SB18-302: Vulnerability Summary for the Week of October 22, 2018
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no high vulnerabilities recorded this week. |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
imagemagick -- imagemagick | There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16. | 2018-10-20 | 4.3 | CVE-2018-18544 MISC |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no low vulnerabilities recorded this week. |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adrenalin -- hrms | Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting (XSS) vulnerability in the ApplicationtEmployeeSearch page via 'prntDDLCntrlName' and 'prntFrmName'. | 2018-10-24 | not yet calculated | CVE-2018-12650 MISC |
advanced_maryland_automatic_network_disk_archiver -- advanced_maryland_automatic_network_disk_archiver | An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the command line argument --star-path. | 2018-10-24 | not yet calculated | CVE-2016-10730 EXPLOIT-DB |
advanced_maryland_automatic_network_disk_archiver -- advanced_maryland_automatic_network_disk_archiver | An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root. | 2018-10-24 | not yet calculated | CVE-2016-10729 EXPLOIT-DB |
advantech -- webaccess | Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level. | 2018-10-23 | not yet calculated | CVE-2018-14828 BID SECTRACK MISC |
advantech -- webaccess | Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp. | 2018-10-22 | not yet calculated | CVE-2018-15704 MISC |
advantech -- webaccess | Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing. | 2018-10-23 | not yet calculated | CVE-2018-14820 BID SECTRACK MISC |
advantech -- webaccess | Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code. | 2018-10-23 | not yet calculated | CVE-2018-14806 BID SECTRACK MISC |
advantech -- webaccess | Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code. | 2018-10-23 | not yet calculated | CVE-2018-14816 BID SECTRACK MISC |
advantech -- webaccess | Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser. | 2018-10-22 | not yet calculated | CVE-2018-15703 MISC |
ajenti -- ajenti | ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager. | 2018-10-24 | not yet calculated | CVE-2018-18548 MISC |
ansible -- ansible | Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list. | 2018-10-23 | not yet calculated | CVE-2018-16837 BID CONFIRM |
apache -- impala | Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query. | 2018-10-24 | not yet calculated | CVE-2018-11785 MISC |
apache -- impala | In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. This may pose a potential security risk, such as having ALTER on a table and ALL on a particular database allows a user to move the table to a database with ALL, which will automatically grant that user with ALL privilege on that table due to the privilege inherited from the database. | 2018-10-24 | not yet calculated | CVE-2018-11792 MISC |
apache -- spark | Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation. It has been included in release branches since 1.3.x, up to and including master. This server will accept connections from external hosts by default. A specially-crafted request to the zinc server could cause it to reveal information in files readable to the developer account running the build. Note that this issue does not affect end users of Spark, only developers building Spark from source code. | 2018-10-24 | not yet calculated | CVE-2018-11804 MLIST CONFIRM |
arcserve -- unified_data_protection_platform | An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in /management/UdpHttpService issue. | 2018-10-26 | not yet calculated | CVE-2018-18659 MISC MISC MISC |
arcserve -- unified_data_protection_platform | An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclosure via /UDPUpdates/Config/FullUpdateSettings.xml issue. | 2018-10-26 | not yet calculated | CVE-2018-18658 MISC MISC MISC |
arcserve -- unified_data_protection_platform | An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue. | 2018-10-26 | not yet calculated | CVE-2018-18660 MISC MISC MISC |
arcserve -- unified_data_protection_platform | An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated Sensitive Information Disclosure via /gateway/services/EdgeServiceImpl issue. | 2018-10-26 | not yet calculated | CVE-2018-18657 MISC MISC MISC |
ardawan -- user_management | Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI. | 2018-10-19 | not yet calculated | CVE-2018-18419 MISC |
artifex -- ghostscript | Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. | 2018-10-19 | not yet calculated | CVE-2018-18284 CONFIRM MLIST MISC MISC MLIST |
artifex -- mupdf | There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool. | 2018-10-26 | not yet calculated | CVE-2018-18662 MISC MISC |
atlassian -- jira | The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability. | 2018-10-23 | not yet calculated | CVE-2018-13401 CONFIRM |
atlassian -- jira | Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability. | 2018-10-23 | not yet calculated | CVE-2018-13402 CONFIRM |
atlassian -- jira | Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability. | 2018-10-23 | not yet calculated | CVE-2018-13400 CONFIRM |
audiocodes -- 440hd_and_450hd_devices | AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business. | 2018-10-24 | not yet calculated | CVE-2018-18567 SECTRACK BUGTRAQ MISC |
axios_italia -- axios_cloud_sissiweb_registro_elettronico | In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret/relogoff.aspx has XSS via the Error_Desc parameter. | 2018-10-23 | not yet calculated | CVE-2018-18437 MISC EXPLOIT-DB |
bigprof -- appgini | BigProf AppGini 5.70 stores the passwords in the database using the MD5 hash. | 2018-10-23 | not yet calculated | CVE-2018-18587 MISC |
bigtree -- bigtree_cms | A Session Fixation issue was discovered in Bigtree. admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The Session Fixation could allow an attacker to hijack an admin session. | 2018-10-19 | not yet calculated | CVE-2018-18380 MISC CONFIRM |
bitdefender -- gravityzone | The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing the filename while leaving the file's digital signature unchanged. | 2018-10-24 | not yet calculated | CVE-2018-8955 MISC FULLDISC SECTRACK MISC |
cisco -- webex_meetings_desktop_app_for_windows | A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access, administrators should be aware that in Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools. | 2018-10-24 | not yet calculated | CVE-2018-15442 BID SECTRACK CISCO |
citrix -- netscaler_gateway | Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS. | 2018-10-24 | not yet calculated | CVE-2018-18517 BID CONFIRM |
citrix -- sd-wan_and_netscaler | A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | 2018-10-23 | not yet calculated | CVE-2018-17446 BID CONFIRM |
citrix -- sd-wan_and_netscaler | An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | 2018-10-23 | not yet calculated | CVE-2018-17448 BID CONFIRM |
citrix -- sd-wan_and_netscaler | An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | 2018-10-23 | not yet calculated | CVE-2018-17447 BID CONFIRM |
citrix -- sd-wan_and_netscaler | A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | 2018-10-23 | not yet calculated | CVE-2018-17444 BID CONFIRM |
citrix -- sd-wan_and_netscaler | A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | 2018-10-23 | not yet calculated | CVE-2018-17445 BID CONFIRM |
creativeitem-- ekushey_project_manager_crm | In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI. | 2018-10-19 | not yet calculated | CVE-2018-18417 MISC |
crossroads-- crossroads | Crossroads 2.81 does not properly handle the /tmp directory during a build of xr. A local attacker can first create a world-writable subdirectory in a certain location under the /tmp directory, wait until a user process copies xr there, and then replace the entire contents of this subdirectory to include a Trojan horse xr. | 2018-10-25 | not yet calculated | CVE-2018-18654 MISC |
d-link -- dsl-2640t_routers | XSS exists in cgi-bin/webcm on D-Link DSL-2640T routers via the var:RelaodHref or var:conid parameter. | 2018-10-24 | not yet calculated | CVE-2018-18636 MISC MISC |
desdev -- dedecms | DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php. | 2018-10-23 | not yet calculated | CVE-2018-18608 MISC MISC |
desdev-- dedecms | Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter. | 2018-10-22 | not yet calculated | CVE-2018-18579 MISC MISC |
desdev-- dedecms | DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter. | 2018-10-22 | not yet calculated | CVE-2018-18578 MISC MISC |
eaton -- ups_9px_8000_sp_devices | An issue was discovered on Eaton UPS 9PX 8000 SP devices. The administration panel is vulnerable to a CSRF attack on the change-password functionality. This vulnerability could be used to force a logged-in administrator to perform a silent password update. The affected forms are also vulnerable to Reflected Cross-Site Scripting vulnerabilities. This flaw could be triggered by driving an administrator logged into the Eaton application to a specially crafted web page. This attack could be done silently. | 2018-10-24 | not yet calculated | CVE-2018-9281 MISC |
eaton -- ups_9px_8000_sp_devices | An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the SNMP version 3 user's password. The web page displayed by the appliance contains the password in cleartext. Passwords of the read and write users could be retrieved by browsing the source code of the webpage. | 2018-10-24 | not yet calculated | CVE-2018-9280 MISC |
eaton -- ups_9px_8000_sp_devices | An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the user's password. The web page displayed by the appliance contains the password in cleartext. Passwords could be retrieved by browsing the source code of the webpage. | 2018-10-24 | not yet calculated | CVE-2018-9279 MISC |
elfutils -- elfutils | Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. | 2018-10-19 | not yet calculated | CVE-2018-18521 MISC MISC |
elfutils -- elfutils | An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file. | 2018-10-19 | not yet calculated | CVE-2018-18520 MISC MISC |
f5 -- big-ip | On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a reflected Cross Site Scripting (XSS) vulnerability in an undisclosed Configuration Utility page. | 2018-10-19 | not yet calculated | CVE-2018-15315 SECTRACK CONFIRM |
f5 -- big-ip | On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page. | 2018-10-19 | not yet calculated | CVE-2018-15314 BID SECTRACK CONFIRM |
f5 -- big-ip | On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page. | 2018-10-19 | not yet calculated | CVE-2018-15313 BID SECTRACK CONFIRM |
f5 -- big-ip | On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an authenticated user to execute JavaScript for the currently logged-in user. | 2018-10-19 | not yet calculated | CVE-2018-15312 SECTRACK CONFIRM |
f5 -- mutiple_products | In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint checks. | 2018-10-19 | not yet calculated | CVE-2018-15316 BID SECTRACK CONFIRM |
fiyo_cms -- fiyo_cms | Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name parameter. | 2018-10-20 | not yet calculated | CVE-2018-18545 MISC |
fuji_electric -- energy_savings_estimator | An uncontrolled search path element (DLL Hijacking) vulnerability has been identified in Fuji Electric Energy Savings Estimator versions V.1.0.2.0 and prior. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL. | 2018-10-24 | not yet calculated | CVE-2018-14812 BID MISC |
gain_electronic -- saga1-l8b | SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it. | 2018-10-24 | not yet calculated | CVE-2018-17923 BID MISC |
gain_electronic -- saga1-l8b | SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction. | 2018-10-24 | not yet calculated | CVE-2018-17921 BID MISC |
gain_electronic -- saga1-l8b | SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery. | 2018-10-24 | not yet calculated | CVE-2018-17903 BID MISC |
geovap -- reliance_4_scada/hmi | Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerability could allow an unauthorized attacker to inject arbitrary code. | 2018-10-25 | not yet calculated | CVE-2018-17904 BID MISC |
gnu -- binutils | A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. | 2018-10-23 | not yet calculated | CVE-2018-18605 MISC MISC |
gnu -- binutils | An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. | 2018-10-23 | not yet calculated | CVE-2018-18607 MISC MISC |
gnu -- binutils | An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. | 2018-10-23 | not yet calculated | CVE-2018-18606 MISC MISC |
greedy_599-- greedy_599 | A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. The developer used the extcodesize() function to prevent a malicious contract from being called, but the attacker can bypass it by writing the core code in the constructor of their exploit code. Therefore, it allows attackers to always win and get rewards. | 2018-10-23 | not yet calculated | CVE-2018-17877 MISC |
huawei -- smartphones | Some Huawei smartphones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed. | 2018-10-23 | not yet calculated | CVE-2018-7911 CONFIRM |
ibm -- security_access_manager_appliance | IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. IBM X-Force ID: 150998. | 2018-10-22 | not yet calculated | CVE-2018-1850 CONFIRM XF |
ibm -- websphere_commerce_enterprise | IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142596. | 2018-10-24 | not yet calculated | CVE-2018-1541 XF CONFIRM |
iobit -- malware_fighter | IMFCameraProtect.sys in IObit Malware Fighter 6.2 (and possibly lower versions) is vulnerable to a stack-based buffer overflow. The attacker can use DeviceIoControl to pass a user specified size which can be used to overwrite return addresses. This can lead to a denial of service or code execution attack. | 2018-10-19 | not yet calculated | CVE-2018-18026 MISC |
kaptcha -- kaptcha | text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random (rather than SecureRandom) function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force approach. | 2018-10-19 | not yet calculated | CVE-2018-18531 MISC |
kerui -- wifi_endoscope_camera_ypc99 | Lack of an authentication mechanism in KERUI Wifi Endoscope Camera (YPC99) allows an attacker to watch or block the camera stream. The RTSP server on port 7070 accepts the command STOP to stop streaming, and the command SETSSID to disconnect a user. | 2018-10-22 | not yet calculated | CVE-2018-13115 MISC |
kerui -- wifi_endoscope_camera_ypc99 | Missing authentication and improper input validation in KERUI Wifi Endoscope Camera (YPC99) allow an attacker to execute arbitrary commands (with a length limit of 19 characters) via the "ssid" value, as demonstrated by ssid:;ping 192.168.1.2 in the body of a SETSSID command. | 2018-10-22 | not yet calculated | CVE-2018-13114 MISC |
lango -- codeigniter_multilingual_script | LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upload sections, as demonstrated by the site_name parameter to the admin/settings/update URI. | 2018-10-19 | not yet calculated | CVE-2018-18416 MISC EXPLOIT-DB |
leanote -- leanote | Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes" page. | 2018-10-21 | not yet calculated | CVE-2018-18553 MISC |
libmspack -- libmspack | chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name). | 2018-10-22 | not yet calculated | CVE-2018-18585 MISC MISC MISC |
libmspack -- libmspack | In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. | 2018-10-22 | not yet calculated | CVE-2018-18584 MISC MISC MISC MISC |
libtiff -- libtiff | An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c. | 2018-10-26 | not yet calculated | CVE-2018-18661 MISC |
libtiff -- libtiff | LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write. | 2018-10-22 | not yet calculated | CVE-2018-18557 MISC |
linux -- linux_kernel | The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. This occurs because a modified kernel/module.c, in conjunction with certain configuration options, leads to mishandling of the result of signature verification. | 2018-10-25 | not yet calculated | CVE-2018-18653 MISC |
linux -- linux_kernel | In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control. | 2018-10-22 | not yet calculated | CVE-2018-18559 MISC |
linux -- linux_kernel | The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace. | 2018-10-26 | not yet calculated | CVE-2018-6559 CONFIRM CONFIRM CONFIRM |
live555 -- live555 | An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability. | 2018-10-19 | not yet calculated | CVE-2018-4013 MLIST MISC |
lupng -- lupng | An issue has been found in LuPng through 2017-03-10. It is a heap-based buffer overflow in insertByte in miniz/lupng.c during a write operation for data obtained from a swap. | 2018-10-22 | not yet calculated | CVE-2018-18583 MISC MISC |
lupng -- lupng | An issue has been found in LuPng through 2017-03-10. It is a heap-based buffer overflow in insertByte in miniz/lupng.c during a write operation for data obtained from a palette. | 2018-10-22 | not yet calculated | CVE-2018-18582 MISC MISC |
lupng -- lupng | An issue has been found in LuPng through 2017-03-10. It is a heap-based buffer over-read in internalPrintf in miniz/lupng.c. | 2018-10-22 | not yet calculated | CVE-2018-18581 MISC MISC |
mailcleaner -- mailcleaner_community_edition | www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO. | 2018-10-24 | not yet calculated | CVE-2018-18635 MISC MISC |
micro_focus -- real_user_monitoring | A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary code. | 2018-10-23 | not yet calculated | CVE-2018-18589 CONFIRM |
microsoft-- yammer | A remote code execution vulnerability exists in the Yammer desktop application due to the loading of arbitrary content, aka "Yammer Desktop Application Remote Code Execution Vulnerability." This affects Yammer Desktop App. | 2018-10-23 | not yet calculated | CVE-2018-8569 BID CONFIRM |
mitel -- mivoice_5330e_voip_device | The Mitel MiVoice 5330e VoIP device is affected by memory corruption flaws in the SIP/SDP packet handling functionality. An attacker can exploit this issue remotely, by sending a particular pattern of SIP/SDP packets, to cause a denial of service state in the affected devices and probably remote code execution. | 2018-10-23 | not yet calculated | CVE-2018-15497 CONFIRM MISC |
mitel -- mivoice_office_400 | A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack, due to insufficient validation for the start.asp page. A successful exploit could allow the attacker to execute arbitrary scripts to access sensitive browser-based information. | 2018-10-23 | not yet calculated | CVE-2018-16226 CONFIRM |
mitel -- st | A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | 2018-10-23 | not yet calculated | CVE-2018-12901 CONFIRM |
mkvtoolnix -- mkvtoolnix | A use-after-free vulnerability exists in the way MKVToolNix MKVINFO v25.0.0 handles the MKV (matroska) file format. A specially crafted MKV file can cause arbitrary code execution in the context of the current user. | 2018-10-26 | not yet calculated | CVE-2018-4022 MISC |
moxa -- thingspro | Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | 2018-10-19 | not yet calculated | CVE-2018-18395 MISC |
moxa -- thingspro | Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | 2018-10-19 | not yet calculated | CVE-2018-18394 MISC |
moxa -- thingspro | Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | 2018-10-19 | not yet calculated | CVE-2018-18396 MISC |
moxa -- thingspro | Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | 2018-10-19 | not yet calculated | CVE-2018-18392 MISC |
moxa -- thingspro | User Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | 2018-10-19 | not yet calculated | CVE-2018-18391 MISC |
moxa -- thingspro | Password Management Issue in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | 2018-10-19 | not yet calculated | CVE-2018-18393 MISC |
moxa -- thingspro | User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | 2018-10-19 | not yet calculated | CVE-2018-18390 MISC |
mysql-binuuid-rails -- mysql-binuuid-rails | mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns. | 2018-10-24 | not yet calculated | CVE-2018-18476 MISC CONFIRM |
neato_robotics -- botvac_connected_vacuums | A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network attackers to execute arbitrary commands via shell metacharacters in the ntp field within JSON data to the /robot/initialize endpoint. | 2018-10-24 | not yet calculated | CVE-2018-18638 MISC |
open_design_alliance -- drawings_sdk | A vulnerability exists in the file reading procedure in Open Design Alliance Drawings SDK 2019Update1 on non-Windows platforms in which attackers could perform read operations past the end, or before the beginning, of the intended buffer. This can allow attackers to obtain sensitive information from process memory or cause a crash. | 2018-10-19 | not yet calculated | CVE-2018-18224 BID CONFIRM |
open_design_alliance -- drawings_sdk | Open Design Alliance Drawings SDK 2019Update1 has a vulnerability during the reading of malformed files, allowing attackers to obtain sensitive information from process memory or cause a crash. | 2018-10-19 | not yet calculated | CVE-2018-18223 BID CONFIRM |
ownticket -- ownticket | OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter. | 2018-10-19 | not yet calculated | CVE-2018-18527 EXPLOIT-DB |
phpyun -- phpyun | An issue was discovered in PHPYun V4.6. There is a vulnerability that can delete any file or directory via the "admin/index.php?m=database&c=del" sql parameter because del_action() in admin/model/database.class.php mishandles this parameter. | 2018-10-23 | not yet calculated | CVE-2018-18626 MISC |
pippo -- pippo | An issue was discovered in Pippo 1.11.0. The function SerializationSessionDataTranscoder.decode() calls ObjectInputStream.readObject() to deserialize a SessionData object without checking the object types. An attacker can create a malicious object, base64 encode it, and place it in the PIPPO_SESSION field of a cookie. Sending this cookie may lead to remote code execution. | 2018-10-23 | not yet calculated | CVE-2018-18628 MISC |
pippo -- pippo | parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java. | 2018-10-23 | not yet calculated | CVE-2017-18349 MISC MISC MISC |
polycomm -- vvx_500_and_601_devices | The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business. | 2018-10-24 | not yet calculated | CVE-2018-18566 BUGTRAQ MISC |
polycomm -- vvx_500_and_601_devices | Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business. | 2018-10-24 | not yet calculated | CVE-2018-18568 BUGTRAQ MISC |
prayer -- prayer | Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting. | 2018-10-25 | not yet calculated | CVE-2018-18655 MISC |
purevpn -- purevpn_for_windows | The PureVPN client before 6.1.0 for Windows stores Login Credentials (username and password) in cleartext. The location of such files is %PROGRAMDATA%\purevpn\config\login.conf. Additionally, all local users can read this file. | 2018-10-26 | not yet calculated | CVE-2018-18656 MISC |
qemu -- qemu | Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value. | 2018-10-19 | not yet calculated | CVE-2018-18438 MLIST MLIST MLIST |
qualcomm -- snapdragon | While processing the sensors registry configuration file, if inputs are not validated a buffer overflow will occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MMDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDA660, SDX20. | 2018-10-23 | not yet calculated | CVE-2017-18303 SECTRACK CONFIRM CONFIRM |
qualcomm -- snapdragon | When FW tries to get random mac address generated from new SW RNG and ADC values read are constant then DUT get struck in loop while trying to get random ADC samples in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52 | 2018-10-26 | not yet calculated | CVE-2018-11828 CONFIRM |
qualcomm -- snapdragon | A stack-based buffer overflow can occur in a firmware routine in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, SDA660 | 2018-10-26 | not yet calculated | CVE-2018-11824 CONFIRM |
qualcomm -- snapdragon | Access control on applications is not applied while accessing SafeSwitch services can lead to improper access in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20. | 2018-10-23 | not yet calculated | CVE-2017-18296 SECTRACK CONFIRM CONFIRM |
qualcomm -- snapdragon | Possible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016 | 2018-10-26 | not yet calculated | CVE-2018-11821 CONFIRM |
qualcomm -- snapdragon | While accessing SafeSwitch services, third party can manipulate a given device and perform unauthorized operation due to lack of checking of same state transitions in Snapdragon Automobile, Snapdragon Mobile in version MSM8996AU, SD 410/12, SD 617, SD 650/52, SD 810, SD 820, SD 820A | 2018-10-23 | not yet calculated | CVE-2017-18312 CONFIRM CONFIRM |
qualcomm -- snapdragon | Lack of check on out of range of bssid parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9886, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016 | 2018-10-26 | not yet calculated | CVE-2018-11849 CONFIRM |
qualcomm -- snapdragon | XPU Master privilege escalation is possible due to improper access control of unused configuration xPU ports where unused configuration ports are open in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016. | 2018-10-26 | not yet calculated | CVE-2017-18311 CONFIRM |
qualcomm -- snapdragon | The use of a non-time-constant memory comparison operation can lead to timing/side channel attacks in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 845, SD 850 | 2018-10-26 | not yet calculated | CVE-2018-11846 CONFIRM |
qualcomm -- snapdragon | Lack of check on out of range for channels When processing channel list set command will lead to buffer flow in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016 | 2018-10-26 | not yet calculated | CVE-2018-11853 CONFIRM |
qualcomm -- snapdragon | Improper access control in core module lead XBL_LOADER performs the ZI region clear for QTEE instead of XBL_SEC in Snapdragon Mobile in version SD 845, SD 850. | 2018-10-26 | not yet calculated | CVE-2018-11951 CONFIRM |
qualcomm -- snapdragon | Unapproved TrustZone applications can be loaded and executed in Snapdragon Mobile in version SD 845, SD 850 | 2018-10-26 | not yet calculated | CVE-2018-11950 CONFIRM |
qualcomm -- snapdragon | Lack of check of valid length of input parameter may cause buffer overwrite in WLAN in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660 | 2018-10-26 | not yet calculated | CVE-2018-11854 CONFIRM |
qualcomm -- snapdragon | Insufficient memory allocation in boot due to incorrect size being passed could result in out of bounds access in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660 and SDX20 | 2018-10-23 | not yet calculated | CVE-2017-18304 SECTRACK CONFIRM CONFIRM |
qualcomm -- snapdragon | Under certain mode of operations, HLOS may be able get direct or indirect access through DXE channels to tamper with the authenticated WCNSS firmware stored in DDR because DXE-accessible memory is located within the authenticated image in Snapdragon Mobile and Snapdragon Wear in version MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 617. | 2018-10-23 | not yet calculated | CVE-2017-18313 CONFIRM CONFIRM |
qualcomm -- snapdragon | Secure display content could be accessed by third party trusted application after creating a fault in other trusted applications in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SDA660. | 2018-10-23 | not yet calculated | CVE-2017-18300 SECTRACK CONFIRM CONFIRM |
qualcomm -- snapdragon | A micro-core of QMP transportation may cause a macro-core to read from or write to arbitrary memory in Snapdragon Mobile in version SD 845, SD 850. | 2018-10-26 | not yet calculated | CVE-2017-18309 CONFIRM |
qualcomm -- snapdragon | Lack of Input Validation in SDMX API can lead to NULL pointer access in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660 . | 2018-10-23 | not yet calculated | CVE-2017-18298 SECTRACK CONFIRM CONFIRM |
qualcomm -- snapdragon | Improper translation table consolidation logic leads to resource exhaustion and QSEE error in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660 | 2018-10-23 | not yet calculated | CVE-2017-18299 SECTRACK CONFIRM CONFIRM |
qualcomm -- snapdragon | ClientEnv exposes services 0-32 to HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016 | 2018-10-26 | not yet calculated | CVE-2017-18310 CONFIRM |
qualcomm -- snapdragon | Double memory free while closing TEE SE API Session management in Snapdragon Mobile in version SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820. | 2018-10-23 | not yet calculated | CVE-2017-18297 SECTRACK CONFIRM CONFIRM |
qualcomm -- snapdragon | Modem segments are unlocked after authentication, leaving modem segments open to all in Snapdragon Mobile, Snapdragon Wear in version MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430 | 2018-10-26 | not yet calculated | CVE-2017-18308 CONFIRM |
qualcomm -- snapdragon | There is improper access control of the SSC and GPU mapped regions which lead to inject code from HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660. | 2018-10-26 | not yet calculated | CVE-2018-3588 CONFIRM |
qualcomm -- snapdragon | Improper input validation in TZ led to array out of bound in TZ function while accessing the peripheral details using the incoming data in Snapdragon Mobile, Snapdragon Wear version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660. | 2018-10-26 | not yet calculated | CVE-2018-5914 CONFIRM |
qualcomm -- snapdragon | XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835. | 2018-10-23 | not yet calculated | CVE-2017-18305 SECTRACK CONFIRM CONFIRM |
qualcomm -- snapdragon | While processing logs, data is copied into a buffer pointed to by an untrusted pointer in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660. | 2018-10-26 | not yet calculated | CVE-2018-5866 CONFIRM |
qualcomm -- snapdragon | A possible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660 | 2018-10-26 | not yet calculated | CVE-2018-11822 CONFIRM |
qualcomm -- snapdragon | While reading file class type from ELF header, a buffer overread may happen if the ELF file size is less than the size of ELF64 header size in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20. | 2018-10-23 | not yet calculated | CVE-2017-18294 SECTRACK CONFIRM CONFIRM |
qualcomm -- snapdragon | During secure boot, addition is performed on uint8 ptrs which led to overflow issue in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20 | 2018-10-26 | not yet calculated | CVE-2017-18124 CONFIRM |
qualcomm -- snapdragon | Improper input validation for GATT data packet received in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016. | 2018-10-23 | not yet calculated | CVE-2017-18171 CONFIRM CONFIRM |
qualcomm -- snapdragon | Possible memory corruption when Read Val Blob Req is received with invalid parameters in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 625, SD 835, SD 845, SD 850, SDA660. | 2018-10-23 | not yet calculated | CVE-2017-18283 SECTRACK CONFIRM CONFIRM |
qualcomm -- snapdragon | Improper input validation in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016. | 2018-10-23 | not yet calculated | CVE-2017-18170 CONFIRM CONFIRM |
qualcomm -- snapdragon | When dynamic memory allocation fails, currently the process sleeps for one second and continues with infinite loop without retrying for memory allocation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCN5502, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835. | 2018-10-23 | not yet calculated | CVE-2017-18277 CONFIRM CONFIRM |
qualcomm -- snapdragon | Secure app running in non secure space can restart TZ by calling Widevine app API repeatedly in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A. | 2018-10-23 | not yet calculated | CVE-2017-18292 SECTRACK CONFIRM CONFIRM |
qualcomm -- snapdragon | Possible buffer overflow if input is not null terminated in DSP Service module in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDX20. | 2018-10-23 | not yet calculated | CVE-2017-18295 SECTRACK CONFIRM CONFIRM |
qualcomm -- snapdragon | Lack of check on remaining length parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 625, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20 | 2018-10-26 | not yet calculated | CVE-2018-11850 CONFIRM |
qualcomm -- snapdragon | When a series of FDAL messages are sent to the modem, a Use After Free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20. | 2018-10-26 | not yet calculated | CVE-2018-11305 CONFIRM |
qualcomm -- snapdragon | When a particular GPIO is protected by blocking access to the corresponding GPIO resource registers, the protection can be bypassed using the corresponding banked GPIO registers instead in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660. | 2018-10-23 | not yet calculated | CVE-2017-18293 SECTRACK CONFIRM CONFIRM |
qualcomm -- snapdragon | Non-secure SW can cause SDCC to generate secure bus accesses, which may expose RPM access in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660. | 2018-10-23 | not yet calculated | CVE-2017-18282 SECTRACK CONFIRM CONFIRM |
qualcomm -- snapdragon | In a device, with screen size 1440x2560, the check of contiguous buffer will overflow on certain buffer size resulting in an Integer Overflow or Wraparound in System UI in Snapdragon Automobile, Snapdragon Mobile in version MDM9635M, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016. | 2018-10-23 | not yet calculated | CVE-2017-18172 CONFIRM CONFIRM |
ruletkaio-- ruletkaio | A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. The developer wrote a random() function that uses a block timestamp and block hash from the Ethereum blockchain. This can be predicted by writing the same random function code in an exploit contract to determine the deadSeat value. | 2018-10-23 | not yet calculated | CVE-2018-17968 MISC |
saltstack -- salt | SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi). | 2018-10-24 | not yet calculated | CVE-2018-15751 CONFIRM CONFIRM MLIST MLIST |
saltstack -- salt | Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server. | 2018-10-24 | not yet calculated | CVE-2018-15750 CONFIRM CONFIRM MLIST MLIST |
serverscheck -- monitoring_software | ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service (menu functionality loss) by creating an LNK file that points to a second LNK file, if this second LNK file is associated with a Start menu. Ultimately, this behavior comes from a Directory Traversal bug (via the sensor_details.html id parameter) that allows creating empty files in arbitrary directories. | 2018-10-24 | not yet calculated | CVE-2018-18552 MISC MISC |
serverscheck -- monitoring_software | ServersCheck Monitoring Software before 14.3.4 allows SQL Injection by an authenticated user. | 2018-10-21 | not yet calculated | CVE-2018-18550 MISC |
serverscheck -- monitoring_software | ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, group_delete.html group parameter, report_save.html query parameter, sensors.html location parameter, or group_delete.html group parameter. | 2018-10-24 | not yet calculated | CVE-2018-18551 MISC MISC |
siacs/conversations -- siacs/conversations | An issue was discovered in Daniel Gultsch Conversations 2.3.4. It is possible to spoof a custom message to an existing opened conversation by sending an intent. | 2018-10-23 | not yet calculated | CVE-2018-18467 CONFIRM |
sophos -- hitmanpro.alert | An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to write data under controlled by an attacker address, resulting in memory corruption. An attacker can send IRP request to trigger this vulnerability. | 2018-10-25 | not yet calculated | CVE-2018-3971 MISC |
sophos -- hitmanpro.alert | An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability. | 2018-10-25 | not yet calculated | CVE-2018-3970 MISC |
splunk -- enterprise | Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and insert Trojan horse programs into $SPLUNK_HOME/bin, because the non-root setup instructions state that chown should be run across all of $SPLUNK_HOME to give non-root access. | 2018-10-19 | not yet calculated | CVE-2017-18348 BID MISC MISC |
splunk -- enterprise_and _light | Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2018-10-23 | not yet calculated | CVE-2018-7427 CONFIRM |
splunk -- enterprise_and _light | Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, and 6.4.x before 6.4.8; and Splunk Light before 6.5.0 allow remote attackers to cause a denial of service via a malformed HTTP request. | 2018-10-23 | not yet calculated | CVE-2018-7429 CONFIRM |
splunk -- enterprise_and _light | Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allow remote attackers to cause a denial of service via a crafted HTTP request. | 2018-10-23 | not yet calculated | CVE-2018-7432 CONFIRM |
splunk -- enterprise_and _light | Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote authenticated users to read arbitrary files via unspecified vectors. | 2018-10-23 | not yet calculated | CVE-2018-7431 CONFIRM |
stalker_software-- communigate_pro | CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto! Mail Composer, which is mishandled in /MIME/INBOX-MM-1/ if the raw email link (in .txt format) is modified and then renamed with a .html or .wssp extension. | 2018-10-24 | not yet calculated | CVE-2018-18621 MISC MISC |
stegdetect -- stegdetect | Stegdetect through 2018-05-26 has an out-of-bounds write in f5_compress in the f5.c file. | 2018-10-23 | not yet calculated | CVE-2018-18599 MISC |
sv3c -- l-series_hd_cameras | An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including camera hardware, wireless network, and local area network information. | 2018-10-19 | not yet calculated | CVE-2018-12673 MISC |
sv3c -- l-series_hd_cameras | The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) is affected by an improper authentication vulnerability that allows requests to be made to back-end CGI scripts without a valid session. This vulnerability could be used to read and modify the configuration. The vulnerability affects all versions. | 2018-10-19 | not yet calculated | CVE-2018-12667 MISC |
sv3c -- l-series_hd_cameras | The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) stores the username and password within the cookies of a session. If an attacker gained access to these session cookies, it would be possible to gain access to the username and password of the logged-in account. | 2018-10-19 | not yet calculated | CVE-2018-12674 MISC |
sv3c -- l-series_hd_cameras | The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) does not perform origin checks on URLs that the camera's web interface redirects a user to. This can be leveraged to send a user to an unexpected endpoint. | 2018-10-19 | not yet calculated | CVE-2018-12675 MISC |
sv3c -- l-series_hd_cameras | SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow OS Command Injection. | 2018-10-19 | not yet calculated | CVE-2018-12670 MISC |
sv3c -- l-series_hd_cameras | An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including all password sets set within the camera. This information can then be used to gain access to the web interface. | 2018-10-19 | not yet calculated | CVE-2018-12671 MISC |
sv3c -- l-series_hd_cameras | The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) does not perform proper validation on user-supplied input and is vulnerable to cross-site scripting attacks. If proper authorization was implemented, this vulnerability could be leveraged to perform actions on behalf of another user or the administrator. | 2018-10-19 | not yet calculated | CVE-2018-12672 MISC |
sv3c -- l-series_hd_cameras | SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow remote authenticated users to reset arbitrary accounts via a request to web/cgi-bin/hi3510/param.cgi. | 2018-10-19 | not yet calculated | CVE-2018-12669 MISC |
sv3c -- l-series_hd_cameras | SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices have a Hard-coded Password. | 2018-10-19 | not yet calculated | CVE-2018-12668 MISC |
sv3c -- l-series_hd_cameras | SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices improperly identifies users only by the authentication level sent in the cookies, which allow remote attackers to bypass authentication and gain administrator access by setting the authLevel cookie to 255. | 2018-10-19 | not yet calculated | CVE-2018-12666 MISC |
symantec -- web_isolation | Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker can target end users protected by WI with social engineering attacks using crafted URLs for legitimate web sites. A successful attack allows injecting malicious JavaScript code into the website's rendered copy running inside the end user's web browser. It does not allow injecting code into the real (isolated) copy of the website running on the WI Threat Isolation Engine. | 2018-10-22 | not yet calculated | CVE-2018-12246 BID CONFIRM |
systemd -- systemd | A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239. | 2018-10-26 | not yet calculated | CVE-2018-15686 MISC |
systemd -- systemd | A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239. | 2018-10-26 | not yet calculated | CVE-2018-15687 MISC |
systemd -- systemd | A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239. | 2018-10-26 | not yet calculated | CVE-2018-15688 MISC |
teakki -- teakki | TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL. | 2018-10-20 | not yet calculated | CVE-2018-18540 MISC |
teeworlds -- teeworlds | In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets. | 2018-10-20 | not yet calculated | CVE-2018-18541 MISC MISC MISC |
telecrane -- f25_series_radio_controls | All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state. | 2018-10-24 | not yet calculated | CVE-2018-17935 BID MISC |
telligent -- community | Telligent Community 6.x, 7.x, 8.x, 9.x, and 10.x up to 10.1.10.11792 has XSS via the Feed RSS widget. | 2018-10-23 | not yet calculated | CVE-2018-16235 CONFIRM |
thinkphp -- thinkphp | ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI. | 2018-10-19 | not yet calculated | CVE-2018-18530 MISC |
thinkphp -- thinkphp | ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI. | 2018-10-19 | not yet calculated | CVE-2018-18529 MISC |
thinkphp-- thinkphp | ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable. | 2018-10-20 | not yet calculated | CVE-2018-18546 MISC MISC |
tp-link -- tl-sc3130_devices | TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream access, as demonstrated by a /jpg/image.jpg URI. | 2018-10-19 | not yet calculated | CVE-2018-18428 MISC EXPLOIT-DB MISC |
transportes_intermodais_do_porto -- anda_application | The server API in the Anda app relies on hardcoded credentials. | 2018-10-24 | not yet calculated | CVE-2018-13342 MISC |
trend_micro -- antivirus_for_mac | A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F6A offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2018-10-23 | not yet calculated | CVE-2018-18328 CONFIRM CONFIRM MISC |
trend_micro -- antivirus_for_mac | A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F4E offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2018-10-23 | not yet calculated | CVE-2018-18329 CONFIRM CONFIRM MISC |
trend_micro -- antivirus_for_mac | A ctl_set KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2018-10-23 | not yet calculated | CVE-2018-15367 CONFIRM CONFIRM MISC |
trend_micro -- antivirus_for_mac | A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6eDC offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2018-10-23 | not yet calculated | CVE-2018-18327 CONFIRM CONFIRM MISC |
trend_micro -- antivirus_for_mac | A UrlfWTPPagePtr KERedirect Use-After-Free Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2018-10-23 | not yet calculated | CVE-2018-15366 CONFIRM CONFIRM MISC |
veritas -- netbackup_appliance | A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input. | 2018-10-25 | not yet calculated | CVE-2018-18652 BID CONFIRM |
vestacp -- vestacp | Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filename to the list/directory/ URI. | 2018-10-24 | not yet calculated | CVE-2018-18547 MISC |
waimai -- super_cms | An issue was discovered in Waimai Super Cms 20150505. There is XSS via the index.php?m=public&a=doregister username parameter. | 2018-10-23 | not yet calculated | CVE-2018-18622 MISC |
wifiranger -- devices | An incorrect access control vulnerability in the FTP configuration of WiFiRanger devices with firmware version 7.0.8rc3 and earlier allows an attacker with adjacent network access to read the SSH Private Key and log in to the root account. | 2018-10-23 | not yet calculated | CVE-2018-17873 MISC |
x.org -- x_server | A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges. | 2018-10-25 | not yet calculated | CVE-2018-14665 SECTRACK CONFIRM CONFIRM MLIST DEBIAN |
xfce -- thunar | Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses this input method. | 2018-10-19 | not yet calculated | CVE-2018-18398 MISC |
xpdf -- xpdf | An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory. | 2018-10-25 | not yet calculated | CVE-2018-18650 MISC |
xpdf -- xpdf | An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file. | 2018-10-25 | not yet calculated | CVE-2018-18651 MISC |
zenario -- zenario | Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI. | 2018-10-19 | not yet calculated | CVE-2018-18420 MISC |
zoho -- manageengine_opmanager | Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload. | 2018-10-23 | not yet calculated | CVE-2018-18475 MISC FULLDISC |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System https://ift.tt/2zcTfmc