SB18-302: Vulnerability Summary for the Week of October 22, 2018

Original release date: October 29, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
imagemagick -- imagemagickThere is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16.2018-10-204.3CVE-2018-18544
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adrenalin -- hrmsAdrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting (XSS) vulnerability in the ApplicationtEmployeeSearch page via 'prntDDLCntrlName' and 'prntFrmName'.2018-10-24not yet calculatedCVE-2018-12650
MISC
advanced_maryland_automatic_network_disk_archiver -- advanced_maryland_automatic_network_disk_archiver An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the command line argument --star-path.2018-10-24not yet calculatedCVE-2016-10730
EXPLOIT-DB
advanced_maryland_automatic_network_disk_archiver -- advanced_maryland_automatic_network_disk_archiver 
 
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root.2018-10-24not yet calculatedCVE-2016-10729
EXPLOIT-DB
advantech -- webaccessAdvantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level.2018-10-23not yet calculatedCVE-2018-14828
BID
SECTRACK
MISC
advantech -- webaccessAdvantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp.2018-10-22not yet calculatedCVE-2018-15704
MISC
advantech -- webaccessAdvantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing.2018-10-23not yet calculatedCVE-2018-14820
BID
SECTRACK
MISC
advantech -- webaccessAdvantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code.2018-10-23not yet calculatedCVE-2018-14806
BID
SECTRACK
MISC
advantech -- webaccessAdvantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code.2018-10-23not yet calculatedCVE-2018-14816
BID
SECTRACK
MISC
advantech -- webaccessAdvantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser.2018-10-22not yet calculatedCVE-2018-15703
MISC
ajenti -- ajentiajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager.2018-10-24not yet calculatedCVE-2018-18548
MISC
ansible -- ansibleAnsible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.2018-10-23not yet calculatedCVE-2018-16837
BID
CONFIRM
apache -- impalaMissing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query.2018-10-24not yet calculatedCVE-2018-11785
MISC
apache -- impalaIn Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. This may pose a potential security risk, such as having ALTER on a table and ALL on a particular database allows a user to move the table to a database with ALL, which will automatically grant that user with ALL privilege on that table due to the privilege inherited from the database.2018-10-24not yet calculatedCVE-2018-11792
MISC
apache -- sparkSpark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation. It has been included in release branches since 1.3.x, up to and including master. This server will accept connections from external hosts by default. A specially-crafted request to the zinc server could cause it to reveal information in files readable to the developer account running the build. Note that this issue does not affect end users of Spark, only developers building Spark from source code.2018-10-24not yet calculatedCVE-2018-11804
MLIST
CONFIRM
arcserve -- unified_data_protection_platformAn issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in /management/UdpHttpService issue.2018-10-26not yet calculatedCVE-2018-18659
MISC
MISC
MISC
arcserve -- unified_data_protection_platformAn issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclosure via /UDPUpdates/Config/FullUpdateSettings.xml issue.2018-10-26not yet calculatedCVE-2018-18658
MISC
MISC
MISC
arcserve -- unified_data_protection_platformAn issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue.2018-10-26not yet calculatedCVE-2018-18660
MISC
MISC
MISC
arcserve -- unified_data_protection_platformAn issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated Sensitive Information Disclosure via /gateway/services/EdgeServiceImpl issue.2018-10-26not yet calculatedCVE-2018-18657
MISC
MISC
MISC
ardawan -- user_management
 
Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI.2018-10-19not yet calculatedCVE-2018-18419
MISC
artifex -- ghostscriptArtifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.2018-10-19not yet calculatedCVE-2018-18284
CONFIRM
MLIST
MISC
MISC
MLIST
artifex -- mupdfThere is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool.2018-10-26not yet calculatedCVE-2018-18662
MISC
MISC
atlassian -- jiraThe XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability.2018-10-23not yet calculatedCVE-2018-13401
CONFIRM
atlassian -- jiraMany resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.2018-10-23not yet calculatedCVE-2018-13402
CONFIRM
atlassian -- jiraSeveral administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.2018-10-23not yet calculatedCVE-2018-13400
CONFIRM
audiocodes -- 440hd_and_450hd_devicesAudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.2018-10-24not yet calculatedCVE-2018-18567
SECTRACK
BUGTRAQ
MISC
axios_italia -- axios_cloud_sissiweb_registro_elettronicoIn AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret/relogoff.aspx has XSS via the Error_Desc parameter.2018-10-23not yet calculatedCVE-2018-18437
MISC
EXPLOIT-DB
bigprof -- appginiBigProf AppGini 5.70 stores the passwords in the database using the MD5 hash.2018-10-23not yet calculatedCVE-2018-18587
MISC
bigtree -- bigtree_cmsA Session Fixation issue was discovered in Bigtree. admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The Session Fixation could allow an attacker to hijack an admin session.2018-10-19not yet calculatedCVE-2018-18380
MISC
CONFIRM
bitdefender -- gravityzoneThe installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing the filename while leaving the file's digital signature unchanged.2018-10-24not yet calculatedCVE-2018-8955
MISC
FULLDISC
SECTRACK
MISC
cisco -- webex_meetings_desktop_app_for_windowsA vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access, administrators should be aware that in Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools.2018-10-24not yet calculatedCVE-2018-15442
BID
SECTRACK
CISCO
citrix -- netscaler_gatewayCitrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS.2018-10-24not yet calculatedCVE-2018-18517
BID
CONFIRM
citrix -- sd-wan_and_netscalerA SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.2018-10-23not yet calculatedCVE-2018-17446
BID
CONFIRM
citrix -- sd-wan_and_netscalerAn Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.2018-10-23not yet calculatedCVE-2018-17448
BID
CONFIRM
citrix -- sd-wan_and_netscalerAn Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.2018-10-23not yet calculatedCVE-2018-17447
BID
CONFIRM
citrix -- sd-wan_and_netscaler
 
A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.2018-10-23not yet calculatedCVE-2018-17444
BID
CONFIRM
citrix -- sd-wan_and_netscaler
 
A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.2018-10-23not yet calculatedCVE-2018-17445
BID
CONFIRM
creativeitem-- ekushey_project_manager_crmIn the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI.2018-10-19not yet calculatedCVE-2018-18417
MISC
crossroads-- crossroadsCrossroads 2.81 does not properly handle the /tmp directory during a build of xr. A local attacker can first create a world-writable subdirectory in a certain location under the /tmp directory, wait until a user process copies xr there, and then replace the entire contents of this subdirectory to include a Trojan horse xr.2018-10-25not yet calculatedCVE-2018-18654
MISC
d-link -- dsl-2640t_routers
 
XSS exists in cgi-bin/webcm on D-Link DSL-2640T routers via the var:RelaodHref or var:conid parameter.2018-10-24not yet calculatedCVE-2018-18636
MISC
MISC
desdev -- dedecmsDedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php.2018-10-23not yet calculatedCVE-2018-18608
MISC
MISC
desdev-- dedecmsReflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter.2018-10-22not yet calculatedCVE-2018-18579
MISC
MISC
desdev-- dedecmsDedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter.2018-10-22not yet calculatedCVE-2018-18578
MISC
MISC
eaton -- ups_9px_8000_sp_devicesAn issue was discovered on Eaton UPS 9PX 8000 SP devices. The administration panel is vulnerable to a CSRF attack on the change-password functionality. This vulnerability could be used to force a logged-in administrator to perform a silent password update. The affected forms are also vulnerable to Reflected Cross-Site Scripting vulnerabilities. This flaw could be triggered by driving an administrator logged into the Eaton application to a specially crafted web page. This attack could be done silently.2018-10-24not yet calculatedCVE-2018-9281
MISC
eaton -- ups_9px_8000_sp_devicesAn issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the SNMP version 3 user's password. The web page displayed by the appliance contains the password in cleartext. Passwords of the read and write users could be retrieved by browsing the source code of the webpage.2018-10-24not yet calculatedCVE-2018-9280
MISC
eaton -- ups_9px_8000_sp_devices
 
An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the user's password. The web page displayed by the appliance contains the password in cleartext. Passwords could be retrieved by browsing the source code of the webpage.2018-10-24not yet calculatedCVE-2018-9279
MISC
elfutils -- elfutilsDivide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.2018-10-19not yet calculatedCVE-2018-18521
MISC
MISC
elfutils -- elfutilsAn Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.2018-10-19not yet calculatedCVE-2018-18520
MISC
MISC
f5 -- big-ipOn F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a reflected Cross Site Scripting (XSS) vulnerability in an undisclosed Configuration Utility page.2018-10-19not yet calculatedCVE-2018-15315
SECTRACK
CONFIRM
f5 -- big-ipOn F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page.2018-10-19not yet calculatedCVE-2018-15314
BID
SECTRACK
CONFIRM
f5 -- big-ipOn F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page.2018-10-19not yet calculatedCVE-2018-15313
BID
SECTRACK
CONFIRM
f5 -- big-ip
 
On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an authenticated user to execute JavaScript for the currently logged-in user.2018-10-19not yet calculatedCVE-2018-15312
SECTRACK
CONFIRM
f5 -- mutiple_productsIn F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint checks.2018-10-19not yet calculatedCVE-2018-15316
BID
SECTRACK
CONFIRM
fiyo_cms -- fiyo_cmsFiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name parameter.2018-10-20not yet calculatedCVE-2018-18545
MISC
fuji_electric -- energy_savings_estimatorAn uncontrolled search path element (DLL Hijacking) vulnerability has been identified in Fuji Electric Energy Savings Estimator versions V.1.0.2.0 and prior. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL.2018-10-24not yet calculatedCVE-2018-14812
BID
MISC
gain_electronic -- saga1-l8bSAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it.2018-10-24not yet calculatedCVE-2018-17923
BID
MISC
gain_electronic -- saga1-l8bSAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction.2018-10-24not yet calculatedCVE-2018-17921
BID
MISC
gain_electronic -- saga1-l8bSAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery.2018-10-24not yet calculatedCVE-2018-17903
BID
MISC
geovap -- reliance_4_scada/hmiReliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerability could allow an unauthorized attacker to inject arbitrary code.2018-10-25not yet calculatedCVE-2018-17904
BID
MISC
gnu -- binutilsA heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.2018-10-23not yet calculatedCVE-2018-18605
MISC
MISC
gnu -- binutilsAn issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.2018-10-23not yet calculatedCVE-2018-18607
MISC
MISC
gnu -- binutilsAn issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.2018-10-23not yet calculatedCVE-2018-18606
MISC
MISC
greedy_599-- greedy_599A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. The developer used the extcodesize() function to prevent a malicious contract from being called, but the attacker can bypass it by writing the core code in the constructor of their exploit code. Therefore, it allows attackers to always win and get rewards.2018-10-23not yet calculatedCVE-2018-17877
MISC
huawei -- smartphonesSome Huawei smartphones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed.2018-10-23not yet calculatedCVE-2018-7911
CONFIRM
ibm -- security_access_manager_applianceIBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. IBM X-Force ID: 150998.2018-10-22not yet calculatedCVE-2018-1850
CONFIRM
XF
ibm -- websphere_commerce_enterpriseIBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142596.2018-10-24not yet calculatedCVE-2018-1541
XF
CONFIRM
iobit -- malware_fighterIMFCameraProtect.sys in IObit Malware Fighter 6.2 (and possibly lower versions) is vulnerable to a stack-based buffer overflow. The attacker can use DeviceIoControl to pass a user specified size which can be used to overwrite return addresses. This can lead to a denial of service or code execution attack.2018-10-19not yet calculatedCVE-2018-18026
MISC
kaptcha -- kaptchatext/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random (rather than SecureRandom) function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force approach.2018-10-19not yet calculatedCVE-2018-18531
MISC
kerui -- wifi_endoscope_camera_ypc99Lack of an authentication mechanism in KERUI Wifi Endoscope Camera (YPC99) allows an attacker to watch or block the camera stream. The RTSP server on port 7070 accepts the command STOP to stop streaming, and the command SETSSID to disconnect a user.2018-10-22not yet calculatedCVE-2018-13115
MISC
kerui -- wifi_endoscope_camera_ypc99Missing authentication and improper input validation in KERUI Wifi Endoscope Camera (YPC99) allow an attacker to execute arbitrary commands (with a length limit of 19 characters) via the "ssid" value, as demonstrated by ssid:;ping 192.168.1.2 in the body of a SETSSID command.2018-10-22not yet calculatedCVE-2018-13114
MISC
lango -- codeigniter_multilingual_scriptLANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upload sections, as demonstrated by the site_name parameter to the admin/settings/update URI.2018-10-19not yet calculatedCVE-2018-18416
MISC
EXPLOIT-DB
leanote -- leanoteLeanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes" page.2018-10-21not yet calculatedCVE-2018-18553
MISC
libmspack -- libmspackchmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).2018-10-22not yet calculatedCVE-2018-18585
MISC
MISC
MISC
libmspack -- libmspack
 
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.2018-10-22not yet calculatedCVE-2018-18584
MISC
MISC
MISC
MISC
libtiff -- libtiffAn issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.2018-10-26not yet calculatedCVE-2018-18661
MISC
libtiff -- libtiffLibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.2018-10-22not yet calculatedCVE-2018-18557
MISC
linux -- linux_kernelThe Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. This occurs because a modified kernel/module.c, in conjunction with certain configuration options, leads to mishandling of the result of signature verification.2018-10-25not yet calculatedCVE-2018-18653
MISC
linux -- linux_kernelIn the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control.2018-10-22not yet calculatedCVE-2018-18559
MISC
linux -- linux_kernelThe Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace.2018-10-26not yet calculatedCVE-2018-6559
CONFIRM
CONFIRM
CONFIRM
live555 -- live555An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.2018-10-19not yet calculatedCVE-2018-4013
MLIST
MISC
lupng -- lupngAn issue has been found in LuPng through 2017-03-10. It is a heap-based buffer overflow in insertByte in miniz/lupng.c during a write operation for data obtained from a swap.2018-10-22not yet calculatedCVE-2018-18583
MISC
MISC
lupng -- lupngAn issue has been found in LuPng through 2017-03-10. It is a heap-based buffer overflow in insertByte in miniz/lupng.c during a write operation for data obtained from a palette.2018-10-22not yet calculatedCVE-2018-18582
MISC
MISC
lupng -- lupngAn issue has been found in LuPng through 2017-03-10. It is a heap-based buffer over-read in internalPrintf in miniz/lupng.c.2018-10-22not yet calculatedCVE-2018-18581
MISC
MISC
mailcleaner -- mailcleaner_community_editionwww/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO.2018-10-24not yet calculatedCVE-2018-18635
MISC
MISC
micro_focus -- real_user_monitoringA potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary code.2018-10-23not yet calculatedCVE-2018-18589
CONFIRM
microsoft-- yammerA remote code execution vulnerability exists in the Yammer desktop application due to the loading of arbitrary content, aka "Yammer Desktop Application Remote Code Execution Vulnerability." This affects Yammer Desktop App.2018-10-23not yet calculatedCVE-2018-8569
BID
CONFIRM
mitel -- mivoice_5330e_voip_deviceThe Mitel MiVoice 5330e VoIP device is affected by memory corruption flaws in the SIP/SDP packet handling functionality. An attacker can exploit this issue remotely, by sending a particular pattern of SIP/SDP packets, to cause a denial of service state in the affected devices and probably remote code execution.2018-10-23not yet calculatedCVE-2018-15497
CONFIRM
MISC
mitel -- mivoice_office_400A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack, due to insufficient validation for the start.asp page. A successful exploit could allow the attacker to execute arbitrary scripts to access sensitive browser-based information.2018-10-23not yet calculatedCVE-2018-16226
CONFIRM
mitel -- stA vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit could allow an attacker to execute arbitrary scripts.2018-10-23not yet calculatedCVE-2018-12901
CONFIRM
mkvtoolnix -- mkvtoolnixA use-after-free vulnerability exists in the way MKVToolNix MKVINFO v25.0.0 handles the MKV (matroska) file format. A specially crafted MKV file can cause arbitrary code execution in the context of the current user.2018-10-26not yet calculatedCVE-2018-4022
MISC
moxa -- thingsproHidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.2018-10-19not yet calculatedCVE-2018-18395
MISC
moxa -- thingsproSensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.2018-10-19not yet calculatedCVE-2018-18394
MISC
moxa -- thingsproRemote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.2018-10-19not yet calculatedCVE-2018-18396
MISC
moxa -- thingsproPrivilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.2018-10-19not yet calculatedCVE-2018-18392
MISC
moxa -- thingsproUser Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.2018-10-19not yet calculatedCVE-2018-18391
MISC
moxa -- thingsproPassword Management Issue in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.2018-10-19not yet calculatedCVE-2018-18393
MISC
moxa -- thingsproUser Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.2018-10-19not yet calculatedCVE-2018-18390
MISC

mysql-binuuid-rails -- mysql-binuuid-rails

mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns.2018-10-24not yet calculatedCVE-2018-18476
MISC
CONFIRM
neato_robotics -- botvac_connected_vacuumsA command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network attackers to execute arbitrary commands via shell metacharacters in the ntp field within JSON data to the /robot/initialize endpoint.2018-10-24not yet calculatedCVE-2018-18638
MISC
open_design_alliance -- drawings_sdkA vulnerability exists in the file reading procedure in Open Design Alliance Drawings SDK 2019Update1 on non-Windows platforms in which attackers could perform read operations past the end, or before the beginning, of the intended buffer. This can allow attackers to obtain sensitive information from process memory or cause a crash.2018-10-19not yet calculatedCVE-2018-18224
BID
CONFIRM
open_design_alliance -- drawings_sdkOpen Design Alliance Drawings SDK 2019Update1 has a vulnerability during the reading of malformed files, allowing attackers to obtain sensitive information from process memory or cause a crash.2018-10-19not yet calculatedCVE-2018-18223
BID
CONFIRM
ownticket -- ownticketOwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter.2018-10-19not yet calculatedCVE-2018-18527
EXPLOIT-DB
phpyun -- phpyunAn issue was discovered in PHPYun V4.6. There is a vulnerability that can delete any file or directory via the "admin/index.php?m=database&c=del" sql parameter because del_action() in admin/model/database.class.php mishandles this parameter.2018-10-23not yet calculatedCVE-2018-18626
MISC
pippo -- pippoAn issue was discovered in Pippo 1.11.0. The function SerializationSessionDataTranscoder.decode() calls ObjectInputStream.readObject() to deserialize a SessionData object without checking the object types. An attacker can create a malicious object, base64 encode it, and place it in the PIPPO_SESSION field of a cookie. Sending this cookie may lead to remote code execution.2018-10-23not yet calculatedCVE-2018-18628
MISC
pippo -- pippoparseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java.2018-10-23not yet calculatedCVE-2017-18349
MISC
MISC
MISC
polycomm -- vvx_500_and_601_devicesThe SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business.2018-10-24not yet calculatedCVE-2018-18566
BUGTRAQ
MISC
polycomm -- vvx_500_and_601_devicesPolycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.2018-10-24not yet calculatedCVE-2018-18568
BUGTRAQ
MISC
prayer -- prayerPrayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting.2018-10-25not yet calculatedCVE-2018-18655
MISC
purevpn -- purevpn_for_windowsThe PureVPN client before 6.1.0 for Windows stores Login Credentials (username and password) in cleartext. The location of such files is %PROGRAMDATA%\purevpn\config\login.conf. Additionally, all local users can read this file.2018-10-26not yet calculatedCVE-2018-18656
MISC
qemu -- qemuQemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.2018-10-19not yet calculatedCVE-2018-18438
MLIST
MLIST
MLIST
qualcomm -- snapdragonWhile processing the sensors registry configuration file, if inputs are not validated a buffer overflow will occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MMDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDA660, SDX20.2018-10-23not yet calculatedCVE-2017-18303
SECTRACK
CONFIRM
CONFIRM
qualcomm -- snapdragonWhen FW tries to get random mac address generated from new SW RNG and ADC values read are constant then DUT get struck in loop while trying to get random ADC samples in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/522018-10-26not yet calculatedCVE-2018-11828
CONFIRM
qualcomm -- snapdragonA stack-based buffer overflow can occur in a firmware routine in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, SDA6602018-10-26not yet calculatedCVE-2018-11824
CONFIRM
qualcomm -- snapdragonAccess control on applications is not applied while accessing SafeSwitch services can lead to improper access in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20.2018-10-23not yet calculatedCVE-2017-18296
SECTRACK
CONFIRM
CONFIRM
qualcomm -- snapdragonPossible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_20162018-10-26not yet calculatedCVE-2018-11821
CONFIRM
qualcomm -- snapdragonWhile accessing SafeSwitch services, third party can manipulate a given device and perform unauthorized operation due to lack of checking of same state transitions in Snapdragon Automobile, Snapdragon Mobile in version MSM8996AU, SD 410/12, SD 617, SD 650/52, SD 810, SD 820, SD 820A2018-10-23not yet calculatedCVE-2017-18312
CONFIRM
CONFIRM
qualcomm -- snapdragonLack of check on out of range of bssid parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9886, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_20162018-10-26not yet calculatedCVE-2018-11849
CONFIRM
qualcomm -- snapdragonXPU Master privilege escalation is possible due to improper access control of unused configuration xPU ports where unused configuration ports are open in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016.2018-10-26not yet calculatedCVE-2017-18311
CONFIRM
qualcomm -- snapdragonThe use of a non-time-constant memory comparison operation can lead to timing/side channel attacks in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 845, SD 8502018-10-26not yet calculatedCVE-2018-11846
CONFIRM
qualcomm -- snapdragonLack of check on out of range for channels When processing channel list set command will lead to buffer flow in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_20162018-10-26not yet calculatedCVE-2018-11853
CONFIRM
qualcomm -- snapdragonImproper access control in core module lead XBL_LOADER performs the ZI region clear for QTEE instead of XBL_SEC in Snapdragon Mobile in version SD 845, SD 850.2018-10-26not yet calculatedCVE-2018-11951
CONFIRM
qualcomm -- snapdragonUnapproved TrustZone applications can be loaded and executed in Snapdragon Mobile in version SD 845, SD 8502018-10-26not yet calculatedCVE-2018-11950
CONFIRM
qualcomm -- snapdragonLack of check of valid length of input parameter may cause buffer overwrite in WLAN in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA6602018-10-26not yet calculatedCVE-2018-11854
CONFIRM
qualcomm -- snapdragonInsufficient memory allocation in boot due to incorrect size being passed could result in out of bounds access in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660 and SDX202018-10-23not yet calculatedCVE-2017-18304
SECTRACK
CONFIRM
CONFIRM
qualcomm -- snapdragonUnder certain mode of operations, HLOS may be able get direct or indirect access through DXE channels to tamper with the authenticated WCNSS firmware stored in DDR because DXE-accessible memory is located within the authenticated image in Snapdragon Mobile and Snapdragon Wear in version MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 617.2018-10-23not yet calculatedCVE-2017-18313
CONFIRM
CONFIRM
qualcomm -- snapdragonSecure display content could be accessed by third party trusted application after creating a fault in other trusted applications in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SDA660.2018-10-23not yet calculatedCVE-2017-18300
SECTRACK
CONFIRM
CONFIRM
qualcomm -- snapdragonA micro-core of QMP transportation may cause a macro-core to read from or write to arbitrary memory in Snapdragon Mobile in version SD 845, SD 850.2018-10-26not yet calculatedCVE-2017-18309
CONFIRM
qualcomm -- snapdragonLack of Input Validation in SDMX API can lead to NULL pointer access in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660 .2018-10-23not yet calculatedCVE-2017-18298
SECTRACK
CONFIRM
CONFIRM
qualcomm -- snapdragonImproper translation table consolidation logic leads to resource exhaustion and QSEE error in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA6602018-10-23not yet calculatedCVE-2017-18299
SECTRACK
CONFIRM
CONFIRM
qualcomm -- snapdragonClientEnv exposes services 0-32 to HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_20162018-10-26not yet calculatedCVE-2017-18310
CONFIRM
qualcomm -- snapdragonDouble memory free while closing TEE SE API Session management in Snapdragon Mobile in version SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820.2018-10-23not yet calculatedCVE-2017-18297
SECTRACK
CONFIRM
CONFIRM
qualcomm -- snapdragonModem segments are unlocked after authentication, leaving modem segments open to all in Snapdragon Mobile, Snapdragon Wear in version MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 4302018-10-26not yet calculatedCVE-2017-18308
CONFIRM
qualcomm -- snapdragonThere is improper access control of the SSC and GPU mapped regions which lead to inject code from HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660.2018-10-26not yet calculatedCVE-2018-3588
CONFIRM
qualcomm -- snapdragonImproper input validation in TZ led to array out of bound in TZ function while accessing the peripheral details using the incoming data in Snapdragon Mobile, Snapdragon Wear version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660.2018-10-26not yet calculatedCVE-2018-5914
CONFIRM
qualcomm -- snapdragonXBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835.2018-10-23not yet calculatedCVE-2017-18305
SECTRACK
CONFIRM
CONFIRM
qualcomm -- snapdragonWhile processing logs, data is copied into a buffer pointed to by an untrusted pointer in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660.2018-10-26not yet calculatedCVE-2018-5866
CONFIRM
qualcomm -- snapdragonA possible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA6602018-10-26not yet calculatedCVE-2018-11822
CONFIRM
qualcomm -- snapdragonWhile reading file class type from ELF header, a buffer overread may happen if the ELF file size is less than the size of ELF64 header size in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20.2018-10-23not yet calculatedCVE-2017-18294
SECTRACK
CONFIRM
CONFIRM
qualcomm -- snapdragonDuring secure boot, addition is performed on uint8 ptrs which led to overflow issue in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX202018-10-26not yet calculatedCVE-2017-18124
CONFIRM
qualcomm -- snapdragonImproper input validation for GATT data packet received in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016.2018-10-23not yet calculatedCVE-2017-18171
CONFIRM
CONFIRM
qualcomm -- snapdragonPossible memory corruption when Read Val Blob Req is received with invalid parameters in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 625, SD 835, SD 845, SD 850, SDA660.2018-10-23not yet calculatedCVE-2017-18283
SECTRACK
CONFIRM
CONFIRM
qualcomm -- snapdragonImproper input validation in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016.2018-10-23not yet calculatedCVE-2017-18170
CONFIRM
CONFIRM
qualcomm -- snapdragonWhen dynamic memory allocation fails, currently the process sleeps for one second and continues with infinite loop without retrying for memory allocation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCN5502, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835.2018-10-23not yet calculatedCVE-2017-18277
CONFIRM
CONFIRM
qualcomm -- snapdragonSecure app running in non secure space can restart TZ by calling Widevine app API repeatedly in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A.2018-10-23not yet calculatedCVE-2017-18292
SECTRACK
CONFIRM
CONFIRM
qualcomm -- snapdragonPossible buffer overflow if input is not null terminated in DSP Service module in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDX20.2018-10-23not yet calculatedCVE-2017-18295
SECTRACK
CONFIRM
CONFIRM
qualcomm -- snapdragonLack of check on remaining length parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 625, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX202018-10-26not yet calculatedCVE-2018-11850
CONFIRM
qualcomm -- snapdragonWhen a series of FDAL messages are sent to the modem, a Use After Free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20.2018-10-26not yet calculatedCVE-2018-11305
CONFIRM
qualcomm -- snapdragonWhen a particular GPIO is protected by blocking access to the corresponding GPIO resource registers, the protection can be bypassed using the corresponding banked GPIO registers instead in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660.2018-10-23not yet calculatedCVE-2017-18293
SECTRACK
CONFIRM
CONFIRM
qualcomm -- snapdragonNon-secure SW can cause SDCC to generate secure bus accesses, which may expose RPM access in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660.2018-10-23not yet calculatedCVE-2017-18282
SECTRACK
CONFIRM
CONFIRM
qualcomm -- snapdragonIn a device, with screen size 1440x2560, the check of contiguous buffer will overflow on certain buffer size resulting in an Integer Overflow or Wraparound in System UI in Snapdragon Automobile, Snapdragon Mobile in version MDM9635M, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016.2018-10-23not yet calculatedCVE-2017-18172
CONFIRM
CONFIRM
ruletkaio-- ruletkaio
 
A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. The developer wrote a random() function that uses a block timestamp and block hash from the Ethereum blockchain. This can be predicted by writing the same random function code in an exploit contract to determine the deadSeat value.2018-10-23not yet calculatedCVE-2018-17968
MISC
saltstack -- saltSaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).2018-10-24not yet calculatedCVE-2018-15751
CONFIRM
CONFIRM
MLIST
MLIST
saltstack -- saltDirectory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.2018-10-24not yet calculatedCVE-2018-15750
CONFIRM
CONFIRM
MLIST
MLIST
serverscheck -- monitoring_softwareServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service (menu functionality loss) by creating an LNK file that points to a second LNK file, if this second LNK file is associated with a Start menu. Ultimately, this behavior comes from a Directory Traversal bug (via the sensor_details.html id parameter) that allows creating empty files in arbitrary directories.2018-10-24not yet calculatedCVE-2018-18552
MISC
MISC
serverscheck -- monitoring_softwareServersCheck Monitoring Software before 14.3.4 allows SQL Injection by an authenticated user.2018-10-21not yet calculatedCVE-2018-18550
MISC
serverscheck -- monitoring_softwareServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, group_delete.html group parameter, report_save.html query parameter, sensors.html location parameter, or group_delete.html group parameter.2018-10-24not yet calculatedCVE-2018-18551
MISC
MISC

siacs/conversations -- siacs/conversations

An issue was discovered in Daniel Gultsch Conversations 2.3.4. It is possible to spoof a custom message to an existing opened conversation by sending an intent.2018-10-23not yet calculatedCVE-2018-18467
CONFIRM
sophos -- hitmanpro.alertAn exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to write data under controlled by an attacker address, resulting in memory corruption. An attacker can send IRP request to trigger this vulnerability.2018-10-25not yet calculatedCVE-2018-3971
MISC
sophos -- hitmanpro.alertAn exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.2018-10-25not yet calculatedCVE-2018-3970
MISC
splunk -- enterpriseSplunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and insert Trojan horse programs into $SPLUNK_HOME/bin, because the non-root setup instructions state that chown should be run across all of $SPLUNK_HOME to give non-root access.2018-10-19not yet calculatedCVE-2017-18348
BID
MISC
MISC
splunk -- enterprise_and _lightCross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-10-23not yet calculatedCVE-2018-7427
CONFIRM
splunk -- enterprise_and _lightSplunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, and 6.4.x before 6.4.8; and Splunk Light before 6.5.0 allow remote attackers to cause a denial of service via a malformed HTTP request.2018-10-23not yet calculatedCVE-2018-7429
CONFIRM
splunk -- enterprise_and _lightSplunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allow remote attackers to cause a denial of service via a crafted HTTP request.2018-10-23not yet calculatedCVE-2018-7432
CONFIRM
splunk -- enterprise_and _lightDirectory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote authenticated users to read arbitrary files via unspecified vectors.2018-10-23not yet calculatedCVE-2018-7431
CONFIRM
stalker_software-- communigate_pro
 
CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto! Mail Composer, which is mishandled in /MIME/INBOX-MM-1/ if the raw email link (in .txt format) is modified and then renamed with a .html or .wssp extension.2018-10-24not yet calculatedCVE-2018-18621
MISC
MISC
stegdetect -- stegdetectStegdetect through 2018-05-26 has an out-of-bounds write in f5_compress in the f5.c file.2018-10-23not yet calculatedCVE-2018-18599
MISC
sv3c -- l-series_hd_camerasAn attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including camera hardware, wireless network, and local area network information.2018-10-19not yet calculatedCVE-2018-12673
MISC
sv3c -- l-series_hd_camerasThe SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) is affected by an improper authentication vulnerability that allows requests to be made to back-end CGI scripts without a valid session. This vulnerability could be used to read and modify the configuration. The vulnerability affects all versions.2018-10-19not yet calculatedCVE-2018-12667
MISC
sv3c -- l-series_hd_camerasThe SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) stores the username and password within the cookies of a session. If an attacker gained access to these session cookies, it would be possible to gain access to the username and password of the logged-in account.2018-10-19not yet calculatedCVE-2018-12674
MISC
sv3c -- l-series_hd_camerasThe SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) does not perform origin checks on URLs that the camera's web interface redirects a user to. This can be leveraged to send a user to an unexpected endpoint.2018-10-19not yet calculatedCVE-2018-12675
MISC
sv3c -- l-series_hd_camerasSV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow OS Command Injection.2018-10-19not yet calculatedCVE-2018-12670
MISC
sv3c -- l-series_hd_camerasAn attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including all password sets set within the camera. This information can then be used to gain access to the web interface.2018-10-19not yet calculatedCVE-2018-12671
MISC
sv3c -- l-series_hd_camerasThe SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) does not perform proper validation on user-supplied input and is vulnerable to cross-site scripting attacks. If proper authorization was implemented, this vulnerability could be leveraged to perform actions on behalf of another user or the administrator.2018-10-19not yet calculatedCVE-2018-12672
MISC
sv3c -- l-series_hd_camerasSV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow remote authenticated users to reset arbitrary accounts via a request to web/cgi-bin/hi3510/param.cgi.2018-10-19not yet calculatedCVE-2018-12669
MISC
sv3c -- l-series_hd_cameras
 
SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices have a Hard-coded Password.2018-10-19not yet calculatedCVE-2018-12668
MISC
sv3c -- l-series_hd_camerasSV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices improperly identifies users only by the authentication level sent in the cookies, which allow remote attackers to bypass authentication and gain administrator access by setting the authLevel cookie to 255.2018-10-19not yet calculatedCVE-2018-12666
MISC
symantec -- web_isolationSymantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker can target end users protected by WI with social engineering attacks using crafted URLs for legitimate web sites. A successful attack allows injecting malicious JavaScript code into the website's rendered copy running inside the end user's web browser. It does not allow injecting code into the real (isolated) copy of the website running on the WI Threat Isolation Engine.2018-10-22not yet calculatedCVE-2018-12246
BID
CONFIRM
systemd -- systemdA vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.2018-10-26not yet calculatedCVE-2018-15686
MISC
systemd -- systemdA race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.2018-10-26not yet calculatedCVE-2018-15687
MISC
systemd -- systemdA buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.2018-10-26not yet calculatedCVE-2018-15688
MISC
teakki -- teakkiTeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL.2018-10-20not yet calculatedCVE-2018-18540
MISC
teeworlds -- teeworldsIn Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets.2018-10-20not yet calculatedCVE-2018-18541
MISC
MISC
MISC
telecrane -- f25_series_radio_controlsAll versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state.2018-10-24not yet calculatedCVE-2018-17935
BID
MISC
telligent -- communityTelligent Community 6.x, 7.x, 8.x, 9.x, and 10.x up to 10.1.10.11792 has XSS via the Feed RSS widget.2018-10-23not yet calculatedCVE-2018-16235
CONFIRM
thinkphp -- thinkphpThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI.2018-10-19not yet calculatedCVE-2018-18530
MISC
thinkphp -- thinkphpThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI.2018-10-19not yet calculatedCVE-2018-18529
MISC
thinkphp-- thinkphpThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable.2018-10-20not yet calculatedCVE-2018-18546
MISC
MISC
tp-link -- tl-sc3130_devicesTP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream access, as demonstrated by a /jpg/image.jpg URI.2018-10-19not yet calculatedCVE-2018-18428
MISC
EXPLOIT-DB
MISC
transportes_intermodais_do_porto -- anda_applicationThe server API in the Anda app relies on hardcoded credentials.2018-10-24not yet calculatedCVE-2018-13342
MISC
trend_micro -- antivirus_for_macA KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F6A offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2018-10-23not yet calculatedCVE-2018-18328
CONFIRM
CONFIRM
MISC
trend_micro -- antivirus_for_macA KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F4E offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2018-10-23not yet calculatedCVE-2018-18329
CONFIRM
CONFIRM
MISC
trend_micro -- antivirus_for_macA ctl_set KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2018-10-23not yet calculatedCVE-2018-15367
CONFIRM
CONFIRM
MISC
trend_micro -- antivirus_for_macA KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6eDC offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2018-10-23not yet calculatedCVE-2018-18327
CONFIRM
CONFIRM
MISC
trend_micro -- antivirus_for_macA UrlfWTPPagePtr KERedirect Use-After-Free Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2018-10-23not yet calculatedCVE-2018-15366
CONFIRM
CONFIRM
MISC
veritas -- netbackup_applianceA remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input.2018-10-25not yet calculatedCVE-2018-18652
BID
CONFIRM
vestacp -- vestacpVesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filename to the list/directory/ URI.2018-10-24not yet calculatedCVE-2018-18547
MISC
waimai -- super_cmsAn issue was discovered in Waimai Super Cms 20150505. There is XSS via the index.php?m=public&a=doregister username parameter.2018-10-23not yet calculatedCVE-2018-18622
MISC
wifiranger -- devicesAn incorrect access control vulnerability in the FTP configuration of WiFiRanger devices with firmware version 7.0.8rc3 and earlier allows an attacker with adjacent network access to read the SSH Private Key and log in to the root account.2018-10-23not yet calculatedCVE-2018-17873
MISC
x.org -- x_serverA flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.2018-10-25not yet calculatedCVE-2018-14665
SECTRACK
CONFIRM
CONFIRM
MLIST
DEBIAN
xfce -- thunar
 
Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses this input method.2018-10-19not yet calculatedCVE-2018-18398
MISC
xpdf -- xpdfAn issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory.2018-10-25not yet calculatedCVE-2018-18650
MISC
xpdf -- xpdfAn issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file.2018-10-25not yet calculatedCVE-2018-18651
MISC
zenario -- zenarioCross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI.2018-10-19not yet calculatedCVE-2018-18420
MISC
zoho -- manageengine_opmanager
 
Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload.2018-10-23not yet calculatedCVE-2018-18475
MISC
FULLDISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System https://ift.tt/2zcTfmc