SB18-246: Vulnerability Summary for the Week of August 27, 2018

Original release date: September 03, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no medium vulnerabilities recorded this week.
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
a10 -- acos_web_application_firewallA10 ACOS Web Application Firewall (WAF) 2.7.1 and 2.7.2 before 2.7.2-P12, 4.1.0 before 4.1.0-P11, 4.1.1 before 4.1.1-P8, and 4.1.2 before 4.1.2-P4 mishandles the configured rules for blocking SQL injection attacks, aka A10-2017-0008.2018-08-27not yet calculatedCVE-2018-15904
CONFIRM
abb -- esomsABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability.2018-08-29not yet calculatedCVE-2018-14805
BID
MISC
CONFIRM
adobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2018-08-29not yet calculatedCVE-2018-12808
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.2018-08-29not yet calculatedCVE-2018-12799
BID
SECTRACK
CONFIRM
adobe -- creative_cloudAdobe Creative Cloud Desktop Application before 4.6.1 has an improper certificate validation vulnerability. Successful exploitation could lead to privilege escalation.2018-08-29not yet calculatedCVE-2018-12829
BID
CONFIRM
adobe -- creative_cloudAdobe Creative Cloud Desktop Application before 4.5.5.342 (installer) has an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.2018-08-29not yet calculatedCVE-2018-5003
BID
SECTRACK
CONFIRM
adobe -- experience_managerAdobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have an input validation bypass vulnerability. Successful exploitation could lead to unauthorized information modification.2018-08-29not yet calculatedCVE-2018-12807
BID
SECTRACK
CONFIRM
adobe -- experience_managerAdobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.2018-08-29not yet calculatedCVE-2018-12806
BID
SECTRACK
CONFIRM
adobe -- flash_playerAdobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-08-29not yet calculatedCVE-2018-12826
BID
SECTRACK
REDHAT
CONFIRM
adobe -- flash_playerAdobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-08-29not yet calculatedCVE-2018-12827
BID
SECTRACK
REDHAT
CONFIRM
EXPLOIT-DB
adobe -- flash_playerAdobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Successful exploitation could lead to security mitigation bypass.2018-08-29not yet calculatedCVE-2018-12825
BID
SECTRACK
REDHAT
CONFIRM
adobe -- flash_playerAdobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-08-29not yet calculatedCVE-2018-12824
BID
SECTRACK
REDHAT
CONFIRM
adobe -- flash_playerAdobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability. Successful exploitation could lead to privilege escalation.2018-08-29not yet calculatedCVE-2018-12828
BID
SECTRACK
REDHAT
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution.2018-08-29not yet calculatedCVE-2018-12811
BID
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution.2018-08-29not yet calculatedCVE-2018-12810
BID
CONFIRM
alcatel -- a30_deviceThe Alcatel A30 device with a build fingerprint of TCL/5046G/MICKEY6US:7.0/NRD90M/J63:user/release-keys contains a hidden privilege escalation capability to achieve command execution as the root user. They have made modifications that allow a user with physical access to the device to obtain a root shell via ADB. Modifying the read-only properties by an app as the system user creates a UNIX domain socket named factory_test that will execute commands as the root user by processes that have privilege to access it (as per the SELinux rules that the vendor controls).2018-08-29not yet calculatedCVE-2018-6597
MISC
amazon – amazon_web_servicesAn Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog.2018-08-24not yet calculatedCVE-2018-15869
BID
MISC
apache -- traffic_serverThere are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.2018-08-29not yet calculatedCVE-2018-8004
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
DEBIAN
apache -- traffic_serverA carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. This affects version 6.2.2. To resolve this issue users running 6.2.2 should upgrade to 6.2.3 or later versions.2018-08-29not yet calculatedCVE-2018-8022
BID
CONFIRM
MLIST
apache -- traffic_serverPages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.2018-08-29not yet calculatedCVE-2018-8040
BID
CONFIRM
MLIST
MLIST
DEBIAN
apache -- traffic_serverWhen there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x users should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.2018-08-29not yet calculatedCVE-2018-8005
BID
CONFIRM
CONFIRM
MLIST
DEBIAN
apache -- traffic_serverAdding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server (ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.2018-08-29not yet calculatedCVE-2018-1318
BID
CONFIRM
MLIST
DEBIAN
argus -- surveillance_dvrArgus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.2018-08-30not yet calculatedCVE-2018-15745
MISC
MISC
EXPLOIT-DB
artifex -- ghostscriptIn Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.2018-08-28not yet calculatedCVE-2018-15911
MISC
MISC
MISC
artifex -- ghostscriptIn Artifex Ghostscript 9.23 before 2018-08-23, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.2018-08-27not yet calculatedCVE-2018-15910
MISC
MISC
artifex -- ghostscriptIn Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.2018-08-27not yet calculatedCVE-2018-15909
MISC
MISC
BID
MISC
artifex -- ghostscriptIn Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.2018-08-27not yet calculatedCVE-2018-15908
MISC
MISC
aspcm -- aspcmsAn issue was discovered in ASPCMS 2.5.6. When registering ordinary users in the addUser function of the /member/reg.asp page, they can be registered with the super administrators GroupID directly.2018-08-26not yet calculatedCVE-2018-15888
MISC
MISC
asus -- dsl-n12e_c1Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request.2018-08-27not yet calculatedCVE-2018-15887
MISC
asustor -- data_masterASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field.2018-08-27not yet calculatedCVE-2018-15699
MISC
asustor -- data_masterASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. For example, /home/admin/.ash_history.2018-08-27not yet calculatedCVE-2018-15697
MISC
asustor -- data_masterASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi.2018-08-27not yet calculatedCVE-2018-15698
MISC
asustor -- data_masterASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi.2018-08-27not yet calculatedCVE-2018-15696
MISC
asustor -- data_masterASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi.2018-08-27not yet calculatedCVE-2018-15695
MISC
asustor -- data_masterASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled.2018-08-27not yet calculatedCVE-2018-15694
MISC
atlassian -- jiraVarious resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and before version 7.11.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the epic colour field of an issue while an issue is being moved.2018-08-28not yet calculatedCVE-2018-13395
CONFIRM
atlassian -- jira_serverThe ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and from version 7.11.0 before version 7.11.2 allows remote attackers who can access & view an issue to obtain the email address of the reporter and assignee user of an issue despite the configured email visibility setting being set to hidden.2018-08-28not yet calculatedCVE-2018-13391
BID
CONFIRM
auth0 -- auth0
 
An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.2018-08-28not yet calculatedCVE-2018-15121
CONFIRM
bludit -- bludit
 
Bludit 2.3.4 allows XSS via a user name.2018-09-01not yet calculatedCVE-2018-16313
MISC
ca -- ppmAn XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks.2018-08-30not yet calculatedCVE-2018-13826
CONFIRM
ca -- ppmUnprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information.2018-08-30not yet calculatedCVE-2018-13822
CONFIRM
ca -- ppmInsufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks.2018-08-30not yet calculatedCVE-2018-13825
CONFIRM
ca -- ppmInsufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.2018-08-30not yet calculatedCVE-2018-13824
CONFIRM
ca -- ppmAn XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information.2018-08-30not yet calculatedCVE-2018-13823
CONFIRM
ca -- release_automationInsecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code.2018-08-30not yet calculatedCVE-2018-15691
SECTRACK
CONFIRM
ca -- unified_infrastructure_managementA hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.2018-08-30not yet calculatedCVE-2018-13820
CONFIRM
ca -- unified_infrastructure_managementA hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.2018-08-30not yet calculatedCVE-2018-13819
CONFIRM
ca -- unified_infrastructure_managementA lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing.2018-08-30not yet calculatedCVE-2018-13821
CONFIRM
cms -- iswebCMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or oggettiRicerca parameter to index.php.2018-08-29not yet calculatedCVE-2018-15562
MISC
conference-scheduler-cli -- conference-scheduler-cli
 
In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.2018-08-28not yet calculatedCVE-2018-14572
MISC
couchbase -- couchbase_serverAn issue was discovered in Couchbase Server. Authenticated users can send arbitrary Erlang code to the 'diag/eval' endpoint of the REST API (available by default on TCP/8091 and/or TCP/18091). The executed code in the underlying operating system will run with the privileges of the user running Couchbase server.2018-08-24not yet calculatedCVE-2018-15728
BUGTRAQ
BID
cpanel -- cpanelcPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering.2018-08-30not yet calculatedCVE-2018-16236
MISC
cybrotech -- cybrohttpserverCybrotech CyBroHttpServer 1.0.3 allows XSS via a URI.2018-08-29not yet calculatedCVE-2018-16134
MISC
MISC
EXPLOIT-DB
cybrotech -- cybrohttpserverCybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI.2018-08-29not yet calculatedCVE-2018-16133
MISC
MISC
EXPLOIT-DB
d-link -- dir-601_devicesAn issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account (which is a low privilege account) access, an attacker can intercept the response from a POST request to obtain "Admin" rights due to the admin password being displayed in XML.2018-08-29not yet calculatedCVE-2018-12710
FULLDISC
EXPLOIT-DB
d-link -- dir-615_devicesD-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header.2018-08-28not yet calculatedCVE-2018-15839
MISC

dabeaz -- ply

In PLY (aka Python Lex-Yacc) 3.11, as used in pycparser and other products, a pickle.load call (within the read_pickle function of the LRTable class in yacc.py) on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.2018-08-28not yet calculatedCVE-2018-14400
MISC
damicms -- damicmsAn issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html file.2018-08-30not yet calculatedCVE-2018-16238
MISC
damicms -- damicmsadmin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password.2018-09-01not yet calculatedCVE-2018-16331
MISC
damicms -- damicmsAn issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI.2018-08-30not yet calculatedCVE-2018-16237
MISC
damicms -- damicmsAn issue was discovered in damiCMS V6.0.1. It relies on the PHP time() function for cookies, which makes it possible to determine the cookie for an existing admin session via 10800 guesses.2018-08-30not yet calculatedCVE-2018-16239
MISC
docker -- docker_for_windowsHandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges.2018-08-31not yet calculatedCVE-2018-15514
MISC
MISC
MISC
e107 -- e107
 
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.2018-08-28not yet calculatedCVE-2018-15901
MISC
eaton -- power_xpert_meterEaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option.2018-08-30not yet calculatedCVE-2018-16158
MISC
MISC
eaton -- power_xpert_meterMichael Roth Software Personal FTP Server (PFTP) through 8.4f allows remote attackers to cause a denial of service (daemon crash) via an unspecified sequence of FTP commands.2018-08-30not yet calculatedCVE-2018-16231
MISC
elfutils -- elfutilsdwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.2018-08-28not yet calculatedCVE-2018-16062
MISC
MISC
episerver -- episerver
 
XML external entity (XXE) vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx.2018-08-29not yet calculatedCVE-2017-17762
MISC
MISC
epson -- iprint_application_6.6.3_for_androidThe EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services.2018-08-30not yet calculatedCVE-2018-14901
MISC
epson -- iprint_application_6.6.3_for_androidThe ContentProvider in the EPSON iPrint application 6.6.3 for Android does not properly restrict data access. This allows an attacker's application to read scanned documents.2018-08-30not yet calculatedCVE-2018-14902
MISC
epson -- wf-2750_printer_with_firmware_jp02i2On the EPSON WF-2750 printer with firmware JP02I2, the Web interface AirPrint Setup page is vulnerable to HTML Injection that can redirect users to malicious sites.2018-08-30not yet calculatedCVE-2018-14899
MISC
epson -- wf-2750_printer_with_firmware_jp02i2EPSON WF-2750 printers with firmware JP02I2 do not properly validate files before running updates, which allows remote attackers to cause a printer malfunction or send malicious data to the printer.2018-08-30not yet calculatedCVE-2018-14903
MISC
epson -- wf-2750_printer_with_firmware_jp02i2On EPSON WF-2750 printers with firmware JP02I2, there is no filtering of print jobs. Remote attackers can send print jobs directly to the printer via TCP port 9100.2018-08-30not yet calculatedCVE-2018-14900
MISC
exiv2 -- exiv2Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999.2018-09-01not yet calculatedCVE-2018-16336
MISC
fig2dev -- fig2dev
 
A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file.2018-08-29not yet calculatedCVE-2018-16140
MISC
foxit -- reader
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6683.2018-08-30not yet calculatedCVE-2018-14317
CONFIRM
MISC
getsimple -- cmsThere is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field.2018-09-01not yet calculatedCVE-2018-16325
MISC
gleez -- cmsThere is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add.2018-08-25not yet calculatedCVE-2018-15845
MISC
EXPLOIT-DB
google -- chromeUse after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.2018-08-28not yet calculatedCVE-2017-15410
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chromeIncorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page.2018-08-28not yet calculatedCVE-2017-15415
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chromeInappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page.2018-08-28not yet calculatedCVE-2017-15417
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chromeInappropriate implementation in browser navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.2018-08-28not yet calculatedCVE-2017-15420
SECTRACK
REDHAT
MISC
MISC
GENTOO
DEBIAN
DEBIAN
google -- chromeUse of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.2018-08-28not yet calculatedCVE-2017-15418
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chromeHeap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read.2018-08-28not yet calculatedCVE-2017-15416
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chromeInappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic.2018-08-28not yet calculatedCVE-2017-15423
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chromeA use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2018-08-28not yet calculatedCVE-2017-15399
BID
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chromeInteger overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.2018-08-28not yet calculatedCVE-2017-15422
REDHAT
MISC
MISC
GENTOO
UBUNTU
DEBIAN
google -- chromeInsufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.2018-08-28not yet calculatedCVE-2017-15424
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chromeUnsafe navigation in Chromecast in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.2018-08-28not yet calculatedCVE-2017-15430
MISC
MISC
google -- chromeInsufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page.2018-08-28not yet calculatedCVE-2017-15419
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chromeUse after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.2018-08-28not yet calculatedCVE-2017-15411
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chromeOut-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server.2018-08-28not yet calculatedCVE-2017-15407
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chromeInsufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.2018-08-28not yet calculatedCVE-2017-15425
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chromeInsufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.2018-08-28not yet calculatedCVE-2017-15426
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chromeHeap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium.2018-08-28not yet calculatedCVE-2017-15408
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chromeA stack buffer overflow in V8 in Google Chrome prior to 62.0.3202.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.2018-08-28not yet calculatedCVE-2017-15406
MISC
MISC
google -- chromeHeap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2018-08-28not yet calculatedCVE-2017-15409
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chromeInsufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar.2018-08-28not yet calculatedCVE-2017-15427
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chromeUse after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2018-08-28not yet calculatedCVE-2017-15412
SECTRACK
REDHAT
REDHAT
MISC
MISC
MISC
MLIST
GENTOO
DEBIAN
google -- chromeType confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2018-08-28not yet calculatedCVE-2017-15413
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chromeInappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.2018-08-28not yet calculatedCVE-2017-15429
BID
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chromeA stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server.2018-08-28not yet calculatedCVE-2017-15398
BID
REDHAT
MISC
MISC
GENTOO
DEBIAN
google -- chrome
 
A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2018-08-28not yet calculatedCVE-2017-15396
MISC
BID
REDHAT
MISC
MISC
GENTOO
DEBIAN
grafana -- grafana
 
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.2018-08-29not yet calculatedCVE-2018-15727
BID
CONFIRM
ibm -- cloud_orchestratorA vulnerability has been identified in IBM Cloud Orchestrator 2.3, 2.3.0.1, 2.4, and 2.4.0.1 that could allow an attacker after authentication to enumerate valid users of the system. IBM X-Force ID: 109394.2018-08-30not yet calculatedCVE-2016-0205
XF
CONFIRM
ibm -- maximo_asset_managementIBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145968.2018-08-24not yet calculatedCVE-2018-1699
BID
XF
CONFIRM
ibm -- openpages_grc_platformIBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser. IBM X-Force ID: 110303.2018-08-30not yet calculatedCVE-2016-0234
CONFIRM
XF
ibm -- platform_symphonyIBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 contain an information disclosure vulnerability that could allow an authenticated attacker to obtain highly sensitive information. IBM X-Force ID: 146340.2018-08-28not yet calculatedCVE-2018-1705
XF
CONFIRM
ibm -- security_access_manager_applianceIBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running. IBM X-Force ID: 147370.2018-08-24not yet calculatedCVE-2018-1722
BID
SECTRACK
XF
CONFIRM
ibm -- urbancode_deployIBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. IBM X-Force ID: 112119.2018-08-30not yet calculatedCVE-2016-0373
CONFIRM
XF
ibm -- websphere_application_server_libertyIBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication SPI for Containers (JASPIC). This can happen when the Application Server is configured to permit access on non-secure (http) port and using JASPIC or JSR375 authentication.2018-08-24not yet calculatedCVE-2018-1755
BID
SECTRACK
XF
CONFIRM
ibm -- websphere_commerceIBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another user.2018-08-27not yet calculatedCVE-2018-1644
CONFIRM
XF
icewarp -- serverIn IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field.2018-09-01not yet calculatedCVE-2018-16324
MISC
MISC
icms -- icmsAn issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability.2018-09-01not yet calculatedCVE-2018-16332
MISC
idera -- up.timeAn issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands.2018-08-27not yet calculatedCVE-2015-9263
MISC
EXPLOIT-DB
MISC
idreamsoft -- icmsAn issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header.2018-09-01not yet calculatedCVE-2018-16314
MISC
idreamsoft -- icmsidreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file.2018-09-01not yet calculatedCVE-2018-16320
MISC
idreamsoft -- icmsAn SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14858.2018-08-27not yet calculatedCVE-2018-15895
MISC
imagemagick -- imagemagickIn ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.2018-09-01not yet calculatedCVE-2018-16329
MISC
imagemagick -- imagemagickReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.2018-09-01not yet calculatedCVE-2018-16323
MISC
imagemagick -- imagemagick
 
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.2018-09-01not yet calculatedCVE-2018-16328
MISC
infoblox -- netmriInfoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter.2018-08-28not yet calculatedCVE-2018-6643
MISC
joomla -- joomlaAn issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter.2018-08-28not yet calculatedCVE-2018-15882
BID
CONFIRM
joomla -- joomlaAn issue was discovered in Joomla! before 3.8.12. Inadequate checks regarding disabled fields can lead to an ACL violation.2018-08-28not yet calculatedCVE-2018-15881
BID
CONFIRM
joomla -- joomla
 
The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=com_joomanager&controller=details&task=download&path=configuration.php request.2018-08-26not yet calculatedCVE-2017-18345
MISC
MISC
EXPLOIT-DB
joomla -- joomla
 
An issue was discovered in Joomla! before 3.8.12. Inadequate output filtering on the user profile page could lead to a stored XSS attack.2018-08-28not yet calculatedCVE-2018-15880
BID
CONFIRM
lansweeper -- lansweeperLansweeper 4.x through 6.x before 6.0.0.48 allows attackers to execute arbitrary code on the administrator's workstation via a crafted Windows service.2018-08-27not yet calculatedCVE-2015-9264
MISC
libtiff -- libtiffnewoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209.2018-09-01not yet calculatedCVE-2018-16335
MISC
libtirpc -- libtirpcA null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.2018-08-30not yet calculatedCVE-2018-14622
CONFIRM
REDHAT
CONFIRM
CONFIRM
MLIST
libtirpc -- libtirpc
 
An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted.2018-08-30not yet calculatedCVE-2018-14621
CONFIRM
CONFIRM
CONFIRM
libx11 -- libx11An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.2018-08-24not yet calculatedCVE-2018-14599
MLIST
BID
SECTRACK
CONFIRM
CONFIRM
MLIST
MLIST
UBUNTU
libx11 -- libx11An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution.2018-08-24not yet calculatedCVE-2018-14600
MLIST
BID
SECTRACK
CONFIRM
CONFIRM
MLIST
MLIST
UBUNTU
libx11 -- libx11
 
An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).2018-08-24not yet calculatedCVE-2018-14598
MLIST
BID
SECTRACK
CONFIRM
CONFIRM
MLIST
MLIST
UBUNTU
libzypp -- libzypp
 
The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download.2018-08-31not yet calculatedCVE-2018-7685
MISC
CONFIRM
MISC
lightbend -- akkaLightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. A random number generator is used in Akka Remoting for TLS (both classic and Artery Remoting). Akka allows configuration of custom random number generators. For historical reasons, Akka included the AES128CounterSecureRNG and AES256CounterSecureRNG random number generators. The implementations had a bug that caused the generated numbers to be repeated after only a few bytes. The custom RNG implementations were not configured by default but examples in the documentation showed (and therefore implicitly recommended) using the custom ones. This can be used by an attacker to compromise the communication if these random number generators are enabled in configuration. It would be possible to eavesdrop, replay, or modify the messages sent with Akka Remoting/Cluster.2018-08-29not yet calculatedCVE-2018-16115
MISC
lightbend -- akkaThe decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service (memory consumption and daemon crash) via a ZIP bomb.2018-08-30not yet calculatedCVE-2018-16131
MISC
MISC
MISC
linux -- linux_kernelAn issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.2018-08-31not yet calculatedCVE-2018-16276
MISC
MISC
MISC
linux -- linux_kernelA flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed while it is still in use leading to a local user being able to crash the system or possibly escalate privileges.2018-08-30not yet calculatedCVE-2018-14619
CONFIRM
CONFIRM
linux -- linux_kernel
 
A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service.2018-08-27not yet calculatedCVE-2018-10938
MLIST
BID
SECTRACK
CONFIRM
CONFIRM
manjaro -- linuxAn issue was discovered in manjaro-update-system.sh in manjaro-system 20180716-1 on Manjaro Linux. A local attacker can install or remove arbitrary packages and package repositories potentially containing hooks with arbitrary code, which will automatically be run as root, or remove packages vital to the system.2018-08-29not yet calculatedCVE-2018-15912
CONFIRM
MLIST

mediacomm -- zip-n-go

MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted file.2018-09-01not yet calculatedCVE-2018-16302
EXPLOIT-DB
micro_focus -- service_management_automation_containerized_suitesRemote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05, Service Virtualization (SV) with floating licenses using Any version using APLS older than 10.7, Unified Functional Testing (UFT) with floating licenses using Any version using APLS older than 10.7, Network Virtualization (NV) with floating licenses using Any version using APLS older than 10.7 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution.2018-08-30not yet calculatedCVE-2018-6499
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
micro_focus -- service_management_automation_containerized_suites
 
Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution.2018-08-30not yet calculatedCVE-2018-6498
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
minicms -- minicmsAn issue was discovered in MiniCMS 1.10. There is a post.php?date= XSS vulnerability.2018-08-27not yet calculatedCVE-2018-15899
MISC
minicms -- minicmsAn issue was discovered in MiniCMS 1.10. There is an mc-admin/post.php?tag= XSS vulnerability for a state=delete, state=draft, or state=publish request.2018-08-31not yet calculatedCVE-2018-16298
MISC
minicms -- minicmsMiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter.2018-08-30not yet calculatedCVE-2018-16233
MISC
mod_perl -- mod_perl
 
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.2018-08-26not yet calculatedCVE-2011-2767
MISC
MISC
morningstar -- whatwebMorningStar WhatWeb 0.4.9 has XSS via JSON report files.2018-08-30not yet calculatedCVE-2018-16234
MISC
mutiny -- monitoring_applianceA command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload.2018-08-28not yet calculatedCVE-2018-15529
MISC
MISC
mybb -- mybb
 
An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles (within title elements of the generated XML documents) aren't sanitized, leading to XSS.2018-08-28not yet calculatedCVE-2018-15596
CONFIRM
mystrom -- wifi_switch_and_bulb_and_led_strip_and_button_devicesAn issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. Devices did not authenticate themselves to the cloud in device to cloud communication. This lack of device authentication allowed an attacker to impersonate any device by guessing or learning their MAC address.2018-08-30not yet calculatedCVE-2018-15479
MISC
mystrom -- wifi_switch_and_bulb_and_led_strip_and_button_devicesAn issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The process of registering a device with a cloud account was based on an activation code derived from the device MAC address. By guessing valid MAC addresses or using MAC addresses printed on devices in shops and reverse engineering the protocol, an attacker would have been able to register previously unregistered devices to their account. When the rightful owner would have connected them after purchase to their WiFi network, the devices would not have registered with their account, would subsequently not have been controllable from the owner's mobile app, and would not have been visible in the owner's account. Instead, they would have been under control of the attacker.2018-08-30not yet calculatedCVE-2018-15478
MISC
mystrom -- wifi_switch_and_bulb_and_led_strip_and_button_devicesAn issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The SSL/TLS server certificate in the device to cloud communication was not verified by the device. As a result, an attacker in control of the network traffic of a device could have taken control of a device by intercepting and modifying commands issued from the server to the device in a Man-in-the-Middle attack. This included the ability to inject firmware update commands into the communication and cause the device to install maliciously modified firmware.2018-08-30not yet calculatedCVE-2018-15476
MISC
mystrom -- wifi_switch_and_bulb_and_led_strip_and_button_devicesAn issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The cloud API had a hidden parameter, which allowed an authenticated user to reconfigure the server URL for a device registered to their account. In combination with an insecure device registration vulnerability, this allowed an attacker to reconfigure a maliciously registered device to their own rogue replica of the myStrom API and issue commands to the device, including firmware update commands.2018-08-30not yet calculatedCVE-2018-15480
MISC
mystrom -- wifi_switch_devicesmyStrom WiFi Switch V1 devices before 2.66 did not sanitize a parameter received from the cloud that was used in an OS command. Malicious servers were able to run operating system commands on the device.2018-08-30not yet calculatedCVE-2018-15477
MISC
norton -- identity_safeThe Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihood of encrypted data being recovered without adequate credentials.2018-08-29not yet calculatedCVE-2018-12240
BID
CONFIRM
npm -- moscaThis vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacker can leverage this vulnerability to deny access to the target system. Was ZDI-CAN-6306.2018-08-30not yet calculatedCVE-2018-11615
MISC
nvidia -- geforce_experienceNVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges, or both.2018-08-31not yet calculatedCVE-2018-6257
CONFIRM
nvidia -- geforce_experienceNVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a Man-in-the-Middle (MitM) attack to obtain sensitive information.2018-08-31not yet calculatedCVE-2018-6258
CONFIRM
nvidia -- geforce_experienceNVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where limited information disclosure may be possible.2018-08-31not yet calculatedCVE-2018-6259
CONFIRM
open_whisper -- signal_appThe image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images. This allows for a large image sent to a user to exhaust all available memory when the image is displayed, resulting in a forced restart of the device.2018-08-29not yet calculatedCVE-2018-16132
MISC
openssh -- opensshRemotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'2018-08-28not yet calculatedCVE-2018-15919
MISC
BID
openstack-cinder -- openstack-cinder
 
A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.2018-08-27not yet calculatedCVE-2017-15139
CONFIRM
MISC
opswat -- metadefenderOPSWAT MetaDefender before v4.11.2 allows CSV injection.2018-08-31not yet calculatedCVE-2018-16275
CONFIRM
orbic -- wonder_orbic_release-keys_devicesAn issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices, allowing attackers to obtain sensitive information (such as text-message content) by reading a copy of the Android log on the SD card. The system-wide Android logs are not directly available to third-party apps since they tend to contain sensitive data. Third-party apps can read from the log but only the log messages that the app itself has written. Certain apps can leak data to the Android log due to not sanitizing log messages, which is in an insecure programming practice. Pre-installed system apps and apps that are signed with the framework key can read from the system-wide Android log. We found a pre-installed app on the Orbic Wonder that when started via an Intent will write the Android log to the SD card, also known as external storage, via com.ckt.mmitest.MmiMainActivity. Any app that requests the READ_EXTERNAL_STORAGE permission can read from the SD card. Therefore, a local app on the device can quickly start a specific component in the pre-installed system app to have the Android log written to the SD card. Therefore, any app co-located on the device with the READ_EXTERNAL_STORAGE permission can obtain the data contained within the Android log and continually monitor it and mine the log for relevant data. In addition, the default messaging app (com.android.mms) writes the body of sent and received text messages to the Android log, as well as the recipient phone number for sent text messages and the sending phone number for received text messages. In addition, any call data contains phone numbers for sent and received calls.2018-08-29not yet calculatedCVE-2018-6599
MISC
orbic -- wonder_orbic_release-keys_devicesAn issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices. Any app co-located on the device can send an intent to factory reset the device programmatically because of com.android.server.MasterClearReceiver. This does not require any user interaction and does not require any permission to perform. A factory reset will remove all user data from the device. This will result in the loss of any data that the user has not backed up or synced externally. This capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves), although this capability is present in an unprotected component of the Android OS. This vulnerability is not present in Google's Android Open Source Project (AOSP) code. Therefore, it was introduced by Orbic or another entity in the supply chain.2018-08-29not yet calculatedCVE-2018-6598
MISC
ovation -- findmeOvation FindMe 1.4-1083-1 is intended to support transmission of network traffic from covert video recorders but does not properly disrupt binary analysis for discovering the product's capabilities or purpose. This makes it easier for adversaries to detect the covert operation. Specifically, the product uses a compression technique to prevent the identification of certain libraries in the software by obfuscation. The software relies on a TLS callback and an additional executable file to enable these libraries and their access to certain websites. The unpacked software can be exploited by several different types of documented techniques.2018-08-26not yet calculatedCVE-2018-15885
MISC
pandao -- editor.mdPandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element.2018-09-01not yet calculatedCVE-2018-16330
MISC
pango -- pango
 
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.2018-08-24not yet calculatedCVE-2018-15120
MISC
CONFIRM
CONFIRM
MLIST
UBUNTU
EXPLOIT-DB
pdf-xchange -- editorPDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564.2018-09-01not yet calculatedCVE-2018-16303
MISC
phpkaiyuancms -- phpopensourcecms  phpkaiyuancms PhpOpenSourceCMS (POSCMS) V3.2.0 allows an unauthenticated user to execute arbitrary SQL commands via the diy/module/member/controllers/Api.php ajax_save_draft function with the dir parameter.2018-08-31not yet calculatedCVE-2018-16278
MISC
phpmyadmin -- phpmyadminAn issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature.2018-08-24not yet calculatedCVE-2018-15605
BID
SECTRACK
CONFIRM
CONFIRM
phpmyfaq -- phpmyfaqphpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter.2018-08-28not yet calculatedCVE-2014-6049
MISC
CONFIRM
phpmyfaq -- phpmyfaqphpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks.2018-08-28not yet calculatedCVE-2014-6047
MISC
CONFIRM
phpmyfaq -- phpmyfaqSQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function.2018-08-28not yet calculatedCVE-2014-6045
MISC
CONFIRM
phpmyfaq -- phpmyfaqMultiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token.2018-08-28not yet calculatedCVE-2014-6046
MISC
CONFIRM
phpmyfaq -- phpmyfaqphpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request.2018-08-28not yet calculatedCVE-2014-6050
MISC
CONFIRM
phpmyfaq -- phpmyfaqphpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request.2018-08-28not yet calculatedCVE-2014-6048
MISC
CONFIRM
phpok -- phpokPHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login_control.php via the _back parameter to the ok_f function.2018-08-30not yet calculatedCVE-2018-16142
MISC
phpscriptsmall.com -- website_seller_scriptPHP Scripts Mall Website Seller Script 2.0.5 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, Company Name, or Fax field, as demonstrated by crossPwn.2018-08-28not yet calculatedCVE-2018-15897
MISC
phpscriptsmall.com -- website_seller_scriptPHP Scripts Mall Website Seller Script 2.0.5 has XSS via Personal Address or Company Name.2018-08-28not yet calculatedCVE-2018-15896
MISC
podofo -- podofo
 
In podofo 0.9.6, the function PoDoFo::PdfParser::ReadObjects() in base/PdfParser.cpp can cause the program to be aborted, because PoDoFo::PdfVecObjects::Reserve() in base/PdfVecObjects.h can be called with a large size value. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.2018-08-26not yet calculatedCVE-2018-15889
MISC
MISC
portainer -- portainerA stored Cross-site scripting (XSS) vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field.2018-09-01not yet calculatedCVE-2018-16316
MISC
postgresql-jdbc -- postgresql-jdbc
 
A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.2018-08-30not yet calculatedCVE-2018-10936
CONFIRM
CONFIRM
qemu -- qemuqemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.2018-08-29not yet calculatedCVE-2018-15746
MLIST
MLIST
qnap -- photo_stationCross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascript code in the compromised application.2018-08-27not yet calculatedCVE-2018-0715
CONFIRM
responsive_filemanager -- responsive_filemanager/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is outside of that directory, aka Directory Traversal.2018-08-24not yet calculatedCVE-2018-15535
FULLDISC
EXPLOIT-DB
responsive_filemanager -- responsive_filemanager/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal.2018-08-24not yet calculatedCVE-2018-15536
FULLDISC
EXPLOIT-DB
ricoh -- mp_c4504ex_devicesRICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.2018-08-28not yet calculatedCVE-2018-15884
MISC
EXPLOIT-DB
rsa -- bsafe_micro_edition_suiteRSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.2018-08-31not yet calculatedCVE-2018-11054
FULLDISC
rsa -- bsafe_micro_edition_suiteRSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.2018-08-31not yet calculatedCVE-2018-11055
FULLDISC
rsa -- bsafe_micro_edition_suiteRSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service.2018-08-31not yet calculatedCVE-2018-11056
FULLDISC
rsa -- bsafe_micro_edition_suiteRSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.2018-08-31not yet calculatedCVE-2018-11057
FULLDISC
samsung -- smartthings_hub_sth-eth-250_firmwareAn exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process incorrectly handles malformed files existing in its data directory, leading to an infinite loop, which eventually causes the process to crash. An attacker can send an HTTP request to trigger this vulnerability.2018-08-28not yet calculatedCVE-2018-3926
BID
MISC
samsung -- smartthings_hub_sth-eth-250_firmwareAn exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the backtrace.io service, leading to the exposure of sensitive data. An attacker can impersonate the remote backtrace.io server in order to trigger this vulnerability.2018-08-27not yet calculatedCVE-2018-3927
MISC
samsung -- smartthings_hub_sth-eth-250_firmwareAn exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.2018-08-27not yet calculatedCVE-2018-3893
MISC
samsung -- smartthings_hub_sth-eth-250_firmwareAn exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.2018-08-27not yet calculatedCVE-2018-3904
MISC
samsung -- smartthings_hub_sth-eth-250_firmwareAn exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync' operation, leading to arbitrary deletion of cameras. An attacker can send an HTTP request to trigger this vulnerability.2018-08-27not yet calculatedCVE-2018-3918
MISC
samsung -- smartthings_hub_sth-eth-250_firmwareAn exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. With the implementation of the on_body callback, defined by sub_41734, an attacker can send an HTTP request to trigger this vulnerability.2018-08-28not yet calculatedCVE-2018-3908
MISC
samsung -- smartthings_hub_sth-eth-250_firmwareAn exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long 'endTime' value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability.2018-08-28not yet calculatedCVE-2018-3895
MISC
samsung -- smartthings_hub_sth-eth-250_firmwareAn exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 136 bytes. An attacker can send an arbitrarily long 'directory' value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability.2018-08-28not yet calculatedCVE-2018-3916
MISC
schneider_electric -- modicon_m221A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC.2018-08-29not yet calculatedCVE-2018-7791
BID
CONFIRM
schneider_electric -- modicon_m221An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames.2018-08-29not yet calculatedCVE-2018-7789
BID
MISC
CONFIRM
schneider_electric -- modicon_m221An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC.2018-08-29not yet calculatedCVE-2018-7790
BID
CONFIRM
schneider_electric -- modicon_m221A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table.2018-08-29not yet calculatedCVE-2018-7792
BID
CONFIRM
schneider_electric -- powerlogicA Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code.2018-08-29not yet calculatedCVE-2018-7795
BID
MISC
CONFIRM
sentrifugo -- sentrifugo
 
A SQL Injection issue was discovered in Sentrifugo 3.2 via the deptid parameter.2018-08-28not yet calculatedCVE-2018-15873
MISC
simplehttpserver -- simplehttpserver
 
Path traversal in simplehttpserver 2018-08-31not yet calculatedCVE-2018-3787
MISC
subrion -- subrionThere is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration.2018-09-01not yet calculatedCVE-2018-16327
MISC
technicolor -- tc8305c_devicesTechnicolor (formerly RCA) TC8305C devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852.2018-08-29not yet calculatedCVE-2018-15907
MISC
tencent -- foxmailThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tencent Foxmail 7.2.9.115. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5543.2018-08-30not yet calculatedCVE-2018-11616
MISC

tenda -- multiple_routers

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow.2018-09-01not yet calculatedCVE-2018-16333
MISC
tenda -- multiple_routersAn issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection.2018-09-01not yet calculatedCVE-2018-16334
MISC
thinkcmf -- thinkcmfThinkCMF X2.2.3 has an arbitrary file deletion vulnerability in do_avatar in \application\User\Controller\ProfileController.class.php via an imgurl parameter with a ..\ sequence. A member user can delete any file on a Windows server.2018-08-30not yet calculatedCVE-2018-16141
MISC
trend_micro -- officescan_xgA Named Pipe Request Processing Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro OfficeScan XG (12.0) could allow a local attacker to disclose sensitive information on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.2018-08-30not yet calculatedCVE-2018-15364
CONFIRM
MISC
trend_micro -- securityA Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.2018-08-30not yet calculatedCVE-2018-10513
CONFIRM
MISC
trend_micro -- securityAn Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.2018-08-30not yet calculatedCVE-2018-15363
CONFIRM
MISC
trend_micro -- securityA Missing Impersonation Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.2018-08-30not yet calculatedCVE-2018-10514
CONFIRM
MISC
umbraco -- umbraco
 
Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files.2018-08-27not yet calculatedCVE-2014-10074
MISC
MISC
vanilla -- vanilla
 
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).2018-08-26not yet calculatedCVE-2018-15833
MISC
MISC
MISC
MISC
visiology -- flipbox_software_suiteVisiology Flipbox Software Suite before 2.7.0 allows directory traversal via %5c%2e%2e%2f because it does not sanitize filename parameters.2018-08-27not yet calculatedCVE-2018-15810
MISC
MISC
vivotek -- multiple_devicesVarious VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code.2018-08-29not yet calculatedCVE-2018-14768
CONFIRM
CONFIRM
waimai -- super_cmsIn waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add.2018-09-01not yet calculatedCVE-2018-16315
MISC
waimai -- super_cmswaimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=cart&a=save item_totals parameter to zero, the entire cart is sold for free.2018-08-30not yet calculatedCVE-2018-16157
MISC
wireshark -- wiresharkIn Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure.2018-08-29not yet calculatedCVE-2018-16058
BID
MISC
MISC
MISC
wireshark -- wiresharkIn Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations.2018-08-29not yet calculatedCVE-2018-16057
BID
MISC
MISC
MISC
wireshark -- wiresharkIn Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists.2018-08-29not yet calculatedCVE-2018-16056
BID
MISC
MISC
MISC
wordpress -- wordpressAn issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for WordPress. The register form, login form, and password-recovery form require solving a CAPTCHA to perform actions. However, this is required only once per user session, and therefore one could send as many requests as one wished by automation.2018-08-26not yet calculatedCVE-2018-15876
MISC
wordpress -- wordpressThe Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request.2018-08-30not yet calculatedCVE-2018-16159
MISC
EXPLOIT-DB
wordpress -- wordpressThe Plainview Activity Monitor plugin 4.7.11 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request.2018-08-26not yet calculatedCVE-2018-15877
MISC
EXPLOIT-DB
wordpress -- wordpressCross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the val parameter to whois.php.2018-08-28not yet calculatedCVE-2014-4932
MISC
CONFIRM
wordpress -- wordpressThe Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.2018-09-01not yet calculatedCVE-2018-16308
MISC
MISC
EXPLOIT-DB
wordpress -- wordpress
 
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection.2018-08-28not yet calculatedCVE-2018-15571
MISC
EXPLOIT-DB
wuzhi -- cmsA SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter.2018-08-27not yet calculatedCVE-2018-15893
MISC
wuzhi -- cmsA SQL injection was discovered in /coreframe/app/admin/pay/admin/index.php in WUZHI CMS 4.1.0 via the index.php?m=pay&f=index&v=listing keyValue parameter.2018-08-27not yet calculatedCVE-2018-15894
MISC
xovis -- pc-series_sensors_firmwareXovis PC2, PC2R, and PC3 devices through 3.6.0 allow Directory Traversal.2018-08-30not yet calculatedCVE-2018-11720
CONFIRM
xovis -- pc-series_sensors_firmwareXovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE.2018-08-30not yet calculatedCVE-2018-11719
CONFIRM
xovis -- pc-series_sensors_firmwareXovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF.2018-08-30not yet calculatedCVE-2018-11718
CONFIRM
zoho_manageengine -- admanager_plusZoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen.2018-08-28not yet calculatedCVE-2018-15608
EXPLOIT-DB
zoho_manageengine -- admanager_plusZoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen.2018-08-28not yet calculatedCVE-2018-15740
MISC
MISC
MISC
zyxel -- vmg3312_b10b_devicesZyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter.2018-08-26not yet calculatedCVE-2018-15602
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System https://ift.tt/2LSPvur