US-CERT - SB18-330: Vulnerability Summary for the Week of November 19, 2018
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no high vulnerabilities recorded this week. |
Medium Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no medium vulnerabilities recorded this week. |
Low Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no low vulnerabilities recorded this week. |
Severity Not Yet Assigned
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache -- spark | In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute code too. Note that this does not affect standalone clusters with authentication enabled. While the master host typically has less outbound access to other resources than a worker, the execution of code on the master is nevertheless unexpected. | 2018-11-19 | not yet calculated | CVE-2018-17190 BID MISC |
arm -- adult_filter | Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List file. | 2018-11-22 | not yet calculated | CVE-2018-19459 MISC EXPLOIT-DB |
articlecms -- articlecms | ArticleCMS through 2017-02-19 has XSS via the /update_personal_infomation realname or email parameter. | 2018-11-23 | not yet calculated | CVE-2018-19469 MISC |
artifex -- ghostscript | psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. | 2018-11-23 | not yet calculated | CVE-2018-19475 MISC MISC MISC MISC |
artifex -- ghostscript | An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. | 2018-11-21 | not yet calculated | CVE-2018-19409 BID MISC MISC GENTOO MISC |
artifex -- ghostscript | psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. | 2018-11-23 | not yet calculated | CVE-2018-19477 MISC MISC MISC MISC |
artifex -- ghostscript | psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. | 2018-11-23 | not yet calculated | CVE-2018-19476 MISC MISC MISC MISC |
askey-- qbee_camera_app_for_android | Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password. | 2018-11-20 | not yet calculated | CVE-2018-16223 MISC FULLDISC |
bestxsoftware -- best_free_keylogger | BestXsoftware Best Free Keylogger 5.2.9 allows local users to gain privileges via a Trojan horse "%PROGRAMFILES%\BFK 5.2.9\syscrb.exe" file because of insecure permissions for the BUILTIN\Users group. | 2018-11-19 | not yet calculated | CVE-2018-18519 MISC |
clippercms -- clippercms | ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files. | 2018-11-21 | not yet calculated | CVE-2018-19424 MISC |
cloud_foundry -- user_account_and_authentication_server | Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges. | 2018-11-19 | not yet calculated | CVE-2018-15761 CONFIRM |
comsenz-- discuz! | Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting.php and template\default\common\footer.htm mishandle s statcode field from third-party stats code. | 2018-11-22 | not yet calculated | CVE-2018-19464 MISC |
contiki-ng -- contiki-ng | An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH (default 64) bytes, and a length check is missing. This could lead to Remote Code Execution via a stack-smashing attack (overwriting the function return address). Contiki-NG does not separate the MQTT server from other servers and the OS modules, so access to all memory regions is possible. | 2018-11-21 | not yet calculated | CVE-2018-19417 MISC |
control_web_panel -- centos-webpanel | CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter. | 2018-11-20 | not yet calculated | CVE-2018-18774 MISC MISC EXPLOIT-DB |
control_web_panel -- centos-webpanel | CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command. | 2018-11-20 | not yet calculated | CVE-2018-18772 MISC MISC EXPLOIT-DB |
control_web_panel -- centos-webpanel | CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password. | 2018-11-20 | not yet calculated | CVE-2018-18773 MISC MISC EXPLOIT-DB |
denx -- u-boot | DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image. | 2018-11-20 | not yet calculated | CVE-2018-18439 MLIST |
denx -- u-boot | DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled. | 2018-11-20 | not yet calculated | CVE-2018-18440 MLIST |
fineuploader -- fineuploader | Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server <= v1.2.2 | 2018-11-19 | not yet calculated | CVE-2018-9209 MISC |
fluidbyte -- codiad | Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file. | 2018-11-21 | not yet calculated | CVE-2018-19423 MISC |
foxit_software -- foxit_reader | FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via BMP data because of a ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification issue. | 2018-11-20 | not yet calculated | CVE-2018-19389 MISC MISC |
foxit_software -- foxit_reader | FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via TIFF data because of a ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification issue. | 2018-11-20 | not yet calculated | CVE-2018-19390 MISC MISC |
foxit_software -- foxit_reader | FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read, access violation, and application crash) via TIFF data because of a ConvertToPDF_x86!ReleaseFXURLToHtml issue. | 2018-11-20 | not yet calculated | CVE-2018-19388 MISC MISC |
freeware_advanced_audio_decoder_2 -- freeware_advanced_audio_decoder_2 | An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a heap-based buffer overflow in the function excluded_channels() in libfaad/syntax.c. | 2018-11-23 | not yet calculated | CVE-2018-19502 MISC MISC |
freeware_advanced_audio_decoder_2 -- freeware_advanced_audio_decoder_2 | An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a stack-based buffer overflow in the function calculate_gain() in libfaad/sbr_hfadj.c. | 2018-11-23 | not yet calculated | CVE-2018-19503 MISC MISC |
freeware_advanced_audio_decoder_2 -- freeware_advanced_audio_decoder_2 | An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There is a NULL pointer dereference in ifilter_bank() in libfaad/filtbank.c. | 2018-11-23 | not yet calculated | CVE-2018-19504 MISC MISC |
getsimple_cms -- getsimple_cms | In GetSimple CMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. | 2018-11-21 | not yet calculated | CVE-2018-19420 MISC |
getsimple_cms -- getsimple_cms | In GetSimple CMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. | 2018-11-21 | not yet calculated | CVE-2018-19421 MISC |
git -- git | Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017. | 2018-11-23 | not yet calculated | CVE-2018-19486 MISC MISC |
gnome -- keyring | GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used. | 2018-11-18 | not yet calculated | CVE-2018-19358 MISC MISC MISC |
gnuplot -- gnuplot | An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function. | 2018-11-23 | not yet calculated | CVE-2018-19490 MISC MISC |
gnuplot -- gnuplot | An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot postscript terminal is used as a backend. | 2018-11-23 | not yet calculated | CVE-2018-19491 MISC MISC |
gnuplot -- gnuplot |
An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend. | 2018-11-23 | not yet calculated | CVE-2018-19492 MISC MISC |
google -- chromium | Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the content of bug reports. | 2018-11-20 | not yet calculated | CVE-2018-10099 MISC MISC MISC |
google -- chromium | Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports. | 2018-11-20 | not yet calculated | CVE-2018-19335 MISC MISC MISC |
google -- chromium |
Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports. | 2018-11-20 | not yet calculated | CVE-2018-19334 MISC MISC MISC |
greencms -- greencms | An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to delete a log file via the index.php?m=admin&c=data&a=clear URI. | 2018-11-20 | not yet calculated | CVE-2018-19376 MISC |
hayageek -- hayageek | Arbitrary file upload in jQuery Upload File <= 4.0.2 | 2018-11-19 | not yet calculated | CVE-2018-9207 MISC |
hucart_cms -- hucart_cms | HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI. | 2018-11-23 | not yet calculated | CVE-2018-19468 MISC |
ibm -- api_connect | IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. IBM X-Force ID: 148802. | 2018-11-20 | not yet calculated | CVE-2018-1779 BID XF CONFIRM |
ibm -- cloud_private | The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to network traffic to sniff packets from the connection and uncover data. IBM X-Force ID: 150903 | 2018-11-21 | not yet calculated | CVE-2018-1843 CONFIRM XF |
ibm -- cloud_private | IBM Cloud Private 2.1.0 could allow a local user to obtain the CA Private Key due to it being world readable in boot/master node. IBM X-Force ID: 150901. | 2018-11-19 | not yet calculated | CVE-2018-1841 BID XF CONFIRM |
ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives (EBA) could allow a local attacker to traverse directories on the system. By persuading a victim to extract a specially-crafted ZIP archive containing "dot dot slash" sequences (../), an attacker could exploit this vulnerability to write to arbitrary files on the system. Note: This vulnerability is known as "Zip-Slip". IBM X-Force ID: 149427. | 2018-11-16 | not yet calculated | CVE-2018-1797 BID SECTRACK XF CONFIRM |
ismart_alarm-- ismartalarm_cube_one_devices | Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device. | 2018-11-20 | not yet calculated | CVE-2018-16224 MISC FULLDISC |
ismart_alarm -- ismartalarm_app_for_android | Cleartext Storage of credentials in the iSmartAlarmData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password. | 2018-11-20 | not yet calculated | CVE-2018-16222 MISC FULLDISC |
libansilove -- libansilove | The ansilove_ansi function in loaders/ansi.c in libansilove 1.0.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. | 2018-11-18 | not yet calculated | CVE-2018-19353 MISC MISC |
libsndfile -- libsndfile | An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. | 2018-11-22 | not yet calculated | CVE-2018-19432 BID MISC |
linux -- linux_kernel | In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction. | 2018-11-16 | not yet calculated | CVE-2018-18955 MISC BID MISC MISC MISC MISC EXPLOIT-DB |
linux -- linux_kernel | kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where the apic map is uninitialized. | 2018-11-20 | not yet calculated | CVE-2018-19406 BID MISC |
linux -- linux_kernel | The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized. | 2018-11-20 | not yet calculated | CVE-2018-19407 BID MISC |
liquidvpn -- liquidvpn | Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "command_line" parameter as a shell command. | 2018-11-20 | not yet calculated | CVE-2018-18857 MISC FULLDISC EXPLOIT-DB |
liquidvpn -- liquidvpn | Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the value of the "tun_path" or "tap_path" pathname in a kextload() call. | 2018-11-20 | not yet calculated | CVE-2018-18859 MISC FULLDISC EXPLOIT-DB |
liquidvpn -- liquidvpn_ | Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "tun_path" or "tap_path" pathname within a shell command. | 2018-11-20 | not yet calculated | CVE-2018-18858 MISC FULLDISC EXPLOIT-DB |
liquidvpn -- liquidvpn |
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "openvpncmd" parameter as a shell command. | 2018-11-20 | not yet calculated | CVE-2018-18856 MISC FULLDISC EXPLOIT-DB |
loadbalancer.org -- enterprise_va_max | Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed. | 2018-11-20 | not yet calculated | CVE-2018-18864 MISC FULLDISC |
logicspice -- logicspice | Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file. | 2018-11-22 | not yet calculated | CVE-2018-19457 MISC EXPLOIT-DB |
micro_focus/netiq -- access_manager_identity_provider | An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3. | 2018-11-20 | not yet calculated | CVE-2018-17948 MISC |
novell -- netware | In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing of CALLIT RPC calls in the NFS Portmapper daemon in PKERNEL.NLM allowed remote unauthenticated attackers to execute code, because a length field was incorrectly trusted. | 2018-11-21 | not yet calculated | CVE-2009-5153 MISC MISC MISC |
paessler-- prtg_network_monitor | PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including administrator) via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights. | 2018-11-21 | not yet calculated | CVE-2018-19411 MISC |
paessler-- prtg_network_monitor | PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local File Inclusion attack, by including /api/addusers and executing it. By providing the 'id' and 'users' parameters, an unauthenticated attacker can create a user with read-write privileges (including administrator). | 2018-11-21 | not yet calculated | CVE-2018-19410 MISC |
pcman_ftp_server -- pcman_ftp_server | Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command. | 2018-11-20 | not yet calculated | CVE-2018-18861 MISC |
philips -- multiple_products | Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system. | 2018-11-19 | not yet calculated | CVE-2018-17906 BID MISC |
php -- php | ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM("WScript.Shell"). | 2018-11-20 | not yet calculated | CVE-2018-19395 BID MISC |
php -- php | ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class. | 2018-11-20 | not yet calculated | CVE-2018-19396 BID MISC |
php_proxy -- php_proxy | In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246. | 2018-11-22 | not yet calculated | CVE-2018-19458 MISC EXPLOIT-DB |
phpbb -- phpbb | Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions. | 2018-11-17 | not yet calculated | CVE-2018-19274 MISC MLIST CONFIRM |
pivotal -- cloud_foundry_on_demand_services_sdk | Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and gain access to perform broker operations. | 2018-11-19 | not yet calculated | CVE-2018-15759 CONFIRM |
portainer.io -- portainer | Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case. | 2018-11-20 | not yet calculated | CVE-2018-19367 MISC MISC |
prestashop -- prestashop | modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfiles), order (for upload destinations under modules/files), or cart (for upload destinations under modules/cartfiles). | 2018-11-18 | not yet calculated | CVE-2018-19355 MISC |
project_jupyter -- jupyter_notebook | Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py, NbconvertFileHandler and NbconvertPostHandler do not set a Content Security Policy to prevent this. | 2018-11-18 | not yet calculated | CVE-2018-19351 MISC MISC MISC MISC |
project_jupyter -- jupyter_notebook |
Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely. | 2018-11-18 | not yet calculated | CVE-2018-19352 MISC MISC MISC |
roche_diagnostics -- accu-check_inform_ii_base_unit_and_coaguchek | An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Weak access credentials may enable attackers in the adjacent network to gain unauthorized service access via a service interface. | 2018-11-20 | not yet calculated | CVE-2018-18562 BID MISC |
roche_diagnostics -- accu-chek_inform_ii_base_unit_and_coaguchek | An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Insecure permissions in a service interface may allow authenticated attackers in the adjacent network to execute arbitrary commands on the operating system. | 2018-11-20 | not yet calculated | CVE-2018-18561 BID MISC |
roche_diagnostics -- multiple_products | An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial Number below KQ0400000 or KS0400000) and cobas h 232 before 04.00.04 (Serial Number above KQ0400000 or KS0400000). Improper access control to a service command allows attackers in the adjacent network to execute arbitrary code on the system through a crafted Poct1-A message. | 2018-11-20 | not yet calculated | CVE-2018-18563 BID MISC |
roche_diagnostics -- multiple_products | An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial number below KQ0400000 or KS0400000), and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000). A vulnerability in the software update mechanism allows authenticated attackers in the adjacent network to overwrite arbitrary files on the system through a crafted update package. | 2018-11-20 | not yet calculated | CVE-2018-18565 BID MISC |
roche_diagnostics -- multiple_products | An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000). Improper access control allows attackers in the adjacent network to change the instrument configuration. | 2018-11-20 | not yet calculated | CVE-2018-18564 BID MISC |
royal_applications -- royal_ts_and_tsx_browser_extensions |
The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure. | 2018-11-20 | not yet calculated | CVE-2018-18865 MISC FULLDISC FULLDISC EXPLOIT-DB |
samsung -- 840_evo_devices | An issue was discovered on Samsung 840 EVO devices. Vendor-specific commands may allow access to the disk-encryption key. | 2018-11-20 | not yet calculated | CVE-2018-12038 CERT-VN BID MISC CONFIRM |
samsung -- multiple_devices | An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows attackers with privileged access to SSD firmware full access to encrypted data. | 2018-11-20 | not yet calculated | CVE-2018-12037 BID MISC CONFIRM |
showdoc -- showdoc | ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value. | 2018-11-22 | not yet calculated | CVE-2018-19433 MISC |
subrion -- subrion_cms | /panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these. | 2018-11-21 | not yet calculated | CVE-2018-19422 MISC |
sysstat -- sysstat | An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memmove call, as demonstrated by sadf. | 2018-11-21 | not yet calculated | CVE-2018-19416 MISC |
sysstat -- sysstat | An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memset call, as demonstrated by sadf. | 2018-11-24 | not yet calculated | CVE-2018-19517 MISC |
tryton -- tryton | The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. This connection attempt fails, but it contains in the header the current session of the user. This session could then be stolen by a man-in-the-middle. | 2018-11-22 | not yet calculated | CVE-2018-19443 MISC MISC |
ucms -- ucms | UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash] is used for arbitrary cookie values that are set and not empty. | 2018-11-22 | not yet calculated | CVE-2018-19437 MISC |
vanilla_forums -- vanilla | Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class. | 2018-11-23 | not yet calculated | CVE-2018-19499 MISC |
weberp -- weberp | An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear_ parameter. | 2018-11-22 | not yet calculated | CVE-2018-19434 MISC |
weberp -- weberp | An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter. | 2018-11-22 | not yet calculated | CVE-2018-19435 MISC |
weberp -- weberp | An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter. | 2018-11-22 | not yet calculated | CVE-2018-19436 MISC |
yxcms -- yxcms | In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url= followed by that URL. This is related to the onlineinstall and import functions. | 2018-11-20 | not yet calculated | CVE-2018-19404 MISC |
z-blogphp -- z-blogphp | zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI. | 2018-11-22 | not yet calculated | CVE-2018-19463 MISC |
zoho -- manageengine_opmanager | Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability. | 2018-11-20 | not yet calculated | CVE-2018-18716 MISC FULLDISC BUGTRAQ |
zoho -- manageengine_opmanager | Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS. | 2018-11-20 | not yet calculated | CVE-2018-18715 MISC FULLDISC BUGTRAQ |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/bulletins/SB18-330
Comments
Post a Comment