SB18-316: Vulnerability Summary for the Week of November 5, 2018
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no high vulnerabilities recorded this week. |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no medium vulnerabilities recorded this week. |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no low vulnerabilities recorded this week. |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache -- hive | In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use. | 2018-11-08 | not yet calculated | CVE-2018-11777 MISC |
apache -- hive | In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics. | 2018-11-08 | not yet calculated | CVE-2018-1314 MISC |
apache -- syncope | An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution. | 2018-11-06 | not yet calculated | CVE-2018-17186 MISC |
apache-- superset | Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation. | 2018-11-07 | not yet calculated | CVE-2018-8021 MISC |
atlassian -- sourcetree_for_macos | There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. | 2018-11-05 | not yet calculated | CVE-2018-13396 CONFIRM |
atlassian -- sourcetree_for_windows | There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. | 2018-11-05 | not yet calculated | CVE-2018-13397 CONFIRM |
axtls -- axtls | In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification blindly trusts the declared lengths in the ASN.1 structure. Consequently, when small public exponents are being used, a remote attacker can generate purposefully crafted signatures (and put them on X.509 certificates) to induce illegal memory access and crash the verifier. | 2018-11-07 | not yet calculated | CVE-2018-16149 CONFIRM MLIST |
axtls -- axtls | In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not reject excess data after the hash value. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation through fake X.509 certificates. This is a variant of CVE-2006-4340. | 2018-11-07 | not yet calculated | CVE-2018-16150 CONFIRM MLIST |
axtls -- axtls | In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not properly verify the ASN.1 metadata. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation through fake X.509 certificates. This is an even more permissive variant of CVE-2006-4790 and CVE-2014-1568. | 2018-11-07 | not yet calculated | CVE-2018-16253 CONFIRM MLIST |
bagesoft/bagecms -- bagesoft/bagecms | In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges. | 2018-11-08 | not yet calculated | CVE-2018-19104 MISC |
basercms -- basercms | An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the data[UploaderCategory][name] parameter to an admin/uploader/uploader_categories/edit URI. | 2018-11-05 | not yet calculated | CVE-2018-18943 MISC MISC |
basercms -- basercms | In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter. | 2018-11-05 | not yet calculated | CVE-2018-18942 MISC MISC MISC |
brocade_communication_systems -- fabric | A Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access. | 2018-11-08 | not yet calculated | CVE-2018-6437 CONFIRM |
brocade_communication_systems -- fabric | A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access. | 2018-11-08 | not yet calculated | CVE-2018-6436 CONFIRM |
brocade_communication_systems -- fabric | A Vulnerability in the supportsave command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access. | 2018-11-08 | not yet calculated | CVE-2018-6438 CONFIRM |
brocade_communication_systems -- fabric | A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote authenticated attackers to execute arbitrary commands. | 2018-11-08 | not yet calculated | CVE-2018-6442 CONFIRM |
brocade_communication_systems -- fabric | A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass the restricted configuration shell. | 2018-11-08 | not yet calculated | CVE-2018-6441 CONFIRM |
brocade_communication_systems -- fabric | A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, and gain root access. | 2018-11-08 | not yet calculated | CVE-2018-6435 CONFIRM |
brocade_communication_systems -- fabric | A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to bypass the export file access restrictions and initiate a file copy from the source to a remote system. | 2018-11-08 | not yet calculated | CVE-2018-6433 CONFIRM |
brocade_communication_systems -- fabric | A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to intercept or manipulate a user's session ID. | 2018-11-08 | not yet calculated | CVE-2018-6434 CONFIRM |
circontrol -- circarlife | Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page. | 2018-11-02 | not yet calculated | CVE-2018-17918 BID MISC |
circontrol -- circarlife | Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication. | 2018-11-02 | not yet calculated | CVE-2018-17922 BID MISC |
cisco -- content_security_management_appliance | A vulnerability in the web-based management interface of Cisco Content Security Management Appliance (SMA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2018-11-08 | not yet calculated | CVE-2018-15393 BID CISCO |
cisco -- energy_management_suite_software | A vulnerability in the web-based management interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. | 2018-11-08 | not yet calculated | CVE-2018-15445 BID CISCO MISC |
cisco -- energy_management_suite_software | A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by convincing a user of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files within the affected application. | 2018-11-08 | not yet calculated | CVE-2018-15444 BID CISCO MISC |
cisco -- firepower_system_software | A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured Intrusion Prevention System (IPS) rule that inspects certain types of TCP traffic. The vulnerability is due to incorrect TCP retransmission handling. An attacker could exploit this vulnerability by sending a crafted TCP connection request through an affected device. A successful exploit could allow the attacker to bypass configured IPS rules and allow uninspected traffic onto the network. | 2018-11-08 | not yet calculated | CVE-2018-15443 BID CISCO |
cisco -- immunet_and_advanced_malware_protection_for_endpoints | A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system without being analyzed for threats. The vulnerability is due to improper process resource handling. An attacker could exploit this vulnerability by gaining local access to a system running Microsoft Windows and protected by Cisco Immunet or Cisco AMP for Endpoints and executing a malicious file. A successful exploit could allow the attacker to prevent the scanning services from functioning properly and ultimately prevent the system from being protected from further intrusion. | 2018-11-08 | not yet calculated | CVE-2018-15437 BID CISCO |
cisco -- integrated_management_controller_supervisor | A vulnerability in the web framework code of Cisco Integrated Management Controller (IMC) Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application. | 2018-11-08 | not yet calculated | CVE-2018-15447 BID CISCO |
cisco -- meeting_server | A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper protections on data that is returned from user meeting requests when the Guest access via ID and passcode option is set to Legacy mode. An attacker could exploit this vulnerability by sending meeting requests to an affected system. A successful exploit could allow the attacker to determine the values of meeting room unique identifiers, possibly allowing the attacker to conduct further exploits. | 2018-11-08 | not yet calculated | CVE-2018-15446 BID CISCO |
cisco -- meraki_product_lines | A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the attacker to establish an interactive session to the device with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device that is being exploited. | 2018-11-08 | not yet calculated | CVE-2018-0284 CISCO |
cisco -- prime_collaboration_assurance | A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a specific UI input field to provide a custom path location. A successful exploit could allow the attacker to overwrite files on the file system. | 2018-11-08 | not yet calculated | CVE-2018-15450 BID CISCO |
cisco -- prime_service_catalog | A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. | 2018-11-08 | not yet calculated | CVE-2018-15451 BID CISCO |
cisco -- registered_envelope_service | A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to an insecure configuration that allows improper indexing. An attacker could exploit this vulnerability by using a search engine to look for specific data strings. A successful exploit could allow the attacker to discover certain sensitive information about the application, including usernames. | 2018-11-08 | not yet calculated | CVE-2018-15448 BID CISCO |
cisco -- small_business_switches | A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system. An attacker could exploit this vulnerability by using this account to log in to an affected device and execute commands with full admin rights. Cisco has not released software updates that address this vulnerability. This advisory will be updated with fixed software information once fixed software becomes available. There is a workaround to address this vulnerability. | 2018-11-08 | not yet calculated | CVE-2018-15439 CISCO |
cisco -- stealthwatch_management_console | A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. The vulnerability is due to an insecure system configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to gain unauthenticated access, resulting in elevated privileges in the SMC. | 2018-11-08 | not yet calculated | CVE-2018-15394 BID CISCO |
cisco -- unity_express | A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to the listening Java Remote Method Invocation (RMI) service. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges. | 2018-11-08 | not yet calculated | CVE-2018-15381 CISCO |
cisco -- video_surveillance_media_server | A vulnerability in the web-based management interface of Cisco Video Surveillance Media Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to cause the web-based management interface to become unreachable, resulting in a DoS condition. | 2018-11-08 | not yet calculated | CVE-2018-15449 BID CISCO |
clippercms -- clippercms | ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an attacker to perform actions for an admin (or any user with the file upload capability). With this vulnerability, one can automatically upload files (by default, it allows html, pdf, xml, zip, and many other file types). A file can be accessed publicly under the "/assets/files" directory. | 2018-11-10 | not yet calculated | CVE-2018-19135 MISC |
cloud_foundry -- bits-service_release | Cloud Foundry Bits-Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the Bits Service storage. | 2018-11-09 | not yet calculated | CVE-2018-15796 CONFIRM |
dedecms -- dedecms | DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter. | 2018-11-07 | not yet calculated | CVE-2018-19061 MISC MISC |
degrau_publicidade_e_internet_plataforma_de_e-commerce -- busca.aspx.cs | Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de E-commerce allows SQL Injection via the busca/ URI. | 2018-11-06 | not yet calculated | CVE-2018-18963 MISC |
domainmod -- domainmod | DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter. | 2018-11-09 | not yet calculated | CVE-2018-19136 MISC |
domainmod -- domainmod | DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ipid parameter. | 2018-11-09 | not yet calculated | CVE-2018-19137 MISC |
exiv2 -- exiv2 | In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file. | 2018-11-08 | not yet calculated | CVE-2018-19108 MISC MISC |
exiv2 -- exiv2 | In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file. | 2018-11-08 | not yet calculated | CVE-2018-19107 MISC MISC |
flarum -- flarum_core | In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address. | 2018-11-09 | not yet calculated | CVE-2018-19133 MISC |
foscam -- c2_and_opticam_i5_devices | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The exported device configuration is encrypted with the hardcoded Pxift* password in some cases. | 2018-11-07 | not yet calculated | CVE-2018-19066 MISC |
foscam -- c2_and_opticam_i5_devices | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow remote attackers to execute arbitrary OS commands via shell metacharacters in the usrName parameter of a CGIProxy.fcgi addAccount action. | 2018-11-07 | not yet calculated | CVE-2018-19070 MISC |
foscam -- c2_and_opticam_i5_devices | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/boot.sh has 0777 permissions, allowing local users to control the commands executed at system start-up. | 2018-11-07 | not yet calculated | CVE-2018-19071 MISC |
foscam -- c2_and_opticam_i5_devices | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The exported device configuration is encrypted with the hardcoded BpP+2R9*Q password in some cases. | 2018-11-07 | not yet calculated | CVE-2018-19065 MISC |
foscam -- c2_and_opticam_i5_devices | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for the root user with a password of toor. | 2018-11-07 | not yet calculated | CVE-2018-19069 MISC |
foscam -- c2_and_opticam_i5_devices | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The admin account has a blank password. | 2018-11-07 | not yet calculated | CVE-2018-19063 MISC |
foscam -- c2_and_opticam_i5_devices | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The firewall has no effect except for blocking port 443 and partially blocking port 88. | 2018-11-07 | not yet calculated | CVE-2018-19074 MISC |
foscam -- c2_and_opticam_i5_devices | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. There is a hardcoded Ak47@99 password for the factory~ account. | 2018-11-07 | not yet calculated | CVE-2018-19067 MISC |
foscam -- c2_and_opticam_i5_devices | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/app has 0777 permissions, allowing local users to replace an archive file (within that directory) to control what is extracted to RAM at boot time. | 2018-11-07 | not yet calculated | CVE-2018-19072 MISC |
foscam -- c2_and_opticam_i5_devices | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The FTP and RTSP services make it easier for attackers to conduct brute-force authentication attacks, because failed-authentication limits apply only to HTTP (not FTP or RTSP). | 2018-11-07 | not yet calculated | CVE-2018-19076 MISC |
foscam -- c2_and_opticam_i5_devices | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ftpuser1 account has a blank password, which cannot be changed. | 2018-11-07 | not yet calculated | CVE-2018-19064 MISC |
foscam -- c2_and_opticam_i5_devices | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The firewall feature makes it easier for remote attackers to ascertain credentials and firewall rules because invalid credentials lead to error -2, whereas rule-based blocking leads to error -8. | 2018-11-07 | not yet calculated | CVE-2018-19075 MISC |
foscam -- c2_and_opticam_i5_devices | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow attackers to execute arbitrary OS commands via shell metacharacters in the modelName, by leveraging /mnt/mtd/app/config/ProductConfig.xml write access. | 2018-11-07 | not yet calculated | CVE-2018-19073 MISC |
foscam -- opticam_i5_devices | An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to conduct stack-based buffer overflow attacks via the IPv4Address field. | 2018-11-07 | not yet calculated | CVE-2018-19082 MISC |
foscam -- opticam_i5_devices | An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetHostname method allows unauthenticated persistent XSS. | 2018-11-07 | not yet calculated | CVE-2018-19080 MISC |
foscam -- opticam_i5_devices | An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for hidden factory credentials. | 2018-11-07 | not yet calculated | CVE-2018-19068 MISC |
foscam -- opticam_i5_devices | An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The response to an ONVIF media GetStreamUri request contains the administrator username and password. | 2018-11-07 | not yet calculated | CVE-2018-19078 MISC |
foscam -- opticam_i5_devices | An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SystemReboot method allows unauthenticated reboot. | 2018-11-07 | not yet calculated | CVE-2018-19079 MISC |
foscam -- opticam_i5_devices | An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to execute arbitrary OS commands via the IPv4Address field. | 2018-11-07 | not yet calculated | CVE-2018-19081 MISC |
foscam -- opticam_i5_devices | An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. RtspServer allows remote attackers to cause a denial of service (daemon hang or restart) via a negative integer in the RTSP Content-Length header. | 2018-11-07 | not yet calculated | CVE-2018-19077 MISC |
foxit_software -- foxit_reader | The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample. | 2018-11-05 | not yet calculated | CVE-2018-18933 MISC MISC |
fruitywifi -- fruitywifi | Shell Metacharacter Injection in www/modules/save.php in FruityWifi (aka PatatasFritas/PatataWifi) through 2.4 allows remote attackers to execute arbitrary code with root privileges via a crafted mod_name parameter in a POST request. NOTE: unlike in CVE-2018-17317, the attacker does not need a valid session. | 2018-11-10 | not yet calculated | CVE-2018-19168 MISC |
gitea -- gitea | Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron. | 2018-11-04 | not yet calculated | CVE-2018-18926 MISC |
gogs -- gogs | Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron. | 2018-11-04 | not yet calculated | CVE-2018-18925 MISC |
google -- android | In the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing restriction. This could lead to a local escalation of privilege, with System privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-110107376. | 2018-11-06 | not yet calculated | CVE-2018-9488 CONFIRM EXPLOIT-DB |
google -- android | In CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-77486542. | 2018-11-06 | not yet calculated | CVE-2018-9427 SECTRACK CONFIRM |
google -- android | In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to local escalation of privilege with no additional privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74250718 References: Upstream kernel. | 2018-11-06 | not yet calculated | CVE-2018-9422 MLIST MLIST CONFIRM |
google -- android | In driver_override_store and driver_override_show of bus.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69129004 References: Upstream kernel. | 2018-11-06 | not yet calculated | CVE-2018-9415 CONFIRM UBUNTU UBUNTU UBUNTU |
google -- android | In driver_override_store of bus.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74128061 References: Upstream kernel. | 2018-11-06 | not yet calculated | CVE-2018-9385 CONFIRM |
google -- android | In processMessagePart of InboundSmsHandler.java, there is a possible remote denial of service due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-72298611. | 2018-11-06 | not yet calculated | CVE-2018-9362 BID CONFIRM |
google -- android | In getstring of ID3.cpp there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78656554. | 2018-11-06 | not yet calculated | CVE-2018-9437 SECTRACK CONFIRM |
google -- android | In BNEP_Write of bnep_api.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74947856. | 2018-11-06 | not yet calculated | CVE-2018-9357 BID CONFIRM |
google -- android | In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel. | 2018-11-06 | not yet calculated | CVE-2018-9363 REDHAT MLIST CONFIRM UBUNTU UBUNTU DEBIAN |
google -- android | In gatts_process_attribute_req of gatt_sc.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-73172115. | 2018-11-06 | not yet calculated | CVE-2018-9358 BID CONFIRM |
google -- android | In readMetadata of Utils.cpp, there is a possible path traversal bug due to a confused deputy. This could lead to local escalation of privilege when mounting a USB device with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80436257. | 2018-11-06 | not yet calculated | CVE-2018-9445 SECTRACK CONFIRM EXPLOIT-DB |
google -- android | In bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74950468. | 2018-11-06 | not yet calculated | CVE-2018-9356 BID CONFIRM |
google -- android | When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine.java broadcasts an intent including detailed wifi network information. This could lead to information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-77286245. | 2018-11-06 | not yet calculated | CVE-2018-9489 SECTRACK MISC |
google -- android | In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74201143. | 2018-11-06 | not yet calculated | CVE-2018-9360 BID CONFIRM |
google -- android | In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79164722. | 2018-11-06 | not yet calculated | CVE-2018-9436 SECTRACK CONFIRM |
google -- android | In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580. | 2018-11-06 | not yet calculated | CVE-2018-9516 MLIST CONFIRM DEBIAN |
google -- android | In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78286118. | 2018-11-06 | not yet calculated | CVE-2018-9454 SECTRACK CONFIRM |
google -- android | When a device connects only over WiFi VPN, the device may not receive security updates due to some incorrect checks. This could lead to a local denial of service of security updates with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1 Android ID: A-78644887. | 2018-11-06 | not yet calculated | CVE-2018-9438 SECTRACK CONFIRM |
google -- android | In computeFocusedWindow of RootWindowContainer.java, and related functions, there is possible interception of keypresses due to focus being on the wrong window. This could lead to local escalation of privilege revealing the user's keypresses while the screen was locked with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-71786287. | 2018-11-06 | not yet calculated | CVE-2018-9458 SECTRACK CONFIRM |
google -- android | In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79541338. | 2018-11-06 | not yet calculated | CVE-2018-9450 SECTRACK CONFIRM |
google -- android | In DynamicRefTable::load of ResourceTypes.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79488511. | 2018-11-06 | not yet calculated | CVE-2018-9451 SECTRACK CONFIRM |
google -- android | In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-79944113. | 2018-11-06 | not yet calculated | CVE-2018-9448 SECTRACK CONFIRM |
google -- android | In avdt_msg_prs_cfg of avdt_msg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78288378. | 2018-11-06 | not yet calculated | CVE-2018-9453 SECTRACK CONFIRM |
google -- android | In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78136677. | 2018-11-06 | not yet calculated | CVE-2018-9455 SECTRACK CONFIRM |
google -- android | In task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69164715 References: Upstream kernel. | 2018-11-06 | not yet calculated | CVE-2018-9465 SECTRACK CONFIRM |
google -- android | In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. This could lead to a remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-66230183. | 2018-11-06 | not yet calculated | CVE-2018-9459 SECTRACK CONFIRM |
google -- android | In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74202041. | 2018-11-06 | not yet calculated | CVE-2018-9361 BID CONFIRM |
google -- android | In ih264d_video_decode of ih264d_api.c there is a possible resource exhaustion due to an infinite loop. This could lead to remote temporary device denial of service (remote hang or reboot) with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android ID: A-63521984. | 2018-11-06 | not yet calculated | CVE-2018-9444 SECTRACK CONFIRM |
google -- android | In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74196706. | 2018-11-06 | not yet calculated | CVE-2018-9359 BID CONFIRM |
google -- android | In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74016921. | 2018-11-06 | not yet calculated | CVE-2018-9355 BID CONFIRM |
google -- android | In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80145946. | 2018-11-06 | not yet calculated | CVE-2018-9446 SECTRACK CONFIRM |
google -- cardboard_application_for_android_and_ios | The Google Cardboard application 1.8 for Android and 1.2 for iOS sends potentially private cleartext information to the Unity 3D Stats web site, as demonstrated by device make, model, and OS. | 2018-11-08 | not yet calculated | CVE-2018-19111 MISC |
hunan_jinyun_network_technology_co -- pbootcms | PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL general_log_file" statement, followed by a SELECT statement containing this PHP code. | 2018-11-07 | not yet calculated | CVE-2018-19053 MISC |
i18n_gem_for_ruby_on_rails -- i18n_gem_for_ruby_on_rails | Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash. | 2018-11-06 | not yet calculated | CVE-2014-10077 MISC MISC MISC |
ibm -- api_connect | IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator. IBM X-Force ID: 148692. | 2018-11-08 | not yet calculated | CVE-2018-1774 XF CONFIRM |
ibm -- campaign | IBM Campaign 9.1.0, 9.1.2, 10.0, and 10.1 could allow an authenticated user with access to the local network to bypass security due to lack of input validation. IBM X-Force ID: 120206. | 2018-11-08 | not yet calculated | CVE-2016-9749 CONFIRM XF |
ibm -- cognos_analytics | IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902. | 2018-11-08 | not yet calculated | CVE-2018-1842 SECTRACK XF CONFIRM |
ibm -- db2_for_linux_and_unix_and_windows | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. IBM X-Force ID: 150511. | 2018-11-08 | not yet calculated | CVE-2018-1834 CONFIRM XF |
ibm -- db2_for_linux_and_unix_and_windows | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148804. | 2018-11-08 | not yet calculated | CVE-2018-1781 CONFIRM XF |
ibm -- db2_for_linux_and_unix_and_windows | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 149640. | 2018-11-08 | not yet calculated | CVE-2018-1802 CONFIRM XF |
ibm -- db2_for_linux_and_unix_and_windows | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local unprivileged user to overwrite files on the system which could cause damage to the database. IBM X-Force ID: 149429. | 2018-11-08 | not yet calculated | CVE-2018-1799 CONFIRM XF |
ibm -- db2_for_linux_and_unix_and_windows | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow a user to bypass FGAC control and gain access to data they shouldn't be able to see. IBM X-Force ID: 151155. | 2018-11-08 | not yet calculated | CVE-2018-1857 CONFIRM XF |
ibm -- db2_for_linux_and_unix_and_windows | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148803. | 2018-11-08 | not yet calculated | CVE-2018-1780 CONFIRM XF |
ibm -- marketing_operations | IBM Marketing Operations 9.1.0, 9.1.2, and 10.1 could allow a remote attacker to obtain sensitive information. An attacker could send a specially-crafted request to cause an error message to be returned containing the full root path. An attacker could use this information to launch further attacks against the affected system. IBM X-Force ID: 121171. | 2018-11-08 | not yet calculated | CVE-2017-1119 CONFIRM XF |
ibm -- maximo_asset_management | IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151330. | 2018-11-09 | not yet calculated | CVE-2018-1872 XF CONFIRM |
ibm -- multiple_products | IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 145609. | 2018-11-06 | not yet calculated | CVE-2018-1694 CONFIRM XF |
ibm -- multiple_products | IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow an authenticated user to obtain sensitive information from an error message that could be used in further attacks against the system. IBM X-Force ID: 143796. | 2018-11-06 | not yet calculated | CVE-2018-1606 CONFIRM XF |
ibm -- spectrum_protect_server | IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873. | 2018-11-02 | not yet calculated | CVE-2018-1788 CONFIRM BID SECTRACK XF |
ibm -- websphere_mq | IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. IBM X-Force ID: 145456. | 2018-11-08 | not yet calculated | CVE-2018-1684 XF CONFIRM |
international_components_for_unicode -- international_components_for_unicode | International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp. | 2018-11-04 | not yet calculated | CVE-2018-18928 MISC MISC MISC |
iobit -- malware_fighter | RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E040 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges. | 2018-11-09 | not yet calculated | CVE-2018-19086 MISC |
iobit -- malware_fighter | RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E048 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges. | 2018-11-09 | not yet calculated | CVE-2018-19085 MISC |
iobit -- malware_fighter | RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E05C with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges. | 2018-11-09 | not yet calculated | CVE-2018-19084 MISC |
iobit -- malware_fighter | RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E044 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges. | 2018-11-09 | not yet calculated | CVE-2018-19087 MISC |
jasper -- jasper | An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c. | 2018-11-09 | not yet calculated | CVE-2018-19139 MISC |
jeecms -- jeecms | JEECMS 9.3 has XSS via an index.do#/content/update?type=update URI. | 2018-11-05 | not yet calculated | CVE-2018-18952 MISC |
jquery -- jquery | Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut <= v1.1Beta | 2018-11-05 | not yet calculated | CVE-2018-9208 MISC |
keepalived -- keepalived | keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information. | 2018-11-08 | not yet calculated | CVE-2018-19045 MISC MISC MISC MISC |
keepalived -- keepalived | keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd. | 2018-11-08 | not yet calculated | CVE-2018-19044 MISC MISC MISC |
keepalived -- keepalived | keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information. | 2018-11-08 | not yet calculated | CVE-2018-19046 MISC MISC |
keepalived -- keepalived | keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap. | 2018-11-08 | not yet calculated | CVE-2018-19115 MISC MISC MISC |
kindeditor -- kindeditor | KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication. | 2018-11-05 | not yet calculated | CVE-2018-18950 MISC |
knightjs -- knightjs | A Path Traversal in Knightjs versions <= 0.0.1 allows an attacker to read content of arbitrary files on a remote server. | 2018-11-06 | not yet calculated | CVE-2018-16475 MISC |
libav -- libav | In Libav 12.3, there is a heap-based buffer over-read in decode_frame in libavcodec/lcldec.c that allows an attacker to cause denial-of-service via a crafted avi file. | 2018-11-09 | not yet calculated | CVE-2018-19128 MISC |
libav -- libav | In Libav 12.3, there is an invalid memory access in vc1_decode_frame in libavcodec/vc1dec.c that allows attackers to cause a denial-of-service via a crafted aac file. | 2018-11-09 | not yet calculated | CVE-2018-19130 MISC |
libav -- libav | In Libav 12.3, a NULL pointer dereference (RIP points to zero) issue in ff_mpa_synth_filter_float in libavcodec/mpegaudiodsp_template.c can cause a segmentation fault (application crash) via a crafted mov file. | 2018-11-09 | not yet calculated | CVE-2018-19129 MISC |
libiec61850 -- libiec61850 | An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in Ethernet_sendPacket in ethernet_bsd.c. | 2018-11-09 | not yet calculated | CVE-2018-19122 MISC MISC |
libiec61850 -- libiec61850 | An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in ClientDataSet_getValues in client/ied_connection.c. | 2018-11-05 | not yet calculated | CVE-2018-18937 MISC MISC |
libiec61850 -- libiec61850 | An issue has been found in libIEC61850 v1.3. It is a SEGV in Ethernet_receivePacket in ethernet_bsd.c. | 2018-11-09 | not yet calculated | CVE-2018-19121 MISC MISC |
libiec61850 -- libiec61850 | An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c. | 2018-11-05 | not yet calculated | CVE-2018-18957 MISC EXPLOIT-DB |
librecad -- librecad | LibreCAD 2.1.3 allows remote attackers to cause a denial of service (0x89C04589 write access violation and application crash) or possibly have unspecified other impact via a crafted file. | 2018-11-08 | not yet calculated | CVE-2018-19105 MISC |
light_code_labs -- caddy | Caddy through 0.11.0 sends incorrect certificates for certain invalid requests, making it easier for attackers to enumerate hostnames. Specifically, when unable to match a Host header with a vhost in its configuration, it serves the X.509 certificate for a randomly selected vhost in its configuration. Repeated requests (with a nonexistent hostname in the Host header) permit full enumeration of all certificates on the server. This generally permits an attacker to easily and accurately discover the existence of and relationships among hostnames that weren't meant to be public, though this information could likely have been discovered via other methods with additional effort. | 2018-11-10 | not yet calculated | CVE-2018-19148 MISC MISC MISC |
lighttpd -- lighttpd | An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character. | 2018-11-07 | not yet calculated | CVE-2018-19052 MISC |
metinfo -- metinfo | MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter. | 2018-11-06 | not yet calculated | CVE-2018-19051 MISC |
metinfo -- metinfo | MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter. | 2018-11-06 | not yet calculated | CVE-2018-19050 MISC |
micro_focus -- operations_bridge | A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure. | 2018-11-07 | not yet calculated | CVE-2018-18590 CONFIRM |
mindoc -- mindoc | An issue was discovered in MinDoc through v1.0.2. It allows attackers to gain privileges by uploading an image file with contents that represent an admin session, and then sending a Cookie: header with a mindoc_id value containing the relative pathname of this uploaded file. For example, the mindoc_id (aka session ID) could be of the form aa/../../uploads/blog/201811/attach_#.jpg where '#' is a hex value displayed in the upload field of a manage/blogs/edit/ screen. | 2018-11-08 | not yet calculated | CVE-2018-19114 MISC |
nginx - nginx | nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. | 2018-11-07 | not yet calculated | CVE-2018-16844 MISC BID SECTRACK CONFIRM UBUNTU DEBIAN |
nginx -- nginx | nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. | 2018-11-07 | not yet calculated | CVE-2018-16845 MISC BID SECTRACK CONFIRM MLIST UBUNTU DEBIAN |
nginx -- nginx | nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. | 2018-11-07 | not yet calculated | CVE-2018-16843 MISC BID SECTRACK CONFIRM UBUNTU DEBIAN |
node.js -- node.js | A path traversal in takeapeek module versions <=0.2.2 allows an attacker to list directory and files. | 2018-11-06 | not yet calculated | CVE-2018-16473 MISC |
node.js -- node.js | A stored xss in tianma-static module versions <=1.0.4 allows an attacker to execute arbitrary javascript. | 2018-11-06 | not yet calculated | CVE-2018-16474 MISC |
node.js -- node.js | A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype chain causing a DoS attack. | 2018-11-06 | not yet calculated | CVE-2018-16472 MISC |
omron -- cx-supervisor | When processing project files in Omron CX-Supervisor versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under the context of the application. | 2018-11-05 | not yet calculated | CVE-2018-17909 BID MISC |
omron -- cx-supervisor | When processing project files in Omron CX-Supervisor versions 3.4.1.0 and prior and tampering with the value of an offset, an attacker can force the application to read a value outside of an array. | 2018-11-05 | not yet calculated | CVE-2018-17907 BID MISC |
omron -- cx-supervisor | A type confusion vulnerability exists when processing project files in Omron CX-Supervisor versions 3.4.1.0 and prior, which may allow an attacker to execute code in the context of the application. | 2018-11-05 | not yet calculated | CVE-2018-17913 BID MISC |
omron -- cx-supervisor | When processing project files in Omron CX-Supervisor versions 3.4.1.0 and prior and tampering with a specific byte, memory corruption may occur within a specific object. | 2018-11-05 | not yet calculated | CVE-2018-17905 BID MISC |
open_information _security _foundation -- suricata | The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service (segfault and daemon crash) via crafted input to the SMTP parser, as exploited in the wild in November 2018. | 2018-11-05 | not yet calculated | CVE-2018-18956 CONFIRM MISC MISC |
oscommerce -- oscommerce | osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several extensions in which contained HTML can be executed, such as the svg extension. | 2018-11-05 | not yet calculated | CVE-2018-18964 MISC |
oscommerce -- oscommerce | osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but Internet Explorer render HTML elements in a .eml file. | 2018-11-05 | not yet calculated | CVE-2018-18966 MISC |
oscommerce -- oscommerce | osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename). | 2018-11-05 | not yet calculated | CVE-2018-18965 MISC |
pandao -- editor.md | pandao Editor.md 1.5.0 has DOM XSS via input starting with a "<<" substring, which is mishandled during construction of an A element. | 2018-11-07 | not yet calculated | CVE-2018-19056 MISC |
pdfforge -- pdf_architect | Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in pdfforge PDF Architect 6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because of a "Data from Faulting Address controls Code Flow" issue. | 2018-11-10 | not yet calculated | CVE-2018-19150 MISC MISC |
pluralsight-- javascript | A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements edits one of the Entities above via Admin Console, the injected JavaScript code is executed. | 2018-11-06 | not yet calculated | CVE-2018-17184 MISC |
popojicms -- popojicmis | An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=component&act=addnew URI, as demonstrated by adding a level=1 account. | 2018-11-05 | not yet calculated | CVE-2018-18935 MISC |
popojicms -- popojicms | An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code (that is extracted and can be executed). This can also be exploited via CSRF. | 2018-11-05 | not yet calculated | CVE-2018-18934 MISC MISC |
popojicms -- popojicms | An issue was discovered in PopojiCMS v2.0.1. admin_library.php allows remote attackers to delete arbitrary files via directory traversal in the po-admin/route.php?mod=library&act=delete id parameter. | 2018-11-05 | not yet calculated | CVE-2018-18936 MISC |
poppler -- poppler | An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path. | 2018-11-07 | not yet calculated | CVE-2018-19060 MISC |
poppler -- poppler | An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts. | 2018-11-07 | not yet calculated | CVE-2018-19059 MISC |
poppler -- poppler | Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. | 2018-11-10 | not yet calculated | CVE-2018-19149 MISC |
poppler -- poppler | An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file. | 2018-11-07 | not yet calculated | CVE-2018-19058 MISC |
powerdns -- recursor | An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail. | 2018-11-09 | not yet calculated | CVE-2018-14644 CONFIRM CONFIRM |
prestashop -- prestashop | PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload. | 2018-11-09 | not yet calculated | CVE-2018-19126 MISC MISC MISC |
prestashop -- prestashop | PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 on Windows allows remote attackers to write to arbitrary image files. | 2018-11-09 | not yet calculated | CVE-2018-19124 MISC MISC MISC |
prestashop -- prestashop | PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to delete an image directory. | 2018-11-09 | not yet calculated | CVE-2018-19125 MISC MISC MISC |
projeqtor -- projeqtor | The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message. | 2018-11-04 | not yet calculated | CVE-2018-18924 MISC EXPLOIT-DB |
publiccms -- publiccms | An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement. | 2018-11-04 | not yet calculated | CVE-2018-18927 MISC |
qemu -- qemu | An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process. | 2018-11-02 | not yet calculated | CVE-2018-16847 BID CONFIRM MISC MLIST |
richfaces -- richfaces | The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData. | 2018-11-06 | not yet calculated | CVE-2018-14667 SECTRACK REDHAT REDHAT REDHAT CONFIRM |
s-cms -- s-cms | An issue was discovered in S-CMS v1.5. There is an XSS vulnerability in search.php via the keyword parameter. | 2018-11-09 | not yet calculated | CVE-2018-19145 MISC |
sauter -- case_suite | An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when processing parameter entities, which may allow remote file disclosure. | 2018-11-02 | not yet calculated | CVE-2018-17912 BID MISC |
sennheiser -- headsetup | Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software distribution, which allows remote attackers to spoof arbitrary web sites or software publishers for several years, even if the HeadSetup product is uninstalled. NOTE: a vulnerability-assessment approach must check all Windows systems for CA certificates with a CN of 127.0.0.1 or SennComRootCA, and determine whether those certificates are unwanted. | 2018-11-09 | not yet calculated | CVE-2018-17612 MISC |
shanghai_shengda_network_development_co -- phpcms | A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cache_template/*.tpl.php file along with a " | 2018-11-09 | not yet calculated | CVE-2018-19127 MISC |
shangtao_information_technology_co -- wstmart | WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI. | 2018-11-09 | not yet calculated | CVE-2018-19138 MISC |
sparksuite -- simplemde | SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with [ and ( characters, which is mishandled during construction of an A element. | 2018-11-07 | not yet calculated | CVE-2018-19057 MISC |
squid -- squid | Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet. | 2018-11-09 | not yet calculated | CVE-2018-19132 MISC MISC MISC |
squid -- squid | Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors. | 2018-11-09 | not yet calculated | CVE-2018-19131 MISC MISC MISC |
telexy -- qpath | An issue was discovered in Telexy QPath 5.4.462. A low privileged authenticated user supplying a specially crafted serialized request to AdanitDataService.svc may modify user information, including but not limited to email address, username, and password, of other user accounts. The simplest attack approach is for the attacker to intercept their own password-change request and modify the username before the request reaches the server. Also, changing a victim's email address can have a similar account-takeover consequence. | 2018-11-08 | not yet calculated | CVE-2018-7718 MISC |
texas_instruments -- multiple_devices | Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices allows remote attackers to execute arbitrary code via a malformed packet that triggers a buffer overflow. | 2018-11-06 | not yet calculated | CVE-2018-16986 CONFIRM BID SECTRACK MISC CISCO CERT-VN |
tianti -- tianti | tianti 2.3 has reflected XSS in the user management module via the tianti-module-admin/user/list userName parameter. | 2018-11-07 | not yet calculated | CVE-2018-19091 MISC |
tianti -- tianti | tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list directly to read the column list page or edit a column. | 2018-11-08 | not yet calculated | CVE-2018-19109 MISC |
tianti -- tianti | The skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/user/skin/list directly because controller\usercontroller.java maps a /skin/list request to the function skinList, and lacks an authorization check. | 2018-11-08 | not yet calculated | CVE-2018-19110 MISC |
tianti -- tianti | tianti 2.3 has stored XSS in the article management module via an article title. | 2018-11-07 | not yet calculated | CVE-2018-19090 MISC |
tianti -- tianti | tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role name parameter, which is mishandled in tianti-module-admin\src\main\webapp\WEB-INF\views\user\user_list.jsp. | 2018-11-07 | not yet calculated | CVE-2018-19089 MISC |
tibco -- active_spaces | The administrative daemon (tibdgadmind) of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: 3.3.0; 3.4.0; 3.5.0, TIBCO ActiveSpaces - Developer Edition: 3.0.0; 3.1.0; 3.3.0; 3.4.0; 3.5.0, and TIBCO ActiveSpaces - Enterprise Edition: 3.0.0; 3.1.0; 3.2.0; 3.3.0; 3.4.0; 3.5.0. | 2018-11-06 | not yet calculated | CVE-2018-12411 BID MISC CONFIRM |
tibco -- enterprise_messaging_service | The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Messaging Service, TIBCO Enterprise Messaging Service - Community Edition, and TIBCO Enterprise Messaging Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Messaging Service: versions up to and including 8.4.0, TIBCO Enterprise Messaging Service - Community Edition: versions up to and including 8.4.0, and TIBCO Enterprise Messaging Service - Developer Edition versions up to and including 8.4.0. | 2018-11-06 | not yet calculated | CVE-2018-12415 BID MISC CONFIRM |
tibco -- ftl | The realm server (tibrealmserver) component of TIBCO Software Inc. TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO FTL - Community Edition: versions up to and including 5.4.0, TIBCO FTL - Developer Edition: versions up to and including 5.4.0, TIBCO FTL - Enterprise Edition: versions up to and including 5.4.0. | 2018-11-06 | not yet calculated | CVE-2018-12412 BID MISC CONFIRM |
tibco -- messaging | The Schema repository server (tibschemad) component of TIBCO Software Inc.'s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition: 1.0.0, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition: 1.0.0. | 2018-11-06 | not yet calculated | CVE-2018-12413 MISC CONFIRM |
tibco -- multiple_products | The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.'s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions up to and including 8.4.5, TIBCO Rendezvous Developer Edition: versions up to and including 8.4.5, TIBCO Rendezvous for z/Linux: versions up to and including 8.4.5, TIBCO Rendezvous for z/OS: versions up to and including 8.4.5, TIBCO Rendezvous Network Server: versions up to and including 1.1.2, and TIBCO Substation ES: versions up to and including 2.12.2. | 2018-11-06 | not yet calculated | CVE-2018-12414 BID MISC CONFIRM |
vanilla -- vanilla | Vanilla 2.6.x before 2.6.4 allows remote code execution. | 2018-11-03 | not yet calculated | CVE-2018-18903 MISC MISC MISC |
wecenter -- wecenter | WeCenter 3.2.0 through 3.2.2 has XSS in the views/default/question/index.tpl.html htmlspecialchars_decode function via the /?/publish/ajax/publish_question/ question_content parameter. | 2018-11-07 | not yet calculated | CVE-2018-19083 MISC |
wordpress -- wordpress | The WP Editor.md plugin 10.0.1 for WordPress allows XSS via the comment area. | 2018-11-04 | not yet calculated | CVE-2018-18919 MISC |
wuzhicms -- wuzhicms | An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field. | 2018-11-05 | not yet calculated | CVE-2018-18938 MISC |
wuzhicms -- wuzhicms | An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field. | 2018-11-05 | not yet calculated | CVE-2018-18939 MISC |
xiph -- icecast | A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution. | 2018-11-05 | not yet calculated | CVE-2018-18820 MLIST SECTRACK GENTOO DEBIAN |
yzmcms -- yzmcms | An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/archives/pubtime/ query string, as demonstrated by the search/index/archives/pubtime/1526387722/page/1.html URI. NOTE: this does not obtain a user's cookie. | 2018-11-07 | not yet calculated | CVE-2018-19092 MISC |
zoho_manageengine -- network_configuration_manager_and_opmanager | An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local files to an arbitrary remote FTP server. | 2018-11-05 | not yet calculated | CVE-2018-18980 MISC MISC |
zoho_manageengine -- opmanager | Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings. | 2018-11-05 | not yet calculated | CVE-2018-18949 MISC |
zyxel -- zywall_usg_devices | ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS. | 2018-11-10 | not yet calculated | CVE-2017-17550 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System https://ift.tt/2FgdJAw