US-CERT - SB18-155: Vulnerability Summary for the Week of May 28, 2018

Original release date: June 04, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no medium vulnerabilities recorded this week.
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info

1000ch -- dwebp-bin


 
dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. dwebp-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10633
MISC

aerospike -- aerospike-client-nodejs


 
aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10558
MISC
air-sdk -- air-sdk
 
air-sdk is a NPM wrapper for the Adobe AIR SDK. air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10603
MISC
airbrake -- node-airbrake
 
The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending. This goes against common best practice, which is to use HTTPS.2018-05-31not yet calculatedCVE-2016-10530
MISC
MISC
alexyoung -- jadedown
 
jadedown is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in.2018-05-31not yet calculatedCVE-2016-10520
MISC
andzdroid -- paypal-ipn
 
paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would fool any application which does not explicitly check for test_ipn in production.2018-05-29not yet calculatedCVE-2014-10067
MISC
MISC
appgyver -- steroids
 
Steroids is PhoneGap on Steroids, providing native UI elements, multiple WebViews and enhancements for better developer productivity. steroids downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10581
MISC

appium -- appium-chromedriver


 
appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-31not yet calculatedCVE-2016-10557
MISC
apple -- safari
 
webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as distributed in Safari Technology Preview Release 57, mishandle an unset pageURL, leading to an application crash.2018-06-01not yet calculatedCVE-2018-11646
MISC
MISC
appnitro -- machform
 
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.2018-05-26not yet calculatedCVE-2018-6409
MISC
EXPLOIT-DB
MISC
appnitro -- machform
 
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.2018-05-26not yet calculatedCVE-2018-6410
MISC
EXPLOIT-DB
MISC
appnitro -- machform
 
An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.2018-05-26not yet calculatedCVE-2018-6411
MISC
EXPLOIT-DB
MISC

arian -- selenium-wrapper


 
selenium-wrapper is a selenium server wrapper, including installation and chrome webdriver. selenium-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10628
MISC

arrayfire -- arrayfire-js


 
arrayfire-js is a module for ArrayFire for the Node.js platform. arrayfire-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10598
MISC
artifex -- ghostscript
 
psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977.2018-06-01not yet calculatedCVE-2018-11645
MISC
MISC

artiomshapovalov -- tomita-parser


 
tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10666
MISC
arve0 -- node-geoip-country
 
geoip-lite-country is a stripped down version of geoip-lite, supporting only country lookup. geoip-lite-country before 1.1.4 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.2018-05-29not yet calculatedCVE-2016-10568
MISC
atob -- atob
 
atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below.2018-05-29not yet calculatedCVE-2018-3745
MISC
auth0 -- node-jsonwebtokenIn jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).2018-05-29not yet calculatedCVE-2015-9235
MISC
MISC
MISC
MISC

barretts -- node-iedriver


 
iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-31not yet calculatedCVE-2016-10562
MISC

bem-archive -- imageoptim


 
imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10596
MISC

bionode -- bionode-sra


 
bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10613
MISC
bitmain -- antminer_d3_and_l3+_and_s9_devices
 
Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Execution via the system restore function.2018-05-31not yet calculatedCVE-2018-11220
EXPLOIT-DB

bloodaxe -- npm-native-opencv

native-opencv is the OpenCV library installed via npm native-opencv downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10658
MISC

bluesmoon -- node-geoip


 
adamvr-geoip-lite is a light weight native JavaScript implementation of GeoIP API from MaxMind adamvr-geoip-lite downloads geoip resources over HTTP, which leaves it vulnerable to MITM attacks. This impacts the integrity and availability of this geoip data that may alter the decisions made by an application using this data.2018-05-29not yet calculatedCVE-2016-10680
MISC
bmw -- multiple_vehiclesThe Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network.2018-05-31not yet calculatedCVE-2018-9318
BID
MISC
MISC
bmw -- multiple_vehicles
 
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware updates, and consequently obtain a root shell.2018-05-31not yet calculatedCVE-2018-9322
BID
MISC
MISC
bmw -- multiple_vehicles
 
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a remote attack via Bluetooth when in pairing mode, leading to a Head Unit reboot.2018-05-31not yet calculatedCVE-2018-9313
BID
MISC
MISC
bmw -- multiple_vehicles
 
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in.2018-05-31not yet calculatedCVE-2018-9320
BID
MISC
MISC
bmw -- multiple_vehicles
 
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in.2018-05-31not yet calculatedCVE-2018-9312
BID
MISC
MISC
bmw -- multiple_vehicles
 
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows an attack by an attacker who has direct physical access.2018-05-31not yet calculatedCVE-2018-9314
BID
MISC
MISC
bmw -- multiple_vehicles
 
The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network.2018-05-31not yet calculatedCVE-2018-9311
BID
MISC
MISC

broccoli -- broccoli


 
broccoli-closure is a Closure compiler plugin for Broccoli. broccoli-closure before 1.3.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10635
MISC
brother -- hl-l2340d_and_hl-l2380dw_series_printers
 
Cross-site scripting (XSS) vulnerability on Brother HL-L2340D and HL-L2380DW series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html.2018-06-01not yet calculatedCVE-2018-11581
MISC

bulain -- grunt-webdriver-qunit


 
grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in grunt grunt-webdriver-qunit downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10606
MISC

caspervonb -- bitty


 
Bitty is a development web server tool that functions similar to `python -m SimpleHTTPServer`. Version 0.2.10 has a directory traversal vulnerability that is exploitable via the URL path in GET requests.2018-05-31not yet calculatedCVE-2016-10561
MISC
clippercms -- clippercms
 
ClipperCMS 1.3.3 allows Session Fixation.2018-05-30not yet calculatedCVE-2018-11571
MISC
clippercms -- clippercms
 
ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -> Manage modules -> edit" action to the manager/ URI.2018-05-30not yet calculatedCVE-2018-11572
MISC
cloudcmd -- console-io
 
console-io is a module that allows users to implement a web console in their application. A malicious user could bypass the authentication and execute any command that the user who is running the console-io application 2.2.13 and earlier is able to run. This means that if console-io was running from root, the attacker would have full access to the system. This vulnerability exists because the console-io application does not configure socket.io to require authentication, which allows a malicious user to connect via a websocket to send commands and receive the response.2018-05-31not yet calculatedCVE-2016-10532
MISC
cmseasy -- cmseasy
 
An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin.2018-06-02not yet calculatedCVE-2018-11679
MISC
MISC
cmseasy -- cmseasy
 
An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate.2018-06-02not yet calculatedCVE-2018-11680
MISC
cnpm -- node-operadriver
 
operadriver is a Opera Driver for Selenium. operadriver versions below 0.2.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-31not yet calculatedCVE-2016-10565
MISC
cobalt-cli -- cobalt-cli
 
cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10597
MISC
codecanyon.net -- easyservice_billing
 
The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0.2018-05-25not yet calculatedCVE-2018-11443
MISC
EXPLOIT-DB
codecanyon.net -- easyservice_billing
 
A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role.2018-05-25not yet calculatedCVE-2018-11445
MISC
EXPLOIT-DB
codecanyon.net -- easyservice_billing
 
A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0.2018-05-25not yet calculatedCVE-2018-11444
MISC
EXPLOIT-DB
codecanyon.net -- easyservice_billing
 
A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation.2018-05-25not yet calculatedCVE-2018-11442
MISC
EXPLOIT-DB
coderaiser -- node-restafary
 
restafary is a REpresentful State Transfer API for Creating, Reading, Using, Deleting files on a server from the web. Restafary before 1.6.1 is able to set up a root path, which should only allow it to run inside of that root path it specified.2018-05-31not yet calculatedCVE-2016-10528
MISC

connected-web -- product-monitor


 
product-monitor is a HTML/JavaScript template for monitoring a product by encouraging product developers to gather all the information about the status of a product, including live monitoring, statistics, endpoints, and test results into one place. product-monitor versions below 2.2.5 download JavaScript resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10567
MISC
creatiwity -- witycms
 
Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general.2018-05-28not yet calculatedCVE-2018-11512
MISC
MISC
EXPLOIT-DB
cscms -- cscms
 
An issue was discovered in CScms v4.1. A Cross-site request forgery (CSRF) vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator's username and password via /admin.php/sys/editpass_save.2018-05-29not yet calculatedCVE-2018-11527
MISC

dalekjs -- dalek-browser-chrome

dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10604
MISC
dalekjs -- dalek-browser-chrome-canary
 
dalek-browser-chrome-canary provides Google Chrome bindings for DalekJS. dalek-browser-chrome-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10584
MISC
dalekjs -- dalek-browser-ie
 
dalek-browser-ie is Internet Explorer bindings for DalekJS. dalek-browser-ie downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10605
MISC

dalekjs -- dalek-browser-ie


 
dalek-browser-ie-canary is Internet Explorer bindings for DalekJS. dalek-browser-ie-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10612
MISC

danielcardoso -- html-pages


 
The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL.2018-05-29not yet calculatedCVE-2018-3744
MISC
MISC
danielfm -- jshamcrestjshamcrest is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in to the emailAddress validator.2018-05-31not yet calculatedCVE-2016-10521
MISC
dataiku -- dataiku_dss
 
The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pictures visibility.2018-05-28not yet calculatedCVE-2018-10732
MISC
MISC

davidmarkclements -- install-nw


 
install-nw is a module which quickly and robustly installs and caches NW.js. install-nw versions below 1.1.5 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10566
MISC
dchem -- node-ibapi
 
ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10593
MISC
dcodeio -- closurecompiler.js
 
closurecompiler is a Closure Compiler for node.js. closurecompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10582
MISC

ddopson -- node-sauce-connect


 
sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar program for establishing a secure tunnel for intranet testing. sauce-connect downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10599
MISC
dell_emc -- recoverpoint_and_recoverpoint_for_vms
 
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. An authenticated malicious user with access to the RecoverPoint log files may obtain the exposed LDAP password to use it in further attacks.2018-05-29not yet calculatedCVE-2018-1241
FULLDISC
BID
dell_emc -- recoverpoint_and_recoverpoint_for_vms
 
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to execute arbitrary commands on the affected system with root privilege.2018-05-29not yet calculatedCVE-2018-1235
FULLDISC
BID
dell_emc -- recoverpoint_and_recoverpoint_for_vms
 
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files that require root permission cannot be read.2018-05-29not yet calculatedCVE-2018-1242
FULLDISC
BID
delta_electronics -- automation_tpeditor
 
In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution.2018-05-25not yet calculatedCVE-2018-8871
BID
MISC
dirtyhairy -- node-libxl
 
libxl provides Node bindings for the libxl library for reading and writing excel (XLS and XLSX) spreadsheets. libxl downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10585
MISC
domainmod -- domainmod
 
DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter.2018-05-30not yet calculatedCVE-2018-11559
MISC
domainmod -- domainmod
 
DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_first_name parameter.2018-05-30not yet calculatedCVE-2018-11558
MISC
dtao -- fancy-server
 
Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory.2018-05-31not yet calculatedCVE-2014-10066
MISC
dtsearch -- dtsearch
 
A stack exhaustion vulnerability in the search function of dtSearch 7.90.8538.1 and prior allows remote attackers to cause a denial of service condition by sending a specially crafted HTTP request.2018-05-29not yet calculatedCVE-2018-11488
MISC
MISC
MISC
dwyl -- hapi-auth-jwt2
 
When attempting to allow authentication mode `try` in hapi, hapi-auth-jwt2 version 5.1.1 introduced an issue whereby people could bypass authentication.2018-05-29not yet calculatedCVE-2016-10525
MISC
MISC
MISC
electron-userland -- electron-packager
 
electron-packager is a command line tool that packages Electron source code into `.app` and `.exe` packages. along with Electron. The `--strict-ssl` command line option in electron-packager >= 5.2.1 <= 6.0.0 || >=6.0.0 <= 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a man in the middle attack.2018-05-31not yet calculatedCVE-2016-10534
MISC
MISC
ems_software -- ems_master_calendar
 
Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS.2018-06-01not yet calculatedCVE-2018-11628
MISC
MISC

eosio -- eos

An issue was discovered in EOS.IO DAWN 4.2. plugins/net_plugin/net_plugin.cpp does not limit the number of P2P connections from the same source IP address.2018-05-29not yet calculatedCVE-2018-11548
MISC
espruino -- espruino
 
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Information Disclosure with user crafted input files via a Buffer Overflow or Out-of-bounds Read during syntax parsing of certain for loops in jsparse.c.2018-05-31not yet calculatedCVE-2018-11598
MISC
MISC
MISC
MISC
MISC
espruino -- espruino
 
Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via an Out-of-bounds Read during syntax parsing in which certain height validation is missing in libs/graphics/jswrap_graphics.c.2018-05-31not yet calculatedCVE-2018-11592
MISC
MISC
MISC
espruino -- espruino
 
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and potential Information Disclosure with a user crafted input file via a Buffer Overflow during syntax parsing because strncpy is misused in jslex.c.2018-05-31not yet calculatedCVE-2018-11593
MISC
MISC
MISC
espruino -- espruino
 
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing of "VOID" tokens in jsparse.c.2018-05-31not yet calculatedCVE-2018-11594
MISC
MISC
MISC
espruino -- espruino
 
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because a check for '\0' is made for the wrong array element in jsvar.c.2018-05-31not yet calculatedCVE-2018-11596
MISC
MISC
espruino -- espruino
 
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because of a missing check for stack exhaustion with many '{' characters in jsparse.c.2018-05-31not yet calculatedCVE-2018-11597
MISC
MISC
espruino -- espruino
 
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Escalation of Privileges with a user crafted input file via a Buffer Overflow during syntax parsing, because strncat is misused.2018-05-31not yet calculatedCVE-2018-11595
MISC
MISC
MISC
MISC
MISC
espruino -- espruino
 
Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via a NULL pointer dereference during syntax parsing. This was addressed by adding validation for a debug trace print statement in jsvar.c.2018-05-31not yet calculatedCVE-2018-11591
MISC
MISC
MISC
espruino -- espruino
 
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via an integer overflow during syntax parsing. This was addressed by fixing stack size detection on Linux in jsutils.c.2018-05-31not yet calculatedCVE-2018-11590
MISC
MISC
MISC

eversport -- node-unicodetable

unicode loads unicode data downloaded from unicode.org into nodejs. Unicode before 9.0.0 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.2018-05-29not yet calculatedCVE-2016-10578
MISC
exiv2 -- exiv2
 
Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.2018-05-29not yet calculatedCVE-2018-11531
CONFIRM
f5 -- big-ip
 
A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxied traffic, or other potentially sensitive customer data.2018-06-01not yet calculatedCVE-2018-5525
SECTRACK
CONFIRM
f5 -- big-ip
 
Under certain conditions, on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.6.1 HF2-11.6.3.1, virtual servers configured with Client SSL or Server SSL profiles which make use of network hardware security module (HSM) functionality are exposed and impacted by this issue.2018-06-01not yet calculatedCVE-2018-5524
SECTRACK
CONFIRM
f5 -- big-ip
 
On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impacted by this issue.2018-06-01not yet calculatedCVE-2018-5513
SECTRACK
CONFIRM
f5 -- big-ip
 
Under certain conditions, on F5 BIG-IP ASM 13.1.0-13.1.0.5, Behavioral DOS (BADOS) protection may fail during an attack.2018-06-01not yet calculatedCVE-2018-5526
SECTRACK
CONFIRM
f5 -- big-ip
 
Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a "Zip Bomb" attack.2018-06-01not yet calculatedCVE-2017-6153
SECTRACK
CONFIRM
f5 -- big-ip
 
On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS.2018-06-01not yet calculatedCVE-2018-5521
SECTRACK
CONFIRM
f5 -- big-ip
 
On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.2018-06-01not yet calculatedCVE-2018-5523
SECTRACK
SECTRACK
CONFIRM
f5 -- big-ip
 
On F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, when processing DIAMETER transactions with carefully crafted attribute-value pairs, TMM may crash.2018-06-01not yet calculatedCVE-2018-5522
CONFIRM

felixrieseberg -- windows-build-tools


 
windows-build-tools is a module for installing C++ Build Tools for Windows using npm. windows-build-tools versions below 1.0.0 download resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2017-16003
MISC
MISC

fengmk2 -- node-curl


 
httpsync is a port of libcurl to node.js. httpsync downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10614
MISC
fibjs -- fibjs
 
fibjs is a runtime for javascript applictions built on google v8 JS. fibjs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10621
MISC
flif-hub -- flif
 
An issue was discovered in Free Lossless Image Format (FLIF) 0.3. An attacker can trigger a long loop in image_load_pnm in image/image-pnm.cpp.2018-05-28not yet calculatedCVE-2018-11507
MISC
florianholzapfel -- express-restify-mongoose
 
express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send a request for `GET /User?distinct=password` and get all the passwords for all the users in the database, despite the field being set to private. This can be used for other private data if the malicious user knew what was set as private for specific routes.2018-05-31not yet calculatedCVE-2016-10533
MISC
MISC
fortinet -- fortiauthenticator
 
A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator below 5.3.0 versions "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header.2018-05-31not yet calculatedCVE-2018-9186
CONFIRM
fortinet -- fortios
 
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal.2018-05-25not yet calculatedCVE-2017-14185
BID
CONFIRM

fresc81 -- node-curses


 
curses is bindings for the native curses library, a full featured console IO library. curses downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10615
MISC
gaelb -- massif
 
massif is a Phantomjs fork massif downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10682
MISC
gaoxuyan -- gaoxuyangaoxuyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-05-29not yet calculatedCVE-2017-16153
MISC
MISC

gergelyke -- apk-parser2


 
apk-parser2 is a module which extracts Android Manifest info from an APK file. apk-parser2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10632
MISC
giflib -- giflib
 
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.2018-05-26not yet calculatedCVE-2018-11490
BID
MISC
giflib -- giflib
 
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact.2018-05-26not yet calculatedCVE-2018-11489
BID
MISC

giggio -- node-chromedriver


 
Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver before 2.26.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10579
MISC
git -- git
 
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.2018-05-30not yet calculatedCVE-2018-11233
BID
SECTRACK
MISC
git -- git
 
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.2018-05-30not yet calculatedCVE-2018-11235
BID
SECTRACK
MISC
MISC
DEBIAN
EXPLOIT-DB
gitlab -- community_edition_and_enterprise_edition
 
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability.2018-05-31not yet calculatedCVE-2018-10379
CONFIRM
google -- android
 
The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings.2018-05-29not yet calculatedCVE-2018-11544
MISC
google -- android
 
The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.2018-05-26not yet calculatedCVE-2018-11505
MISC
EXPLOIT-DB
graphviz -- graphviz
 
NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.2018-05-30not yet calculatedCVE-2018-10196
CONFIRM
MISC
FEDORA
FEDORA
graylog -- graylog
 
Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js.2018-06-01not yet calculatedCVE-2018-11650
MISC
MISC
graylog -- graylog
 
Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.jsx, components/dashboard/EditDashboardModal.jsx, and pages/ShowDashboardPage.jsx.2018-06-01not yet calculatedCVE-2018-11651
MISC
MISC
greencms -- greencms
 
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin account via index.php?m=admin&c=access&a=adduserhandle.2018-06-01not yet calculatedCVE-2018-11671
MISC
greencms -- greencms
 
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to execute arbitrary PHP code via the content parameter to index.php?m=admin&c=media&a=fileconnect.2018-06-01not yet calculatedCVE-2018-11670
MISC

groupon -- selenium-download


 
selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10559
MISC

hakatashi -- kindlegen


 
Kindlegen is a simple Node.js wrapper of the official kindlegen program. Kindlegen versions before 1.1.0 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10575
MISC
hapijs -- hapi
 
Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. Instead of sending a HTTP 500 error back to the sender, hapi node module before 11.1.3 will continue to hold the socket open until timed out (default node timeout is 2 minutes).2018-05-29not yet calculatedCVE-2015-9241
MISC
MISC
MISC
hapijs -- hapi
 
call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call versions 2.0.1-3.0.1 that does not validate empty parameters, which could result in invalid input bypassing the route validation rules.2018-05-31not yet calculatedCVE-2016-10543
MISC
MISC
hapijs -- hapi
 
Hapi versions less than 11.0.0 implement CORS incorrectly and allowed for configurations that at best returned inconsistent headers and at worst allowed cross-origin activities that were expected to be forbidden. If the connection has CORS enabled but one route has it off, and the route is not GET, the OPTIONS prefetch request will return the default CORS headers and then the actual request will go through and return no CORS headers. This defeats the purpose of turning CORS on the route.2018-05-31not yet calculatedCVE-2015-9236
MISC
MISC
MISC
hapijs -- hapi
 
When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have those restrictions overridden by less restrictive defaults (e.g. origin defaults to all origins `*`).2018-05-29not yet calculatedCVE-2015-9243
MISC
MISC

hapijs -- inert

The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when `showHidden` is false.2018-05-29not yet calculatedCVE-2014-10068
MISC
MISC
MISC
haproxy -- haproxy
 
Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.2018-05-25not yet calculatedCVE-2018-11469
BID
CONFIRM
UBUNTU
haxefoundation -- npm-haxe
 
haxe is a cross-platform toolkit haxe downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10602
MISC
hcl -- ivr_systems
 
A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller's physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller's earpiece).2018-05-30not yet calculatedCVE-2018-11518
MISC
MISC
MISC
MISC

headless-browser-lite -- headless-browser-lite


 
headless-browser-lite is a minimal npm installer for phantomjs and slimerjs with no external dependencies. headless-browser-lite downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10625
MISC
hekto -- hekto
 
Open redirect in hekto <=0.2.3 when target domain name is used as html filename on server.2018-06-01not yet calculatedCVE-2018-3743
MISC

hokaccha -- jwt-simple


 
Since "algorithm" isn't enforced in jwt.decode()in jwt-simple 0.3.0 and earlier, a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants.2018-05-31not yet calculatedCVE-2016-10555
MISC
MISC
MISC
MISC
huawei -- espace_desktop
 
There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the eSpace Desktop to hang up, and the function will restore to normal after restarting the eSpace Desktop.2018-06-01not yet calculatedCVE-2018-7976
CONFIRM
huawei -- multiple_smart_phones
 
Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processing of malicious parameters. An attacker may trick a target user into installing a malicious APK and launch attacks using a pre-installed app with specific permissions. Successful exploit could allow the app to send specific parameters to the smart phone driver, which will result in system restart.2018-06-01not yet calculatedCVE-2017-17171
CONFIRM
huawei -- servers
 
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users.2018-06-01not yet calculatedCVE-2018-7949
CONFIRM
huawei -- servers
 
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.2018-06-01not yet calculatedCVE-2018-7951
CONFIRM
huawei -- servers
 
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.2018-06-01not yet calculatedCVE-2018-7950
CONFIRM
hue -- hue
 
Hue 3.12 has XSS via the /pig/save/ name and script parameters.2018-06-01not yet calculatedCVE-2018-11649
MISC
hyperledger -- iroha
 
Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block signature verification bypass in the transaction and block validator allowing a single node to sign a transaction and/or block multiple times, each with a random nonce, and have other validating nodes accept them as separate valid signatures.2018-06-01not yet calculatedCVE-2018-3756
CONFIRM

hypery2k -- galenframework-cli


 
galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-31not yet calculatedCVE-2016-10560
MISC

i18next -- i18next


 
i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but is not. This vulnerability affects i18next 2.0.0 and later.2018-05-29not yet calculatedCVE-2017-16010
MISC
MISC
ibm -- api_connect
 
IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 142430.2018-05-31not yet calculatedCVE-2018-1532
CONFIRM
XF
ibm -- content_navigator
 
IBM Content Navigator 2.0.3, 3.0.0, 3.0.1, 3.0.2, and 3.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141219.2018-05-31not yet calculatedCVE-2018-1496
CONFIRM
XF
ibm -- db2_for_linux_and_unix_and_windows
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140045.2018-05-25not yet calculatedCVE-2018-1450
CONFIRM
XF
ibm -- flashsystem_v840_and_v900_products
 
IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148.2018-05-29not yet calculatedCVE-2018-1495
CONFIRM
CONFIRM
XF
ibm -- security_guardium_big_data_intelligence
 
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 137767.2018-05-29not yet calculatedCVE-2018-1369
CONFIRM
XF
ibm -- security_guardium_big_data_intelligence
 
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137777.2018-05-29not yet calculatedCVE-2018-1376
CONFIRM
XF
ibm -- security_guardium_big_data_intelligence
 
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 137769.2018-05-29not yet calculatedCVE-2018-1370
CONFIRM
XF
ibm -- security_guardium_big_data_intelligence
 
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 137776.2018-05-29not yet calculatedCVE-2018-1375
CONFIRM
XF
ibm -- security_guardium_big_data_intelligence
 
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 136471.2018-05-29not yet calculatedCVE-2017-1768
CONFIRM
XF
ibm -- storwize_v7000_unified_management_web_interface
 
The IBM Storwize V7000 Unified management Web interface 1.6 exposes internal cluster details to unauthenticated users. IBM X-Force ID: 140398.2018-05-25not yet calculatedCVE-2018-1467
CONFIRM
BID
XF
ibm -- urbancode_deployIBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547.2018-05-25not yet calculatedCVE-2017-1752
CONFIRM
BID
XF

ibmdb -- node-ibm_db


 
ibm_db is an asynchronous/synchronous interface for node.js to IBM DB2 and IBM Informix. ibm_db before 1.0.2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10577
MISC
MISC
igniteui -- igniteui
 
igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol.2018-05-31not yet calculatedCVE-2016-10552
MISC
imagemagick -- imagemagickIn ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.2018-06-01not yet calculatedCVE-2018-11656
CONFIRM
imagemagick -- imagemagick
 
In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file.2018-05-31not yet calculatedCVE-2018-11624
MISC
imagemagick -- imagemagick
 
In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file.2018-06-01not yet calculatedCVE-2018-11655
CONFIRM
imagemagick -- imagemagick
 
In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file.2018-05-31not yet calculatedCVE-2018-11625
MISC
imsobear -- node-browser
 
node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10618
MISC
install-g-test -- install-g-test
 
install-g-test downloads resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10630
MISC

ipfs -- npm-go-ipfs-dep


 
During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this module and could allow for further compromise.2018-05-31not yet calculatedCVE-2016-10563
MISC
MISC
isaacs -- csrf-lite
 
csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enables an attacker to guess the secret in no more than (16*18)288 guesses, instead of the 16^18 guesses required were the timing attack not present.2018-05-31not yet calculatedCVE-2016-10535
MISC
MISC
isaacs -- minimatch
 
Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter.2018-05-31not yet calculatedCVE-2016-10540
MISC
janpot -- mongodb-instance
 
mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instance downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-31not yet calculatedCVE-2016-10572
MISC
jashkenas -- backbone
 
backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the `Model#Escape` function of backbone 0.3.3 and earlier, if a user is able to supply input. This is due to the regex that's replacing things to miss the conversion of things such as `<` to `<`.2018-05-31not yet calculatedCVE-2016-10537
MISC
MISC

jefflembeck -- pngcrush-installer


 
pngcrush-installer is an installer for Pngcrush. pngcrush-installer versions below 1.8.10 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10570
MISC
jfhbrook -- node-ecstatic
 
Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header.2018-05-29not yet calculatedCVE-2015-9242
MISC
MISC
MISC
jigowatt -- php_login_&_user_management
 
An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt "PHP Login & User Management" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user to upload .php files to the web server via a profile avatar field. This results in arbitrary code execution by requesting the .php file.2018-05-29not yet calculatedCVE-2018-11392
MISC
BUGTRAQ
CONFIRM
jonschlinkert -- remarkable
 
Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content.2018-05-31not yet calculatedCVE-2014-10065
MISC
MISC

jser -- jser-stat

jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10592
MISC
MISC
jshttp -- negotiator
 
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string.2018-05-31not yet calculatedCVE-2016-10539
MISC

jugglinmike -- selenium-chromedriver


 
selenium-chromedriver is a simple utility for downloading the Selenium Webdriver for Google Chrome selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10624
MISC
jvminstall -- jvminstall
 
jvminstall is a module for downloading and unpacking jvm to local system. jvminstall downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10631
MISC

k-kinzal -- scala-bin


 
scala-bin is a binary wrapper for Scala. scala-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10627
MISC

k-kinzal -- scalajs-standalone-bin

scala-standalone-bin is a Binary wrapper for ScalaJS. scala-standalone-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10634
MISC

karimsa -- pennyworth


 
pennyworth is a natural language templating engine. pennyworth downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10619
MISC
keystonejs -- keystone
 
Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. A correct password is still required to complete sign in.2018-05-29not yet calculatedCVE-2015-9240
MISC

killmag10 -- nodeschnaps


 
nodeschnaps is a NodeJS compatibility layer for Java (Rhino). nodeschnaps downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10622
MISC

koorchik -- node-mystem3


 
mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10626
MISC
kubernetes -- kubernetes
 
In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.2018-06-01not yet calculatedCVE-2018-1002100
CONFIRM
CONFIRM
MISC
legion_of_the_bouncy_castle -- bouncy_castle_jce_providerIn Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.2018-06-01not yet calculatedCVE-2016-1000338
CONFIRM
liblouis -- liblouis
 
Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c.2018-05-30not yet calculatedCVE-2018-11577
MISC
MISC
liblouis -- liblouis
 
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.2018-05-25not yet calculatedCVE-2018-11440
BID
MISC
libmobi -- libmobi
 
The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file.2018-05-30not yet calculatedCVE-2018-11437
FULLDISC
libmobi -- libmobi
 
The buffer_addraw function in buffer.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.2018-05-30not yet calculatedCVE-2018-11436
FULLDISC
libmobi -- libmobi
 
The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allows remote attackers to cause remote code execution (heap-based buffer overflow) via a crafted mobi file.2018-05-30not yet calculatedCVE-2018-11438
FULLDISC
libmobi -- libmobi
 
The mobi_parse_mobiheader function in read.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.2018-05-30not yet calculatedCVE-2018-11432
FULLDISC
libmobi -- libmobi
 
The mobi_decompress_huffman_internal function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file.2018-05-30not yet calculatedCVE-2018-11435
FULLDISC
libmobi -- libmobi
 
The mobi_get_kf8boundary_seqnumber function in util.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.2018-05-30not yet calculatedCVE-2018-11433
FULLDISC
libmobi -- libmobi
 
The buffer_fill64 function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.2018-05-30not yet calculatedCVE-2018-11434
FULLDISC

liluo -- ipip


 
ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10594
MISC
linux -- linux_kernel
 
The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.2018-05-28not yet calculatedCVE-2018-11508
MISC
BID
MISC
MISC
MISC
linux -- linux_kernel
 
The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call.2018-05-28not yet calculatedCVE-2018-11506
MISC
MISC
MISC
little_cms -- little_cms
 
tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file.2018-05-30not yet calculatedCVE-2018-11556
MISC
MISC
little_cms -- little_cms
 
tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file.2018-05-30not yet calculatedCVE-2018-11555
MISC
MISC
ljharb -- qs
 
The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example, in a web application, other requests would not be processed while this blocking is occurring.2018-05-31not yet calculatedCVE-2014-10064
MISC
lutron_electronics -- multiple_products
 
Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y.2018-06-02not yet calculatedCVE-2018-11681
MISC
lutron_electronics -- multiple_products
 
Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y.2018-06-02not yet calculatedCVE-2018-11682
MISC
lutron_electronics -- multiple_products
 
Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y.2018-06-02not yet calculatedCVE-2018-11629
MISC

macacajs -- macaca-chromedriver


 
macaca-chromedriver-zxa is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver-zxa downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10623
MISC
macacajs -- macaca-chromedriver
 
macaca-chromedriver is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver before 1.0.29 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10586
MISC
mahara -- mahara
 
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara credentials.2018-06-01not yet calculatedCVE-2018-11195
CONFIRM
CONFIRM
mahara -- mahara
 
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning the usernames that are already taken by people registered in the system rather than masking that information.2018-05-30not yet calculatedCVE-2018-11565
CONFIRM
CONFIRM
mahara -- mahara
 
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 can be used as medium to transmit viruses by placing infected files into a Leap2A archive and uploading that to Mahara. In contrast to other ZIP files that are uploaded, ClamAV (when activated) does not check Leap2A archives for viruses, allowing malicious files to be available for download. While files cannot be executed on Mahara itself, Mahara can be used to transfer such files to user computers.2018-06-01not yet calculatedCVE-2018-11196
CONFIRM
CONFIRM
markedjs -- marked
 
marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (`sanitize: true`) to inject a `javascript:` URL. This flaw exists because `&xNNanything;` gets parsed to what it could and leaves the rest behind, resulting in just `anything;` being left.2018-05-31not yet calculatedCVE-2016-10531
MISC
MISC
MISC
mcafee -- data_loss_prevention_endpoint
 
Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility.2018-05-25not yet calculatedCVE-2018-6664
BID
SECTRACK
CONFIRM
md4c -- md4cmd_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based buffer over-read because md_is_link_label mishandles loop termination.2018-05-29not yet calculatedCVE-2018-11547
MISC
md4c -- md4c
 
md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one error.2018-05-29not yet calculatedCVE-2018-11546
MISC
md4c -- md4c
 
md4c before 0.2.5 has a heap-based buffer overflow because md_split_simple_pairing_mark mishandles splits.2018-05-29not yet calculatedCVE-2018-11536
MISC
md4c -- md4c
 
md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because md_is_link_label mishandles the case of a link label composed solely of backslash escapes.2018-05-29not yet calculatedCVE-2018-11545
MISC
miniupnp -- ngiflib
 
ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in DecodeGifImg.2018-05-30not yet calculatedCVE-2018-11575
MISC
MISC
miniupnp -- ngiflib
 
ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg and LoadGif.2018-06-01not yet calculatedCVE-2018-11657
MISC
miniupnp -- ngiflib
 
GifIndexToTrueColor in ngiflib.c in MiniUPnP ngiflib 0.4 has a Segmentation fault.2018-05-30not yet calculatedCVE-2018-11578
MISC
MISC
miniupnp -- ngiflib
 
ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor.2018-05-30not yet calculatedCVE-2018-11576
MISC
MISC
misp -- misp
 
An issue was discovered in MISP 2.4.91. A vulnerability in app/View/Elements/eventattribute.ctp allows reflected XSS if a user clicks on a malicious link for an event view and then clicks on the deleted attributes quick filter.2018-05-30not yet calculatedCVE-2018-11562
CONFIRM
modx -- revolution
 
MODX Revolution 2.6.3 has XSS.2018-06-01not yet calculatedCVE-2018-10382
CONFIRM
CONFIRM
moodle -- moodleAn issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.2018-05-25not yet calculatedCVE-2018-1133
BID
CONFIRM
moodle -- moodle
 
An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.2018-05-25not yet calculatedCVE-2018-1135
BID
CONFIRM
moodle -- moodle
 
An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL.2018-05-25not yet calculatedCVE-2018-1134
BID
CONFIRM
moodle -- moodle
 
An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users.2018-05-25not yet calculatedCVE-2018-1136
BID
CONFIRM
moodle -- moodle
 
An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.2018-05-25not yet calculatedCVE-2018-1137
BID
CONFIRM
moox -- reduce-css-calc
 
Arbitrary code execution is possible in reduce-css-calc node module <=1.2.4 through crafted css. This makes cross sites scripting (XSS) possible on the client and arbitrary code injection possible on the server and user input is passed to the `calc` function.2018-05-31not yet calculatedCVE-2016-10548
MISC
MISC
mozilla -- nunjucks
 
Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as `name[]=`, it is possible to bypass autoescaping and inject content into the DOM.2018-05-31not yet calculatedCVE-2016-10547
MISC
MISC
MISC
mqttjs -- mqtt-packet
 
MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted MQTT packets to crash the application, making a DoS attack feasible with very little bandwidth.2018-05-31not yet calculatedCVE-2016-10523
MISC
MISC
MISC
mybb -- mybb
 
An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. The XSS is located in the mod notes textarea.2018-05-28not yet calculatedCVE-2018-11430
EXPLOIT-DB
mybb -- mybb
 
An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field.2018-05-29not yet calculatedCVE-2018-11532
MISC
EXPLOIT-DB
myscada -- mypro
 
mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010.2018-05-28not yet calculatedCVE-2018-11517
MISC
MISC
mysqljs -- mysqljs
 
mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.2018-05-29not yet calculatedCVE-2017-16047
MISC
mysqljs -- mysql
 
Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.2018-05-29not yet calculatedCVE-2015-9244
MISC
MISC
natus -- xltek_neuroworks_8An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.2018-06-01not yet calculatedCVE-2017-2858
MISC
natus -- xltek_neuroworks_8
 
An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.2018-06-01not yet calculatedCVE-2017-2852
MISC
natus -- xltek_neuroworks_8
 
An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.2018-06-01not yet calculatedCVE-2017-2860
MISC
nch_software -- axon_pbx
 
There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable application.2018-06-01not yet calculatedCVE-2018-11552
FULLDISC
nch_software -- axon_pbx
 
AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file is loaded by 'pbxsetup.exe' improperly.2018-06-01not yet calculatedCVE-2018-11551
FULLDISC
nikto -- nikto
 
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.2018-06-01not yet calculatedCVE-2018-11652
MISC
node-js-libs -- cli
 
The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.2018-05-31not yet calculatedCVE-2016-10538
MISC
MISC
MISC
node-tkinter -- node-tkinter
 
node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.2018-05-29not yet calculatedCVE-2017-16062
MISC
nodeca -- embedza
 
embedza is a module to create HTML snippets/embeds from URLs using info from oEmbed, Open Graph, meta tags. embedza versions below 1.2.4 download JavaScript resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server.2018-05-31not yet calculatedCVE-2016-10569
MISC
ntfserver -- ntfserver
 
ntfserver is a Network Testing Framework Server. ntfserver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10650
MISC
nuuo -- nvrmini_2_devices
 
upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files.2018-05-29not yet calculatedCVE-2018-11523
MISC
EXPLOIT-DB

nwjs -- nw


 
nw is an installer for nw.js. nw downloads zipped resources over HTTP, It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10588
MISC
oliversalzburg -- i18n-node-angular
 
i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of Service or content injection.2018-05-31not yet calculatedCVE-2016-10524
MISC
MISC

omphalos -- crud-file-server


 
crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path.2018-05-29not yet calculatedCVE-2018-3733
MISC
MISC
openframeproject -- openframe-glslviewer
 
openframe-glsviewer is a Openframe extension which adds support for shaders via glslViewer. openframe-glsviewer downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10607
MISC
openframeproject -- openframe-image
 
openframe-image is an Openframe extension which adds support for images via fbi. openframe-image downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10616
MISC

openlayers -- closure-util


 
closure-utils is Utilities for Closure Library based projects. closure-utils downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10583
MISC
pdf-image -- pdf-image
 
Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter.2018-06-01not yet calculatedCVE-2018-3757
CONFIRM
MISC
pdfinfojs -- pdfinfojs
 
The pdfinfojs NPM module versions <= 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine.2018-06-01not yet calculatedCVE-2018-3746
MISC
phpscriptsmall.com -- naukri_clone_script
 
PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dangerous Type in edit_resume_det.php, as demonstrated by changing .docx to .php.2018-05-28not yet calculatedCVE-2018-11514
MISC
poco -- poco
 
poco - The POCO libraries, downloads source file resources used for compilation over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10659
MISC
pouchdb -- pouchdb
 
An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands.2018-05-31not yet calculatedCVE-2016-10546
MISC
probablycorey -- atom-node-module-installer
 
atom-node-module-installer installs node modules for atom-shell applications. atom-node-module-installer binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10620
MISC
pulpiks -- node-mystem
 
mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10698
MISC

putaoshu -- jdf-sass


 
jdf-sass is a fork from node-sass, jdf use only. jdf-sass downloads executable resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested file with an attacker controlled file if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10595
MISC
quest -- dr_series_disk_backupQuest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 29 of 46).2018-06-01not yet calculatedCVE-2018-11171
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 21 of 46).2018-06-01not yet calculatedCVE-2018-11163
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 23 of 46).2018-06-01not yet calculatedCVE-2018-11165
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 24 of 46).2018-06-01not yet calculatedCVE-2018-11166
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 25 of 46).2018-06-01not yet calculatedCVE-2018-11167
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 22 of 46).2018-06-01not yet calculatedCVE-2018-11164
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 20 of 46).2018-06-01not yet calculatedCVE-2018-11162
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 18 of 46).2018-06-01not yet calculatedCVE-2018-11160
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 19 of 46).2018-06-01not yet calculatedCVE-2018-11161
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 26 of 46).2018-06-01not yet calculatedCVE-2018-11168
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 27 of 46).2018-06-01not yet calculatedCVE-2018-11169
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 33 of 46).2018-06-01not yet calculatedCVE-2018-11175
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 34 of 46).2018-06-01not yet calculatedCVE-2018-11176
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 32 of 46).2018-06-01not yet calculatedCVE-2018-11174
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 31 of 46).2018-06-01not yet calculatedCVE-2018-11173
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 28 of 46).2018-06-01not yet calculatedCVE-2018-11170
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 30 of 46).2018-06-01not yet calculatedCVE-2018-11172
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 17 of 46).2018-06-01not yet calculatedCVE-2018-11159
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 16 of 46).2018-06-01not yet calculatedCVE-2018-11158
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 6 of 46).2018-06-01not yet calculatedCVE-2018-11148
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 7 of 46).2018-06-01not yet calculatedCVE-2018-11149
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 5 of 46).2018-06-01not yet calculatedCVE-2018-11147
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 4 of 46).2018-06-01not yet calculatedCVE-2018-11146
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 1 of 46).2018-06-01not yet calculatedCVE-2018-11143
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 3 of 46).2018-06-01not yet calculatedCVE-2018-11145
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 8 of 46).2018-06-01not yet calculatedCVE-2018-11150
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 9 of 46).2018-06-01not yet calculatedCVE-2018-11151
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 14 of 46).2018-06-01not yet calculatedCVE-2018-11156
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 15 of 46).2018-06-01not yet calculatedCVE-2018-11157
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 13 of 46).2018-06-01not yet calculatedCVE-2018-11155
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 12 of 46).2018-06-01not yet calculatedCVE-2018-11154
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 10 of 46).2018-06-01not yet calculatedCVE-2018-11152
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 11 of 46).2018-06-01not yet calculatedCVE-2018-11153
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 35 of 46).2018-06-01not yet calculatedCVE-2018-11177
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 2 of 46).2018-06-01not yet calculatedCVE-2018-11144
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 46 of 46).2018-06-01not yet calculatedCVE-2018-11188
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 45 of 46).2018-06-01not yet calculatedCVE-2018-11187
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 43 of 46).2018-06-01not yet calculatedCVE-2018-11185
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 42 of 46).2018-06-01not yet calculatedCVE-2018-11184
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of 6).2018-06-01not yet calculatedCVE-2018-11189
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6).2018-06-01not yet calculatedCVE-2018-11190
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6).2018-06-01not yet calculatedCVE-2018-11194
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6).2018-06-01not yet calculatedCVE-2018-11193
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6).2018-06-01not yet calculatedCVE-2018-11192
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6).2018-06-01not yet calculatedCVE-2018-11191
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 41 of 46).2018-06-01not yet calculatedCVE-2018-11183
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 44 of 46).2018-06-01not yet calculatedCVE-2018-11186
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 39 of 46).2018-06-01not yet calculatedCVE-2018-11181
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 37 of 46).2018-06-01not yet calculatedCVE-2018-11179
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 36 of 46).2018-06-01not yet calculatedCVE-2018-11178
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 40 of 46).2018-06-01not yet calculatedCVE-2018-11182
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 38 of 46).2018-06-01not yet calculatedCVE-2018-11180
MISC
FULLDISC
MISC
quest -- kace_system_management_appliance
 
The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks.2018-05-31not yet calculatedCVE-2018-11135
MISC
quest -- kace_system_management_appliance
 
The 'reportID' parameter received by the '/common/run_report.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, an error-based type).2018-05-31not yet calculatedCVE-2018-11140
MISC
quest -- kace_system_management_appliance
 
The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. This script is vulnerable to command injection via the unsanitized user input 'TEST_SERVER' sent to the script via the POST method.2018-05-31not yet calculatedCVE-2018-11139
MISC
quest -- kace_system_management_appliance
 
The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.2018-05-31not yet calculatedCVE-2018-11138
MISC
quest -- kace_system_management_appliance
 
The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, a blind time-based type).2018-05-31not yet calculatedCVE-2018-11136
MISC
quest -- kace_system_management_appliance
 
The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script.2018-05-31not yet calculatedCVE-2018-11137
MISC
quest -- kace_system_management_appliance
 
In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue managed that runs with root privileges and only allows a set of commands. One of the available commands allows changing any user's password (including root). A low-privilege user could abuse this feature by changing the password of the 'kace_support' account, which comes disabled by default but has full sudo privileges.2018-05-31not yet calculatedCVE-2018-11134
MISC
quest -- kace_system_management_appliance
 
In order to perform actions that require higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue that runs daemonized with root privileges and only allows a set of commands to be executed. A command injection vulnerability exists within this message queue which allows low-privilege users to append arbitrary commands that will be run as root.2018-05-31not yet calculatedCVE-2018-11132
MISC
quest -- kace_system_management_appliance
 
The 'fmt' parameter of the '/common/run_cross_report.php' script in the the Quest KACE System Management Appliance 8.0.318 is vulnerable to cross-site scripting.2018-05-31not yet calculatedCVE-2018-11133
MISC
quest -- kace_system_management_appliance
 
The 'systemui/settings_network.php' and 'systemui/settings_patching.php' scripts in the Quest KACE System Management Appliance 8.0.318 are accessible only from localhost. This restriction can be bypassed by modifying the 'Host' and 'X_Forwarded_For' HTTP headers in a POST request. An anonymous user can abuse this vulnerability to execute critical functions without authorization.2018-05-31not yet calculatedCVE-2018-11142
MISC
quest -- kace_system_management_appliance
 
The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be at any location where the 'www' user has write permissions.2018-05-31not yet calculatedCVE-2018-11141
MISC
ralphbean -- ansi2html
 
ansi2html is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in.2018-05-31not yet calculatedCVE-2015-9239
MISC

redien -- limbus-buildgen


 
limbus-buildgen is a "build anywhere" build system. limbus-buildgen versions below 0.1.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10674
MISC
riot -- compiler
 
The riot-compiler version version 2.3.21 has an issue in a regex (Catastrophic Backtracking) thats make it unusable under certain conditions.2018-05-31not yet calculatedCVE-2016-10527
MISC
MISC

robot -- robot-js

robot-js is a module for native system automation for node.js. robot-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10608
MISC
robotwebtools -- groslibjs
 
roslib-socketio - The standard ROS Javascript Library fork for add support to socket.io roslib-socketio downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10681
MISC
rondaful -- m1_wristband_smart_band_1_devices
 
Rondaful M1 Wristband Smart Band 1 devices allow remote attackers to send an arbitrary number of call or SMS notifications via crafted Bluetooth Low Energy (BLE) traffic.2018-05-31not yet calculatedCVE-2018-11631
MISC

rse -- node-prince


 
Prince is a Node API for executing XML/HTML to PDF renderer PrinceXML via prince(1) CLI. prince downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10591
MISC

rubenv -- apk-parser


 
apk-parser is a tool to extract Android Manifest info from an APK file. apk-parser versions below 0.1.6 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-31not yet calculatedCVE-2016-10564
MISC
ruckus -- icx7450-48_devices
 
A reflected XSS vulnerability on Ruckus ICX7450-48 devices allows remote attackers to inject arbitrary web script or HTML.2018-05-29not yet calculatedCVE-2018-11027
BUGTRAQ
ruckus -- smartzone
 
Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3.5.1, 3.6.0, and 3.6.1 (Essentials and High Scale) on vSZ, SZ-100, SZ-300, and SCG-200 devices allows remote attackers to obtain sensitive information or modify data.2018-05-31not yet calculatedCVE-2018-11036
MISC
samsung -- s7_edge_device
 
A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463.2018-05-29not yet calculatedCVE-2018-10751
MISC
CONFIRM
EXPLOIT-DB
schedmd -- slurm
 
SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields).2018-05-30not yet calculatedCVE-2018-10995
MISC
MISC
seacms -- seacms
 
SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter.2018-05-30not yet calculatedCVE-2018-11583
MISC
searchblox -- searchblox
 
servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.2018-06-01not yet calculatedCVE-2018-11538
MISC
MISC
EXPLOIT-DB
sela -- sela
 
SELA (aka SimplE Lossless Audio) v0.1.2-alpha has a stack-based buffer overflow in the core/apev2.c init_apev2_keys function.2018-05-31not yet calculatedCVE-2018-11626
MISC

selenium-standalone-painful -- selenium-standalone-painful

selenium-standalone-painful installs a start-selenium command line to start a standalone selenium server with chrome-driver. selenium-standalone-painful downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10679
MISC
sequelize -- sequelize
 
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier.2018-05-31not yet calculatedCVE-2016-10553
MISC
MISC
sequelize -- sequelize
 
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escaping.2018-05-31not yet calculatedCVE-2016-10554
MISC
MISC
sequelize -- sequelize
 
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the `limit` or `order` parameters, a malicious user can put in their own SQL statements. This affects sequelize 3.16.0 and earlier.2018-05-31not yet calculatedCVE-2016-10550
MISC
MISC
sequelize -- sequelize
 
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This causes potential SQL injection in sequelize 3.19.3 and earlier, where a malicious user could put `["test", "'); DELETE TestTable WHERE Id = 1 --')"]` inside of ``` database.query('SELECT * FROM TestTable WHERE Name IN (:names)', { replacements: { names: directCopyOfUserInput } }); ``` and cause the SQL statement to become `SELECT Id FROM Table WHERE Name IN ('test', '\'); DELETE TestTable WHERE Id = 1 --')`. In Postgres, MSSQL, and SQLite, the backslash has no special meaning. This causes the the statement to delete whichever Id has a value of 1 in the TestTable table.2018-05-29not yet calculatedCVE-2016-10556
MISC
MISC
serve -- serve
 
Information exposure through directory listings in serve 6.5.3 allows directory listing and file access even when they have been set to be ignored.2018-06-01not yet calculatedCVE-2018-3809
MISC
sexstatic -- sexstatic
 
XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with