SB18-274: Vulnerability Summary for the Week of September 24, 2018
Original release date: October 01, 2018
Back to top
Back to top
Back to top
Back to top
from US-CERT National Cyber Alert System https://ift.tt/2NRFFyN
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no high vulnerabilities recorded this week. | ||||
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no medium vulnerabilities recorded this week. | ||||
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no low vulnerabilities recorded this week. | ||||
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 389_directory_server -- 389_directory_server | A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service. | 2018-09-28 | not yet calculated | CVE-2018-14648 CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-09-25 | not yet calculated | CVE-2018-12850 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-09-25 | not yet calculated | CVE-2018-12840 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-09-25 | not yet calculated | CVE-2018-12801 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-09-25 | not yet calculated | CVE-2018-12775 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-09-25 | not yet calculated | CVE-2018-12778 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-09-25 | not yet calculated | CVE-2018-12849 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-09-25 | not yet calculated | CVE-2018-12848 BID SECTRACK CONFIRM |
| adobe -- coldfusion | Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-09-25 | not yet calculated | CVE-2018-15957 BID SECTRACK CONFIRM |
| adobe -- coldfusion | Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-09-25 | not yet calculated | CVE-2018-15958 BID SECTRACK CONFIRM |
| adobe -- coldfusion | Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary folder creation. | 2018-09-25 | not yet calculated | CVE-2018-15963 BID SECTRACK CONFIRM |
| adobe -- coldfusion | Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure. | 2018-09-25 | not yet calculated | CVE-2018-15964 BID SECTRACK CONFIRM |
| adobe -- coldfusion | Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-09-25 | not yet calculated | CVE-2018-15959 BID SECTRACK CONFIRM |
| adobe -- coldfusion | Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a directory listing vulnerability. Successful exploitation could lead to information disclosure. | 2018-09-25 | not yet calculated | CVE-2018-15962 BID SECTRACK CONFIRM |
| adobe -- coldfusion | Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-09-25 | not yet calculated | CVE-2018-15965 BID SECTRACK CONFIRM |
| adobe -- coldfusion | Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-09-25 | not yet calculated | CVE-2018-15961 BID SECTRACK CONFIRM |
| adobe -- coldfusion | Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to arbitrary file overwrite. | 2018-09-25 | not yet calculated | CVE-2018-15960 BID SECTRACK CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure. | 2018-09-25 | not yet calculated | CVE-2018-15967 BID SECTRACK REDHAT CONFIRM |
| alcatel -- ee_ee40vb_4g_mobile_broadband_modems | The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the "Web Connecton\EE40\BackgroundService" directory. | 2018-09-26 | not yet calculated | CVE-2018-14327 MISC MISC BID MISC EXPLOIT-DB |
| apache -- http_server | In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. | 2018-09-25 | not yet calculated | CVE-2018-11763 BID SECTRACK CONFIRM |
| arris -- tg2492lg-na_061213_devices | The web component on ARRIS TG2492LG-NA 061213 devices allows remote attackers to obtain sensitive information via the /snmpGet oids parameter. | 2018-09-26 | not yet calculated | CVE-2018-17555 MISC |
| avaya -- aura_communication_manager | A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1. | 2018-09-27 | not yet calculated | CVE-2018-15611 CONFIRM |
| avaya -- call_management_system | A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x. | 2018-09-24 | not yet calculated | CVE-2018-15615 BID CONFIRM |
| bigtree -- bigtree_cms | BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a ..\ substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/..\ URI. | 2018-09-23 | not yet calculated | CVE-2018-17341 MISC |
| circontrol -- circarlife | An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information. | 2018-09-26 | not yet calculated | CVE-2018-16672 MISC |
| citrix -- sharefile_storagezones_controller | Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal. | 2018-09-26 | not yet calculated | CVE-2018-16968 BID CONFIRM |
| citrix -- sharefile_storagezones_controller | Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message. | 2018-09-26 | not yet calculated | CVE-2018-16969 BID CONFIRM |
| dell_emc -- esrs_policy_manager | Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code in the server's JVM. | 2018-09-28 | not yet calculated | CVE-2018-15764 BID SECTRACK FULLDISC |
| dell_emc -- unity_and_unityvsa | Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect Unity users to arbitrary web URLs by tricking the victim user to click on a maliciously crafted Unisphere URL. Attacker could potentially phish information, including Unisphere users' credentials, from the victim once they are redirected. | 2018-09-28 | not yet calculated | CVE-2018-1251 FULLDISC |
| dell_emc -- unity_and_unityvsa | Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains an Authorization Bypass vulnerability. A remote authenticated user could potentially exploit this vulnerability to read files in NAS server by directly interacting with certain APIs of Unity OE, bypassing Role-Based Authorization control implemented only in Unisphere GUI. | 2018-09-28 | not yet calculated | CVE-2018-1250 FULLDISC |
| dell_emc -- unity_and_unityvsa | Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser. | 2018-09-28 | not yet calculated | CVE-2018-1246 FULLDISC |
| delta_electronics -- delta_industrial_automation_pmsoft | Delta Electronics Delta Industrial Automation PMSoft v2.11 or prior has an out-of-bounds read vulnerability that can be executed when processing project files, which may allow an attacker to read confidential information. | 2018-09-27 | not yet calculated | CVE-2018-14824 MISC BID MISC |
| digium -- asterisk | There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket. | 2018-09-24 | not yet calculated | CVE-2018-17281 CONFIRM MISC FULLDISC BID SECTRACK CONFIRM MLIST BUGTRAQ |
| druide -- antidote | Druide Antidote through 9.5.1 on Windows and Linux allows remote code execution through the update mechanism by leveraging use of HTTP to download installation packages. | 2018-09-24 | not yet calculated | CVE-2018-13140 MISC FULLDISC MISC |
| e107 -- e107 | e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page. | 2018-09-26 | not yet calculated | CVE-2018-17081 MISC |
| epee_library -- levin | An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700) and other cryptocurrencies. A specially crafted network packet can cause a logic flaw, resulting in code execution. An attacker can send a packet to trigger this vulnerability. | 2018-09-26 | not yet calculated | CVE-2018-3972 MISC MISC |
| ethereum -- cryptosaga | The random() function of the smart contract implementation for CryptoSaga, an Ethereum game, generates a random value with publicly readable variables such as timestamp, the current block's blockhash, and a private variable (which can be read with a getStorageAt call). Therefore, attackers can precompute the random number and manipulate the game (e.g., get powerful characters or get critical damages). | 2018-09-24 | not yet calculated | CVE-2018-12975 MISC |
| exiv2 -- exiv2 | CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. | 2018-09-28 | not yet calculated | CVE-2018-17581 MISC MISC |
| foxit -- phantompdf_and_reader | Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. | 2018-09-28 | not yet calculated | CVE-2018-17610 MISC |
| foxit -- phantompdf_and_reader | Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. | 2018-09-28 | not yet calculated | CVE-2018-17609 MISC |
| foxit -- phantompdf_and_reader | Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. | 2018-09-28 | not yet calculated | CVE-2018-17611 MISC |
| foxit -- phantompdf_and_reader | Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. | 2018-09-28 | not yet calculated | CVE-2018-17607 MISC |
| foxit -- phantompdf_and_reader | Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigger Uninitialized Object Information Disclosure because creation of ArrayBuffer and DataView objects is mishandled. | 2018-09-29 | not yet calculated | CVE-2018-17781 MISC |
| foxit -- phantompdf_and_reader | Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. | 2018-09-28 | not yet calculated | CVE-2018-17608 MISC |
| freebsd_project -- freebsd | In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts privileged kernel data. | 2018-09-28 | not yet calculated | CVE-2018-17155 CONFIRM |
| freebsd_project -- freebsd | In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELEASE-p15, due to insufficient memory checking in the freebsd4_getfsstat system call, a NULL pointer dereference can occur. Unprivileged authenticated local users may be able to cause a denial of service. | 2018-09-28 | not yet calculated | CVE-2018-17154 CONFIRM |
| freebsd_project -- freebsd | In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985), and 10.4-RELEASE-p13, due to improper maintenance of IPv6 protocol control block flags through various failure paths, an unprivileged authenticated local user may be able to cause a NULL pointer dereference causing the kernel to crash. | 2018-09-28 | not yet calculated | CVE-2018-6925 CONFIRM |
| fuji -- electirc_v-server | Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution. | 2018-09-26 | not yet calculated | CVE-2018-14811 BID MISC |
| fuji -- electric_v-server | Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution. | 2018-09-26 | not yet calculated | CVE-2018-14817 BID MISC |
| fuji -- electric_v-server | Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution. | 2018-09-26 | not yet calculated | CVE-2018-14819 BID MISC |
| fuji -- electric_v-server | Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution. | 2018-09-26 | not yet calculated | CVE-2018-14823 BID MISC |
| fuji -- electric_v-server | Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution. | 2018-09-26 | not yet calculated | CVE-2018-14815 BID MISC |
| fuji -- electric_v-server | Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution. | 2018-09-26 | not yet calculated | CVE-2018-14809 MISC |
| fuji -- electric_v-server | Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution. | 2018-09-26 | not yet calculated | CVE-2018-14813 BID MISC |
| gnu_binutils -- gnu_binutils | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump. | 2018-09-23 | not yet calculated | CVE-2018-17360 MISC |
| gnu_binutils -- gnu_binutils | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file. | 2018-09-23 | not yet calculated | CVE-2018-17359 MISC |
| gnu_binutils -- gnu_binutils | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file. | 2018-09-23 | not yet calculated | CVE-2018-17358 MISC |
| google -- chrome | Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 2018-09-25 | not yet calculated | CVE-2018-6119 CONFIRM CONFIRM |
| google -- chrome | Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension. | 2018-09-25 | not yet calculated | CVE-2018-6045 BID SECTRACK REDHAT CONFIRM CONFIRM DEBIAN |
| google -- chrome | Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 2018-09-25 | not yet calculated | CVE-2018-6041 BID SECTRACK REDHAT CONFIRM CONFIRM DEBIAN |
| google -- chrome | Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page. | 2018-09-25 | not yet calculated | CVE-2018-6037 BID SECTRACK REDHAT CONFIRM CONFIRM DEBIAN |
| google -- chrome | Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page. | 2018-09-25 | not yet calculated | CVE-2018-6036 BID SECTRACK REDHAT CONFIRM CONFIRM DEBIAN |
| google -- chrome | Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data. | 2018-09-25 | not yet calculated | CVE-2018-6052 BID SECTRACK REDHAT CONFIRM CONFIRM DEBIAN |
| google -- chrome | Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 2018-09-25 | not yet calculated | CVE-2018-6034 BID SECTRACK REDHAT CONFIRM CONFIRM DEBIAN |
| google -- chrome | Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension. | 2018-09-25 | not yet calculated | CVE-2018-6035 BID SECTRACK REDHAT CONFIRM CONFIRM DEBIAN |
| google -- chrome | XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page. | 2018-09-25 | not yet calculated | CVE-2018-6051 BID SECTRACK REDHAT CONFIRM CONFIRM DEBIAN |
| google -- chrome | Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page. | 2018-09-25 | not yet calculated | CVE-2018-6032 BID SECTRACK REDHAT CONFIRM CONFIRM DEBIAN |
| google -- chrome | Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 2018-09-25 | not yet calculated | CVE-2018-6042 BID SECTRACK REDHAT CONFIRM CONFIRM DEBIAN |
| google -- chrome | Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page. | 2018-09-25 | not yet calculated | CVE-2018-6053 BID SECTRACK REDHAT CONFIRM CONFIRM DEBIAN |
| google -- chrome | Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension. | 2018-09-25 | not yet calculated | CVE-2018-6039 BID SECTRACK REDHAT CONFIRM CONFIRM DEBIAN |
| google -- chrome | Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 2018-09-25 | not yet calculated | CVE-2018-6050 BID SECTRACK REDHAT CONFIRM CONFIRM DEBIAN |
| google -- chrome | Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension. | 2018-09-25 | not yet calculated | CVE-2018-6046 BID SECTRACK REDHAT CONFIRM CONFIRM DEBIAN |
| google -- chrome | Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page. | 2018-09-25 | not yet calculated | CVE-2018-6040 BID SECTRACK REDHAT CONFIRM CONFIRM DEBIAN |
| google -- chrome | Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page. | 2018-09-25 | not yet calculated | CVE-2018-6047 BID SECTRACK REDHAT CONFIRM CONFIRM DEBIAN |
| google -- chrome | Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page. | 2018-09-25 | not yet calculated | CVE-2018-6055 CONFIRM CONFIRM |
| google -- chrome | Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. | 2018-09-25 | not yet calculated | CVE-2018-6054 BID SECTRACK REDHAT CONFIRM CONFIRM DEBIAN |
| google -- chrome | Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension. | 2018-09-25 | not yet calculated | CVE-2018-6033 BID SECTRACK REDHAT CONFIRM CONFIRM DEBIAN |
| google -- chrome | Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page. | 2018-09-25 | not yet calculated | CVE-2018-6049 BID SECTRACK REDHAT CONFIRM CONFIRM DEBIAN |
| google -- chrome | Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 2018-09-25 | not yet calculated | CVE-2018-6031 BID SECTRACK REDHAT CONFIRM CONFIRM DEBIAN |
| google -- chrome | Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page. | 2018-09-25 | not yet calculated | CVE-2018-6048 BID SECTRACK REDHAT CONFIRM CONFIRM DEBIAN |
| google -- chrome | Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page. | 2018-09-25 | not yet calculated | CVE-2018-6043 BID SECTRACK REDHAT CONFIRM CONFIRM DEBIAN |
| google -- chrome | Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 2018-09-25 | not yet calculated | CVE-2018-6038 BID SECTRACK REDHAT CONFIRM CONFIRM DEBIAN |
| grails -- grails | An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in AssetPipelineFilter.groovy or AssetPipelineFilterCore.groovy. | 2018-09-28 | not yet calculated | CVE-2018-17605 MISC MISC |
| hdf -- hdf5 | A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file. | 2018-09-24 | not yet calculated | CVE-2018-17433 MISC |
| hdf -- hdf5 | ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (invalid write access) via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file. | 2018-09-24 | not yet calculated | CVE-2018-17436 MISC |
| hdf -- hdf5 | A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack. | 2018-09-24 | not yet calculated | CVE-2018-17438 MISC |
| hdf -- hdf5 | Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file. | 2018-09-24 | not yet calculated | CVE-2018-17437 MISC |
| hdf -- hdf5 | A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack. | 2018-09-24 | not yet calculated | CVE-2018-17434 MISC |
| hdf -- hdf5 | A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting an HDF file to GIF file. | 2018-09-24 | not yet calculated | CVE-2018-17435 MISC |
| hdf -- hdf5 | An issue was discovered in the HDF HDF5 1.10.3 library. There is a stack-based buffer overflow in the function H5S_extent_get_dims() in H5S.c. Specifically, this issue occurs while converting an HDF5 file to a GIF file. | 2018-09-24 | not yet calculated | CVE-2018-17439 MISC |
| hdf -- hdf5 | A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. | 2018-09-24 | not yet calculated | CVE-2018-17432 MISC |
| honeywell -- mobile_computers | On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40 running Android OS 7.1, CK75 running Android OS 6.0, CN75 running Android OS 6.0, CN75e running Android OS 6.0, CT50 running Android OS 6.0, D75e running Android OS 6.0, CT50 running Android OS 4.4, D75e running Android OS 4.4, CN51 running Android OS 6.0, EDA50k running Android 4.4, EDA50 running Android OS 7.1, EDA50k running Android OS 7.1, EDA70 running Android OS 7.1, EDA60k running Android OS 7.1, and EDA51 running Android OS 8.1), a skilled attacker with advanced knowledge of the target system could exploit this vulnerability by creating an application that would successfully bind to the service and gain elevated system privileges. This could enable the attacker to obtain access to keystrokes, passwords, personal identifiable information, photos, emails, or business-critical documents. | 2018-09-24 | not yet calculated | CVE-2018-14825 MISC |
| hotus -- cms | Horus CMS allows SQL Injection, as demonstrated by a request to the /busca or /home URI. | 2018-09-26 | not yet calculated | CVE-2018-17410 MISC |
| hpe -- device_entitlement_gateway | A potential security vulnerability has been identified in HPE Device Entitlement Gateway (DEG) v3.2.4, v3.3 and v3.3.1. The vulnerability could be remotely exploited to allow local SQL injection and elevation of privilege. | 2018-09-27 | not yet calculated | CVE-2018-7107 CONFIRM |
| hpe -- enhanced_internet_usage_manager | HPE has addressed a remote arbitrary file modification vulnerability in HPE enhanced Internet Usage Manager (eIUM) v9.0FP1 with the cumulative patch for v9.0FP1 - eIUM90FP01XXX.YYYYMMDD-HHMM. | 2018-09-27 | not yet calculated | CVE-2018-7109 CONFIRM |
| hpe -- integrated_lights-out_5 | A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90 could be remotely exploited to execute arbitrary code. | 2018-09-27 | not yet calculated | CVE-2018-7105 SECTRACK CONFIRM |
| hpe -- integrated_lights-out_5 | A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90 could be remotely exploited to disclose sensitive information. | 2018-09-27 | not yet calculated | CVE-2018-7106 SECTRACK CONFIRM |
| hpe -- integrated_lights_out_4 | A potential remote denial of service security vulnerability has been identified in HPE Integrated Lights Out 4 prior to v2.60 and iLO 5 for Gen 10 servers prior to v1.30. | 2018-09-27 | not yet calculated | CVE-2018-7101 SECTRACK CONFIRM |
| hpe -- intelligent_management_center_wireless-services_manager_software | A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02. | 2018-09-27 | not yet calculated | CVE-2018-7104 CONFIRM |
| hpe -- intelligent_management_center_wireless_services_manager_software | A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02. | 2018-09-27 | not yet calculated | CVE-2018-7103 CONFIRM |
| hpe -- intelligent_management_center | A security vulnerability in HPE Intelligent Management Center (iMC) PLAT E0506P09, createFabricAutoCfgFile could be remotely exploited via directory traversal to allow remote arbitrary file modification. | 2018-09-27 | not yet calculated | CVE-2018-7102 CONFIRM |
| hpe -- storageworks_xp7_automation_director | HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to earlier than 8.6.1-00 has a local and remote authentication bypass vulnerability that exposed the user authentication information of the storage system. This problem sometimes occurred under specific conditions when running a service template. | 2018-09-27 | not yet calculated | CVE-2018-7108 SECTRACK CONFIRM |
| huawei -- multiple_products | Some Huawei products Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C170B253CUSTC170D001, AGS-L09C199B251CUSTC199D001, AGS-L09C229B003CUSTC229D001, Agassi-W09 AGS-W09C100B257CUSTC100D001, AGS-W09C128B252CUSTC128D001, AGS-W09C170B252CUSTC170D001, AGS-W09C229B251CUSTC229D001, AGS-W09C331B003CUSTC331D001, AGS-W09C794B001CUSTC794D001, Baggio2-U01A BG2-U01C100B160CUSTC100D001, BG2-U01C170B160CUSTC170D001, BG2-U01C199B162CUSTC199D001, BG2-U01C209B160CUSTC209D001, BG2-U01C333B160CUSTC333D001, Bond-AL00C Bond-AL00CC00B201, Bond-AL10B Bond-AL10BC00B201, Bond-TL10B Bond-TL10BC01B201, Bond-TL10C Bond-TL10CC01B131, Haydn-L1JB HDN-L1JC137B068, Kobe-L09A KOB-L09C100B252CUSTC100D001, KOB-L09C209B002CUSTC209D001, KOB-L09C362B001CUSTC362D001, Kobe-L09AHN KOB-L09C233B226, Kobe-W09C KOB-W09C128B251CUSTC128D001, LelandP-L22C 8.0.0.101(C675CUSTC675D2), LelandP-L22D 8.0.0.101(C675CUSTC675D2), Rhone-AL00 Rhone-AL00C00B186, Selina-L02 Selina-L02C432B153, Stanford-L09S Stanford-L09SC432B183, Toronto-AL00 Toronto-AL00C00B223, Toronto-AL00A Toronto-AL00AC00B223, Toronto-TL10 Toronto-TL10C01B223 have a sensitive information leak vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the input, successful exploitation can cause sensitive information leak. | 2018-09-26 | not yet calculated | CVE-2018-7907 CONFIRM |
| hylafax -- hylafax | HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file. | 2018-09-21 | not yet calculated | CVE-2018-17141 CONFIRM MLIST MLIST BUGTRAQ DEBIAN MISC |
| ibm -- datapower_gateway | IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 144950. | 2018-09-25 | not yet calculated | CVE-2018-1669 XF CONFIRM |
| ibm -- datapower_gateway | IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. IBM X-Force ID: 144890. | 2018-09-25 | not yet calculated | CVE-2018-1664 XF CONFIRM |
| ibm -- db2_for_linux_unix_and_windows | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability in db2cacpy that could allow a local user to read any file on the system. IBM X-Force ID: 145502. | 2018-09-21 | not yet calculated | CVE-2018-1685 BID SECTRACK XF CONFIRM |
| ibm -- db2_for_linux_unix_and_windows | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 146369. | 2018-09-21 | not yet calculated | CVE-2018-1711 BID XF CONFIRM |
| ibm -- db2_for_linux_unix_and_windows | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 146364. | 2018-09-21 | not yet calculated | CVE-2018-1710 BID XF CONFIRM |
| ibm -- jazz_foundation_lifecycle_manager | IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 143501. | 2018-09-25 | not yet calculated | CVE-2018-1588 XF CONFIRM |
| ibm -- platform_symphony_and_spectrum_symphony | IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 146339. | 2018-09-28 | not yet calculated | CVE-2018-1704 XF CONFIRM |
| ibm -- platform_symphony_and_spectrum_symphony | IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 146189. | 2018-09-28 | not yet calculated | CVE-2018-1702 XF CONFIRM |
| ibm -- rational_doors_next_generation | IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143931. | 2018-09-26 | not yet calculated | CVE-2018-1610 CONFIRM XF |
| ibm -- rational_engineering_lifecycle_manager | IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. IBM X-Force ID: 142561. | 2018-09-25 | not yet calculated | CVE-2018-1539 XF CONFIRM |
| ibm -- rational_engineering_lifecycle_manager | IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144885. | 2018-09-25 | not yet calculated | CVE-2018-1659 XF CONFIRM |
| ibm -- rational_engineering_lifecycle_manager | IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 143797. | 2018-09-25 | not yet calculated | CVE-2018-1607 XF CONFIRM |
| ibm -- rational_engineering_lifecycler_manager | IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142958. | 2018-09-25 | not yet calculated | CVE-2018-1560 XF CONFIRM |
| ibm -- spectrum_protect_plus | IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622. | 2018-09-26 | not yet calculated | CVE-2018-1768 CONFIRM SECTRACK XF |
| ibm -- spectrum_protect | IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. IBM X-Force ID: 142696. | 2018-09-26 | not yet calculated | CVE-2018-1550 CONFIRM XF |
| ibm -- tivoli_storage_manager | IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 148870. | 2018-09-26 | not yet calculated | CVE-2018-1785 CONFIRM SECTRACK XF |
| ibm -- tivoli_storage_manager | IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 142649. | 2018-09-26 | not yet calculated | CVE-2018-1545 CONFIRM XF |
| ibm -- websphere_application_server_liberty | IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to encrypt ORB communication. IBM X-Force ID: 145455. | 2018-09-26 | not yet calculated | CVE-2018-1683 SECTRACK XF CONFIRM |
| ibm -- websphere_portal | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144886. | 2018-09-27 | not yet calculated | CVE-2018-1660 XF CONFIRM |
| ibm -- websphere_portal | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906. | 2018-09-27 | not yet calculated | CVE-2018-1736 XF CONFIRM |
| ibm -- websphere_portal | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164. | 2018-09-27 | not yet calculated | CVE-2018-1716 XF CONFIRM |
| ibm -- websphere_portal | IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096. | 2018-09-27 | not yet calculated | CVE-2018-1820 XF CONFIRM |
| inedo -- proget | Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings. | 2018-09-26 | not yet calculated | CVE-2017-15608 CONFIRM CONFIRM |
| intel -- core_processor | Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication. | 2018-09-21 | not yet calculated | CVE-2018-12169 BID CONFIRM CONFIRM |
| iobit -- advanced_systemcare | IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send a specially crafted IOCTL 0x9C406104 to read physical memory. | 2018-09-26 | not yet calculated | CVE-2018-16712 MISC |
| iobit -- advanced_systemcare | IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402088) with a buffer containing user defined content. The driver's subroutine will execute a wrmsr instruction with the user's buffer for input. | 2018-09-26 | not yet calculated | CVE-2018-16711 MISC |
| iobit -- advanced_systemcare | IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402084) with a buffer containing user defined content. The driver's subroutine will execute a rdmsr instruction with the user's buffer for input, and provide output from the instruction. | 2018-09-26 | not yet calculated | CVE-2018-16713 MISC |
isweb -- cms_isweb | CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information. | 2018-09-27 | not yet calculated | CVE-2018-14956 MISC MISC MISC |
| isweb -- cms_isweb | CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggetto_documenti/../.././inc/config.php (one can take the control of the application because credentials are present in that config.php file). | 2018-09-27 | not yet calculated | CVE-2018-14957 MISC |
| iway -- data_quality_suite_web_console | An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20. | 2018-09-26 | not yet calculated | CVE-2018-17411 MISC |
| javamelody -- javamelody | JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java. | 2018-09-26 | not yet calculated | CVE-2018-15531 MLIST CONFIRM CONFIRM CONFIRM |
| jekyll -- jekyll | Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file. | 2018-09-27 | not yet calculated | CVE-2018-17567 CONFIRM CONFIRM |
| joomla! -- joomla! | SQL Injection exists in the Article Factory Manager 4.3.9 component for Joomla! via the start_date, m_start_date, or m_end_date parameter. | 2018-09-27 | not yet calculated | CVE-2018-17380 MISC EXPLOIT-DB |
| joomla! -- joomla! | SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla! via the eid parameter. | 2018-09-27 | not yet calculated | CVE-2018-17394 MISC EXPLOIT-DB |
| joomla! -- joomla! | SQL Injection exists in the Collection Factory 4.1.9 component for Joomla! via the filter_order or filter_order_Dir parameter. | 2018-09-27 | not yet calculated | CVE-2018-17383 MISC EXPLOIT-DB |
| joomla! -- joomla! | SQL Injection exists in the Penny Auction Factory 2.0.4 component for Joomla! via the filter_order_Dir or filter_order parameter. | 2018-09-27 | not yet calculated | CVE-2018-17378 MISC EXPLOIT-DB |
| joomla! -- joomla! | SQL Injection exists in the Swap Factory 2.2.1 component for Joomla! via the filter_order_Dir or filter_order parameter. | 2018-09-27 | not yet calculated | CVE-2018-17384 MISC EXPLOIT-DB |
| joomla! -- joomla! | SQL Injection exists in the Reverse Auction Factory 4.3.8 component for Joomla! via the filter_order_Dir, cat, or filter_letter parameter. | 2018-09-27 | not yet calculated | CVE-2018-17376 MISC EXPLOIT-DB |
| joomla! -- joomla! | SQL Injection exists in the Social Factory 3.8.3 component for Joomla! via the radius[lat], radius[lng], or radius[radius] parameter. | 2018-09-27 | not yet calculated | CVE-2018-17385 MISC EXPLOIT-DB |
| joomla! -- joomla! | SQL Injection exists in the Questions 1.4.3 component for Joomla! via the term, userid, users, or groups parameter. | 2018-09-27 | not yet calculated | CVE-2018-17377 MISC EXPLOIT-DB |
| joomla! -- joomla! | SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for Joomla! via the letter parameter. | 2018-09-27 | not yet calculated | CVE-2018-17397 MISC EXPLOIT-DB |
| joomla! -- joomla! | SQL Injection exists in the Raffle Factory 3.5.2 component for Joomla! via the filter_order_Dir or filter_order parameter. | 2018-09-27 | not yet calculated | CVE-2018-17379 MISC EXPLOIT-DB |
| joomla! -- joomla! | SQL Injection exists in the Music Collection 3.0.3 component for Joomla! via the id parameter. | 2018-09-27 | not yet calculated | CVE-2018-17375 MISC EXPLOIT-DB |
| joomla! -- joomla! | SQL Injection exists in the Jobs Factory 2.0.4 component for Joomla! via the filter_letter parameter. | 2018-09-27 | not yet calculated | CVE-2018-17382 MISC EXPLOIT-DB |
| lenovo -- iomega_and_lenovo_and_lenovoemc_nas_devices | For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise the user's session. | 2018-09-28 | not yet calculated | CVE-2018-9080 CONFIRM |
| lenovo -- iomega_and_lenovo_and_lenovoemc_nas_devices | For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device's operating system as the root user. | 2018-09-28 | not yet calculated | CVE-2018-9074 CONFIRM |
| lenovo -- iomega_and_lenovo_and_lenovoemc_nas_devices | For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter. | 2018-09-28 | not yet calculated | CVE-2018-9077 CONFIRM |
| lenovo -- iomega_and_lenovo_and_lenovoemc_nas_devices | For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger. | 2018-09-28 | not yet calculated | CVE-2018-9081 CONFIRM |
| lenovo -- iomega_and_lenovo_and_lenovoemc_nas_devices | For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. As a result, attackers with access to the user's session tokens can change their password and retain access to the user's account | 2018-09-28 | not yet calculated | CVE-2018-9082 CONFIRM |
| lenovo -- iomega_and_lenovo_and_lenovoemc_nas_devices | For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the origin of the device. | 2018-09-28 | not yet calculated | CVE-2018-9079 CONFIRM |
| lenovo -- iomega_and_lenovo_and_lenovoemc_nas_devices | For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does not prevent the user from uploading SVG images and returns these images within their origin. As a result, malicious users can upload SVG images that contain arbitrary JavaScript that is evaluated when the victim issues a request to download the file. | 2018-09-28 | not yet calculated | CVE-2018-9078 CONFIRM |
| lenovo -- iomega_and_lenovo_and_lenovoemc_nas_devices | For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter. | 2018-09-28 | not yet calculated | CVE-2018-9075 CONFIRM |
| lenovo -- iomega_and_lenovo_and_lenovoemc_nas_devices | For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter. | 2018-09-28 | not yet calculated | CVE-2018-9076 CONFIRM |
| lg -- supersign_cms | LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail. | 2018-09-21 | not yet calculated | CVE-2018-17173 MISC EXPLOIT-DB |
| linux -- linux_kernel | An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable. | 2018-09-25 | not yet calculated | CVE-2018-14634 BID REDHAT REDHAT CONFIRM MLIST |
| linux -- linux_kernel | A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable. | 2018-09-24 | not yet calculated | CVE-2018-14633 BID CONFIRM CONFIRM CONFIRM MISC |
| linux -- linux_kernel | An issue was discovered in the Linux kernel through 4.18.6. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem. | 2018-09-21 | not yet calculated | CVE-2018-16597 BID CONFIRM CONFIRM |
| mcafee -- true_key | Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site. | 2018-09-24 | not yet calculated | CVE-2018-6682 CONFIRM |
| mcafee -- true_key | DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware. | 2018-09-24 | not yet calculated | CVE-2018-6700 CONFIRM |
| mcms -- mcms | An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do. | 2018-09-23 | not yet calculated | CVE-2018-17366 MISC |
| microsoft -- exchange_server | Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page. | 2018-09-21 | not yet calculated | CVE-2018-16793 MISC FULLDISC BID BUGTRAQ |
| microsoft -- sql_server | An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xp_cmdshell for the further privilege elevation. | 2018-09-27 | not yet calculated | CVE-2018-16659 EXPLOIT-DB |
| modx -- revolution | MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action. | 2018-09-26 | not yet calculated | CVE-2018-17556 MISC |
| open_ticket_request_system -- open_ticket_request_system | In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a logged in user opens it, the email could cause the browser to load external image or CSS resources. | 2018-09-27 | not yet calculated | CVE-2018-16586 CONFIRM CONFIRM CONFIRM CONFIRM MLIST |
| open_ticket_request_system -- open_ticket_request_system | In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to. | 2018-09-27 | not yet calculated | CVE-2018-16587 CONFIRM CONFIRM CONFIRM CONFIRM MLIST |
| otcms -- otcms | OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter. | 2018-09-23 | not yet calculated | CVE-2018-17364 MISC |
| pcprotect -- anti-virus | PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for %PROGRAMFILES(X86)%\PCProtect, which allows local users to gain privileges by replacing an executable file with a Trojan horse. | 2018-09-28 | not yet calculated | CVE-2018-17776 EXPLOIT-DB |
| pdfalto -- pdfalto | An issue has been found in pdfalto through 0.2. It is a heap-based buffer overflow in the function TextPage::dump in XmlAltoOutputDev.cc. | 2018-09-23 | not yet calculated | CVE-2018-17338 MISC MISC |
| pfsense -- pfsense | An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense before 2.4.4 due to its passing user input from the $_POST parameters "ifdescr" and "ipv" to a shell without escaping the contents of the variables. This allows an authenticated WebGUI user with privileges for the affected page to execute commands in the context of the root user when submitting a request to relinquish a DHCP lease for an interface which is configured to obtain its address via DHCP. | 2018-09-26 | not yet calculated | CVE-2018-16055 CONFIRM |
| philips -- e-alert_unit | Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The Philips e-Alert contains a banner disclosure vulnerability that could allow attackers to obtain extraneous product information, such as OS and software components, via the HTTP response header that is normally not available to the attacker, but might be useful information in an attack. | 2018-09-26 | not yet calculated | CVE-2018-14803 BID MISC CONFIRM |
| philips -- e-alert_unit | Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel is not encrypted which could therefore lead to disclosure of personal contact information and application login credentials from within the same subnet. | 2018-09-26 | not yet calculated | CVE-2018-8842 BID MISC CONFIRM |
| philips -- e-alert_unit | Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor. | 2018-09-26 | not yet calculated | CVE-2018-8848 BID MISC CONFIRM |
| philips -- e-alert_unit | Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not validate input properly, allowing an attacker to craft the input in a form that is not expected by the rest of the application. This would lead to parts of the unit receiving unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution. | 2018-09-26 | not yet calculated | CVE-2018-8850 BID MISC CONFIRM |
| philips -- e-alert_unit | Philips e-Alert Unit (non-medical device), Version R2.1 and prior. When authenticating a user or otherwise establishing a new user session, the software gives an attacker the opportunity to steal authenticated sessions without invalidating any existing session identifier. | 2018-09-26 | not yet calculated | CVE-2018-8852 BID MISC CONFIRM |
| philips -- e-alert_unit | Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. | 2018-09-26 | not yet calculated | CVE-2018-8844 BID MISC CONFIRM |
| philips -- e-alert_unit | Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is then served to other users. | 2018-09-26 | not yet calculated | CVE-2018-8846 BID MISC CONFIRM |
| philips -- e-alert_unit | Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not properly restrict the size or amount of resources requested or influenced by an actor, which can be used to consume more resources than intended. | 2018-09-26 | not yet calculated | CVE-2018-8854 BID MISC CONFIRM |
| philips -- ee-alert_unit | Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data. | 2018-09-26 | not yet calculated | CVE-2018-8856 BID MISC CONFIRM |
| postman -- postman | An information-disclosure issue was discovered in Postman through 6.3.0. It validates a server's X.509 certificate and presents an error if the certificate is not valid. Unfortunately, the associated HTTPS request data is sent anyway. Only the response is not displayed. Thus, all contained information of the HTTPS request is disclosed to a man-in-the-middle attacker (for example, user credentials). | 2018-09-26 | not yet calculated | CVE-2018-17215 BUGTRAQ MISC |
| progress -- kendo_ui_editor | Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If the victim accesses the editor, the payload gets executed. Furthermore, if the payload is reflected at any other resource that does rely on the sanitisation of the editor itself, the JavaScript payload will be executed in the context of the application. This allows attackers (in the worst case) to take over user sessions. | 2018-09-27 | not yet calculated | CVE-2018-14037 FULLDISC FULLDISC MISC |
| progress -- sitefinity_cms | Cross-site scripting (XSS) vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2018-09-27 | not yet calculated | CVE-2018-17056 CONFIRM |
| progress -- sitefinity_cms | An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads. | 2018-09-27 | not yet calculated | CVE-2018-17055 CONFIRM |
| publiccms -- publiccms | An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks. | 2018-09-23 | not yet calculated | CVE-2018-17368 MISC |
| python -- elemttree_c_accelerator | Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable. | 2018-09-24 | not yet calculated | CVE-2018-14647 BID SECTRACK MISC CONFIRM DEBIAN DEBIAN |
| ricoh -- aficio_mp_301_printer | On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | 2018-09-26 | not yet calculated | CVE-2018-17312 MISC |
| ricoh -- aficio_mp_305+_printer | On the RICOH Aficio MP 305+ printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | 2018-09-26 | not yet calculated | CVE-2018-17314 MISC |
| ricoh -- mp_c1803_printer | On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | 2018-09-26 | not yet calculated | CVE-2018-17310 MISC |
| ricoh -- mp_c2003_printer | On the RICOH MP C2003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | 2018-09-26 | not yet calculated | CVE-2018-17315 MISC |
| ricoh -- mp_c307_printer | On the RICOH MP C307 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | 2018-09-26 | not yet calculated | CVE-2018-17313 MISC |
| ricoh -- mp_c406z_printer | On the RICOH MP C406Z printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | 2018-09-26 | not yet calculated | CVE-2018-17309 MISC |
| ricoh -- mp_c6003_printer | On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | 2018-09-26 | not yet calculated | CVE-2018-17316 MISC |
| ricoh -- mp_c6503_printer | On the RICOH MP C6503 Plus printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | 2018-09-26 | not yet calculated | CVE-2018-17311 MISC |
| rsa -- authentication_manager | RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console. A malicious Operations Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser. | 2018-09-28 | not yet calculated | CVE-2018-11073 SECTRACK FULLDISC |
| rsa -- authentication_manager | RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. A remote, unauthenticated malicious user, with the knowledge of a target user's anti-CSRF token, could potentially exploit this vulnerability by tricking a victim Security Console user to supply malicious HTML or JavaScript code to the vulnerable web application, which code is then executed by the victim's web browser in the context of the vulnerable web application. | 2018-09-28 | not yet calculated | CVE-2018-11075 SECTRACK FULLDISC |
| rsa -- authentication_manager | RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to the browser DOM, which code is then executed by the web browser in the context of the vulnerable web application. | 2018-09-28 | not yet calculated | CVE-2018-11074 SECTRACK FULLDISC |
| rxtec -- rxadmin | Multiple SQL injection vulnerabilities in the login page in RXTEC RXAdmin UPDATE 06 / 2012 allow remote attackers to execute arbitrary SQL commands via the (1) loginpassword, (2) loginusername, (3) zusatzlicher, or (4) groupid parameter to index.htm, or the (5) rxtec cookie to index.htm. | 2018-09-24 | not yet calculated | CVE-2015-8298 MISC FULLDISC MISC |
| salesagility -- suitecrm | An XSS issue was discovered in SalesAgility SuiteCRM 7.x before 7.8.21 and 7.10.x before 7.10.8, related to phishing an error message. | 2018-09-26 | not yet calculated | CVE-2018-15606 CONFIRM |
| samsung -- email | This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of EML files. The issue results from the lack of proper validation of user-supplied data, which can allow arbitrary JavaScript to execute. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5328. | 2018-09-24 | not yet calculated | CVE-2018-10497 MISC |
| samsung -- email | This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of file:/// URIs. The issue lies in the lack of proper validation of user-supplied data, which can allow for reading arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges. Was ZDI-CAN-5329. | 2018-09-24 | not yet calculated | CVE-2018-10498 MISC |
| samsung -- galaxy_apps | This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of URLs. The issue lies in the lack of proper validation of user-supplied data, which can allow arbitrary JavaScript to execute. An attacker can leverage this vulnerability to install applications under the context of the current user. Was ZDI-CAN-5330. | 2018-09-24 | not yet calculated | CVE-2018-10499 MISC |
| samsung -- galaxy_apps | This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 4.2.18.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of a staging mode. The issue lies in the ability to change the configuration based on the presence of a file in an user-controlled location. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5359. | 2018-09-24 | not yet calculated | CVE-2018-10502 MISC |
| samsung -- galaxy_apps | This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of push messages. The issue lies in the ability to start an activity with controlled arguments. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5331. | 2018-09-24 | not yet calculated | CVE-2018-10500 MISC |
| samsung -- galaxy_s8 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S8 G950FXXU1AQL5. User interaction is required to exploit this vulnerability in that the target must have their cellular radios enabled. The specific flaw exists within the handling of IPCP headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the baseband processor. Was ZDI-CAN-5368. | 2018-09-24 | not yet calculated | CVE-2018-14318 MISC |
| samsung -- internet_browser | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Internet Browser Fixed in version 6.4.0.15. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TypedArray objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5326. | 2018-09-24 | not yet calculated | CVE-2018-10496 MISC |
| samsung -- members | This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Intents. The issue lies in the ability to send an Intent that would not otherwise be reachable. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5361. | 2018-09-24 | not yet calculated | CVE-2018-11614 MISC |
| samsung --notes | This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Notes Fixed in version 2.0.02.31. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of ZIP files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5358. | 2018-09-24 | not yet calculated | CVE-2018-10501 MISC |
| sbi -- sbibuddy | The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow an attacker to sniff private information such as mobile number, PAN number (from a government-issued ID), and date of birth. | 2018-09-23 | not yet calculated | CVE-2018-17404 MISC |
| seacms -- seacms | SeaCMS 6.64 allows remote attackers to delete arbitrary files via the filedir parameter. | 2018-09-26 | not yet calculated | CVE-2018-17365 MISC |
| seunex -- super_cms_blog_pro | SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter. | 2018-09-27 | not yet calculated | CVE-2018-17391 MISC EXPLOIT-DB |
| sosreport -- sos-collector | It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory. | 2018-09-27 | not yet calculated | CVE-2018-14650 CONFIRM CONFIRM |
| springboot_authority -- springboot_authority | An issue was discovered in springboot_authority through 2017-03-06. There is stored XSS via the admin/role/edit roleKey, name, or description parameter. | 2018-09-23 | not yet calculated | CVE-2018-17369 MISC |
| strongswan -- strongswan | In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568. | 2018-09-26 | not yet calculated | CVE-2018-16152 MLIST UBUNTU DEBIAN CONFIRM |
| strongswan -- strongswan | In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. | 2018-09-26 | not yet calculated | CVE-2018-16151 MLIST UBUNTU DEBIAN CONFIRM |
| suse -- linux_enterprise | Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). Non-existing intermediate directories are created with mode 0777 during user creation. Given that they are world-writable, local attackers might use this for privilege escalation and other unspecified attacks. NOTE: this would affect non-SUSE users who took useradd.c code from a 2014-04-02 upstream pull request; however, no non-SUSE distribution is known to be affected. | 2018-09-26 | not yet calculated | CVE-2018-16588 SUSE |
| swa -- swa.jacad | SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter. | 2018-09-28 | not yet calculated | CVE-2018-17575 MISC |
| tcpreplay -- tcpreplay | tcpreplay v4.3.0 contains a heap-based buffer over-read. The get_next_packet() function in the send_packets.c file uses the memcpy() function unsafely to copy sequences from the source buffer pktdata to the destination (*prev_packet)->pktdata. This will result in a Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a file. | 2018-09-28 | not yet calculated | CVE-2018-17582 MISC MISC |
| tcpreplay -- tcpreplay | A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of tcpreplay v4.3. This can lead to Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a crafted pcap file. | 2018-09-28 | not yet calculated | CVE-2018-17580 MISC MISC |
| telegram -- desktop | Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol. | 2018-09-28 | not yet calculated | CVE-2018-17613 MISC MISC |
| telegram -- desktop | Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, leaks end-user public and private IP addresses during a call because of an unsafe default behavior in which P2P connections are accepted from clients outside of the My Contacts list. | 2018-09-29 | not yet calculated | CVE-2018-17780 MISC |
| tetex -- tetex | An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex. | 2018-09-23 | not yet calculated | CVE-2018-17407 MISC MISC DEBIAN |
| tgstation -- tgstation-server | In Tgstation tgstation-server 3.2.4.0 through 3.2.1.0 (fixed in 3.2.5.0), active logins would be cached, allowing subsequent logins to succeed with any username or password. | 2018-09-24 | not yet calculated | CVE-2018-17107 CONFIRM |
| thinkphp -- thinkphp | In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request. | 2018-09-26 | not yet calculated | CVE-2018-17566 MISC |
| tp-link -- eap_controller | The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode. | 2018-09-28 | not yet calculated | CVE-2018-5393 BID CERT-VN |
| trend_micro -- deep_discovery_inspector | A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations. An attacker must be an authenticated user in order to exploit the vulnerability. | 2018-09-28 | not yet calculated | CVE-2018-15365 MISC CONFIRM |
| ubuntu -- udisks | UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings. | 2018-09-22 | not yet calculated | CVE-2018-17336 MISC UBUNTU |
| vanilla -- vanilla | Vanilla before 2.6.1 allows XSS via the email field of a profile. | 2018-09-28 | not yet calculated | CVE-2018-17571 MISC |
| viabtc -- exchange_server | network/nw_buf.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. | 2018-09-26 | not yet calculated | CVE-2018-17569 MISC MISC |
| viabtc -- exchange_server | utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. | 2018-09-26 | not yet calculated | CVE-2018-17568 MISC MISC |
| viabtc -- exchange_server | utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. | 2018-09-26 | not yet calculated | CVE-2018-17570 MISC MISC |
| weaselcms -- weaselcms | Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php because $_SERVER['PHP_SELF'] is mishandled. | 2018-09-23 | not yet calculated | CVE-2018-17361 MISC |
| wecon_technology -- levistudiou | WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files. | 2018-09-26 | not yet calculated | CVE-2018-10602 BID MISC |
| wecon_technology -- levistudiou | WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple heap-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files. | 2018-09-26 | not yet calculated | CVE-2018-10606 BID MISC |
| wordpress -- wordpress | The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter. | 2018-09-24 | not yet calculated | CVE-2018-16283 FULLDISC CONFIRM MISC EXPLOIT-DB |
| wordpress -- wordpress | The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and fckeditor/editor/filemanager/connectors/uploadtest.html. | 2018-09-28 | not yet calculated | CVE-2018-17573 MISC MISC |
| wordpress -- wordpress | The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter. | 2018-09-24 | not yet calculated | CVE-2018-16299 FULLDISC MISC MISC EXPLOIT-DB |
| xelerance -- openswan | In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used. IKEv2 signature verification is affected when RAW RSA keys are used. | 2018-09-26 | not yet calculated | CVE-2018-15836 CONFIRM CONFIRM MLIST |
| xwiki -- xwiki | The Image Import function in XWiki through 10.7 has XSS. | 2018-09-27 | not yet calculated | CVE-2018-16277 MISC |
| ymfe -- yapi | An issue was discovered in YMFE YApi 1.3.23. There is stored XSS in the name field of a project. | 2018-09-28 | not yet calculated | CVE-2018-17574 MISC |
| zoho -- manageengine_applications_manager | A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share. | 2018-09-26 | not yet calculated | CVE-2018-16364 MISC |
| zte -- mf65 | All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Due to improper neutralization of input during web page generation, an attacker could exploit this vulnerability to conduct reflected XSS or HTML injection attacks on the devices. | 2018-09-26 | not yet calculated | CVE-2018-7355 CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System https://ift.tt/2NRFFyN