONFIRM |
microsoft -- dynamics_365 | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8606, CVE-2018-8607, CVE-2018-8608. | 2018-11-13 | not yet calculated | CVE-2018-8605 BID CONFIRM |
microsoft -- dynamics_365 | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8606, CVE-2018-8608. | 2018-11-13 | not yet calculated | CVE-2018-8607 BID CONFIRM |
microsoft -- dynamics_365 | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8606, CVE-2018-8607. | 2018-11-13 | not yet calculated | CVE-2018-8608 BID CONFIRM |
microsoft -- edge | An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. | 2018-11-13 | not yet calculated | CVE-2018-8545 BID SECTRACK CONFIRM |
microsoft -- edge | An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. | 2018-11-13 | not yet calculated | CVE-2018-8567 BID SECTRACK CONFIRM |
microsoft -- edge | A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. | 2018-11-13 | not yet calculated | CVE-2018-8564 BID CONFIRM |
microsoft -- exchange_server | An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server. | 2018-11-13 | not yet calculated | CVE-2018-8581 BID SECTRACK CONFIRM |
microsoft -- internet_explorer | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. | 2018-11-13 | not yet calculated | CVE-2018-8570 BID SECTRACK CONFIRM |
microsoft -- internet_explorer | An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Windows Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. | 2018-11-13 | not yet calculated | CVE-2018-8552 BID CONFIRM |
microsoft -- multiple_products | A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code, aka "Microsoft PowerShell Tampering Vulnerability." This affects Windows 7, PowerShell Core 6.1, Windows Server 2012 R2, Windows RT 8.1, PowerShell Core 6.0, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-11-13 | not yet calculated | CVE-2018-8415 BID SECTRACK CONFIRM |
microsoft -- multiple_products | A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype. | 2018-11-13 | not yet calculated | CVE-2018-8546 BID SECTRACK CONFIRM |
microsoft -- multiple_products | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8577. | 2018-11-13 | not yet calculated | CVE-2018-8574 BID SECTRACK CONFIRM |
microsoft -- multiple_products | A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka "Microsoft Project Remote Code Execution Vulnerability." This affects Microsoft Project, Office 365 ProPlus, Microsoft Project Server. | 2018-11-13 | not yet calculated | CVE-2018-8575 BID SECTRACK CONFIRM |
microsoft -- multiple_products | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8574. | 2018-11-13 | not yet calculated | CVE-2018-8577 BID SECTRACK CONFIRM |
microsoft -- multiple_products | An elevation of privilege vulnerability exists in the way that the Microsoft RemoteFX Virtual GPU miniport driver handles objects in memory, aka "Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 8.1, Windows 7, Windows Server 2019. | 2018-11-13 | not yet calculated | CVE-2018-8471 BID SECTRACK CONFIRM |
microsoft -- multiple_products | A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8576. | 2018-11-13 | not yet calculated | CVE-2018-8582 BID SECTRACK CONFIRM |
microsoft -- multiple_products | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8539. | 2018-11-13 | not yet calculated | CVE-2018-8573 BID SECTRACK CONFIRM |
microsoft -- multiple_products | A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files, aka "Microsoft PowerShell Remote Code Execution Vulnerability." This affects Windows RT 8.1, PowerShell Core 6.0, Microsoft.PowerShell.Archive 1.2.2.0, Windows Server 2016, Windows Server 2012, Windows Server 2008 R2, Windows Server 2019, Windows 7, Windows Server 2012 R2, PowerShell Core 6.1, Windows 10 Servers, Windows 10, Windows 8.1. | 2018-11-13 | not yet calculated | CVE-2018-8256 BID SECTRACK CONFIRM |
microsoft -- office | An information disclosure vulnerability exists when attaching files to Outlook messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8558. | 2018-11-13 | not yet calculated | CVE-2018-8579 BID SECTRACK CONFIRM |
microsoft -- office | An information disclosure vulnerability exists when Microsoft Outlook fails to respect "Default link type" settings configured via the SharePoint Online Admin Center, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8579. | 2018-11-13 | not yet calculated | CVE-2018-8558 BID CONFIRM |
microsoft -- office_and_outlook | A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8582. | 2018-11-13 | not yet calculated | CVE-2018-8576 BID SECTRACK CONFIRM |
microsoft -- office_and_outlook | A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8524, CVE-2018-8576, CVE-2018-8582. | 2018-11-13 | not yet calculated | CVE-2018-8522 BID SECTRACK CONFIRM |
microsoft -- office_and_outlook | A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8576, CVE-2018-8582. | 2018-11-13 | not yet calculated | CVE-2018-8524 BID SECTRACK CONFIRM |
microsoft -- office_and_sharepoint_server | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft SharePoint Server, Microsoft Office. This CVE ID is unique from CVE-2018-8573. | 2018-11-13 | not yet calculated | CVE-2018-8539 BID SECTRACK CONFIRM |
microsoft -- sharepoint | An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint. | 2018-11-13 | not yet calculated | CVE-2018-8578 BID SECTRACK CONFIRM |
microsoft -- sharepoint_and_sharepoint_server | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8572. | 2018-11-13 | not yet calculated | CVE-2018-8568 BID SECTRACK CONFIRM |
microsoft -- sharepoint_and_sharepoint_server | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8568. | 2018-11-13 | not yet calculated | CVE-2018-8572 BID CONFIRM |
microsoft -- team_foundation_server | A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server Cross-site Scripting Vulnerability." This affects Team. | 2018-11-13 | not yet calculated | CVE-2018-8602 BID CONFIRM |
microsoft -- team_foundation_server |
A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka "Team Foundation Server Remote Code Execution Vulnerability." This affects Team. | 2018-11-15 | not yet calculated | CVE-2018-8529 BID CONFIRM |
microsoft -- windows_and_windows_server | An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka "Win32k Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-11-13 | not yet calculated | CVE-2018-8565 BID CONFIRM |
microsoft -- windows_and_windows_server | An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-11-13 | not yet calculated | CVE-2018-8408 BID SECTRACK CONFIRM |
microsoft -- windows_and_windows_server | A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server, aka "Active Directory Federation Services XSS Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | 2018-11-13 | not yet calculated | CVE-2018-8547 BID CONFIRM |
microsoft -- windows_and_windows_server | A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | 2018-11-13 | not yet calculated | CVE-2018-8549 BID SECTRACK CONFIRM |
microsoft -- windows_and_windows_server | An elevation of privilege exists in Windows COM Aggregate Marshaler, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-11-13 | not yet calculated | CVE-2018-8550 BID SECTRACK CONFIRM |
microsoft -- windows_and_windows_server | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-11-13 | not yet calculated | CVE-2018-8544 BID SECTRACK CONFIRM |
microsoft -- windows_and_windows_server | A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10. | 2018-11-13 | not yet calculated | CVE-2018-8553 BID SECTRACK CONFIRM |
microsoft -- windows_and_windows_server | An information disclosure vulnerability exists when "Kernel Remote Procedure Call Provider" driver improperly initializes objects in memory, aka "MSRPC Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-11-13 | not yet calculated | CVE-2018-8407 BID SECTRACK CONFIRM |
microsoft -- windows_and_windows_server | A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption, aka "BitLocker Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | 2018-11-13 | not yet calculated | CVE-2018-8566 BID CONFIRM |
microsoft -- windows_and_windows_server | A security feature bypass vulnerability exists in Microsoft JScript that could allow an attacker to bypass Device Guard, aka "Microsoft JScript Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | 2018-11-13 | not yet calculated | CVE-2018-8417 BID SECTRACK CONFIRM |
microsoft -- windows_and_windows_server | An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8485, CVE-2018-8554. | 2018-11-13 | not yet calculated | CVE-2018-8561 BID SECTRACK CONFIRM |
microsoft -- windows_and_windows_server | A remote code execution vulnerability exists when Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-11-13 | not yet calculated | CVE-2018-8450 BID SECTRACK CONFIRM |
microsoft -- windows_and_windows_server | An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | 2018-11-13 | not yet calculated | CVE-2018-8584 BID SECTRACK CONFIRM |
microsoft -- windows_and_windows_server | An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. | 2018-11-13 | not yet calculated | CVE-2018-8589 BID SECTRACK CONFIRM |
microsoft -- windows_and_windows_server | An elevation of privilege vulnerability exists in Windows 10 version 1809 when installed from physical media (USB, DVD, etc, aka "Windows Elevation Of Privilege Vulnerability." This affects Windows 10, Windows Server 2019. | 2018-11-13 | not yet calculated | CVE-2018-8592 BID SECTRACK CONFIRM |
microsoft -- windows_and_windows_server | An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8554, CVE-2018-8561. | 2018-11-13 | not yet calculated | CVE-2018-8485 BID SECTRACK CONFIRM |
microsoft -- windows_and_windows_server | An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019. This CVE ID is unique from CVE-2018-8485, CVE-2018-8561. | 2018-11-13 | not yet calculated | CVE-2018-8554 BID SECTRACK CONFIRM |
microsoft -- windows_and_windows_server | An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2008 R2. | 2018-11-13 | not yet calculated | CVE-2018-8563 BID SECTRACK CONFIRM |
microsoft -- windows_and_windows_server | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-11-13 | not yet calculated | CVE-2018-8562 BID CONFIRM |
microsoft -- windows_and_windows_server | An information disclosure vulnerability exists when Windows Audio Service fails to properly handle objects in memory, aka "Windows Audio Service Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019. | 2018-11-13 | not yet calculated | CVE-2018-8454 BID SECTRACK CONFIRM |
microsoft -- windows_server | A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory, aka "Windows Deployment Services TFTP Server Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10 Servers. | 2018-11-13 | not yet calculated | CVE-2018-8476 BID SECTRACK CONFIRM |
mubu_note -- mubu_note |
The server in mubu note 2018-11-11 has XSS by configuring an account with a crafted name value (along with an arbitrary username value), and then creating and sharing a note. | 2018-11-15 | not yet calculated | CVE-2018-19286 MISC |
multiple_vendors -- message_app_for_android_and_message_app_for_ios |
Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to version 1.0.6, and KDDI +Message App for iOS prior to version 1.1.23) do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2018-11-15 | not yet calculated | CVE-2018-0691 JVN MISC MISC MISC |
mz-automation -- libIEC61850 |
An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. This is exploitable even after CVE-2018-18834 has been patched, with a different dataSetValue sequence than the CVE-2018-18834 attack vector. | 2018-11-12 | not yet calculated | CVE-2018-19185 MISC MISC |
ncurses -- ncurses |
In ncurses 6.1, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. | 2018-11-12 | not yet calculated | CVE-2018-19217 MISC |
ncurses -- ncurses |
In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. | 2018-11-12 | not yet calculated | CVE-2018-19211 MISC |
neojapan -- denbun_pop | SQL injection vulnerability in the Denbun POP version V3.3P R4.0 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via HTTP requests for mail search. | 2018-11-15 | not yet calculated | CVE-2018-0685 JVN MISC MISC |
neojapan -- denbun_pop_and_denbun_imap | Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) uses hard-coded credentials, which may allow remote attackers to read/send mail or change the configuration. | 2018-11-15 | not yet calculated | CVE-2018-0680 JVN MISC MISC |
neojapan -- denbun_pop_and_denbun_imap | Cross-site scripting vulnerability in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2018-11-15 | not yet calculated | CVE-2018-0687 JVN MISC MISC |
neojapan -- denbun_pop_and_denbun_imap | Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) uses hard-coded credentials, which may allow remote attackers to login to the Management page and change the configuration. | 2018-11-15 | not yet calculated | CVE-2018-0681 JVN MISC MISC |
neojapan -- denbun_pop_and_denbun_imap | Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote authenticated attackers to upload and execute any executable files via unspecified vectors. | 2018-11-15 | not yet calculated | CVE-2018-0686 JVN MISC MISC |
neojapan -- denbun_pop_and_denbun_imap | Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) does not properly manage sessions, which allows remote attackers to read/send mail or change the configuration via unspecified vectors. | 2018-11-15 | not yet calculated | CVE-2018-0682 JVN MISC MISC |
neojapan -- denbun_pop_and_denbun_imap | Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R3.0 and earlier, Denbun IMAP version V3.3I R3.0 and earlier) allows remote attackers to execute arbitrary code or cause a denial-of-service (DoS) condition via multipart/form-data format data. | 2018-11-15 | not yet calculated | CVE-2018-0684 JVN MISC MISC |
neojapan -- denbun_pop_and_denbun_imap | Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote attackers to execute arbitrary code or cause a denial-of-service (DoS) condition via Cookie data. | 2018-11-15 | not yet calculated | CVE-2018-0683 JVN MISC MISC |
netapp – storagegrid_webscale | All StorageGRID Webscale versions are susceptible to a vulnerability which could permit an unauthenticated attacker to communicate with systems on the same network as the StorageGRID Webscale Admin Node via HTTP or to take over services on the Admin Node. | 2018-11-14 | not yet calculated | CVE-2018-5495 CONFIRM |
netiq -- access_manager |
Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3. | 2018-11-15 | not yet calculated | CVE-2018-12480 CONFIRM CONFIRM |
netwide_assembler -- netwide_assembler | Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack. | 2018-11-12 | not yet calculated | CVE-2018-19209 MISC |
netwide_assembler -- netwide_assembler | Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters. | 2018-11-12 | not yet calculated | CVE-2018-19215 MISC MISC |
netwide_assembler -- netwide_assembler | Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input. | 2018-11-12 | not yet calculated | CVE-2018-19214 MISC MISC |
netwide_assembler -- netwide_assembler | Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c. | 2018-11-12 | not yet calculated | CVE-2018-19216 MISC MISC |
netwide_assembler -- netwide_assembler |
Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may lead to DoS, related to nasm_malloc in nasmlib/malloc.c. | 2018-11-12 | not yet calculated | CVE-2018-19213 MISC |
nvidia -- graphics_driver | NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector. | 2018-11-13 | not yet calculated | CVE-2018-6260 CONFIRM |
open_ticket_request_system -- open_ticket_request_system | Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled. | 2018-11-11 | not yet calculated | CVE-2018-19143 MISC |
open_ticket_request_system -- open_ticket_request_system | Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled. | 2018-11-11 | not yet calculated | CVE-2018-19141 MISC |
open_ticket_request_system -- open_ticket_request_system |
Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL. | 2018-11-11 | not yet calculated | CVE-2018-19142 MISC |
openssl -- openssl | Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. | 2018-11-15 | not yet calculated | CVE-2018-5407 BID MISC MISC EXPLOIT-DB |
paessler -- prtg_network_monitor | PRTG Network Monitor before 18.2.41.1652 allows remote unauthenticated attackers to terminate the PRTG Core Server Service via a special HTTP request. | 2018-11-12 | not yet calculated | CVE-2018-19203 MISC MISC MISC |
paessler -- prtg_network_monitor | PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker (with read-write privileges) to execute arbitrary code and OS commands with system privileges. When creating an HTTP Advanced Sensor, the user's input in the POST parameter 'proxyport_' is mishandled. The attacker can craft an HTTP request and override the 'writeresult' command-line parameter for HttpAdvancedSensor.exe to store arbitrary data in an arbitrary place on the file system. For example, the attacker can create an executable file in the \Custom Sensors\EXE directory and execute it by creating EXE/Script Sensor. | 2018-11-12 | not yet calculated | CVE-2018-19204 MISC MISC MISC |
php-proxy -- php-proxy |
PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 app_key value from the default config.php is in place, and this value can be easily used to calculate the authorization data needed for local file inclusion. | 2018-11-13 | not yet calculated | CVE-2018-19246 MISC EXPLOIT-DB |
phpbb -- phpbb |
Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions. | 2018-11-17 | not yet calculated | CVE-2018-19274 CONFIRM |
phpmailer -- phpmailer |
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. | 2018-11-16 | not yet calculated | CVE-2018-19296 MISC MISC |
phpoffice -- phpspreadsheet | securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file | 2018-11-14 | not yet calculated | CVE-2018-19277 MISC |
pivotal_cloud_foundry -- credhub_service_broker |
Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service. | 2018-11-13 | not yet calculated | CVE-2018-15795 BID CONFIRM |
pointofsales_web_application -- pointofsales_web_application | PointOfSales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb. | 2018-11-16 | not yet calculated | CVE-2018-18805 MISC EXPLOIT-DB |
polycom -- trio |
The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS. | 2018-11-15 | not yet calculated | CVE-2018-14935 CONFIRM |
polycom -- trio |
The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone. | 2018-11-15 | not yet calculated | CVE-2018-14934 CONFIRM |
postgresql -- postgresql |
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges. | 2018-11-13 | not yet calculated | CVE-2018-16850 BID SECTRACK CONFIRM UBUNTU CONFIRM |
prim'x -- zonecentral |
PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater. | 2018-11-14 | not yet calculated | CVE-2018-19279 MISC |
qemu -- qemu |
The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory. | 2018-11-15 | not yet calculated | CVE-2018-18954 MLIST BID MLIST |
rack -- rack | There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable. | 2018-11-13 | not yet calculated | CVE-2018-16471 MISC |
rack -- rack | There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size. | 2018-11-13 | not yet calculated | CVE-2018-16470 MISC |
redhat -- red_hat_single_sign-on_and_red_hat_single_sign-on_for_rhel | A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack | 2018-11-13 | not yet calculated | CVE-2018-14658 REDHAT REDHAT REDHAT CONFIRM |
redhat -- red_hat_single_sign-on_and_red_hat_single_sign-on_for_rhel | A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_post' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login. | 2018-11-13 | not yet calculated | CVE-2018-14655 REDHAT REDHAT REDHAT CONFIRM |
redhat -- red_hat_single_sign-on_and_red_hat_single_sign-on_for_rhel | A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures. | 2018-11-13 | not yet calculated | CVE-2018-14657 REDHAT REDHAT REDHAT CONFIRM |
roundcube -- roundcube | steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment. | 2018-11-12 | not yet calculated | CVE-2018-19206 MISC MISC |
roundcube -- roundcube |
Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php. | 2018-11-12 | not yet calculated | CVE-2018-19205 MISC MISC |
ruby -- ruby |
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats. | 2018-11-16 | not yet calculated | CVE-2018-16396 MISC MLIST UBUNTU DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
ruby -- ruby |
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations. | 2018-11-16 | not yet calculated | CVE-2018-16395 MISC MLIST UBUNTU DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
s-cms -- s-cms | An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter. | 2018-11-17 | not yet calculated | CVE-2018-19331 MISC |
s-cms -- s-cms |
An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI. | 2018-11-17 | not yet calculated | CVE-2018-19332 MISC |
saltos -- rhinos | RhinOS 3.0 build 1190 allows CSRF. | 2018-11-16 | not yet calculated | CVE-2018-18760 MISC EXPLOIT-DB |
saltos -- saltos |
SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection. | 2018-11-16 | not yet calculated | CVE-2018-18763 MISC EXPLOIT-DB |
saltos -- saltos |
SaltOS 3.1 r8126 allows action=login&querystring=&user=[SQL] SQL Injection. | 2018-11-16 | not yet calculated | CVE-2018-18761 EXPLOIT-DB |
sap -- basis |
An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the <sid>adm user. The commands executed depend upon the privileges of the <sid>adm user. | 2018-11-13 | not yet calculated | CVE-2018-2478 BID MISC MISC |
sap -- businessobjects_business_intelligence | HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console (CMC) by changing request method. | 2018-11-13 | not yet calculated | CVE-2018-2483 BID MISC MISC |
sap -- businessobjects_business_intelligence_platform | SAP BusinessObjects Business Intelligence Platform (BIWorkspace), versions 4.1 and 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 2018-11-13 | not yet calculated | CVE-2018-2479 BID MISC MISC |
sap -- businessobjects_business_intelligence_platform_server | SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | 2018-11-13 | not yet calculated | CVE-2018-2473 BID MISC MISC |
sap -- disclosure_management | SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extraction point. | 2018-11-13 | not yet calculated | CVE-2018-2487 BID MISC MISC |
sap -- fiori_client | It is possible for a malware application installed on an Android device to send local push notifications with an empty message to SAP Fiori Client and cause the application to crash. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version. | 2018-11-13 | not yet calculated | CVE-2018-2488 MISC MISC |
sap -- fiori_client | The broadcast messages received by SAP Fiori Client are not protected by permissions. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version. | 2018-11-13 | not yet calculated | CVE-2018-2490 MISC MISC |
sap -- fiori_client | When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps on the hyperlink in the viewer. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version. | 2018-11-13 | not yet calculated | CVE-2018-2491 MISC MISC |
sap -- fiori_client | It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. This can include reading and writing of information and calling device specific JavaScript APIs in the application. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version. | 2018-11-13 | not yet calculated | CVE-2018-2485 BID MISC MISC |
sap -- fiori_client | Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version. | 2018-11-13 | not yet calculated | CVE-2018-2489 MISC MISC |
sap -- mobile_secure_for_android | SAP Mobile Secure Android Application, Mobile-secure.apk Android client, before version 6.60.19942.0, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Install the Mobile Secure Android client released in Mid-Oct 2018. | 2018-11-13 | not yet calculated | CVE-2018-2482 BID MISC MISC |
sap -- netweaver | Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site. | 2018-11-13 | not yet calculated | CVE-2018-2476 BID MISC MISC |
sap -- netweaver | Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source. | 2018-11-13 | not yet calculated | CVE-2018-2477 BID MISC MISC |
sap -- netweaver_abap | In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality. | 2018-11-13 | not yet calculated | CVE-2018-2481 BID MISC MISC |
school_attendance_monitoring_system_web_application -- school_attendance_monitoring_system_web_application | School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php. | 2018-11-16 | not yet calculated | CVE-2018-18797 MISC EXPLOIT-DB |
school_attendance_monitoring_system_web_application -- school_attendance_monitoring_system_web_application | School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos. | 2018-11-16 | not yet calculated | CVE-2018-18799 MISC EXPLOIT-DB |
school_equipment_monitoring_system_web_application -- school_equipment_monitoring_system_web_application | School Equipment Monitoring System 1.0 allows SQL injection via the login screen, related to include/user.vb. | 2018-11-16 | not yet calculated | CVE-2018-18806 MISC |
school_event_management_system_web_application -- school_event_management_system_web_application | School Event Management System 1.0 allows CSRF via user/controller.php?action=edit. | 2018-11-16 | not yet calculated | CVE-2018-18794 MISC EXPLOIT-DB |
school_event_management_system_web_application -- school_event_management_system_web_application | School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter. | 2018-11-16 | not yet calculated | CVE-2018-18795 MISC EXPLOIT-DB |
school_event_management_system_web_application -- school_event_management_system_web_application | School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos. | 2018-11-16 | not yet calculated | CVE-2018-18793 MISC EXPLOIT-DB |
seacms -- seacms | In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php. | 2018-11-17 | not yet calculated | CVE-2018-19349 MISC |
seacms -- seacms |
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element. | 2018-11-17 | not yet calculated | CVE-2018-19350 MISC |
soliton_systems_k_k -- filezen | FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 2018-11-15 | not yet calculated | CVE-2018-0694 JVN MISC |
soliton_systems_k_k -- filezen |
Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows remote attackers to upload an arbitrary file in the specific directory in FileZen via unspecified vectors. | 2018-11-15 | not yet calculated | CVE-2018-0693 JVN MISC |
sonatype -- nexus_respository_manager | Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection. | 2018-11-15 | not yet calculated | CVE-2018-16621 CONFIRM |
sonatype -- nexus_respository_manager | Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control. | 2018-11-15 | not yet calculated | CVE-2018-16620 CONFIRM |
sonatype -- nexus_respository_manager |
Sonatype Nexus Repository Manager before 3.14 allows XSS. | 2018-11-15 | not yet calculated | CVE-2018-16619 CONFIRM |
sony -- music_center_for_pc |
An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files. | 2018-11-15 | not yet calculated | CVE-2018-0690 JVN MISC |
srcms -- srcms |
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=gifts&a=update to change goods prices with the super administrator's privileges. | 2018-11-16 | not yet calculated | CVE-2018-19319 MISC |
srcms -- srcms |
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account. | 2018-11-16 | not yet calculated | CVE-2018-19318 MISC |
teleport -- teleport |
tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted username is mishandled when an administrator later views the system log. | 2018-11-15 | not yet calculated | CVE-2018-19301 MISC |
tenable -- nagios_xi | Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php. | 2018-11-14 | not yet calculated | CVE-2018-15710 MISC |
tenable -- nagios_xi | Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php. | 2018-11-14 | not yet calculated | CVE-2018-15713 MISC |
tenable -- nagios_xi | Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges. | 2018-11-14 | not yet calculated | CVE-2018-15711 MISC |
tenable -- nagios_xi | Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request. | 2018-11-14 | not yet calculated | CVE-2018-15709 MISC |
tenable -- nagios_xi | Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request. | 2018-11-14 | not yet calculated | CVE-2018-15708 MISC |
tenable -- nagios_xi | Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php. | 2018-11-14 | not yet calculated | CVE-2018-15712 MISC |
tenable -- nagios_xi | Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters. | 2018-11-14 | not yet calculated | CVE-2018-15714 MISC |
tibco_software -- datasynapse_gridserver_manager |
The GridServer Broker and GridServer Director components of TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an unauthenticated user to perform cross-site request forgery (CSRF). Affected releases are TIBCO Software Inc. TIBCO DataSynapse GridServer Manager: versions up to and including 5.2.0; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; 6.2.0; 6.3.0. | 2018-11-13 | not yet calculated | CVE-2018-12416 BID CONFIRM |
uriparser -- uriparser | An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function. | 2018-11-12 | not yet calculated | CVE-2018-19200 MISC MISC |
uriparser -- uriparser | An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts. | 2018-11-12 | not yet calculated | CVE-2018-19198 MISC MISC |
uriparser -- uriparser | An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication. | 2018-11-12 | not yet calculated | CVE-2018-19199 MISC MISC |
usvn_team -- user-friendly_svn |
Cross-site scripting vulnerability in User-friendly SVN (USVN) Version 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2018-11-15 | not yet calculated | CVE-2018-0695 JVN MISC |
valine -- valine |
An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file. | 2018-11-15 | not yet calculated | CVE-2018-19289 MISC |
vmware -- vrealize_log_insight | VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform. | 2018-11-13 | not yet calculated | CVE-2018-6980 BID CONFIRM |
witte_software -- modbus_slave |
Modbus Slave 7.0.0 in modbus tools has a Buffer Overflow. | 2018-11-16 | not yet calculated | CVE-2018-18759 MISC EXPLOIT-DB |
wordpress -- wordpress |
The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited in the wild in November 2018. | 2018-11-12 | not yet calculated | CVE-2018-19207 BID MISC MISC MISC |
wordpress -- wordpress |
XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or form_id parameter. | 2018-11-15 | not yet calculated | CVE-2018-19287 MISC MISC EXPLOIT-DB |
xiaocms -- xiaocms | An issue was discovered in XiaoCms 20141229. There is XSS via the largest input box on the "New news" screen. | 2018-11-12 | not yet calculated | CVE-2018-19193 MISC |
xiaocms -- xiaocms | An issue was discovered in XiaoCms 20141229. admin\controller\database.php allows arbitrary directory deletion via admin/index.php?c=database&a=import&paths[]=../ directory traversal. | 2018-11-12 | not yet calculated | CVE-2018-19197 MISC MISC |
xiaocms -- xiaocms | An issue was discovered in XiaoCms 20141229. It allows remote attackers to execute arbitrary code by using the type parameter to bypass the standard admin\controller\uploadfile.php restrictions on uploaded file types (jpg, jpeg, bmp, png, gif), as demonstrated by an admin/index.php?c=uploadfile&a=uploadify_upload&type=php URI. | 2018-11-12 | not yet calculated | CVE-2018-19196 MISC MISC |
xiaocms -- xiaocms | An issue was discovered in XiaoCms 20141229. There is XSS related to the template\default\show_product.html file. | 2018-11-12 | not yet calculated | CVE-2018-19195 MISC |
xiaocms -- xiaocms | An issue was discovered in XiaoCms 20141229. /admin/index.php?c=database allows full path disclosure in a "failed to open stream" error message. | 2018-11-12 | not yet calculated | CVE-2018-19194 MISC |
xiaocms -- xiaocms |
An issue was discovered in XiaoCms 20141229. admin/index.php?c=content&a=add&catid=3 has CSRF, as demonstrated by entering news via the data[content] parameter. | 2018-11-12 | not yet calculated | CVE-2018-19192 MISC |
yunucms -- yunucms | statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory traversal to delete the install.lock file. | 2018-11-11 | not yet calculated | CVE-2018-19181 MISC |
yunucms -- yunucms |
statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if install.lock is not present) allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DB_PREFIX field, which is written to database.php. | 2018-11-11 | not yet calculated | CVE-2018-19180 MISC |
zoho_manageengine -- opmanager |
Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API. | 2018-11-15 | not yet calculated | CVE-2018-19288 MISC |
zte -- multiple_products | All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials. | 2018-11-16 | not yet calculated | CVE-2018-7363 CONFIRM |
zte -- multiple_products | All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper access control vulnerability, which may allows an unauthorized user to perform unauthorized operations on the router. | 2018-11-16 | not yet calculated | CVE-2018-7362 CONFIRM |
zte -- multiple_products | All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by null pointer dereference vulnerability, which may allows an attacker to cause a denial of service. | 2018-11-16 | not yet calculated | CVE-2018-7361 CONFIRM |
zte -- multiple_products | All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by information exposure vulnerability, which may allow an unauthenticated attacker to get the GPON SN information via appviahttp service. | 2018-11-16 | not yet calculated | CVE-2018-7360 CONFIRM |
zte -- multiple_products | All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by heap-based buffer overflow vulnerability, which may allow an attacker to execute arbitrary code. | 2018-11-16 | not yet calculated | CVE-2018-7359 CONFIRM |
zte -- zxhn_h168n | ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations. | 2018-11-14 | not yet calculated | CVE-2018-7358 CONFIRM |
zte -- zxhn_h168n | ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access. | 2018-11-14 | not yet calculated | CVE-2018-7357 CONFIRM |
zyxel -- vmg1312-b10d_devices | Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd. | 2018-11-17 | not yet calculated | CVE-2018-19326 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/bulletins/SB18-323
Comments
Post a Comment