SB18-246: Vulnerability Summary for the Week of August 27, 2018
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no high vulnerabilities recorded this week. |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no medium vulnerabilities recorded this week. |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no low vulnerabilities recorded this week. |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
a10 -- acos_web_application_firewall | A10 ACOS Web Application Firewall (WAF) 2.7.1 and 2.7.2 before 2.7.2-P12, 4.1.0 before 4.1.0-P11, 4.1.1 before 4.1.1-P8, and 4.1.2 before 4.1.2-P4 mishandles the configured rules for blocking SQL injection attacks, aka A10-2017-0008. | 2018-08-27 | not yet calculated | CVE-2018-15904 CONFIRM |
abb -- esoms | ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability. | 2018-08-29 | not yet calculated | CVE-2018-14805 BID MISC CONFIRM |
adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-08-29 | not yet calculated | CVE-2018-12808 BID SECTRACK CONFIRM |
adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-08-29 | not yet calculated | CVE-2018-12799 BID SECTRACK CONFIRM |
adobe -- creative_cloud | Adobe Creative Cloud Desktop Application before 4.6.1 has an improper certificate validation vulnerability. Successful exploitation could lead to privilege escalation. | 2018-08-29 | not yet calculated | CVE-2018-12829 BID CONFIRM |
adobe -- creative_cloud | Adobe Creative Cloud Desktop Application before 4.5.5.342 (installer) has an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. | 2018-08-29 | not yet calculated | CVE-2018-5003 BID SECTRACK CONFIRM |
adobe -- experience_manager | Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have an input validation bypass vulnerability. Successful exploitation could lead to unauthorized information modification. | 2018-08-29 | not yet calculated | CVE-2018-12807 BID SECTRACK CONFIRM |
adobe -- experience_manager | Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2018-08-29 | not yet calculated | CVE-2018-12806 BID SECTRACK CONFIRM |
adobe -- flash_player | Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-08-29 | not yet calculated | CVE-2018-12826 BID SECTRACK REDHAT CONFIRM |
adobe -- flash_player | Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-08-29 | not yet calculated | CVE-2018-12827 BID SECTRACK REDHAT CONFIRM EXPLOIT-DB |
adobe -- flash_player | Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Successful exploitation could lead to security mitigation bypass. | 2018-08-29 | not yet calculated | CVE-2018-12825 BID SECTRACK REDHAT CONFIRM |
adobe -- flash_player | Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-08-29 | not yet calculated | CVE-2018-12824 BID SECTRACK REDHAT CONFIRM |
adobe -- flash_player | Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability. Successful exploitation could lead to privilege escalation. | 2018-08-29 | not yet calculated | CVE-2018-12828 BID SECTRACK REDHAT CONFIRM |
adobe -- photoshop_cc | Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution. | 2018-08-29 | not yet calculated | CVE-2018-12811 BID CONFIRM |
adobe -- photoshop_cc | Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution. | 2018-08-29 | not yet calculated | CVE-2018-12810 BID CONFIRM |
alcatel -- a30_device | The Alcatel A30 device with a build fingerprint of TCL/5046G/MICKEY6US:7.0/NRD90M/J63:user/release-keys contains a hidden privilege escalation capability to achieve command execution as the root user. They have made modifications that allow a user with physical access to the device to obtain a root shell via ADB. Modifying the read-only properties by an app as the system user creates a UNIX domain socket named factory_test that will execute commands as the root user by processes that have privilege to access it (as per the SELinux rules that the vendor controls). | 2018-08-29 | not yet calculated | CVE-2018-6597 MISC |
amazon – amazon_web_services | An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog. | 2018-08-24 | not yet calculated | CVE-2018-15869 BID MISC |
apache -- traffic_server | There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions. | 2018-08-29 | not yet calculated | CVE-2018-8004 BID CONFIRM CONFIRM CONFIRM CONFIRM MLIST DEBIAN |
apache -- traffic_server | A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. This affects version 6.2.2. To resolve this issue users running 6.2.2 should upgrade to 6.2.3 or later versions. | 2018-08-29 | not yet calculated | CVE-2018-8022 BID CONFIRM MLIST |
apache -- traffic_server | Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions. | 2018-08-29 | not yet calculated | CVE-2018-8040 BID CONFIRM MLIST MLIST DEBIAN |
apache -- traffic_server | When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x users should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions. | 2018-08-29 | not yet calculated | CVE-2018-8005 BID CONFIRM CONFIRM MLIST DEBIAN |
apache -- traffic_server | Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server (ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions. | 2018-08-29 | not yet calculated | CVE-2018-1318 BID CONFIRM MLIST DEBIAN |
argus -- surveillance_dvr | Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter. | 2018-08-30 | not yet calculated | CVE-2018-15745 MISC MISC EXPLOIT-DB |
artifex -- ghostscript | In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code. | 2018-08-28 | not yet calculated | CVE-2018-15911 MISC MISC MISC |
artifex -- ghostscript | In Artifex Ghostscript 9.23 before 2018-08-23, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. | 2018-08-27 | not yet calculated | CVE-2018-15910 MISC MISC |
artifex -- ghostscript | In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code. | 2018-08-27 | not yet calculated | CVE-2018-15909 MISC MISC BID MISC |
artifex -- ghostscript | In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files. | 2018-08-27 | not yet calculated | CVE-2018-15908 MISC MISC |
aspcm -- aspcms | An issue was discovered in ASPCMS 2.5.6. When registering ordinary users in the addUser function of the /member/reg.asp page, they can be registered with the super administrators GroupID directly. | 2018-08-26 | not yet calculated | CVE-2018-15888 MISC MISC |
asus -- dsl-n12e_c1 | Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request. | 2018-08-27 | not yet calculated | CVE-2018-15887 MISC |
asustor -- data_master | ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field. | 2018-08-27 | not yet calculated | CVE-2018-15699 MISC |
asustor -- data_master | ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. For example, /home/admin/.ash_history. | 2018-08-27 | not yet calculated | CVE-2018-15697 MISC |
asustor -- data_master | ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi. | 2018-08-27 | not yet calculated | CVE-2018-15698 MISC |
asustor -- data_master | ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi. | 2018-08-27 | not yet calculated | CVE-2018-15696 MISC |
asustor -- data_master | ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi. | 2018-08-27 | not yet calculated | CVE-2018-15695 MISC |
asustor -- data_master | ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled. | 2018-08-27 | not yet calculated | CVE-2018-15694 MISC |
atlassian -- jira | Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and before version 7.11.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the epic colour field of an issue while an issue is being moved. | 2018-08-28 | not yet calculated | CVE-2018-13395 CONFIRM |
atlassian -- jira_server | The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and from version 7.11.0 before version 7.11.2 allows remote attackers who can access & view an issue to obtain the email address of the reporter and assignee user of an issue despite the configured email visibility setting being set to hidden. | 2018-08-28 | not yet calculated | CVE-2018-13391 BID CONFIRM |
auth0 -- auth0 | An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations. | 2018-08-28 | not yet calculated | CVE-2018-15121 CONFIRM |
bludit -- bludit | Bludit 2.3.4 allows XSS via a user name. | 2018-09-01 | not yet calculated | CVE-2018-16313 MISC |
ca -- ppm | An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks. | 2018-08-30 | not yet calculated | CVE-2018-13826 CONFIRM |
ca -- ppm | Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information. | 2018-08-30 | not yet calculated | CVE-2018-13822 CONFIRM |
ca -- ppm | Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks. | 2018-08-30 | not yet calculated | CVE-2018-13825 CONFIRM |
ca -- ppm | Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks. | 2018-08-30 | not yet calculated | CVE-2018-13824 CONFIRM |
ca -- ppm | An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information. | 2018-08-30 | not yet calculated | CVE-2018-13823 CONFIRM |
ca -- release_automation | Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code. | 2018-08-30 | not yet calculated | CVE-2018-15691 SECTRACK CONFIRM |
ca -- unified_infrastructure_management | A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. | 2018-08-30 | not yet calculated | CVE-2018-13820 CONFIRM |
ca -- unified_infrastructure_management | A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. | 2018-08-30 | not yet calculated | CVE-2018-13819 CONFIRM |
ca -- unified_infrastructure_management | A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing. | 2018-08-30 | not yet calculated | CVE-2018-13821 CONFIRM |
cms -- isweb | CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or oggettiRicerca parameter to index.php. | 2018-08-29 | not yet calculated | CVE-2018-15562 MISC |
conference-scheduler-cli -- conference-scheduler-cli | In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call. | 2018-08-28 | not yet calculated | CVE-2018-14572 MISC |
couchbase -- couchbase_server | An issue was discovered in Couchbase Server. Authenticated users can send arbitrary Erlang code to the 'diag/eval' endpoint of the REST API (available by default on TCP/8091 and/or TCP/18091). The executed code in the underlying operating system will run with the privileges of the user running Couchbase server. | 2018-08-24 | not yet calculated | CVE-2018-15728 BUGTRAQ BID |
cpanel -- cpanel | cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering. | 2018-08-30 | not yet calculated | CVE-2018-16236 MISC |
cybrotech -- cybrohttpserver | Cybrotech CyBroHttpServer 1.0.3 allows XSS via a URI. | 2018-08-29 | not yet calculated | CVE-2018-16134 MISC MISC EXPLOIT-DB |
cybrotech -- cybrohttpserver | Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI. | 2018-08-29 | not yet calculated | CVE-2018-16133 MISC MISC EXPLOIT-DB |
d-link -- dir-601_devices | An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account (which is a low privilege account) access, an attacker can intercept the response from a POST request to obtain "Admin" rights due to the admin password being displayed in XML. | 2018-08-29 | not yet calculated | CVE-2018-12710 FULLDISC EXPLOIT-DB |
d-link -- dir-615_devices | D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header. | 2018-08-28 | not yet calculated | CVE-2018-15839 MISC |
dabeaz -- ply | In PLY (aka Python Lex-Yacc) 3.11, as used in pycparser and other products, a pickle.load call (within the read_pickle function of the LRTable class in yacc.py) on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call. | 2018-08-28 | not yet calculated | CVE-2018-14400 MISC |
damicms -- damicms | An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html file. | 2018-08-30 | not yet calculated | CVE-2018-16238 MISC |
damicms -- damicms | admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password. | 2018-09-01 | not yet calculated | CVE-2018-16331 MISC |
damicms -- damicms | An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI. | 2018-08-30 | not yet calculated | CVE-2018-16237 MISC |
damicms -- damicms | An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() function for cookies, which makes it possible to determine the cookie for an existing admin session via 10800 guesses. | 2018-08-30 | not yet calculated | CVE-2018-16239 MISC |
docker -- docker_for_windows | HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges. | 2018-08-31 | not yet calculated | CVE-2018-15514 MISC MISC MISC |
e107 -- e107 | e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators. | 2018-08-28 | not yet calculated | CVE-2018-15901 MISC |
eaton -- power_xpert_meter | Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option. | 2018-08-30 | not yet calculated | CVE-2018-16158 MISC MISC |
eaton -- power_xpert_meter | Michael Roth Software Personal FTP Server (PFTP) through 8.4f allows remote attackers to cause a denial of service (daemon crash) via an unspecified sequence of FTP commands. | 2018-08-30 | not yet calculated | CVE-2018-16231 MISC |
elfutils -- elfutils | dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. | 2018-08-28 | not yet calculated | CVE-2018-16062 MISC MISC |
episerver -- episerver | XML external entity (XXE) vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx. | 2018-08-29 | not yet calculated | CVE-2017-17762 MISC MISC |
epson -- iprint_application_6.6.3_for_android | The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services. | 2018-08-30 | not yet calculated | CVE-2018-14901 MISC |
epson -- iprint_application_6.6.3_for_android | The ContentProvider in the EPSON iPrint application 6.6.3 for Android does not properly restrict data access. This allows an attacker's application to read scanned documents. | 2018-08-30 | not yet calculated | CVE-2018-14902 MISC |
epson -- wf-2750_printer_with_firmware_jp02i2 | On the EPSON WF-2750 printer with firmware JP02I2, the Web interface AirPrint Setup page is vulnerable to HTML Injection that can redirect users to malicious sites. | 2018-08-30 | not yet calculated | CVE-2018-14899 MISC |
epson -- wf-2750_printer_with_firmware_jp02i2 | EPSON WF-2750 printers with firmware JP02I2 do not properly validate files before running updates, which allows remote attackers to cause a printer malfunction or send malicious data to the printer. | 2018-08-30 | not yet calculated | CVE-2018-14903 MISC |
epson -- wf-2750_printer_with_firmware_jp02i2 | On EPSON WF-2750 printers with firmware JP02I2, there is no filtering of print jobs. Remote attackers can send print jobs directly to the printer via TCP port 9100. | 2018-08-30 | not yet calculated | CVE-2018-14900 MISC |
exiv2 -- exiv2 | Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999. | 2018-09-01 | not yet calculated | CVE-2018-16336 MISC |
fig2dev -- fig2dev | A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file. | 2018-08-29 | not yet calculated | CVE-2018-16140 MISC |
foxit -- reader | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6683. | 2018-08-30 | not yet calculated | CVE-2018-14317 CONFIRM MISC |
getsimple -- cms | There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field. | 2018-09-01 | not yet calculated | CVE-2018-16325 MISC |
gleez -- cms | There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add. | 2018-08-25 | not yet calculated | CVE-2018-15845 MISC EXPLOIT-DB |
google -- chrome | Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 2018-08-28 | not yet calculated | CVE-2017-15410 REDHAT MISC MISC GENTOO DEBIAN |
google -- chrome | Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page. | 2018-08-28 | not yet calculated | CVE-2017-15415 REDHAT MISC MISC GENTOO DEBIAN |
google -- chrome | Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 2018-08-28 | not yet calculated | CVE-2017-15417 REDHAT MISC MISC GENTOO DEBIAN |
google -- chrome | Inappropriate implementation in browser navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 2018-08-28 | not yet calculated | CVE-2017-15420 SECTRACK REDHAT MISC MISC GENTOO DEBIAN DEBIAN |
google -- chrome | Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 2018-08-28 | not yet calculated | CVE-2017-15418 REDHAT MISC MISC GENTOO DEBIAN |
google -- chrome | Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read. | 2018-08-28 | not yet calculated | CVE-2017-15416 REDHAT MISC MISC GENTOO DEBIAN |
google -- chrome | Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic. | 2018-08-28 | not yet calculated | CVE-2017-15423 REDHAT MISC MISC GENTOO DEBIAN |
google -- chrome | A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2018-08-28 | not yet calculated | CVE-2017-15399 BID REDHAT MISC MISC GENTOO DEBIAN |
google -- chrome | Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 2018-08-28 | not yet calculated | CVE-2017-15422 REDHAT MISC MISC GENTOO UBUNTU DEBIAN |
google -- chrome | Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | 2018-08-28 | not yet calculated | CVE-2017-15424 REDHAT MISC MISC GENTOO DEBIAN |
google -- chrome | Unsafe navigation in Chromecast in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 2018-08-28 | not yet calculated | CVE-2017-15430 MISC MISC |
google -- chrome | Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page. | 2018-08-28 | not yet calculated | CVE-2017-15419 REDHAT MISC MISC GENTOO DEBIAN |
google -- chrome | Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 2018-08-28 | not yet calculated | CVE-2017-15411 REDHAT MISC MISC GENTOO DEBIAN |
google -- chrome | Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server. | 2018-08-28 | not yet calculated | CVE-2017-15407 REDHAT MISC MISC GENTOO DEBIAN |
google -- chrome | Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | 2018-08-28 | not yet calculated | CVE-2017-15425 REDHAT MISC MISC GENTOO DEBIAN |
google -- chrome | Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | 2018-08-28 | not yet calculated | CVE-2017-15426 REDHAT MISC MISC GENTOO DEBIAN |
google -- chrome | Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium. | 2018-08-28 | not yet calculated | CVE-2017-15408 REDHAT MISC MISC GENTOO DEBIAN |
google -- chrome | A stack buffer overflow in V8 in Google Chrome prior to 62.0.3202.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 2018-08-28 | not yet calculated | CVE-2017-15406 MISC MISC |
google -- chrome | Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2018-08-28 | not yet calculated | CVE-2017-15409 REDHAT MISC MISC GENTOO DEBIAN |
google -- chrome | Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar. | 2018-08-28 | not yet calculated | CVE-2017-15427 REDHAT MISC MISC GENTOO DEBIAN |
google -- chrome | Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2018-08-28 | not yet calculated | CVE-2017-15412 SECTRACK REDHAT REDHAT MISC MISC MISC MLIST GENTOO DEBIAN |
google -- chrome | Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2018-08-28 | not yet calculated | CVE-2017-15413 REDHAT MISC MISC GENTOO DEBIAN |
google -- chrome | Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | 2018-08-28 | not yet calculated | CVE-2017-15429 BID REDHAT MISC MISC GENTOO DEBIAN |
google -- chrome | A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server. | 2018-08-28 | not yet calculated | CVE-2017-15398 BID REDHAT MISC MISC GENTOO DEBIAN |
google -- chrome | A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2018-08-28 | not yet calculated | CVE-2017-15396 MISC BID REDHAT MISC MISC GENTOO DEBIAN |
grafana -- grafana | Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user. | 2018-08-29 | not yet calculated | CVE-2018-15727 BID CONFIRM |
ibm -- cloud_orchestrator | A vulnerability has been identified in IBM Cloud Orchestrator 2.3, 2.3.0.1, 2.4, and 2.4.0.1 that could allow an attacker after authentication to enumerate valid users of the system. IBM X-Force ID: 109394. | 2018-08-30 | not yet calculated | CVE-2016-0205 XF CONFIRM |
ibm -- maximo_asset_management | IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145968. | 2018-08-24 | not yet calculated | CVE-2018-1699 BID XF CONFIRM |
ibm -- openpages_grc_platform | IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser. IBM X-Force ID: 110303. | 2018-08-30 | not yet calculated | CVE-2016-0234 CONFIRM XF |
ibm -- platform_symphony | IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 contain an information disclosure vulnerability that could allow an authenticated attacker to obtain highly sensitive information. IBM X-Force ID: 146340. | 2018-08-28 | not yet calculated | CVE-2018-1705 XF CONFIRM |
ibm -- security_access_manager_appliance | IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running. IBM X-Force ID: 147370. | 2018-08-24 | not yet calculated | CVE-2018-1722 BID SECTRACK XF CONFIRM |
ibm -- urbancode_deploy | IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. IBM X-Force ID: 112119. | 2018-08-30 | not yet calculated | CVE-2016-0373 CONFIRM XF |
ibm -- websphere_application_server_liberty | IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication SPI for Containers (JASPIC). This can happen when the Application Server is configured to permit access on non-secure (http) port and using JASPIC or JSR375 authentication. | 2018-08-24 | not yet calculated | CVE-2018-1755 BID SECTRACK XF CONFIRM |
ibm -- websphere_commerce | IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another user. | 2018-08-27 | not yet calculated | CVE-2018-1644 CONFIRM XF |
icewarp -- server | In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. | 2018-09-01 | not yet calculated | CVE-2018-16324 MISC MISC |
icms -- icms | An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability. | 2018-09-01 | not yet calculated | CVE-2018-16332 MISC |
idera -- up.time | An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands. | 2018-08-27 | not yet calculated | CVE-2015-9263 MISC EXPLOIT-DB MISC |
idreamsoft -- icms | An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header. | 2018-09-01 | not yet calculated | CVE-2018-16314 MISC |
idreamsoft -- icms | idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file. | 2018-09-01 | not yet calculated | CVE-2018-16320 MISC |
idreamsoft -- icms | An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14858. | 2018-08-27 | not yet calculated | CVE-2018-15895 MISC |
imagemagick -- imagemagick | In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c. | 2018-09-01 | not yet calculated | CVE-2018-16329 MISC |
imagemagick -- imagemagick | ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data. | 2018-09-01 | not yet calculated | CVE-2018-16323 MISC |
imagemagick -- imagemagick | In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. | 2018-09-01 | not yet calculated | CVE-2018-16328 MISC |
infoblox -- netmri | Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter. | 2018-08-28 | not yet calculated | CVE-2018-6643 MISC |
joomla -- joomla | An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter. | 2018-08-28 | not yet calculated | CVE-2018-15882 BID CONFIRM |
joomla -- joomla | An issue was discovered in Joomla! before 3.8.12. Inadequate checks regarding disabled fields can lead to an ACL violation. | 2018-08-28 | not yet calculated | CVE-2018-15881 BID CONFIRM |
joomla -- joomla | The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=com_joomanager&controller=details&task=download&path=configuration.php request. | 2018-08-26 | not yet calculated | CVE-2017-18345 MISC MISC EXPLOIT-DB |
joomla -- joomla | An issue was discovered in Joomla! before 3.8.12. Inadequate output filtering on the user profile page could lead to a stored XSS attack. | 2018-08-28 | not yet calculated | CVE-2018-15880 BID CONFIRM |
lansweeper -- lansweeper | Lansweeper 4.x through 6.x before 6.0.0.48 allows attackers to execute arbitrary code on the administrator's workstation via a crafted Windows service. | 2018-08-27 | not yet calculated | CVE-2015-9264 MISC |
libtiff -- libtiff | newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. | 2018-09-01 | not yet calculated | CVE-2018-16335 MISC |
libtirpc -- libtirpc | A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections. | 2018-08-30 | not yet calculated | CVE-2018-14622 CONFIRM REDHAT CONFIRM CONFIRM MLIST |
libtirpc -- libtirpc | An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted. | 2018-08-30 | not yet calculated | CVE-2018-14621 CONFIRM CONFIRM CONFIRM |
libx11 -- libx11 | An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact. | 2018-08-24 | not yet calculated | CVE-2018-14599 MLIST BID SECTRACK CONFIRM CONFIRM MLIST MLIST UBUNTU |
libx11 -- libx11 | An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution. | 2018-08-24 | not yet calculated | CVE-2018-14600 MLIST BID SECTRACK CONFIRM CONFIRM MLIST MLIST UBUNTU |
libx11 -- libx11 | An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault). | 2018-08-24 | not yet calculated | CVE-2018-14598 MLIST BID SECTRACK CONFIRM CONFIRM MLIST MLIST UBUNTU |
libzypp -- libzypp | The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download. | 2018-08-31 | not yet calculated | CVE-2018-7685 MISC CONFIRM MISC |
lightbend -- akka | Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. A random number generator is used in Akka Remoting for TLS (both classic and Artery Remoting). Akka allows configuration of custom random number generators. For historical reasons, Akka included the AES128CounterSecureRNG and AES256CounterSecureRNG random number generators. The implementations had a bug that caused the generated numbers to be repeated after only a few bytes. The custom RNG implementations were not configured by default but examples in the documentation showed (and therefore implicitly recommended) using the custom ones. This can be used by an attacker to compromise the communication if these random number generators are enabled in configuration. It would be possible to eavesdrop, replay, or modify the messages sent with Akka Remoting/Cluster. | 2018-08-29 | not yet calculated | CVE-2018-16115 MISC |
lightbend -- akka | The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service (memory consumption and daemon crash) via a ZIP bomb. | 2018-08-30 | not yet calculated | CVE-2018-16131 MISC MISC MISC |
linux -- linux_kernel | An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges. | 2018-08-31 | not yet calculated | CVE-2018-16276 MISC MISC MISC |
linux -- linux_kernel | A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed while it is still in use leading to a local user being able to crash the system or possibly escalate privileges. | 2018-08-30 | not yet calculated | CVE-2018-14619 CONFIRM CONFIRM |
linux -- linux_kernel | A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. | 2018-08-27 | not yet calculated | CVE-2018-10938 MLIST BID SECTRACK CONFIRM CONFIRM |
manjaro -- linux | An issue was discovered in manjaro-update-system.sh in manjaro-system 20180716-1 on Manjaro Linux. A local attacker can install or remove arbitrary packages and package repositories potentially containing hooks with arbitrary code, which will automatically be run as root, or remove packages vital to the system. | 2018-08-29 | not yet calculated | CVE-2018-15912 CONFIRM MLIST |
mediacomm -- zip-n-go | MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted file. | 2018-09-01 | not yet calculated | CVE-2018-16302 EXPLOIT-DB |
micro_focus -- service_management_automation_containerized_suites | Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05, Service Virtualization (SV) with floating licenses using Any version using APLS older than 10.7, Unified Functional Testing (UFT) with floating licenses using Any version using APLS older than 10.7, Network Virtualization (NV) with floating licenses using Any version using APLS older than 10.7 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution. | 2018-08-30 | not yet calculated | CVE-2018-6499 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
micro_focus -- service_management_automation_containerized_suites | Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution. | 2018-08-30 | not yet calculated | CVE-2018-6498 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
minicms -- minicms | An issue was discovered in MiniCMS 1.10. There is a post.php?date= XSS vulnerability. | 2018-08-27 | not yet calculated | CVE-2018-15899 MISC |
minicms -- minicms | An issue was discovered in MiniCMS 1.10. There is an mc-admin/post.php?tag= XSS vulnerability for a state=delete, state=draft, or state=publish request. | 2018-08-31 | not yet calculated | CVE-2018-16298 MISC |
minicms -- minicms | MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter. | 2018-08-30 | not yet calculated | CVE-2018-16233 MISC |
mod_perl -- mod_perl | mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes. | 2018-08-26 | not yet calculated | CVE-2011-2767 MISC MISC |
morningstar -- whatweb | MorningStar WhatWeb 0.4.9 has XSS via JSON report files. | 2018-08-30 | not yet calculated | CVE-2018-16234 MISC |
mutiny -- monitoring_appliance | A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload. | 2018-08-28 | not yet calculated | CVE-2018-15529 MISC MISC |
mybb -- mybb | An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles (within title elements of the generated XML documents) aren't sanitized, leading to XSS. | 2018-08-28 | not yet calculated | CVE-2018-15596 CONFIRM |
mystrom -- wifi_switch_and_bulb_and_led_strip_and_button_devices | An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. Devices did not authenticate themselves to the cloud in device to cloud communication. This lack of device authentication allowed an attacker to impersonate any device by guessing or learning their MAC address. | 2018-08-30 | not yet calculated | CVE-2018-15479 MISC |
mystrom -- wifi_switch_and_bulb_and_led_strip_and_button_devices | An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The process of registering a device with a cloud account was based on an activation code derived from the device MAC address. By guessing valid MAC addresses or using MAC addresses printed on devices in shops and reverse engineering the protocol, an attacker would have been able to register previously unregistered devices to their account. When the rightful owner would have connected them after purchase to their WiFi network, the devices would not have registered with their account, would subsequently not have been controllable from the owner's mobile app, and would not have been visible in the owner's account. Instead, they would have been under control of the attacker. | 2018-08-30 | not yet calculated | CVE-2018-15478 MISC |
mystrom -- wifi_switch_and_bulb_and_led_strip_and_button_devices | An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The SSL/TLS server certificate in the device to cloud communication was not verified by the device. As a result, an attacker in control of the network traffic of a device could have taken control of a device by intercepting and modifying commands issued from the server to the device in a Man-in-the-Middle attack. This included the ability to inject firmware update commands into the communication and cause the device to install maliciously modified firmware. | 2018-08-30 | not yet calculated | CVE-2018-15476 MISC |
mystrom -- wifi_switch_and_bulb_and_led_strip_and_button_devices | An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The cloud API had a hidden parameter, which allowed an authenticated user to reconfigure the server URL for a device registered to their account. In combination with an insecure device registration vulnerability, this allowed an attacker to reconfigure a maliciously registered device to their own rogue replica of the myStrom API and issue commands to the device, including firmware update commands. | 2018-08-30 | not yet calculated | CVE-2018-15480 MISC |
mystrom -- wifi_switch_devices | myStrom WiFi Switch V1 devices before 2.66 did not sanitize a parameter received from the cloud that was used in an OS command. Malicious servers were able to run operating system commands on the device. | 2018-08-30 | not yet calculated | CVE-2018-15477 MISC |
norton -- identity_safe | The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihood of encrypted data being recovered without adequate credentials. | 2018-08-29 | not yet calculated | CVE-2018-12240 BID CONFIRM |
npm -- mosca | This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacker can leverage this vulnerability to deny access to the target system. Was ZDI-CAN-6306. | 2018-08-30 | not yet calculated | CVE-2018-11615 MISC |
nvidia -- geforce_experience | NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges, or both. | 2018-08-31 | not yet calculated | CVE-2018-6257 CONFIRM |
nvidia -- geforce_experience | NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a Man-in-the-Middle (MitM) attack to obtain sensitive information. | 2018-08-31 | not yet calculated | CVE-2018-6258 CONFIRM |
nvidia -- geforce_experience | NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where limited information disclosure may be possible. | 2018-08-31 | not yet calculated | CVE-2018-6259 CONFIRM |
open_whisper -- signal_app | The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images. This allows for a large image sent to a user to exhaust all available memory when the image is displayed, resulting in a forced restart of the device. | 2018-08-29 | not yet calculated | CVE-2018-16132 MISC |
openssh -- openssh | Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.' | 2018-08-28 | not yet calculated | CVE-2018-15919 MISC BID |
openstack-cinder -- openstack-cinder | A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants. | 2018-08-27 | not yet calculated | CVE-2017-15139 CONFIRM MISC |
opswat -- metadefender | OPSWAT MetaDefender before v4.11.2 allows CSV injection. | 2018-08-31 | not yet calculated | CVE-2018-16275 CONFIRM |
orbic -- wonder_orbic_release-keys_devices | An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices, allowing attackers to obtain sensitive information (such as text-message content) by reading a copy of the Android log on the SD card. The system-wide Android logs are not directly available to third-party apps since they tend to contain sensitive data. Third-party apps can read from the log but only the log messages that the app itself has written. Certain apps can leak data to the Android log due to not sanitizing log messages, which is in an insecure programming practice. Pre-installed system apps and apps that are signed with the framework key can read from the system-wide Android log. We found a pre-installed app on the Orbic Wonder that when started via an Intent will write the Android log to the SD card, also known as external storage, via com.ckt.mmitest.MmiMainActivity. Any app that requests the READ_EXTERNAL_STORAGE permission can read from the SD card. Therefore, a local app on the device can quickly start a specific component in the pre-installed system app to have the Android log written to the SD card. Therefore, any app co-located on the device with the READ_EXTERNAL_STORAGE permission can obtain the data contained within the Android log and continually monitor it and mine the log for relevant data. In addition, the default messaging app (com.android.mms) writes the body of sent and received text messages to the Android log, as well as the recipient phone number for sent text messages and the sending phone number for received text messages. In addition, any call data contains phone numbers for sent and received calls. | 2018-08-29 | not yet calculated | CVE-2018-6599 MISC |
orbic -- wonder_orbic_release-keys_devices | An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices. Any app co-located on the device can send an intent to factory reset the device programmatically because of com.android.server.MasterClearReceiver. This does not require any user interaction and does not require any permission to perform. A factory reset will remove all user data from the device. This will result in the loss of any data that the user has not backed up or synced externally. This capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves), although this capability is present in an unprotected component of the Android OS. This vulnerability is not present in Google's Android Open Source Project (AOSP) code. Therefore, it was introduced by Orbic or another entity in the supply chain. | 2018-08-29 | not yet calculated | CVE-2018-6598 MISC |
ovation -- findme | Ovation FindMe 1.4-1083-1 is intended to support transmission of network traffic from covert video recorders but does not properly disrupt binary analysis for discovering the product's capabilities or purpose. This makes it easier for adversaries to detect the covert operation. Specifically, the product uses a compression technique to prevent the identification of certain libraries in the software by obfuscation. The software relies on a TLS callback and an additional executable file to enable these libraries and their access to certain websites. The unpacked software can be exploited by several different types of documented techniques. | 2018-08-26 | not yet calculated | CVE-2018-15885 MISC |
pandao -- editor.md | Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element. | 2018-09-01 | not yet calculated | CVE-2018-16330 MISC |
pango -- pango | libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences. | 2018-08-24 | not yet calculated | CVE-2018-15120 MISC CONFIRM CONFIRM MLIST UBUNTU EXPLOIT-DB |
pdf-xchange -- editor | PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564. | 2018-09-01 | not yet calculated | CVE-2018-16303 MISC |
phpkaiyuancms -- phpopensourcecms | phpkaiyuancms PhpOpenSourceCMS (POSCMS) V3.2.0 allows an unauthenticated user to execute arbitrary SQL commands via the diy/module/member/controllers/Api.php ajax_save_draft function with the dir parameter. | 2018-08-31 | not yet calculated | CVE-2018-16278 MISC |
phpmyadmin -- phpmyadmin | An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature. | 2018-08-24 | not yet calculated | CVE-2018-15605 BID SECTRACK CONFIRM CONFIRM |
phpmyfaq -- phpmyfaq | phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter. | 2018-08-28 | not yet calculated | CVE-2014-6049 MISC CONFIRM |
phpmyfaq -- phpmyfaq | phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks. | 2018-08-28 | not yet calculated | CVE-2014-6047 MISC CONFIRM |
phpmyfaq -- phpmyfaq | SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function. | 2018-08-28 | not yet calculated | CVE-2014-6045 MISC CONFIRM |
phpmyfaq -- phpmyfaq | Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token. | 2018-08-28 | not yet calculated | CVE-2014-6046 MISC CONFIRM |
phpmyfaq -- phpmyfaq | phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request. | 2018-08-28 | not yet calculated | CVE-2014-6050 MISC CONFIRM |
phpmyfaq -- phpmyfaq | phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request. | 2018-08-28 | not yet calculated | CVE-2014-6048 MISC CONFIRM |
phpok -- phpok | PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login_control.php via the _back parameter to the ok_f function. | 2018-08-30 | not yet calculated | CVE-2018-16142 MISC |
phpscriptsmall.com -- website_seller_script | PHP Scripts Mall Website Seller Script 2.0.5 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, Company Name, or Fax field, as demonstrated by crossPwn. | 2018-08-28 | not yet calculated | CVE-2018-15897 MISC |
phpscriptsmall.com -- website_seller_script | PHP Scripts Mall Website Seller Script 2.0.5 has XSS via Personal Address or Company Name. | 2018-08-28 | not yet calculated | CVE-2018-15896 MISC |
podofo -- podofo | In podofo 0.9.6, the function PoDoFo::PdfParser::ReadObjects() in base/PdfParser.cpp can cause the program to be aborted, because PoDoFo::PdfVecObjects::Reserve() in base/PdfVecObjects.h can be called with a large size value. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. | 2018-08-26 | not yet calculated | CVE-2018-15889 MISC MISC |
portainer -- portainer | A stored Cross-site scripting (XSS) vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field. | 2018-09-01 | not yet calculated | CVE-2018-16316 MISC |
postgresql-jdbc -- postgresql-jdbc | A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA. | 2018-08-30 | not yet calculated | CVE-2018-10936 CONFIRM CONFIRM |
qemu -- qemu | qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread. | 2018-08-29 | not yet calculated | CVE-2018-15746 MLIST MLIST |
qnap -- photo_station | Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascript code in the compromised application. | 2018-08-27 | not yet calculated | CVE-2018-0715 CONFIRM |
responsive_filemanager -- responsive_filemanager | /filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is outside of that directory, aka Directory Traversal. | 2018-08-24 | not yet calculated | CVE-2018-15535 FULLDISC EXPLOIT-DB |
responsive_filemanager -- responsive_filemanager | /filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal. | 2018-08-24 | not yet calculated | CVE-2018-15536 FULLDISC EXPLOIT-DB |
ricoh -- mp_c4504ex_devices | RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter. | 2018-08-28 | not yet calculated | CVE-2018-15884 MISC EXPLOIT-DB |
rsa -- bsafe_micro_edition_suite | RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service. | 2018-08-31 | not yet calculated | CVE-2018-11054 FULLDISC |
rsa -- bsafe_micro_edition_suite | RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection. | 2018-08-31 | not yet calculated | CVE-2018-11055 FULLDISC |
rsa -- bsafe_micro_edition_suite | RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service. | 2018-08-31 | not yet calculated | CVE-2018-11056 FULLDISC |
rsa -- bsafe_micro_edition_suite | RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key. | 2018-08-31 | not yet calculated | CVE-2018-11057 FULLDISC |
samsung -- smartthings_hub_sth-eth-250_firmware | An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process incorrectly handles malformed files existing in its data directory, leading to an infinite loop, which eventually causes the process to crash. An attacker can send an HTTP request to trigger this vulnerability. | 2018-08-28 | not yet calculated | CVE-2018-3926 BID MISC |
samsung -- smartthings_hub_sth-eth-250_firmware | An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the backtrace.io service, leading to the exposure of sensitive data. An attacker can impersonate the remote backtrace.io server in order to trigger this vulnerability. | 2018-08-27 | not yet calculated | CVE-2018-3927 MISC |
samsung -- smartthings_hub_sth-eth-250_firmware | An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | 2018-08-27 | not yet calculated | CVE-2018-3893 MISC |
samsung -- smartthings_hub_sth-eth-250_firmware | An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | 2018-08-27 | not yet calculated | CVE-2018-3904 MISC |
samsung -- smartthings_hub_sth-eth-250_firmware | An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync' operation, leading to arbitrary deletion of cameras. An attacker can send an HTTP request to trigger this vulnerability. | 2018-08-27 | not yet calculated | CVE-2018-3918 MISC |
samsung -- smartthings_hub_sth-eth-250_firmware | An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. With the implementation of the on_body callback, defined by sub_41734, an attacker can send an HTTP request to trigger this vulnerability. | 2018-08-28 | not yet calculated | CVE-2018-3908 MISC |
samsung -- smartthings_hub_sth-eth-250_firmware | An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long 'endTime' value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability. | 2018-08-28 | not yet calculated | CVE-2018-3895 MISC |
samsung -- smartthings_hub_sth-eth-250_firmware | An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 136 bytes. An attacker can send an arbitrarily long 'directory' value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability. | 2018-08-28 | not yet calculated | CVE-2018-3916 MISC |
schneider_electric -- modicon_m221 | A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC. | 2018-08-29 | not yet calculated | CVE-2018-7791 BID CONFIRM |
schneider_electric -- modicon_m221 | An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames. | 2018-08-29 | not yet calculated | CVE-2018-7789 BID MISC CONFIRM |
schneider_electric -- modicon_m221 | An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC. | 2018-08-29 | not yet calculated | CVE-2018-7790 BID CONFIRM |
schneider_electric -- modicon_m221 | A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table. | 2018-08-29 | not yet calculated | CVE-2018-7792 BID CONFIRM |
schneider_electric -- powerlogic | A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code. | 2018-08-29 | not yet calculated | CVE-2018-7795 BID MISC CONFIRM |
sentrifugo -- sentrifugo | A SQL Injection issue was discovered in Sentrifugo 3.2 via the deptid parameter. | 2018-08-28 | not yet calculated | CVE-2018-15873 MISC |
simplehttpserver -- simplehttpserver | Path traversal in simplehttpserver 2018-08-31 | not yet calculated | CVE-2018-3787 | MISC |
subrion -- subrion | There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration. | 2018-09-01 | not yet calculated | CVE-2018-16327 MISC |
technicolor -- tc8305c_devices | Technicolor (formerly RCA) TC8305C devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852. | 2018-08-29 | not yet calculated | CVE-2018-15907 MISC |
tencent -- foxmail | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tencent Foxmail 7.2.9.115. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5543. | 2018-08-30 | not yet calculated | CVE-2018-11616 MISC |
tenda -- multiple_routers | An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow. | 2018-09-01 | not yet calculated | CVE-2018-16333 MISC |
tenda -- multiple_routers | An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection. | 2018-09-01 | not yet calculated | CVE-2018-16334 MISC |
thinkcmf -- thinkcmf | ThinkCMF X2.2.3 has an arbitrary file deletion vulnerability in do_avatar in \application\User\Controller\ProfileController.class.php via an imgurl parameter with a ..\ sequence. A member user can delete any file on a Windows server. | 2018-08-30 | not yet calculated | CVE-2018-16141 MISC |
trend_micro -- officescan_xg | A Named Pipe Request Processing Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro OfficeScan XG (12.0) could allow a local attacker to disclose sensitive information on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. | 2018-08-30 | not yet calculated | CVE-2018-15364 CONFIRM MISC |
trend_micro -- security | A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. | 2018-08-30 | not yet calculated | CVE-2018-10513 CONFIRM MISC |
trend_micro -- security | An Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. | 2018-08-30 | not yet calculated | CVE-2018-15363 CONFIRM MISC |
trend_micro -- security | A Missing Impersonation Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. | 2018-08-30 | not yet calculated | CVE-2018-10514 CONFIRM MISC |
umbraco -- umbraco | Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files. | 2018-08-27 | not yet calculated | CVE-2014-10074 MISC MISC |
vanilla -- vanilla | In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items). | 2018-08-26 | not yet calculated | CVE-2018-15833 MISC MISC MISC MISC |
visiology -- flipbox_software_suite | Visiology Flipbox Software Suite before 2.7.0 allows directory traversal via %5c%2e%2e%2f because it does not sanitize filename parameters. | 2018-08-27 | not yet calculated | CVE-2018-15810 MISC MISC |
vivotek -- multiple_devices | Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code. | 2018-08-29 | not yet calculated | CVE-2018-14768 CONFIRM CONFIRM |
waimai -- super_cms | In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add. | 2018-09-01 | not yet calculated | CVE-2018-16315 MISC |
waimai -- super_cms | waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=cart&a=save item_totals parameter to zero, the entire cart is sold for free. | 2018-08-30 | not yet calculated | CVE-2018-16157 MISC |
wireshark -- wireshark | In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure. | 2018-08-29 | not yet calculated | CVE-2018-16058 BID MISC MISC MISC |
wireshark -- wireshark | In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations. | 2018-08-29 | not yet calculated | CVE-2018-16057 BID MISC MISC MISC |
wireshark -- wireshark | In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists. | 2018-08-29 | not yet calculated | CVE-2018-16056 BID MISC MISC MISC |
wordpress -- wordpress | An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for WordPress. The register form, login form, and password-recovery form require solving a CAPTCHA to perform actions. However, this is required only once per user session, and therefore one could send as many requests as one wished by automation. | 2018-08-26 | not yet calculated | CVE-2018-15876 MISC |
wordpress -- wordpress | The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request. | 2018-08-30 | not yet calculated | CVE-2018-16159 MISC EXPLOIT-DB |
wordpress -- wordpress | The Plainview Activity Monitor plugin 4.7.11 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request. | 2018-08-26 | not yet calculated | CVE-2018-15877 MISC EXPLOIT-DB |
wordpress -- wordpress | Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the val parameter to whois.php. | 2018-08-28 | not yet calculated | CVE-2014-4932 MISC CONFIRM |
wordpress -- wordpress | The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. | 2018-09-01 | not yet calculated | CVE-2018-16308 MISC MISC EXPLOIT-DB |
wordpress -- wordpress | The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection. | 2018-08-28 | not yet calculated | CVE-2018-15571 MISC EXPLOIT-DB |
wuzhi -- cms | A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter. | 2018-08-27 | not yet calculated | CVE-2018-15893 MISC |
wuzhi -- cms | A SQL injection was discovered in /coreframe/app/admin/pay/admin/index.php in WUZHI CMS 4.1.0 via the index.php?m=pay&f=index&v=listing keyValue parameter. | 2018-08-27 | not yet calculated | CVE-2018-15894 MISC |
xovis -- pc-series_sensors_firmware | Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow Directory Traversal. | 2018-08-30 | not yet calculated | CVE-2018-11720 CONFIRM |
xovis -- pc-series_sensors_firmware | Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE. | 2018-08-30 | not yet calculated | CVE-2018-11719 CONFIRM |
xovis -- pc-series_sensors_firmware | Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF. | 2018-08-30 | not yet calculated | CVE-2018-11718 CONFIRM |
zoho_manageengine -- admanager_plus | Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen. | 2018-08-28 | not yet calculated | CVE-2018-15608 EXPLOIT-DB |
zoho_manageengine -- admanager_plus | Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen. | 2018-08-28 | not yet calculated | CVE-2018-15740 MISC MISC MISC |
zyxel -- vmg3312_b10b_devices | Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter. | 2018-08-26 | not yet calculated | CVE-2018-15602 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System https://ift.tt/2LSPvur