SB18-183: Vulnerability Summary for the Week of June 25, 2018
Original release date: July 02, 2018
Back to top
Back to top
Back to top
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no high vulnerabilities recorded this week. | ||||
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no medium vulnerabilities recorded this week. | ||||
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no low vulnerabilities recorded this week. | ||||
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 389-ds-base -- 389-ds-base | 389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. | 2018-06-22 | not yet calculated | CVE-2017-2668 BID REDHAT REDHAT CONFIRM CONFIRM |
| aaugustin/websockets -- aaugustin/websockets | aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sending a specially crafted frame on an established connection. This vulnerability appears to have been fixed in 5. | 2018-06-26 | not yet calculated | CVE-2018-1000518 MISC |
| adm -- asustor_nas_devices | ASUSTOR ADM 3.1.2.RHG1 and earlier uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell. | 2018-06-28 | not yet calculated | CVE-2018-11510 MISC MISC |
| aef -- advanced_electron_forum | An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A persistent XSS vulnerability is located in the `FTP Link` element of the `Private Message` module. The editor of the private message module allows inserting links without sanitizing the content. This allows remote attackers to inject malicious script code payloads as a private message (aka pmbody). The injection point is the editor ftp link element and the execution point occurs in the message body context on arrival. The request method to inject is POST with restricted user privileges. | 2018-06-29 | not yet calculated | CVE-2018-13000 MISC |
| aio-libs/aiohttp-session -- aio-libs/aiohttp-session | aio-libs aiohttp-session contains a Session Fixation vulnerability in load_session function for RedisStorage (see: https://ift.tt/2MECnKg) that can result in Session Hijacking. This attack appear to be exploitable via Any method that allows setting session cookies (?session=<>, or meta tags or script tags with Set-Cookie). | 2018-06-26 | not yet calculated | CVE-2018-1000519 MISC MISC |
| all_nippon_airways -- ana_app_for_ios | The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2018-06-26 | not yet calculated | CVE-2018-0611 JVN MISC |
| allen-bradley -- l30erms_safety_devices | Improperly implemented option-field processing in the TCP/IP stack on Allen-Bradley L30ERMS safety devices v30 and earlier causes a denial of service. When a crafted TCP packet is received, the device reboots immediately. | 2018-06-25 | not yet calculated | CVE-2017-9312 BID MISC |
| apache -- cassandra | The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in https://ift.tt/294JTvN. The fix for the regression is implemented in https://ift.tt/2KbWliN. This fix is contained in the 3.11.2 release of Apache Cassandra. | 2018-06-28 | not yet calculated | CVE-2018-8016 MISC |
| apache -- hbase | CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be treated as an authenticated user. https://ift.tt/2yxtgZr implements a fix for this issue. It has been fixed in versions: 1.2.6.1, 1.3.2.1, 1.4.5, 2.0.1. | 2018-06-27 | not yet calculated | CVE-2018-8025 BID MISC |
| apache -- pluto | The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information. | 2018-06-27 | not yet calculated | CVE-2018-1306 MISC |
| arm -- mbedtls | ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be exploitable via Peers negotiate a TLS-ECDH-RSA-* ciphersuite. Any of the peers can then provide an ECDSA-signed certificate, when only an RSA-signed one should be accepted.. | 2018-06-26 | not yet calculated | CVE-2018-1000520 MISC |
| atlassian -- fisheye_and_crucible | The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command parameter. | 2018-06-28 | not yet calculated | CVE-2017-16859 BID CONFIRM CONFIRM |
| axis_communications -- ip_cameras | An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface. | 2018-06-26 | not yet calculated | CVE-2018-10662 MISC CONFIRM CONFIRM |
| axis_communications -- ip_cameras | There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction. | 2018-06-26 | not yet calculated | CVE-2018-10659 MISC CONFIRM CONFIRM |
| axis_communications -- ip_cameras | An issue was discovered in multiple models of Axis IP Cameras. There is an Incorrect Size Calculation. | 2018-06-26 | not yet calculated | CVE-2018-10663 MISC CONFIRM CONFIRM |
| axis_communications -- ip_cameras | An issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory Corruption. | 2018-06-26 | not yet calculated | CVE-2018-10664 MISC CONFIRM CONFIRM |
| axis_communications -- ip_cameras | An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control. | 2018-06-26 | not yet calculated | CVE-2018-10661 MISC CONFIRM CONFIRM |
| axis_communications -- ip_cameras | An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection. | 2018-06-26 | not yet calculated | CVE-2018-10660 MISC CONFIRM CONFIRM |
| axis_communications -- ip_cameras | There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or similar. | 2018-06-26 | not yet calculated | CVE-2018-10658 MISC CONFIRM CONFIRM |
| axpdfium -- axpdfium | Untrusted search path vulnerability in axpdfium v0.01 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-06-26 | not yet calculated | CVE-2018-0601 JVN MISC |
| baseon_latronix -- mss_devices | Baseon Lantronix MSS devices do not require a password for TELNET access. | 2018-06-28 | not yet calculated | CVE-2018-12925 MISC |
| basercms -- basercms | baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0572 JVN MISC |
| basercms -- basercms | Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0570 JVN MISC |
| basercms -- basercms | Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0574 JVN MISC |
| basercms -- basercms | baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files. | 2018-06-26 | not yet calculated | CVE-2018-0571 JVN MISC |
| basercms -- basercms | baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0575 JVN MISC |
| basercms -- basercms | baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0573 JVN MISC |
| basercms -- basercms | baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0569 JVN MISC |
| beckoff -- twincat_3 | Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. Precondition of the exploitation of this weakness is network access at the moment a route is added. | 2018-06-27 | not yet calculated | CVE-2017-16718 MISC |
| beckoff -- twincat | Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbirtrary ADS packets when legitimate ADS traffic is observable. | 2018-06-27 | not yet calculated | CVE-2017-16726 MISC |
| bigtree-cms -- bigtree-cms | BigTree-CMS contains a Cross Site Scripting (XSS) vulnerability in /users/create that can result in The low-privileged users can use this vulnerability to attack high-privileged(Developer) users.. This attack appear to be exploitable via no. This vulnerability appears to have been fixed in after commit b652cfdc14d0670c81ac4401ad5a04376745c279. | 2018-06-26 | not yet calculated | CVE-2018-1000521 MISC |
| busybox -- busybox | Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://ift.tt/2MIsYBn". | 2018-06-26 | not yet calculated | CVE-2018-1000500 MISC MISC |
| busybox -- busybox | BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e. | 2018-06-26 | not yet calculated | CVE-2018-1000517 MISC |
| bws_systems -- ha-bridge | BWS Systems HA-Bridge devices allow remote attackers to obtain potentially sensitive information via a direct request for the #!/system URI. | 2018-06-28 | not yet calculated | CVE-2018-12923 MISC |
| centreon -- centreon | Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php. | 2018-06-25 | not yet calculated | CVE-2018-11588 CONFIRM CONFIRM CONFIRM CONFIRM |
| centreon -- centreon | Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php. | 2018-06-25 | not yet calculated | CVE-2018-11589 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| centreon -- centreon | There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php. | 2018-06-25 | not yet calculated | CVE-2018-11587 CONFIRM CONFIRM CONFIRM |
| civetweb -- civetweb | Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file. | 2018-06-22 | not yet calculated | CVE-2018-12684 MISC MISC |
| cloud_foundry -- cloud_foundry | Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open redirects. A remote attacker can craft a malicious link that, when clicked, will redirect users to arbitrary websites after a successful login attempt. | 2018-06-25 | not yet calculated | CVE-2018-11041 CONFIRM |
cloudwu/pbc -- cloudwu/pbc | In libpbc.a in PBC through 2017-03-02, there is a buffer over-read in calc_hash in map.c. | 2018-06-27 | not yet calculated | CVE-2018-12915 MISC |
| cloudwu/pbc -- cloudwu/pbc | In libpbc.a in PBC through 2017-03-02, there is a heap-based buffer over-read in _pbcM_ip_new in map.c. | 2018-06-27 | not yet calculated | CVE-2018-12917 MISC |
| cloudwu/pbc -- cloudwu/pbc | In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcP_message_default in proto.c. | 2018-06-27 | not yet calculated | CVE-2018-12916 MISC |
| cloudwu/pbc -- cloudwu/pbc | In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcB_register_fields in bootstrap.c. | 2018-06-27 | not yet calculated | CVE-2018-12918 MISC |
| cnn-lite -- cnn-lite | An issue was discovered in CCN-lite 2.0.1. There is a heap-based buffer overflow in mkAddToRelayCacheRequest and in ccnl_populate_cache for an array lacking '\0' termination when reading a binary CCNx or NDN file. This can result in Heap Corruption. This was addressed by fixing the memory management in mkAddToRelayCacheRequest in ccn-lite-ctrl.c. | 2018-06-26 | not yet calculated | CVE-2018-12889 MISC |
| codecanyon -- brynamics_online_trade | Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for the /dashboard/deposit URI, as demonstrated by discovering database credentials. | 2018-06-27 | not yet calculated | CVE-2018-12908 MISC |
| corebos -- corebos | coreBOS version 7.0 and earlier contains a Incorrect Access Control vulnerability in Module: Contacts that can result in The error allows you to access records that you have no permissions to. . | 2018-06-26 | not yet calculated | CVE-2018-1000547 MISC |
| craftedweb -- craftedweb | In CraftedWeb through 2013-09-24, aasp_includes/pages/notice.php allows XSS via the e parameter. | 2018-06-27 | not yet calculated | CVE-2018-12919 MISC |
| cyberark -- endpoint_privilege_manager | In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application Group Wizard. | 2018-06-26 | not yet calculated | CVE-2018-12903 MISC |
| cybozu -- mailwise | Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0559 JVN CONFIRM |
| cybozu -- mailwise | Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0558 JVN CONFIRM |
| cybozu -- mailwise | Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0557 JVN CONFIRM |
| cybozu -- office | Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0529 JVN CONFIRM |
| cybozu -- office | Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0527 JVN CONFIRM |
| cybozu -- office | Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0565 JVN CONFIRM |
| cybozu -- office | Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0566 JVN CONFIRM |
| cybozu -- office | Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0567 JVN CONFIRM |
| cybozu -- office | Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0528 JVN CONFIRM |
| cybozu -- office | Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0526 JVN CONFIRM |
| dell -- emc_idrac_service_module | Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content. | 2018-06-26 | not yet calculated | CVE-2018-11053 MISC BID |
| delta_electronics -- delta_industrial_automation_commgr | Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server. | 2018-06-26 | not yet calculated | CVE-2018-10594 BID MISC |
| denx -- u-boot | U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality. | 2018-06-26 | not yet calculated | CVE-2018-1000205 MISC MISC |
| digisol -- dg-br4000ng_devices | DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header. | 2018-06-24 | not yet calculated | CVE-2018-12706 MISC EXPLOIT-DB |
| digisol -- dg-br4000ng_devices | DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side). | 2018-06-24 | not yet calculated | CVE-2018-12705 MISC EXPLOIT-DB |
| easycms -- easycms | EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users. | 2018-06-29 | not yet calculated | CVE-2018-12971 MISC |
| eclipse -- jetty_server | In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system. | 2018-06-27 | not yet calculated | CVE-2018-12536 SECTRACK CONFIRM |
| eclipse -- jetty | In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore. | 2018-06-22 | not yet calculated | CVE-2018-12538 SECTRACK CONFIRM |
| eclipse -- jetty | In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request. | 2018-06-26 | not yet calculated | CVE-2017-7657 SECTRACK CONFIRM |
| eclipse -- jetty_server | In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization. | 2018-06-26 | not yet calculated | CVE-2017-7658 SECTRACK CONFIRM |
| eclipse -- jetty | In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response. | 2018-06-26 | not yet calculated | CVE-2017-7656 SECTRACK CONFIRM |
| electro_industries/gaugetech -- nexus_devices | Electro Industries GaugeTech Nexus devices allow remote attackers to obtain potentially sensitive information via a direct request for the meter_information.htm, diag_system.htm, or diag_dnp_lan_wan.htm URI. | 2018-06-28 | not yet calculated | CVE-2018-12921 MISC |
| emerson_liebert -- intellislot_web_card_devices | Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control via the config/configUser.htm or config/configTelnet.htm URI. | 2018-06-28 | not yet calculated | CVE-2018-12922 MISC |
| ethereum -- bitasean_token | The mintToken function of a smart contract implementation for BitAsean (BAS), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue. | 2018-06-25 | not yet calculated | CVE-2018-12084 MISC |
| ethereum -- block_18 | The approveAndCallcode function of a smart contract implementation for Block 18 (18T), an tradable Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spender.call(_extraData)) is not verified, aka the "evilReflex" issue. NOTE: a PeckShield disclosure states "some researchers have independently discussed the mechanism of such vulnerability." | 2018-06-25 | not yet calculated | CVE-2018-12703 MISC MISC |
| ethereum -- fujinto_token | The mintToken function of a smart contract implementation for Fujinto (NTO), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue. | 2018-06-25 | not yet calculated | CVE-2018-12082 MISC |
| ethereum -- globalvillage_ecosystem_token | The approveAndCallcode function of a smart contract implementation for Globalvillage ecosystem (GVE), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spender.call(_extraData)) is not verified, aka the "evilReflex" issue. NOTE: a PeckShield disclosure states "some researchers have independently discussed the mechanism of such vulnerability." | 2018-06-25 | not yet calculated | CVE-2018-12702 MISC MISC |
| ethereum -- goal_bonanza_token | The mintToken function of a smart contract implementation for GOAL Bonanza (GOAL), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue. | 2018-06-25 | not yet calculated | CVE-2018-12083 MISC |
| ethereum -- gold_reward_token | The buy function of a smart contract implementation for Gold Reward (GRX), an Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the buyer because of overflow of the multiplication of its argument amount and a manipulable variable buyPrice, aka the "tradeTrap" issue. | 2018-06-25 | not yet calculated | CVE-2018-11446 MISC |
| ethereum -- internet_node_token | The mintToken function of a smart contract implementation for Internet Node Token (INT), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue. | 2018-06-25 | not yet calculated | CVE-2018-12080 MISC |
| ethereum -- internet_node_token | The sell function of a smart contract implementation for Internet Node Token (INT), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue. | 2018-06-25 | not yet calculated | CVE-2018-12063 MISC |
| ethereum -- polyai_token | The mintToken function of a smart contract implementation for PolyAI (AI), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue. | 2018-06-25 | not yet calculated | CVE-2018-12078 MISC |
| ethereum -- sec_token | The sell function of a smart contract implementation for SEC, a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue. | 2018-06-25 | not yet calculated | CVE-2018-12070 MISC |
| ethereum -- substratum_token | The sell function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue. | 2018-06-25 | not yet calculated | CVE-2018-12067 MISC |
| ethereum -- substraum_token | The mintToken function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue. | 2018-06-25 | not yet calculated | CVE-2018-12079 MISC |
| ethereum -- swftcoin_token | The sell function of a smart contract implementation for SwftCoin (SWFTC), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue. | 2018-06-25 | not yet calculated | CVE-2018-12062 MISC |
| ethereum -- target_coin_token | The mintToken function of a smart contract implementation for Target Coin (TGT), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue. | 2018-06-25 | not yet calculated | CVE-2018-12081 MISC |
| ethereum -- target_coin_token | The sell function of a smart contract implementation for Target Coin (TGT), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue. | 2018-06-25 | not yet calculated | CVE-2018-12068 MISC |
| exempi -- exempi | The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference. | 2018-06-22 | not yet calculated | CVE-2018-12648 MISC |
| f5 -- big-ip | On BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed methods against virtual servers configured with a Client SSL or Server SSL profile that has the SSL Forward Proxy feature enabled can force the Traffic Management Microkernel (tmm) to leak memory. As a result, system memory usage increases over time, which may eventually cause a decrease in performance or a system reboot due to memory exhaustion. | 2018-06-27 | not yet calculated | CVE-2018-5527 SECTRACK CONFIRM |
| f5 -- big-ip | Under certain conditions, TMM may restart and produce a core file while processing APM data on BIG-IP 13.0.1 or 13.1.0.4-13.1.0.7. | 2018-06-27 | not yet calculated | CVE-2018-5528 SECTRACK CONFIRM |
| flir -- brickstream_2300_devices | Brickstream 2300 devices allow remote attackers to obtain potentially sensitive information via a direct request for the basic.html#ipsettings or basic.html#datadelivery URI. | 2018-06-28 | not yet calculated | CVE-2018-12920 MISC |
| fortinet -- fortimanager | An improper access control vulnerability in Fortinet FortiManager 6.0.0 and below versions, FortiAnalyzer 6.0.0 and below versions allows a regular user edit the avatar picture of other users with arbitrary content. | 2018-06-27 | not yet calculated | CVE-2018-1354 BID SECTRACK SECTRACK CONFIRM |
| fortinet -- fortimanager | An open redirect vulnerability in Fortinet FortiManager 6.0.0 and below versions, FortiAnalyzer 6.0.0 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs. | 2018-06-27 | not yet calculated | CVE-2018-1355 BID SECTRACK SECTRACK CONFIRM |
| fortinet -- fortimanager | A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0 and below versions allows attacker to execute HTML/javascript code via managed remote devices' CLI commands by viewing the remote device CLI config installation log. | 2018-06-28 | not yet calculated | CVE-2018-1351 BID SECTRACK CONFIRM |
| froxlor -- froxlor | Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $_POST['ssl_ipandport']. This vulnerability appears to have been fixed in after commit c1e62e6. | 2018-06-26 | not yet calculated | CVE-2018-1000527 MISC MISC |
| froxlor -- froxlor | Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user. | 2018-06-22 | not yet calculated | CVE-2018-12642 MISC |
| galaxy_project -- galaxy | The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many templates used in the Galaxy server did not properly sanitize user's input, which would allow for cross-site scripting (XSS) attacks. In this form of attack, a malicious person can create a URL which, when opened by a Galaxy user or administrator, would allow the malicious user to execute arbitrary Javascript. that can result in Arbitrary JavaScript code execution. This attack appear to be exploitable via The victim must interact with component on page witch contains injected JavaScript code.. This vulnerability appears to have been fixed in v14.10.1, v15.01. | 2018-06-26 | not yet calculated | CVE-2018-1000516 MISC |
| gimp -- gimp | GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was intended to be private. | 2018-06-24 | not yet calculated | CVE-2018-12713 MISC MISC |
| gnu -- binutils | demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump. | 2018-06-23 | not yet calculated | CVE-2018-12698 BID MISC MISC MISC |
| gnu -- binutils | A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion. | 2018-06-23 | not yet calculated | CVE-2018-12700 BID MISC MISC MISC |
| gnu -- binutils | finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump. | 2018-06-23 | not yet calculated | CVE-2018-12699 BID MISC MISC MISC |
| gnu -- binutils | A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump. | 2018-06-23 | not yet calculated | CVE-2018-12697 BID MISC MISC MISC |
| gnu -- binutils | remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt. | 2018-06-28 | not yet calculated | CVE-2018-12934 MISC MISC MISC |
| gnu -- bitutils | An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new. | 2018-06-22 | not yet calculated | CVE-2018-12641 MISC MISC MISC |
gonicus/gosa -- gonicus/gosa | GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password form (html/password.php, #308) that can result in injection of arbitrary web script or HTML. This attack appear to be exploitable via the victim must open a specially crafted web page. This vulnerability appears to have been fixed in after commit 56070d6289d47ba3f5918885954dcceb75606001. | 2018-06-26 | not yet calculated | CVE-2018-1000528 MISC MISC |
| google -- google_home_and_chromecast_devices | The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its local network, extracting the scan_results bssid fields, and sending these fields in a geolocation/v1/geolocate Google Maps Geolocation API request. | 2018-06-24 | not yet calculated | CVE-2018-12716 MISC MISC MISC MISC |
| gpac -- gpac | An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read. | 2018-06-29 | not yet calculated | CVE-2018-13005 MISC |
| gpac -- gpac | An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump. | 2018-06-29 | not yet calculated | CVE-2018-13006 MISC |
| gpmf-parser -- gpmf-parser | An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for GPMF_KEY_END and nest_level (conditional on a buffer_size_longs check). | 2018-06-29 | not yet calculated | CVE-2018-13009 MISC |
| gpmf-parser -- gpmf-parser | An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Validate. | 2018-06-29 | not yet calculated | CVE-2018-13011 MISC |
| gpmf-parser -- gpmf-parser | An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for GPMF_KEY_END and nest_level (not conditional on a buffer_size_longs check). | 2018-06-29 | not yet calculated | CVE-2018-13007 MISC |
| gpmf-parser -- gpmf-parser | An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for a positive nest_level. | 2018-06-29 | not yet calculated | CVE-2018-13008 MISC |
| grails -- fields_plugin | Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in Using the display tag that can result in XSS . This vulnerability appears to have been fixed in 2.2.8. | 2018-06-26 | not yet calculated | CVE-2018-1000529 MISC |
| greencms -- greencms | GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI. | 2018-06-29 | not yet calculated | CVE-2018-12988 MISC |
| h2o -- h2o | Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0608 JVN MISC |
| hongcms -- hongcms | An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI. | 2018-06-27 | not yet calculated | CVE-2018-12912 MISC |
| hongcms -- hongcms | An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI. | 2018-06-29 | not yet calculated | CVE-2018-13021 MISC |
| hycuscms -- hycuscms | Hycus CMS 1.0.4 allows Authentication Bypass via "'=' 'OR'" credentials. | 2018-06-29 | not yet calculated | CVE-2018-12984 EXPLOIT-DB |
| ibm -- aix | IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748. | 2018-06-22 | not yet calculated | CVE-2018-1655 CONFIRM BID SECTRACK XF |
| ibm -- doors_next_generation | IBM DOORS Next Generation (DNG/RRC) 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141415. | 2018-06-27 | not yet calculated | CVE-2018-1507 CONFIRM XF |
| ibm -- rational_doors | An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. IBM X-Force ID: 140208. | 2018-06-27 | not yet calculated | CVE-2018-1457 CONFIRM BID XF |
| ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. IBM X-Force ID: 144270. | 2018-06-26 | not yet calculated | CVE-2018-1614 SECTRACK XF CONFIRM |
| ibm -- websphere_applications_server_liberty | IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow a remote attacker to obtain sensitive information, caused by mishandling of exceptions by the SAML Web SSO feature. IBM X-Force ID: 142890. | 2018-06-27 | not yet calculated | CVE-2018-1553 CONFIRM XF |
| ibm -- websphere_mq | IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142598. | 2018-06-27 | not yet calculated | CVE-2018-1543 CONFIRM XF |
| ibm -- websphere_mq | An IBM WebSphere MQ (Maintenance levels 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.8, 8.0.0.0 - 8.0.0.8, 9.0.0.0 - 9.0.0.2, and 9.0.0 - 9.0.4) client connecting to a Queue Manager could cause a SIGSEGV in the Channel process amqrmppa. IBM X-Force ID: 137775. | 2018-06-26 | not yet calculated | CVE-2018-1374 CONFIRM XF |
| instant_update -- cms | Instant Update CMS contains a Password Reset Vulnerability vulnerability in /iu-application/controllers/administration/auth.php that can result in Account Tackover. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in v0.3.3. | 2018-06-26 | not yet calculated | CVE-2018-1000501 MISC MISC |
| insteon -- hd_ip_camera_white_2864-222 | The webService binary on Insteon HD IP Camera White 2864-222 devices has a Buffer Overflow via a crafted pid, pwd, or usr key in a GET request on port 34100. | 2018-06-23 | not yet calculated | CVE-2018-12640 MISC |
| insteon -- hd_ip_camera_white_2864-222 | The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100. | 2018-06-23 | not yet calculated | CVE-2018-11560 MISC |
| internet_initiative_japan -- iij_smartkey_app_for_android | IIJ SmartKey App for Android version 2.1.0 and earlier allows remote attackers to bypass authentication [effect_of_bypassing_authentication] via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0584 JVN |
| inversoft -- prime-jwt | inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-20 vulnerability in JWTDecoder.decode that can result in an incorrect signature validation of a JWT token. This attack can be exploitable when an attacker crafts a JWT token with a valid header using 'none' as algorithm and a body to requests it be validated. This vulnerability was fixed after commit abb0d479389a2509f939452a6767dc424bb5e6ba. | 2018-06-26 | not yet calculated | CVE-2018-1000531 MISC |
| ipconfigure -- orchid_core_vms | IPConfigure Orchid Core VMS 2.0.5 allows Directory Traversal. | 2018-06-25 | not yet calculated | CVE-2018-10956 MISC EXPLOIT-DB |
| ivanti -- avalanche | An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects customers who have enabled LDAP authentication in their configuration. | 2018-06-29 | not yet calculated | CVE-2018-8901 CONFIRM |
| ivanti -- avalanche | An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. The impacted products used a single shared key encryption model to encrypt data. A user with access to system databases can use the discovered key to access potentially confidential stored data, which may include Wi-Fi passwords. This discovered key can be used for all instances of the product. | 2018-06-29 | not yet calculated | CVE-2018-8902 CONFIRM |
| jenkins -- jenkins | A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration. | 2018-06-26 | not yet calculated | CVE-2018-1000609 CONFIRM |
| jenkins -- jenkins | A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. | 2018-06-26 | not yet calculated | CVE-2018-1000604 CONFIRM |
| jenkins -- jenkins | A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords configured using Configuration as Code Plugin. | 2018-06-26 | not yet calculated | CVE-2018-1000610 CONFIRM |
| jenkins -- jenkins | A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to. | 2018-06-26 | not yet calculated | CVE-2018-1000605 CONFIRM |
| jenkins -- jenkins | A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session. | 2018-06-26 | not yet calculated | CVE-2018-1000602 CONFIRM |
| jenkins -- jenkins | A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jenkins administrator’s web browser (e.g. malicious extension) to retrieve the configured password. | 2018-06-26 | not yet calculated | CVE-2018-1000608 CONFIRM |
| jenkins -- jenkins | A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | 2018-06-26 | not yet calculated | CVE-2018-1000606 CONFIRM |
| jenkins -- jenkins | A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java, JCloudsSlaveTemplate.java, LauncherFactory.java, OpenstackCredentials.java, OpenStackMachineStep.java, SlaveOptions.java, SlaveOptionsDescriptor.java that allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins, and to cause Jenkins to submit HTTP requests to attacker-specified URLs. | 2018-06-26 | not yet calculated | CVE-2018-1000603 CONFIRM |
| jenkins -- jenkins | A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any file on the Jenkins master file system, only limited by the permissions of the user the Jenkins master process is running as. | 2018-06-26 | not yet calculated | CVE-2018-1000607 CONFIRM |
| jenkins -- jenkins | A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 2018-06-26 | not yet calculated | CVE-2018-1000600 CONFIRM |
| jenkins -- jenkins | A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system. | 2018-06-26 | not yet calculated | CVE-2018-1000601 CONFIRM |
johnath/beep -- johnath/beep | beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users to run beep. | 2018-06-26 | not yet calculated | CVE-2018-1000532 MISC |
| joomla! -- joomla! | An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the "class_exists" function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File Inclusion. | 2018-06-26 | not yet calculated | CVE-2018-12712 BID CONFIRM |
| joomla! -- joomla! | An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL. | 2018-06-26 | not yet calculated | CVE-2018-12711 BID CONFIRM |
| joplin -- joplin | Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field - information on the fix can be found here https://ift.tt/2KsTFxd that can result in executing unauthorized code within the rights in which the application is running. This attack appear to be exploitable via Victim synchronizing notes from the cloud services or other note-keeping services which contain malicious code. This vulnerability appears to have been fixed in 1.0.90 and later. | 2018-06-26 | not yet calculated | CVE-2018-1000534 MISC MISC |
joyplus/joyplus-cms -- joyplus/joyplus-cms | joyplus-cms 1.6.0 has XSS in admin_player.php, related to manager/index.php "system manage" and "add" actions. | 2018-06-27 | not yet calculated | CVE-2018-12905 MISC |
klaussilveira/gitlist -- klaussilveira/gitlist | klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user. This attack appear to be exploitable via Send POST request using search form. This vulnerability appears to have been fixed in 0.7 after commit 87b8c26b023c3fc37f0796b14bb13710f397b322. | 2018-06-26 | not yet calculated | CVE-2018-1000533 MISC MISC |
| lfcms -- lfcms | Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114. | 2018-06-25 | not yet calculated | CVE-2018-12603 MISC EXPLOIT-DB |
| lfcms -- lfcms | A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitrarily. | 2018-06-25 | not yet calculated | CVE-2018-12602 MISC EXPLOIT-DB |
| libtiff -- libtiff | Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file. | 2018-06-26 | not yet calculated | CVE-2018-12900 MISC |
| limesurvey -- limesurvey | LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Boxes that can result in CSRF admins to delete boxes. This vulnerability appears to have been fixed in 3.6.x. | 2018-06-26 | not yet calculated | CVE-2018-1000514 MISC MISC |
| limesurvey -- limesurvey | LimeSurvey version 3.0.0-beta.3+17110 contains a Cross Site Scripting (XSS) vulnerability in Boxes that can result in JS code execution against LimeSurvey admins. This vulnerability appears to have been fixed in 3.6.x. | 2018-06-26 | not yet calculated | CVE-2018-1000513 MISC |
| line -- line_for_windows | Untrusted search path vulnerability in LINE for Windows versions before 5.8.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-06-26 | not yet calculated | CVE-2018-0609 JVN MISC |
| linux -- linux_kernel | ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem. | 2018-06-28 | not yet calculated | CVE-2018-12930 MISC MISC |
| linux -- linux_kernel | ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem. | 2018-06-28 | not yet calculated | CVE-2018-12929 MISC MISC |
| linux -- linux_kernel | ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem. | 2018-06-28 | not yet calculated | CVE-2018-12931 MISC MISC |
| linux -- linux_kernel | Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream already: https://ift.tt/2sT56mh The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible. | 2018-06-26 | not yet calculated | CVE-2018-1000204 CONFIRM |
| linux -- linux_kernel | An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1 index invalid. This allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via crafted perf_event_open and mmap system calls. | 2018-06-24 | not yet calculated | CVE-2018-12714 MISC BID MISC MISC MISC |
| linux -- linux_kernel | In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL. | 2018-06-27 | not yet calculated | CVE-2018-12904 MISC MISC MISC MISC EXPLOIT-DB |
| linux -- linux_kernel | In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem. | 2018-06-28 | not yet calculated | CVE-2018-12928 MISC MISC |
lmsgit/lms -- lmsgit/lms | lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. This attack appear to be exploitable via GET parameter. This vulnerability appears to have been fixed in after commit 254765e. | 2018-06-26 | not yet calculated | CVE-2018-1000535 MISC MISC |
| maelostore -- maelostore | An issue was discovered CMS MaeloStore V.1.5.0. There is stored XSS in the Telephone field of the admin interface. | 2018-06-29 | not yet calculated | CVE-2018-12992 MISC |
| marlin -- marlin_firmware | Marlin Firmware Marlin version 1.1.x and earlier contains a Buffer Overflow vulnerability in cardreader.cpp (Depending on branch/version) that can result in Arbitrary code execution. This attack appear to be exploitable via Crafted G-Code instruction/file is sent to the printer. | 2018-06-26 | not yet calculated | CVE-2018-1000537 MISC MISC |
| mcafee -- web_gateway | Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX). | 2018-06-26 | not yet calculated | CVE-2018-6667 BID SECTRACK CONFIRM |
| medis -- medis | Medis version 0.6.1 and earlier contains a XSS vulnerability evolving into code execution due to enabled nodeIntegration for the renderer process vulnerability in Key name parameter on new key creation that can result in Unauthorized code execution in the victim's machine, within the rights of the running application. This attack appear to be exploitable via Victim is synchronizing data from the redis server which contains malicious key value. | 2018-06-26 | not yet calculated | CVE-2018-1000536 MISC |
| metinfo -- metinfo | Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action. | 2018-06-29 | not yet calculated | CVE-2018-13024 MISC |
| micro_focus -- secure_messaging_gateway | An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5). | 2018-06-29 | not yet calculated | CVE-2018-12465 CONFIRM CONFIRM |
| micro_focus -- secure_messaging_gateway | A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5). | 2018-06-29 | not yet calculated | CVE-2018-12464 CONFIRM CONFIRM |
| micro_focus -- solutions_business_manager | Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains. | 2018-06-22 | not yet calculated | CVE-2018-7682 CONFIRM |
| microsoft -- c++_redistributable | Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-06-26 | not yet calculated | CVE-2018-0599 JVN MISC |
| microsoft -- onedrive | Untrusted search path vulnerability in the installer of Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-06-26 | not yet calculated | CVE-2018-0593 JVN BID MISC |
| microsoft -- onedrive | Untrusted search path vulnerability in Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-06-26 | not yet calculated | CVE-2018-0592 JVN BID MISC |
| microsoft -- playmemories_home_for_windows | Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-06-26 | not yet calculated | CVE-2018-0600 JVN MISC |
| microsoft -- skype_for_windows | Untrusted search path vulnerability in the installer of Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-06-26 | not yet calculated | CVE-2018-0595 JVN BID MISC |
| microsoft -- skype_for_windows | Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-06-26 | not yet calculated | CVE-2018-0594 JVN BID MISC |
| microsoft -- visual_code_studio | Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-06-26 | not yet calculated | CVE-2018-0597 JVN BID MISC |
| microsoft -- visual_studio_community | Untrusted search path vulnerability in the installer of Visual Studio Community allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-06-26 | not yet calculated | CVE-2018-0596 JVN BID MISC |
| microsoft -- windows | Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-06-26 | not yet calculated | CVE-2018-0598 JVN MISC |
| minio -- minio_s3_server | Minio Inc. Minio S3 server version prior to RELEASE.2018-05-16T23-35-33Z contains a Allocation of Memory Without Limits or Throttling (similar to CWE-774) vulnerability in write-to-RAM that can result in Denial of Service. This attack appear to be exploitable via Sending V4-(pre)signed requests with large bodies . This vulnerability appears to have been fixed in after commit 9c8b7306f55f2c8c0a5c7cea9a8db9d34be8faa7. | 2018-06-26 | not yet calculated | CVE-2018-1000538 MISC MISC |
| minisphere -- minisphere | miniSphere version 5.2.9 and earlier contains a Integer Overflow vulnerability in layer_resize() function in map_engine.c that can result in remote denial of service. This attack appear to be exploitable via the victim must load a specially-crafted map which calls SetLayerSize in its entry script. This vulnerability appears to have been fixed in 5.0.3, 5.1.5, 5.2.10 and later. | 2018-06-26 | not yet calculated | CVE-2018-1000524 MISC MISC |
| miniz -- miniz | In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero. | 2018-06-27 | not yet calculated | CVE-2018-12913 MISC |
| misp_project -- misp | An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. An adversary can bypass the brute-force protection by using a PUT HTTP method instead of a POST HTTP method in the login part, because this protection was only covering POST requests. | 2018-06-22 | not yet calculated | CVE-2018-12649 CONFIRM |
| mybb -- mybb | MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be exploitable via Subscribe to a forum through IDOR. This vulnerability appears to have been fixed in 1.8.15. | 2018-06-26 | not yet calculated | CVE-2018-1000503 MISC MISC |
| mybb -- mybb | MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. This attack appear to be exploitable via Must have access to admin panel. This vulnerability appears to have been fixed in 1.8.15. | 2018-06-26 | not yet calculated | CVE-2018-1000502 MISC MISC |
| netapp -- oncommand_unified_manager_for_7-mode | NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface. | 2018-06-22 | not yet calculated | CVE-2017-7568 BID CONFIRM |
| northern_electric_and_power -- inverter_devices | Northern Electric & Power (NEP) inverter devices allow remote attackers to obtain potentially sensitive information via a direct request for the nep/status/index/1 URI. | 2018-06-28 | not yet calculated | CVE-2018-12927 MISC |
nov/json-jwt -- nov/json-jwt | Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 1.9.4 and later. | 2018-06-26 | not yet calculated | CVE-2018-1000539 MISC |
nsmaomao/mao10cms -- nsmaomao/mao10cms | mao10cms 6 allows XSS via the m=bbs&a=index page. | 2018-06-23 | not yet calculated | CVE-2018-12695 MISC |
nsmaomao/mao10cms -- nsmaomao/mao10cms | mao10cms 6 allows XSS via the article page. | 2018-06-23 | not yet calculated | CVE-2018-12696 MISC |
| ntt-cert -- flets_virus_clear | Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-06-26 | not yet calculated | CVE-2018-0563 JVN MISC MISC |
| nucom -- wr644gacv_devices | NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. By downloading this file, an attacker can access the admin password, WPA key, and any config information of the device. | 2018-06-25 | not yet calculated | CVE-2018-8755 MISC |
| ocs_inventory_ng -- ocs_inventory_ng | OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By sending crafted requests it is possible to gain database access. This vulnerability appears to have been fixed in 2.4.1. | 2018-06-26 | not yet calculated | CVE-2018-1000558 MISC MISC |
| ocs_inventory_ng -- ocs_inventory_ng | OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search functionality that can result in An attacker is able to execute arbitrary (javascript) code within a victims' browser. This attack appear to be exploitable via Victim must open a crafted link to the application. This vulnerability appears to have been fixed in ocsreports 2.4.1. | 2018-06-26 | not yet calculated | CVE-2018-1000557 MISC MISC |
| octopus -- deploy | In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user with incorrect permissions may be able to create Accounts under the Infrastructure menu. | 2018-06-26 | not yet calculated | CVE-2018-12884 MISC |
| onefilecms -- onefilecms | onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen. | 2018-06-29 | not yet calculated | CVE-2018-12995 MISC |
| onefilecms -- onefilecms | onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force attacks via the onefilecms_username and onefilecms_password fields. | 2018-06-29 | not yet calculated | CVE-2018-12993 MISC |
| onefilecms -- onefilecms | onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen. | 2018-06-29 | not yet calculated | CVE-2018-12994 MISC |
| openpsa -- openpsa | Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. This attack appear to be exploitable via Specially crafted XML file. This vulnerability appears to have been fixed in after commit 4974a26. | 2018-06-26 | not yet calculated | CVE-2018-1000526 MISC MISC |
| openpsa -- openpsa | openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This vulnerability appears to have been fixed in after commit 097eae0. | 2018-06-26 | not yet calculated | CVE-2018-1000525 MISC MISC |
| openslp -- openslp | slpd_process.c in OpenSLP 2.0.0 has a double free resulting in denial of service (daemon crash) or possibly unauthenticated remote code execution. | 2018-06-28 | not yet calculated | CVE-2018-12938 BID BID MISC |
| opentsdb -- opentsdb | An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'json' to the /q URI. | 2018-06-29 | not yet calculated | CVE-2018-12973 MISC |
| opentsdb -- opentsdb | An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input. | 2018-06-29 | not yet calculated | CVE-2018-12972 MISC |
| opentsdb -- opentsdb | An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI. | 2018-06-29 | not yet calculated | CVE-2018-13003 MISC |
oswetto/loboevolution -- oswetto/loboevolution | LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted XML file. | 2018-06-26 | not yet calculated | CVE-2018-1000540 MISC |
| ovirt -- engine | ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run with one of the options "--provision*db", the database username and password were logged in cleartext. Sharing the provisioning log might inadvertently leak database passwords. | 2018-06-26 | not yet calculated | CVE-2018-1072 REDHAT CONFIRM |
| owen -- 5000_trillion_yen_converter_chrome_extension | Cross-site scripting vulnerability in 5000 trillion yen converter v1.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0612 JVN MISC |
| perl -- perl | perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter. | 2018-06-29 | not yet calculated | CVE-2018-10860 CONFIRM |
| pharos_controls -- pharos_controls_devices | Pharos Controls devices allow remote attackers to obtain potentially sensitive information via a direct request for the default/index.lsp or default/log.lsp URI. | 2018-06-28 | not yet calculated | CVE-2018-12926 MISC |
| php -- php | exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function. | 2018-06-25 | not yet calculated | CVE-2018-12882 BID CONFIRM |
| phpldapadmin -- phpldapadmin | phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel. | 2018-06-22 | not yet calculated | CVE-2018-12689 EXPLOIT-DB |
| pivotal -- operations_manager | Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. An attacker with access to the NGINX processes and knowledge of how to exploit the unpatched vulnerabilities may be able to impact Operations Manager | 2018-06-25 | not yet calculated | CVE-2018-11046 BID CONFIRM |
| pivotal -- spring | Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests. | 2018-06-25 | not yet calculated | CVE-2018-11040 CONFIRM |
| pivotal -- spring | Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack. | 2018-06-25 | not yet calculated | CVE-2018-11039 CONFIRM |
| pixar -- renderman | A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x67). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read by the application is not validated, and its use can lead to a null pointer dereference. The IT application is opened by a user and then listens for a connection on port 4001. An attacker can deliver an attack once the application has been opened. | 2018-06-26 | not yet calculated | CVE-2018-3840 MISC |
| pixar -- renderman | A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x69). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read-in is not validated, and its use can lead to a null pointer dereference. The IT application is opened by a user and then listens for a connection on port 4001. An attacker can deliver an attack once the application has been opened. | 2018-06-26 | not yet calculated | CVE-2018-3841 MISC |
| pixelpost -- pixelpost | Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0605 JVN |
| pixelpost -- pixelpost | SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0606 JVN |
| pixelpost -- pixelpost | Pixelpost v1.7.3 and earlier allows remote code execution via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0604 JVN |
| podofo -- podofo | A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file. | 2018-06-29 | not yet calculated | CVE-2018-12983 MISC |
| podofo -- podofo | Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file. | 2018-06-29 | not yet calculated | CVE-2018-12982 MISC |
| polaris -- office | Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkproresenu.dll file in the current working directory. | 2018-06-28 | not yet calculated | CVE-2018-12589 MISC |
| portainer -- portainer | Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks. | 2018-06-22 | not yet calculated | CVE-2018-12678 CONFIRM CONFIRM |
| qutebrowser -- qutebrowser | qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This attack appear to be exploitable via the victim must open a page with a specially crafted |