SB18-358: Vulnerability Summary for the Week of December 17, 2018

Original release date: December 24, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no medium vulnerabilities recorded this week.
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
1password -- 1password
 
An issue was discovered in 1Password 7.2.3.BETA before 7.2.3.BETA-3 on macOS. A mistake in error logging resulted in instances where sensitive data passed from Safari to 1Password could be logged locally on the user's machine. This data could include usernames and passwords that a user manually entered into Safari.2018-12-22not yet calculatedCVE-2018-19863
CONFIRM
adrenalin -- hrms_softwareA Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the ShiftEmployeeSearch.aspx prntFrmName or prntDDLCntrlName parameter.2018-12-20not yet calculatedCVE-2018-12651
MISC
advantech -- webaccess/scadaWebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack.2018-12-19not yet calculatedCVE-2018-18999
BID
MISC
MISC
ahead_software -- freeware_advanced_audio_decoder_2An invalid memory address dereference was discovered in the sbrDecodeSingleFramePS function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.2018-12-22not yet calculatedCVE-2018-20359
MISC
ahead_software -- freeware_advanced_audio_decoder_2There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max > G case.2018-12-17not yet calculatedCVE-2018-20197
MISC
ahead_software -- freeware_advanced_audio_decoder_2A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the ONLY_LONG_SEQUENCE case.2018-12-17not yet calculatedCVE-2018-20199
MISC
ahead_software -- freeware_advanced_audio_decoder_2There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max <= G case.2018-12-17not yet calculatedCVE-2018-20194
MISC
ahead_software -- freeware_advanced_audio_decoder_2An invalid memory address dereference was discovered in the sbr_process_channel function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.2018-12-22not yet calculatedCVE-2018-20360
MISC
ahead_software -- freeware_advanced_audio_decoder_2A NULL pointer dereference was discovered in ic_predict of libfaad/ic_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.2018-12-17not yet calculatedCVE-2018-20195
MISC
ahead_software -- freeware_advanced_audio_decoder_2A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash because adding to windowed output is mishandled in the EIGHT_SHORT_SEQUENCE case.2018-12-22not yet calculatedCVE-2018-20362
MISC
ahead_software -- freeware_advanced_audio_decoder_2An invalid memory address dereference was discovered in the hf_assembly function of libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.2018-12-22not yet calculatedCVE-2018-20361
MISC
ahead_software -- freeware_advanced_audio_decoder_2A NULL pointer dereference was discovered in sbr_process_channel of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash.2018-12-22not yet calculatedCVE-2018-20357
MISC
ahead_software -- freeware_advanced_audio_decoder_2An invalid memory address dereference was discovered in the lt_prediction function of libfaad/lt_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.2018-12-22not yet calculatedCVE-2018-20358
MISC
ahead_software -- freeware_advanced_audio_decoder_2A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the LONG_START_SEQUENCE case.2018-12-17not yet calculatedCVE-2018-20198
MISC
ahead_software -- freeware_advanced_audio_decoder_2There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.2018-12-17not yet calculatedCVE-2018-20196
MISC
aio-libs -- aiohttp-sessionaio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value.2018-12-20not yet calculatedCVE-2018-1000814
MISC
MISC
alpine -- linux
 
Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux' package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular file is extracted.. This vulnerability appears to have been fixed in 2.6.10, 2.7.6, and 2.10.1.2018-12-20not yet calculatedCVE-2018-1000849
MISC
MISC
MISC
alzip -- alzip
 
Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execute arbitrary code execution.2018-12-21not yet calculatedCVE-2018-5196
MISC
MISC
antiy -- avl_atoolLocal attackers can trigger a Kernel Pool Buffer Overflow in Antiy AVL ATool v1.0.0.22. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x80002004 by the ssdt.sys kernel driver. The bug is caused by failure to properly validate the length of the user-supplied data. An attacker can leverage this vulnerability to execute arbitrary code in the context of the kernel, which could lead to privilege escalation. A failed exploit could lead to denial of service.2018-12-22not yet calculatedCVE-2018-20331
MISC
anyplace -- anyplace
 
Anyplace version before commit 80359b4 contains a XML External Entity (XXE) vulnerability in Man in the middle on map API call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 80359b4.2018-12-20not yet calculatedCVE-2018-1000829
MISC
MISC
apache -- nifiThe message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. Mitigation: The fix to correctly parse and sanitize the request attribute value was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release.2018-12-19not yet calculatedCVE-2018-17193
CONFIRM
apache -- nifiThe template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle (MiTM) attack, resulting in a CSRF attack. The required attack vector is complex, requiring a scenario with client certificate authentication, same subnet access, and injecting malicious code into an unprotected (plaintext HTTP) website which the targeted user later visits, but the possible damage warranted a Severe severity level. Mitigation: The fix to apply Cross-Origin Resource Sharing (CORS) policy request filtering was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release.2018-12-19not yet calculatedCVE-2018-17195
CONFIRM
apache -- nifiWhen a client request to a cluster node was replicated to other nodes in the cluster for verification, the Content-Length was forwarded. On a DELETE request, the body was ignored, but if the initial request had a Content-Length value other than 0, the receiving nodes would wait for the body and eventually timeout. Mitigation: The fix to check DELETE requests and overwrite non-zero Content-Length header values was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release.2018-12-19not yet calculatedCVE-2018-17194
CONFIRM
apache -- nifi
 
The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. Mitigation: The fix to consistently apply the security headers was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release.2018-12-19not yet calculatedCVE-2018-17192
CONFIRM
apache -- oozie
 
Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 5.0.0 to impersonate other users. The malicious user can construct an XML that results workflows running in other user's name.2018-12-19not yet calculatedCVE-2018-11799
BID
MISC
arm -- arm_trusted_firmwareIn all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information.2018-12-18not yet calculatedCVE-2017-15031
BID
CONFIRM
artica -- integria_imsArtica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.2018-12-18not yet calculatedCVE-2018-19829
MISC
EXPLOIT-DB
artica -- integria_ims
 
Artica Integria IMS 5.0.83 has XSS via the search_string parameter.2018-12-17not yet calculatedCVE-2018-19828
MISC
EXPLOIT-DB
artifex -- ghostscriptIn Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type.2018-12-20not yet calculatedCVE-2018-19134
CONFIRM
BID
REDHAT
CONFIRM
MISC
CONFIRM
asset-pipeline -- asset-pipelineAsset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This attack appear to be exploitable via Specially crafted GET request containing directory traversal from assets-pipeline context. This vulnerability appears to have been fixed in 2.14.1.1 (for Grails 2.x), 2.15.1 (for Grails 3 and Java 7) and 3.0.6 (for Grails 3 and Java 8).2018-12-20not yet calculatedCVE-2018-1000817
MISC
MISC
autopsy -- autopsy
 
autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted CaseMetadata.2018-12-20not yet calculatedCVE-2018-1000838
MISC
MISC
avahi -- avahi
 
Avahi version 0.7 contains a Incorrect Access Control vulnerability in avahi-daemon that can result in Traffic reflection and amplification for DDoS attacks.. This attack appear to be exploitable via unicast IP network packet with spoofed source address.2018-12-20not yet calculatedCVE-2018-1000845
MISC
backdrop -- cms
 
Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Sanitization of custom class names used on blocks and layouts. that can result in Execution of JavaScript from an unexpected source.. This attack appear to be exploitable via A user must be directed to an affected page while logged in.. This vulnerability appears to have been fixed in 1.11.1 and later.2018-12-20not yet calculatedCVE-2018-1000813
MISC
barracuda -- message_archiverBarracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user parameter to the cgi-mod/ldap_load_entry.cgi module. The injection point of the issue is the Add_Update module.2018-12-22not yet calculatedCVE-2018-20369
MISC
bento4 -- bento4
 
An issue was discovered in Bento4 1.5.1-627. AP4_Sample::ReadData in Core/Ap4Sample.cpp allows attackers to trigger an attempted excessive memory allocation, related to AP4_DataBuffer::SetDataSize and AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp.2018-12-17not yet calculatedCVE-2018-20186
MISC
berkeley -- open_infrastructure_for_network_computing_boinc_server_and_website_codeBerkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. This attack appear to be exploitable via Specially crafted URL. This vulnerability appears to have been fixed in 1.0.3.2018-12-20not yet calculatedCVE-2018-1000875
MISC
blackberry -- blackberry_uemA cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator.2018-12-20not yet calculatedCVE-2018-8892
CONFIRM
blackberry -- blackberry_uemMultiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator.2018-12-20not yet calculatedCVE-2018-8891
CONFIRM
blackberry -- blackberry_uem
 
A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator.2018-12-20not yet calculatedCVE-2018-8888
CONFIRM
bludit -- bludit
 
bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be exploitable via malicious user have to upload a crafted payload containing PHP code.2018-12-20not yet calculatedCVE-2018-1000811
MISC
bolt -- cms
 
Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry.2018-12-17not yet calculatedCVE-2018-19933
MISC
EXPLOIT-DB
MISC
bosch -- smart_home_camerasAn issue was discovered in several Bosch Smart Home cameras (360 degree indoor camera and Eyes outdoor camera) with firmware before 6.52.4. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface, because there is a buffer overflow in the RCP+ parser of the web server.2018-12-19not yet calculatedCVE-2018-20299
MISC
bosch_ip_camerasAn issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface.2018-12-17not yet calculatedCVE-2018-19036
CONFIRM
brave_software -- brave
 
Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains a Other/Unknown vulnerability in function ContentSettingsObserver::AllowScript() in content_settings_observer.cc that can result in Websites can run inline JavaScript even if script is blocked, making attackers easier to track users. This attack appear to be exploitable via the victim must visit a specially crafted website. This vulnerability appears to have been fixed in 0.25.2.2018-12-20not yet calculatedCVE-2018-1000815
MISC
MISC
MISC
bw-calendar-engine -- bw-calendar-engine
 
bw-calendar-engine version <= bw-calendar-engine-3.12.0 contains a XML External Entity (XXE) vulnerability in IscheduleClient XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the Middle or malicious server.2018-12-20not yet calculatedCVE-2018-1000836
MISC
MISC

chamilo -- chamilo-lms

Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due to the nature of the feature it exploits.2018-12-21not yet calculatedCVE-2018-20328
MISC
MISC

chamilo -- chamilo-lms

Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection, allowing users with access to the sessions catalogue (which may optionally be made public) to extract and/or modify database information.2018-12-21not yet calculatedCVE-2018-20329
MISC
MISC

chamilo -- chamilo-lms

Chamilo LMS version 1.11.8 contains XSS in main/template/default/admin/gradebook_list.tpl in the gradebook dependencies tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due to the nature of the feature it exploits.2018-12-21not yet calculatedCVE-2018-20327
MISC
MISC
cms_made_simple -- cms_made_simple
 
CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798.2018-12-19not yet calculatedCVE-2018-19597
MISC
cmsimple -- cmsimpleCMSimple 4.7.5 has XSS via an admin's upload of an SVG file at a ?userfiles&subdir=userfiles/images/flags/ URI.2018-12-19not yet calculatedCVE-2018-19508
MISC
cmsimple -- cmsimple
 
CMSimple 4.7.5 has XSS via an admin's use of a ?file=config&action=array URI.2018-12-19not yet calculatedCVE-2018-19507
MISC
codelibs -- fesscodelibs fess version before commit faa265b contains a XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML files. This vulnerability appears to have been fixed in after commit faa265b.2018-12-20not yet calculatedCVE-2018-1000822
MISC
MISC
comparex -- miss_marpleCOMPAREX Miss Marple Enterprise Edition before 2.0 allows local users to execute arbitrary code by reading the user name and encrypted password hard-coded in an Inventory Agent configuration file.2018-12-20not yet calculatedCVE-2018-19233
MISC
FULLDISC
BUGTRAQ
MISC
comparex -- miss_marpleThe Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows remote attackers to execute arbitrary code with SYSTEM privileges via vectors related to missing update validation.2018-12-20not yet calculatedCVE-2018-19234
MISC
FULLDISC
BUGTRAQ
MISC
copay -- bitcoin_wallet
 
Copay Bitcoin Wallet version 5.01 to 5.1.0 included. contains a Other/Unknown vulnerability in wallet private key storage that can result in Users' private key can be compromised. . This attack appear to be exploitable via Affected version run the malicious code at startup . This vulnerability appears to have been fixed in 5.2.0 and later .2018-12-20not yet calculatedCVE-2018-1000851
MISC
MISC
MISC
MISC
cscape -- cscape
 
Cscape, Version 9.80.75.3 SP3 and prior. An improper input validation vulnerability has been identified that may be exploited by processing specially crafted POC files lacking user input validation. This may allow an attacker to read confidential information and remotely execute arbitrary code.2018-12-20not yet calculatedCVE-2018-19005
BID
MISC
d-link -- 5592_routers
 
An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. The attacker will have access to the router control panel with administrator privileges.2018-12-18not yet calculatedCVE-2018-17777
MISC
d-link -- dcs_wifi_camerasD-Link DCS-825L devices with firmware 1.08 do not employ a suitable mechanism to prevent denial-of-service (DoS) attacks. An attacker can harm the device availability (i.e., live-online video/audio streaming) by using the hping3 tool to perform an IPv4 flood attack. Verified attacks includes SYN flooding, UDP flooding, ICMP flooding, and SYN-ACK flooding.2018-12-20not yet calculatedCVE-2018-18442
MISC
d-link -- dcs_wifi_camerasD-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: /common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings.2018-12-20not yet calculatedCVE-2018-18441
MISC
d-link -- dir-140l_and_dir-640l_routersdirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials.2018-12-21not yet calculatedCVE-2018-18009
FULLDISC
d-link -- dir-816_devices
 
D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. In the /goform/form2userconfig.cgi handler function, a long password may lead to a stack-based buffer overflow and overwrite a return address.2018-12-19not yet calculatedCVE-2018-20305
MISC
d-link -- dsl-2770l_routers
 
atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials.2018-12-21not yet calculatedCVE-2018-18007
FULLDISC
d-link -- multiple_devices
 
spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials.2018-12-21not yet calculatedCVE-2018-18008
FULLDISC
d-link -- mydlink_babyAn issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 825L firmware 1.08) with the credentials (username and password) in base64 cleartext. An attacker could conduct an MitM attack on the local network and very easily obtain these credentials.2018-12-20not yet calculatedCVE-2018-18767
MISC
domainmod -- domainmod
 
DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting (XSS) vulnerability in Segment Name field in the segments page that can result in Arbitrary script can be executed on all users browsers who visit the affected page. This attack appear to be exploitable via Victim must visit the vulnerable page. This vulnerability appears to have been fixed in No fix yet.2018-12-20not yet calculatedCVE-2018-1000856
MISC
driveragent -- driveragent
 
DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL (0x800020F4) with a buffer containing user defined content. The driver's subroutine will execute a wrmsr instruction with the user's buffer for partial input.2018-12-18not yet calculatedCVE-2018-19522
MISC
easymon -- easymon
 
easymon version 1.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Endpoint where monitoring is mounted that can result in Reflected XSS that affects Firefox. Can be used to steal cookies, depending on the cookie settings.. This attack appear to be exploitable via The victim must click on a crafted URL that contains the XSS payload. This vulnerability appears to have been fixed in 1.4.1 and later.2018-12-20not yet calculatedCVE-2018-1000855
MISC
MISC
elastic -- elasticsearch_securityElasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's find_file_structure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager then an attacker could send a specially crafted request capable of leaking content of local files on the Elasticsearch node. This could allow a user to access information that they should not have access to.2018-12-20not yet calculatedCVE-2018-17247
MISC
CONFIRM
elastic -- elasticsearch_security
 
Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same username is being authenticated concurrently; when used with run as, this can result in the request running as the incorrect user. This could allow a user to access information that they should not have access to.2018-12-20not yet calculatedCVE-2018-17244
MISC
CONFIRM

elixir-plug -- plug

Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in >= 1.3.5 or ~> 1.2.5 or ~> 1.1.9 or ~> 1.0.6.2018-12-20not yet calculatedCVE-2018-1000883
MISC
MISC
empire -- cms
 
Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file.2018-12-19not yet calculatedCVE-2018-20300
MISC
enigma2 -- enigma2
 
An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download&file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=download&dir= followed by a full pathname. This is related to plugin/controllers/file.py in the e2openplugin-OpenWebif project.2018-12-21not yet calculatedCVE-2018-20332
MISC
MISC
enlightenment -- terminologyTerminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types (/usr/share/applications). The control sequence defers unknown file types to the handle_unknown_media() function, which executes xdg-open against the filename specified in the sequence. The use of xdg-open for all unknown file types allows executable file formats with a registered shared MIME type to be executed. An attacker can achieve remote code execution by introducing an executable file and a plain text file containing the control sequence through a fake software project (e.g., in Git or a tarball). When the control sequence is rendered (such as with cat), the executable file will be run.2018-12-17not yet calculatedCVE-2018-20167
MISC
MISC
MISC
esigate.org -- esigateesigate.org esigate version 5.2 and earlier contains a CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in ESI directive with user specified XSLT that can result in Remote Code Execution. This attack appear to be exploitable via Use of another weakness in backend application to reflect ESI directives. This vulnerability appears to have been fixed in 5.3.2018-12-20not yet calculatedCVE-2018-1000854
MISC
espruino -- espruino
 
There is a stack-based buffer over-read in the jsfNameFromString function of jsflash.c in Espruino 2V00, leading to a denial of service or possibly unspecified other impact via a crafted js file.2018-12-18not yet calculatedCVE-2018-20201
MISC
evernote -- evernote
 
The Markdown component in Evernote (Chinese) before 8.3.2 on macOS allows stored XSS, aka MAC-832.2018-12-21not yet calculatedCVE-2018-20351
MISC
exist -- exist
 
exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.2018-12-20not yet calculatedCVE-2018-1000823
MISC
MISC
f5 -- big-ipOn BIG-IP AAM 13.0.0 or 12.1.0-12.1.3.7, the dcdb_convert utility used by BIG-IP AAM fails to drop group permissions when executing helper scripts, which could be used to leverage attacks against the BIG-IP system.2018-12-20not yet calculatedCVE-2018-15331
CONFIRM
f5 -- big-ipOn BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, when a virtual server using the inflate functionality to process a gzip bomb as a payload, the BIG-IP system will experience a fatal error and may cause the Traffic Management Microkernel (TMM) to produce a core file.2018-12-20not yet calculatedCVE-2018-15330
CONFIRM
f5 -- big-ipOn BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.2018-12-20not yet calculatedCVE-2018-15329
CONFIRM
fasterxml -- jackson
 
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Databind that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.2018-12-20not yet calculatedCVE-2018-1000873
MISC
MISC
fatfreecrm -- fatfreecrm
 
FatFreeCRM version <=0.14.1, >=0.15.0 <=0.15.1, >=0.16.0 <=0.16.3, >=0.17.0 <=0.17.2, ==0.18.0 contains a Cross Site Scripting (XSS) vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appear to be exploitable via Content with Javascript payload will be executed on end user browsers when they visit the page. This vulnerability appears to have been fixed in 0.18.1, 0.17.3, 0.16.4, 0.15.2, 0.14.2.2018-12-20not yet calculatedCVE-2018-1000842
MISC
MISC
MISC
MISC
floureon -- ip_camera_sp012The Floureon IP Camera SP012 provides a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges.2018-12-21not yet calculatedCVE-2018-20342
MISC
freecol -- freecol
 
FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Freecol file.2018-12-20not yet calculatedCVE-2018-1000825
MISC
MISC
freerdp -- freerdp
 
FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. This attack appear to be exploitable via RDPClient must connect the rdp server with echo option. This vulnerability appears to have been fixed in after commit 205c612820dac644d665b5bb1cdf437dc5ca01e3.2018-12-20not yet calculatedCVE-2018-1000852
MISC
MISC
MISC
freshdns -- freshdnsFreshDNS version 1.0.3 and prior contains a Cross Site Scripting (XSS) vulnerability in Account data form; Zone editor that can result in Execution of attacker's JavaScript code in victim's session. This attack appear to be exploitable via The attacker stores a specially crafted string as their Full Name in their account details. The victim (e.g. the administrator of the FreshDNS instance) opens the User List in the admin interface.. This vulnerability appears to have been fixed in 1.0.5 and later.2018-12-20not yet calculatedCVE-2018-1000847
MISC
MISC
freshdns -- freshdns
 
FreshDNS version 1.0.3 and earlier contains a Cross ite Request Forgery (CSRF) vulnerability in All (authenticated) API calls in index.php / class.manager.php that can result in Editing domains and zones with victim's privileges. This attack appear to be exploitable via Victim must open a website containing attacker's javascript. This vulnerability appears to have been fixed in 1.0.5 and later.2018-12-20not yet calculatedCVE-2018-1000846
MISC
MISC
frostwire -- frostwire
 
FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the middle the call to update the software.2018-12-20not yet calculatedCVE-2018-1000828
MISC
MISC
fuel -- cms
 
FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account.2018-12-17not yet calculatedCVE-2018-20188
MISC
ge -- mark_vie_distributed_control_system_and_associated_productsGE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C The affected versions of the application have a path traversal vulnerability that fails to restrict the ability of an attacker to gain access to restricted information.2018-12-14not yet calculatedCVE-2018-19003
BID
MISC
gigabyte -- multiple_productsThe GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE v1.33 and earlier, XTREME GAMING ENGINE v1.25 and earlier, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).2018-12-21not yet calculatedCVE-2018-19323
FULLDISC
BID
MISC
gigabyte -- multiple_productsThe GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE v1.33 and earlier, XTREME GAMING ENGINE v1.25 and earlier, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.2018-12-21not yet calculatedCVE-2018-19322
FULLDISC
BID
MISC
gigabyte -- multiple_productsThe GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE v1.33 and earlier, XTREME GAMING ENGINE v1.25 and earlier, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.2018-12-21not yet calculatedCVE-2018-19321
FULLDISC
BID
MISC
gigabyte -- multiple_products
 
The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE v1.33 and earlier, XTREME GAMING ENGINE v1.25 and earlier, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system.2018-12-21not yet calculatedCVE-2018-19320
FULLDISC
BID
MISC
gigaset -- maxwell_basic_voip_phonesMissing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with firmware 2.22.7 would allow a remote attacker (in the same network as the device) to change the admin password without authentication (and without knowing the original password).2018-12-20not yet calculatedCVE-2018-18871
MISC
gnu -- binutilsbinutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.2018-12-20not yet calculatedCVE-2018-1000876
MISC
MISC
gnupg -- gnupg
 
GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060.2018-12-20not yet calculatedCVE-2018-1000858
MISC
MISC
gogs -- gogs
 
In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CVE-2018-18925.2018-12-19not yet calculatedCVE-2018-20303
MISC
MISC
MISC
golang -- golangThe crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.2018-12-14not yet calculatedCVE-2018-16875
BID
CONFIRM
MISC
GENTOO
golang -- golangIn Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at http://bit.ly/2RhAxF4). The attacker can cause an arbitrary filesystem write, which can lead to code execution.2018-12-14not yet calculatedCVE-2018-16874
BID
CONFIRM
MISC
GENTOO
golang -- golangIn Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at http://bit.ly/2RhAxF4). Using custom domains, it's possible to arrange things so that a Git repository is cloned to a folder named ".git" by using a vanity import path that ends with "/.git". If the Git repository root contains a "HEAD" file, a "config" file, an "objects" directory, a "refs" directory, with some work to ensure the proper ordering of operations, "go get -u" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the "config" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running "go get -u".2018-12-14not yet calculatedCVE-2018-16873
BID
CONFIRM
MISC
GENTOO
google -- android
 
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Un-trusted pointer de-reference issue by accessing a variable which is already freed.2018-12-20not yet calculatedCVE-2018-11988
CONFIRM
google -- android
 
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, When allocating heap using user supplied size, Possible heap overflow vulnerability due to integer overflow in roundup to native pointer.2018-12-20not yet calculatedCVE-2018-11985
CONFIRM
google -- android
 
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Anyone can execute proptrigger.sh which will lead to change in properties.2018-12-20not yet calculatedCVE-2018-11965
CONFIRM
google -- android
 
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition and an out-of-bounds access can occur in the DIAG driver.2018-12-20not yet calculatedCVE-2018-11984
CONFIRM
google -- android
 
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Error in kernel observed while accessing freed mask pointers after reallocating memory for mask table.2018-12-20not yet calculatedCVE-2018-11983
CONFIRM
google -- android
 
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition can occur in the SPS driver which can lead to error in kernel.2018-12-20not yet calculatedCVE-2018-11960
BID
CONFIRM
google -- android
 
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Exposing the hashed content in /etc/passwd may lead to security issue.2018-12-20not yet calculatedCVE-2018-11964
CONFIRM
google -- android
 
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Buffer overread may occur due to non-null terminated strings while processing vsprintf in camera jpeg driver.2018-12-20not yet calculatedCVE-2018-11963
BID
CONFIRM
google -- android
 
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possibility of accessing out of bound vector index When updating some GNSS configurations.2018-12-20not yet calculatedCVE-2018-11961
BID
CONFIRM
google -- android
 
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, if there is an unlikely memory alloc failure for the secure pool in boot, it can result in wrong pointer access causing kernel panic.2018-12-20not yet calculatedCVE-2018-11987
CONFIRM
google -- android
 
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in TX and RX FIFOs of microcontroller in camera subsystem used to exchange commands and messages between Micro FW and CPP driver.2018-12-20not yet calculatedCVE-2018-11986
CONFIRM
google -- android
 
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, There is no synchronization between msm_vb2 buffer operations which can lead to use after free.2018-12-20not yet calculatedCVE-2017-9704
CONFIRM
google -- gvisor
 
Google gVisor before 2018-08-22 reuses a pagetable in a different level with the paging-structure cache intact, which allows attackers to cause a denial of service ("physical address not valid" panic) via a crafted application.2018-12-17not yet calculatedCVE-2018-20168
MISC
grafana -- grafana
 
Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where the payload was previously inserted..2018-12-20not yet calculatedCVE-2018-1000816
MISC
graphicsmagick -- graphicsmagickIn GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization.2018-12-17not yet calculatedCVE-2018-20189
MISC
BID
MISC
graphicsmagick -- graphicsmagickIn GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits.2018-12-17not yet calculatedCVE-2018-20185
MISC
BID
MISC
graphicsmagick -- graphicsmagickIn GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification.2018-12-17not yet calculatedCVE-2018-20184
MISC
BID
MISC
hancom -- hancom_office
 
Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions have a heap overflow vulnerability when handling Compound File in document. This result in a program crash or denial of service conditions.2018-12-21not yet calculatedCVE-2018-5201
MISC
hoteldruid -- hoteldruid
 
HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "id_utente_mod" parameter in gestione_utenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via the attack can be done by anyone via specially crafted sql query passed to the "id_utente_mod=1" parameter.2018-12-20not yet calculatedCVE-2018-1000871
EXPLOIT-DB
ibm -- api_connect
 
IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807.2018-12-20not yet calculatedCVE-2018-1784
CONFIRM
XF
ibm -- api_connect
 
IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Administrator' level access through the members functionality. IBM X-Force ID: 153914.2018-12-20not yet calculatedCVE-2018-1973
XF
CONFIRM
ibm -- business_automation_workflowIBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150947.2018-12-14not yet calculatedCVE-2018-1848
BID
XF
CONFIRM
ibm -- datapower_gatewaysIBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system. A local attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 145171.2018-12-20not yet calculatedCVE-2018-1677
XF
CONFIRM
ibm -- datapower_gatewaysIBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144887.2018-12-20not yet calculatedCVE-2018-1661
XF
CONFIRM
ibm -- db2
 
IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with TRUNCATE function. IBM X-Force ID: 154032.2018-12-14not yet calculatedCVE-2018-1977
CONFIRM
BID
XF
ibm -- domino
 
IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a buffer overflow in the parsing of command line arguments passed to nsd.exe. IBM X-force ID: 148687.2018-12-20not yet calculatedCVE-2018-1771
XF
CONFIRM
ibm -- event_streams
 
IBM Event Streams 2018.3.0 could allow a remote attacker to submit an API request with a fake Host request header. An attacker, who has already gained authorised access via the CLI, could exploit this vulnerability to spoof the request header. IBM X-Force ID: 150507.2018-12-18not yet calculatedCVE-2018-1833
XF
CONFIRM
ibm -- loopback
 
IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to the other user’s data / access to their privileges (if the user happens to be an Admin for example). IBM X-Force ID: 148801.2018-12-20not yet calculatedCVE-2018-1778
CONFIRM
XF
ibm -- security_guardiumIBM Security Guardium 10.0 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152080.2018-12-17not yet calculatedCVE-2018-1889
BID
XF
CONFIRM
ibm -- security_guardiumIBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152082.2018-12-17not yet calculatedCVE-2018-1891
BID
XF
CONFIRM
ibm -- security_guardiumIBM Security Guardium 10.0 and 10.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 124747. IBM X-Force ID: 124747.2018-12-17not yet calculatedCVE-2017-1272
BID
XF
CONFIRM
ibm -- security_guardiumIBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) techniques. IBM X-Force ID: 124740.2018-12-17not yet calculatedCVE-2017-1265
BID
XF
CONFIRM
ibm -- security_guardiumIBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132610.2018-12-17not yet calculatedCVE-2017-1597
BID
XF
CONFIRM
icinga -- icinga_webIcinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a Navigation item.2018-12-17not yet calculatedCVE-2018-18250
MISC
icinga -- icinga_webIcinga Web 2 before 2.6.2 has XSS via the /icingaweb2/navigation/add icon parameter.2018-12-17not yet calculatedCVE-2018-18247
MISC
icinga -- icinga_webIcinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup query string.2018-12-17not yet calculatedCVE-2018-18248
MISC
icinga -- icinga_webIcinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a name=${PATH}_${APACHE_RUN_DIR}_${APACHE_RUN_USER} parameter to /icingaweb2/navigation/add or /icingaweb2/dashboard/new-dashlet.2018-12-17not yet calculatedCVE-2018-18249
MISC
icinga -- icinga_web
 
Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable the monitoring module, or via /icingaweb2/config/moduleenable?name=setup to enable the setup module.2018-12-17not yet calculatedCVE-2018-18246
MISC
igraph -- igraph
 
The igraph_i_strdiff function in igraph_trie.c in igraph through 0.7.1 has an NULL pointer dereference that allows attackers to cause a denial of service (application crash) via a crafted object.2018-12-21not yet calculatedCVE-2018-20349
MISC
infovista -- vistaportalCross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "Variables.jsp" has reflected XSS via the ConnPoolName and GroupId parameters.2018-12-17not yet calculatedCVE-2018-19775
MISC
FULLDISC
infovista -- vistaportalCross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "Users.jsp" has reflected XSS via the ConnPoolName parameter.2018-12-17not yet calculatedCVE-2018-19770
MISC
FULLDISC
infovista -- vistaportalCross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/SecurityPolicies.jsp" has reflected XSS via the ConnPoolName parameter.2018-12-17not yet calculatedCVE-2018-19821
MISC
FULLDISC
infovista -- vistaportalCross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentPresentSpace.jsp" has reflected XSS via the ConnPoolName, GroupId, and ParentId parameters.2018-12-17not yet calculatedCVE-2018-19772
MISC
FULLDISC
infovista -- vistaportalCross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "UserProperties.jsp" has reflected XSS via the ConnPoolName parameter.2018-12-17not yet calculatedCVE-2018-19769
MISC
FULLDISC
infovista -- vistaportalCross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "SubPagePackages.jsp" has reflected XSS via the ConnPoolName and GroupId parameters.2018-12-17not yet calculatedCVE-2018-19768
MISC
FULLDISC
infovista -- vistaportalCross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "PresentSpace.jsp" has reflected XSS via the ConnPoolName and GroupId parameters.2018-12-17not yet calculatedCVE-2018-19767
MISC
FULLDISC
infovista -- vistaportalCross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "GroupRessourceAdmin.jsp" has reflected XSS via the ConnPoolName parameter.2018-12-17not yet calculatedCVE-2018-19766
MISC
FULLDISC
infovista -- vistaportalCross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentPresentSpace.jsp" has reflected XSS via the ConnPoolName, GroupId, and ParentId parameters.2018-12-17not yet calculatedCVE-2018-19765
MISC
FULLDISC
infovista -- vistaportalCross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentUser.jsp" has reflected XSS via the GroupId and ConnPoolName parameters.2018-12-17not yet calculatedCVE-2018-19773
MISC
FULLDISC
infovista -- vistaportalCross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/SharedCriteria.jsp" has reflected XSS via the ConnPoolName or GroupId parameter.2018-12-17not yet calculatedCVE-2018-19822
MISC
FULLDISC
infovista -- vistaportalCross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/categorytree/ChooseCategory.jsp" has reflected XSS via the ConnPoolName parameter.2018-12-17not yet calculatedCVE-2018-19816
MISC
FULLDISC
infovista -- vistaportalCross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/GroupCopy.jsp" has reflected XSS via the ConnPoolName, GroupId, or type parameter.2018-12-17not yet calculatedCVE-2018-19809
MISC
FULLDISC
infovista -- vistaportalCross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/GroupMove.jsp" has reflected XSS via the ConnPoolName, GroupId, or type parameter.2018-12-17not yet calculatedCVE-2018-19810
MISC
FULLDISC
infovista -- vistaportalCross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "PresentSpace.jsp" has reflected XSS via the GroupId and ConnPoolName parameters.2018-12-17not yet calculatedCVE-2018-19774
MISC
FULLDISC
infovista -- vistaportalCross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/SubFolderPackages.jsp" has reflected XSS via the GroupId parameter.2018-12-17not yet calculatedCVE-2018-19812
MISC
FULLDISC
infovista -- vistaportalCross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Subscribers.jsp" has reflected XSS via the ConnPoolName or GroupId parameter.2018-12-17not yet calculatedCVE-2018-19813
MISC
FULLDISC
infovista -- vistaportalCross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Subscriptions.jsp" has reflected XSS via the ConnPoolName or GroupId parameter.2018-12-17not yet calculatedCVE-2018-19814
MISC
FULLDISC
infovista -- vistaportalCross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/UserPopupAddNewProp.jsp" has reflected XSS via the ConnPoolName parameter.2018-12-17not yet calculatedCVE-2018-19815
MISC
FULLDISC
infovista -- vistaportalCross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/AdminAuthorisationFrame.jsp" has reflected XSS via the ConnPoolName or GroupId parameter.2018-12-17not yet calculatedCVE-2018-19817
MISC
FULLDISC
infovista -- vistaportalCross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Rights.jsp" has reflected XSS via the ConnPoolName parameter.2018-12-17not yet calculatedCVE-2018-19819
MISC
FULLDISC
infovista -- vistaportalCross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Roles.jsp" has reflected XSS via the ConnPoolName parameter.2018-12-17not yet calculatedCVE-2018-19820
MISC
FULLDISC
infovista -- vistaportalCross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Import.jsp" has reflected XSS via the ConnPoolName parameter.2018-12-17not yet calculatedCVE-2018-19811
MISC
FULLDISC
infovista -- vistaportalCross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentPool.jsp" has reflected XSS via the PropName parameter.2018-12-17not yet calculatedCVE-2018-19771
MISC
FULLDISC
infovista -- vistaportal
 
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Contacts.jsp" has reflected XSS via the ConnPoolName parameter.2018-12-17not yet calculatedCVE-2018-19818
MISC
FULLDISC
infovista -- vistaportal
 
XSS exists in InfoVista VistaPortal SE Version 5.1 (build 51029). VPortal/mgtconsole/RolePermissions.jsp has reflected XSS via the ConnPoolName parameter.2018-12-17not yet calculatedCVE-2018-19649
MISC
FULLDISC
integria -- ims
 
Ártica Soluciones Tecnológicas Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user accounts can be taken over. This attack appear to be exploitable via Network access to IntegriaIMS web interface . This vulnerability appears to have been fixed in fixed in versions released after commit f2ff0ba821644acecb893483c86a9c4d3bb75047.2018-12-20not yet calculatedCVE-2018-1000812
MISC
MISC
MISC
jco.ir -- karma
 
SQL injection vulnerability in the "ContentPlaceHolder1_uxTitle" component in ArchiveNews.aspx in jco.ir KARMA 6.0.0 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter.2018-12-20not yet calculatedCVE-2018-18399
MISC
MISC
jenzabar -- jenzabar
 
Cross-site scripting (XSS) vulnerability in Jenzabar v8.2.1 through 9.2.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter (aka the Search Field).2018-12-21not yet calculatedCVE-2018-16778
MISC
juniper -- secure_access_ssl_vpn_productsCertain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (build 7631). This occurs because appropriate controls are not performed. Specifically, it is possible for a readonly user to change the administrator user password by making a local copy of the /dana-admin/user/update.cgi page, changing the "user" value, and saving the changes.2018-12-21not yet calculatedCVE-2018-20193
FULLDISC
k9mail -- k9mail
 
K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious WebDAV server or intercept the reponse of a valid WebDAV server.2018-12-20not yet calculatedCVE-2018-1000831
MISC
MISC
keepassdx -- keepassdx
 
KeePassDX version <= 2.5.0.0beta17 contains a XML External Entity (XXE) vulnerability in kdbx file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.2018-12-20not yet calculatedCVE-2018-1000835
MISC
MISC
kibana -- kibanaKibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.2018-12-20not yet calculatedCVE-2018-17246
MISC
CONFIRM
kibana -- kibana
 
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource provider.2018-12-20not yet calculatedCVE-2018-17245
MISC
CONFIRM
kirby -- kirby
 
panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature.2018-12-20not yet calculatedCVE-2018-16627
MISC
kmplayer -- kmplayer
 
KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted FLV format file. The problem is that more frame data is copied to heap memory than the size specified in the frame header. This results in a memory corruption and remote code execution.2018-12-20not yet calculatedCVE-2018-5200
MISC
knc -- knc
 
The read_packet function in knc (Kerberised NetCat) before 1.11-1 is vulnerable to denial of service (memory exhaustion) that can be exploited remotely without authentication, possibly affecting another services running on the targeted host.2018-12-20not yet calculatedCVE-2017-9732
MISC
FULLDISC
CONFIRM
MISC
lh-ehr -- lh-ehr
 
LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type.2018-12-20not yet calculatedCVE-2018-1000839
MISC
MISC
libarchive -- libarchivelibarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.2018-12-20not yet calculatedCVE-2018-1000879
MISC
MISC
MISC
libarchive -- libarchivelibarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.2018-12-20not yet calculatedCVE-2018-1000878
MISC
MISC
MISC
MLIST
libarchive -- libarchivelibarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.2018-12-20not yet calculatedCVE-2018-1000880
MISC
MISC
MISC
libarchive -- libarchive
 
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.2018-12-20not yet calculatedCVE-2018-1000877
MISC
MISC
MISC
MLIST
libexcel -- libexcel
 
wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01 allows attackers to cause a denial of service (SEGV) via a long name. NOTE: this is not a Microsoft product.2018-12-18not yet calculatedCVE-2018-20213
MISC
libexcel -- libexcel
 
wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01 allows attackers to cause a denial of service (SEGV) via a long second argument. NOTE: this is not a Microsoft product.2018-12-19not yet calculatedCVE-2018-20304
MISC
libjpeg-turbo -- libjpeg-turbo
 
The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench.2018-12-21not yet calculatedCVE-2018-20330
MISC
libpff -- libpff
 
libpff_item_tree_create_node in libpff_item_tree.c in libpff before experimental-20180714 allows attackers to cause a denial of service (infinite recursion) via a crafted file, related to libfdata_tree_get_node_value in libfdata_tree.c.2018-12-21not yet calculatedCVE-2018-20348
MISC
libraw -- librawLibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.2018-12-22not yet calculatedCVE-2018-20364
MISC
libraw -- librawLibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow.2018-12-22not yet calculatedCVE-2018-20365
MISC
libraw -- libraw
 
There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.2018-12-21not yet calculatedCVE-2018-20337
MISC
libraw -- libraw
 
LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.2018-12-22not yet calculatedCVE-2018-20363
MISC
libsass -- libsass
 
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.2018-12-17not yet calculatedCVE-2018-20190
BID
MISC
libvnc -- libvncLibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS.2018-12-19not yet calculatedCVE-2018-20024
MISC
libvnc -- libvncLibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution2018-12-19not yet calculatedCVE-2018-20020
MISC
libvnc -- libvncLibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution2018-12-19not yet calculatedCVE-2018-15127
MISC
libvnc -- libvncLibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR2018-12-19not yet calculatedCVE-2018-20023
MISC
libvnc -- libvncLibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR2018-12-19not yet calculatedCVE-2018-20022
MISC
libvnc -- libvncLibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM2018-12-19not yet calculatedCVE-2018-20021
MISC
libvnc -- libvnc
 
LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution2018-12-19not yet calculatedCVE-2018-20019
MISC
libvnc -- libvnc
 
LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution.2018-12-19not yet calculatedCVE-2018-6307
MISC
libvnc -- libvnc
 
LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution2018-12-19not yet calculatedCVE-2018-15126
MISC
limesurvey -- limesurvey
 
LimeSurvey contains an XSS vulnerability while uploading a ZIP file, resulting in JavaScript code execution against LimeSurvey admins.2018-12-21not yet calculatedCVE-2018-20322
MISC
CONFIRM
linode -- subsonicSubsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF.2018-12-19not yet calculatedCVE-2018-20228
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.2018-12-17not yet calculatedCVE-2018-20169
MISC
MISC
MISC
linux -- linux_kernelA flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.2018-12-18not yet calculatedCVE-2018-16884
BID
CONFIRM
CONFIRM
CONFIRM
linux -- linux
 
An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivileged user on Linux to gain root privileges via a Trojan horse binary.2018-12-20not yet calculatedCVE-2018-18629
MISC
MISC
CONFIRM
log-user-session -- log-user-session
 
log-user-session version 0.7 and earlier contains a Directory Traversal vulnerability in Main SUID-binary /usr/local/bin/log-user-session that can result in User to root privilege escalation. This attack appear to be exploitable via Malicious unprivileged user executes the vulnerable binary/(remote) environment variable manipulation similar shell-shock also possible.2018-12-20not yet calculatedCVE-2018-1000857
MISC
logitech -- harmony_hubLogitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API.2018-12-20not yet calculatedCVE-2018-15720
MISC
logitech -- harmony_hubThe Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo).2018-12-20not yet calculatedCVE-2018-15723
MISC
logitech -- harmony_hubThe XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the local API.2018-12-20not yet calculatedCVE-2018-15721
MISC
logitech -- harmony_hubThe Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response.2018-12-20not yet calculatedCVE-2018-15722
MISC
luigi -- luigi
 
Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery (CSRF) vulnerability in API endpoint: /api/ that can result in Task metadata such as task name, id, parameter, etc. will be leaked to unauthorized users. This attack appear to be exploitable via The victim must visit a specially crafted webpage from the network where their Luigi server is accessible.. This vulnerability appears to have been fixed in 2.8.0 and later.2018-12-20not yet calculatedCVE-2018-1000843
MISC
MISC
MISC
mcafee -- application_and_change_controlA whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows a remote or local user to execute blacklisted files through an ASP.NET form.2018-12-20not yet calculatedCVE-2018-6669
CONFIRM
medtronic -- carelink_programmer_and_encore_programmerMedtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Encore Programmer, all versions, The affected products do not encrypt or do not sufficiently encrypt the following sensitive information while at rest PII and PHI.2018-12-14not yet calculatedCVE-2018-18984
BID
MISC
megamek -- megamek
 
MegaMek version < v0.45.1 contains a Other/Unknown vulnerability in Object Stream Connection that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.2018-12-20not yet calculatedCVE-2018-1000824
MISC
MISC
micromathematics -- micromathematicsMicroMathematics version before commit 5c05ac8 contains a XML External Entity (XXE) vulnerability in SMathStudio files that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted SMathStudio files. This vulnerability appears to have been fixed in after commit 5c05ac8.2018-12-20not yet calculatedCVE-2018-1000821
MISC
MISC
microsoft -- internet_explorer
 
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8643.2018-12-20not yet calculatedCVE-2018-8653
BID
CONFIRM
microweber -- microweber
 
Microweber version <= 1.0.7 contains a Cross Site Scripting (XSS) vulnerability in Admin login form template that can result in Execution of JavaScript code.2018-12-20not yet calculatedCVE-2018-1000826
MISC
MISC
microworld_technologies -- escaneScan Agent Application (MWAGENT.EXE) 4.0.2.98 in MicroWorld Technologies eScan 14.0 allows remote or local attackers to execute arbitrary commands by sending a carefully crafted payload to TCP port 2222.2018-12-20not yet calculatedCVE-2018-18388
CONFIRM
nagios -- nagios_coreNagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE.2018-12-17not yet calculatedCVE-2018-18245
MISC
nasm -- nasm
 
nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file.2018-12-20not yet calculatedCVE-2018-1000886
MISC
netatalk -- netatalk
 
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.2018-12-20not yet calculatedCVE-2018-1160
CONFIRM
MISC
MISC
DEBIAN
EXPLOIT-DB
MISC
openkmip -- pykmip
 
OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399: Resource Management Errors (similar issue to CVE-2015-5262) vulnerability in PyKMIP server that can result in DOS: the server can be made unavailable by one or more clients opening all of the available sockets. This attack appear to be exploitable via A client or clients open sockets with the server and then never close them. This vulnerability appears to have been fixed in 0.8.0.2018-12-20not yet calculatedCVE-2018-1000872
MISC
phkp -- phkp
 
PHKP version including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b contains a Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in function pgp_exec() phkp.php:98 that can result in It is possible to manipulate gpg-keys or execute commands remotely. This attack appear to be exploitable via HKP-Api: /pks/lookup?search.2018-12-20not yet calculatedCVE-2018-1000885
MISC
photorange -- photo_vaultPhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it easier for remote attackers to bypass intended GET restrictions via a brute-force approach, as demonstrated by "GET /login.html__passwd1" and "GET /login.html__passwd2" and so on.2018-12-22not yet calculatedCVE-2018-20371
MISC
php_markdown -- php_markdown
 
PHP Markdown version 1.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in The parser allows a malicious crafted script to be executed that can result in Steal user data with a crafted script. This attack appear to be exploitable via User must open a crafted MD formatted file.2018-12-20not yet calculatedCVE-2018-1000874
MISC
php_server_monitor -- php_server_monitor
 
PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action.2018-12-18not yet calculatedCVE-2018-18921
CONFIRM
MISC
phpipam -- phpipamPHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. Admin(Victim) views user in admin-panel and gets exploited.. This vulnerability appears to have been fixed in 1.4.2018-12-20not yet calculatedCVE-2018-1000870
MISC
MISC
phpipam -- phpipam
 
phpipam version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh'>quqtl exploits an XSS vulnerability. that can result in Arbitrary code executes in victims browser.. This attack appear to be exploitable via Needs to be chained with another exploit that allows an attacker to set or modify a cookie for the phpIPAM instance's domain..2018-12-20not yet calculatedCVE-2018-1000860
MISC
phpipam -- phpipam
 
phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that can result in SQL Injection.. This attack appear to be exploitable via Rough user, exploiting the vulnerability to access information he/she does not have access to.. This vulnerability appears to have been fixed in 1.4.2018-12-20not yet calculatedCVE-2018-1000869
MISC
MISC
pivotal -- concourse_releasePivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access token in Concourse.2018-12-19not yet calculatedCVE-2018-15798
CONFIRM
pivotal -- spring_securitySpring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer.2018-12-19not yet calculatedCVE-2018-15801
CONFIRM
printeron -- printeron
 
PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion.2018-12-17not yet calculatedCVE-2018-19936
MISC
EXPLOIT-DB
processing_foundation -- processing
 
Processing Foundation Processing version 3.4 and earlier contains a XML External Entity (XXE) vulnerability in loadXML() function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use Processing to parse a crafted XML document.2018-12-20not yet calculatedCVE-2018-1000840
MISC
MISC
pspp -- pspp
 
An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.2018-12-19not yet calculatedCVE-2018-20230
MISC
ptc -- thingworx_platformPTC ThingWorx Platform through 8.3.0 is vulnerable to a directory traversal attack on ZIP files via a POST request.2018-12-17not yet calculatedCVE-2018-20092
CONFIRM
pulse_secure -- virtual_traffic_managerA stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or HTML via a crafted website and steal sensitive data and credentials. Affected releases are Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1.2018-12-20not yet calculatedCVE-2018-20306
MISC
pulse_secure -- virtual_traffic_managerPulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1 allow a remote authenticated user to obtain sensitive historical activity information by leveraging incorrect permission validation.2018-12-20not yet calculatedCVE-2018-20307
MISC
pylearn2 -- pylearn2
 
The yaml_parse.load method in Pylearn2 allows code injection.2018-12-17not yet calculatedCVE-2018-20027
MISC
python -- python
 
There is a vulnerability in load() method in definitions/parser.py in the Danijar Hafner definitions package for Python. It can execute arbitrary python commands resulting in command execution.2018-12-21not yet calculatedCVE-2018-20325
MISC
qemu -- qemuhw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled.2018-12-20not yet calculatedCVE-2018-20126
MLIST
MLIST
qemu -- qemuhw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings.2018-12-20not yet calculatedCVE-2018-20125
MLIST
MLIST
qemu -- qemuhw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value.2018-12-20not yet calculatedCVE-2018-20124
MLIST
MLIST
qemu -- qemu
 
hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference).2018-12-20not yet calculatedCVE-2018-20191
MLIST
BID
MLIST
qemu -- qemu
 
QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled).2018-12-20not yet calculatedCVE-2018-20216
MLIST
MLIST
qemu -- qemu
 
pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error.2018-12-17not yet calculatedCVE-2018-20123
MLIST
BID
MLIST
rdf4j -- rdf4j
 
RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP archive.2018-12-19not yet calculatedCVE-2018-20227
MISC
MISC
rendertron -- rendertronRendertron 1.0.0 allows for alternative protocols such as 'file://' introducing a Local File Inclusion (LFI) bug where arbitrary files can be read by a remote attacker.2018-12-17not yet calculatedCVE-2017-18354
MISC
MISC
MISC
rendertron -- rendertronInstalled packages are exposed by node_modules in Rendertron 1.0.0, allowing remote attackers to read absolute paths on the server by examining the "_where" attribute of package.json files.2018-12-17not yet calculatedCVE-2017-18355
MISC
MISC
MISC
rendertron -- rendertronRendertron 1.0.0 includes an _ah/stop route to shutdown the Chrome instance responsible for serving render requests to all users. Visiting this route with a GET request allows any unauthorized remote attacker to disable the core service of the application.2018-12-17not yet calculatedCVE-2017-18353
MISC
MISC
MISC
rendertron -- rendertron
 
Error reporting within Rendertron 1.0.0 allows reflected Cross Site Scripting (XSS) from invalid URLs.2018-12-17not yet calculatedCVE-2017-18352
MISC
MISC
MISC
runelite -- runelite
 
runelite version <= runelite-parent-1.4.23 contains a XML External Entity (XXE) vulnerability in Man in the middle runscape services call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.2018-12-20not yet calculatedCVE-2018-1000834
MISC
MISC
s3_browser -- s3_browser
 
S3 Browser before 8.1.5 contains an XML external entity (XXE) vulnerability, allowing remote attackers to read arbitrary files and obtain NTLMv2 hash values by tricking a user into connecting to a malicious server via the S3 protocol.2018-12-19not yet calculatedCVE-2018-20298
MISC
MISC
samsung -- samsung_galaxy_s6Buffer overflow in dhd_bus_flow_ring_flush_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 allow an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785.2018-12-17not yet calculatedCVE-2018-14855
MISC
samsung -- samsung_galaxy_s6A NULL pointer dereference in dhd_prot_txdata_write_flush in drivers/net/wireless/bcmdhd4358/dhd_msgbuf.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device to reboot. The Samsung ID is SVE-2018-11783.2018-12-17not yet calculatedCVE-2018-14853
MISC
samsung -- samsung_galaxy_s6Buffer overflow in dhd_bus_flow_ring_create_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker (who has obtained code execution on the Wi-Fi) chip to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785.2018-12-17not yet calculatedCVE-2018-14856
MISC
samsung -- samsung_galaxy_s6Out-of-bounds array access in dhd_rx_frame in drivers/net/wireless/bcmdhd4358/dhd_linux.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to cause invalid accesses to operating system memory due to improper validation of the network interface index provided by the Wi-Fi chip's firmware.2018-12-17not yet calculatedCVE-2018-14852
MISC
samsung -- samsung_galaxy_s6Buffer overflow in dhd_bus_flow_ring_delete_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785.2018-12-17not yet calculatedCVE-2018-14854
MISC
schneider-electric -- ecostruxure_productsA URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site.2018-12-17not yet calculatedCVE-2018-7797
BID
CONFIRM
schneider-electric -- modicon_productsA URL Redirection to Untrusted Site vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a user clicking on a specially crafted link can be redirected to a URL of the attacker's choosing.2018-12-17not yet calculatedCVE-2018-7804
CONFIRM
schneider-electric -- modicon_productsAn Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.2018-12-17not yet calculatedCVE-2018-7812
MISC
CONFIRM
schneider-electric -- modicon_productsAn Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable2018-12-17not yet calculatedCVE-2018-7833
CONFIRM
skcertservice  -- skcertservice
 
SKCertService 2.5.5 and earlier contains a vulnerability that could allow remote attacker to execute arbitrary code. This vulnerability exists due to the way .dll files are loaded by SKCertService. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.2018-12-21not yet calculatedCVE-2018-5202
MISC
sqlite -- sqlite
 
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.2018-12-21not yet calculatedCVE-2018-20346
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MLIST
MISC
MISC
MISC
MISC
MISC
MISC
square -- open_source_retrofitSquare Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contains a XML External Entity (XXE) vulnerability in JAXB that can result in An attacker could use this to remotely read files from the file system or to perform SSRF.. This vulnerability appears to have been fixed in After commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437.2018-12-20not yet calculatedCVE-2018-1000844
MISC
square -- retrofit
 
Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipulating the URL an attacker could add or delete resources otherwise unavailable to her.. This attack appear to be exploitable via An attacker should have access to an encoded path parameter on POST, PUT or DELETE request.. This vulnerability appears to have been fixed in 2.5.0 and later.2018-12-20not yet calculatedCVE-2018-1000850
MISC
MISC
MISC
sssd -- sssd
 
sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.2018-12-19not yet calculatedCVE-2018-16883
BID
CONFIRM
stackstorm -- stackstorm
 
Incorrect access control in StackStorm API (st2api) in StackStorm before 2.9.2 and 2.10.x before 2.10.1 allows an attacker (who has a StackStorm account and is authenticated against the StackStorm API) to retrieve datastore items for other users by utilizing the /v1/keys "?scope=all" and "?user=" query filter parameters. Enterprise editions with RBAC enabled are not affected.2018-12-21not yet calculatedCVE-2018-20345
MISC
statamic -- statamic
 
Statamic 2.10.3 allows XSS via First Name or Last Name to the /users URI in an 'Add new user' request.2018-12-19not yet calculatedCVE-2018-19598
MISC
steve_pallen -- coherence
 
An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. In particular, "registration" endpoints (e.g., creating, editing, updating) allow users to update any coherence_fields data. For example, users can automatically confirm their accounts by sending the confirmed_at parameter with their registration request.2018-12-20not yet calculatedCVE-2018-20301
MISC
steve_pallen -- xainAn XSS issue was discovered in Steve Pallen Xain before 0.6.2 via the order parameter.2018-12-19not yet calculatedCVE-2018-20302
MISC
MISC
swisscom -- swisscom_internet-boxA stack-based buffer overflow in the LAN UPnP service running on UDP port 1900 of Swisscom Internet-Box (2, Standard, and Plus) prior to v09.04.00 and Internet-Box light prior to v08.05.02 allows remote code execution. No authentication is required to exploit this vulnerability. Sending a simple UDP packet to port 1900 allows an attacker to execute code on a remote device. However, this is only possible if the attacker is inside the LAN. Because of ASLR, the success rate is not 100% and leads instead to a DoS of the UPnP service. The remaining functionality of the Internet Box is not affected. A reboot of the Internet Box is necessary to attempt the exploit again.2018-12-17not yet calculatedCVE-2018-16596
CONFIRM
sylabs -- singularitySylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks.2018-12-17not yet calculatedCVE-2018-19295
CONFIRM
symfony -- symfonyAn open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login.2018-12-18not yet calculatedCVE-2018-19790
BID
FEDORA
FEDORA
FEDORA
CONFIRM
symfony -- symfony
 
An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint `string` in a setter method (e.g. `setName(string $name)`) of a class that's the `data_class` of a form, and when a file upload is submitted to the corresponding field instead of a normal text input, then `UploadedFile::__toString()` is called which will then return and disclose the path of the uploaded file. If combined with a local file inclusion issue in certain circumstances this could escalate it to a Remote Code Execution.2018-12-18not yet calculatedCVE-2018-19789
BID
FEDORA
FEDORA
FEDORA
CONFIRM
sz -- netchat
 
SZ NetChat before 7.9 has XSS in the MyName input field of the Options module. Attackers are able to inject commands to compromise the enabled HTTP server web frontend.2018-12-22not yet calculatedCVE-2018-20370
MISC
tenable -- nagios_xiAn issue was discovered in Nagios XI before 5.5.8. The rss_url parameter of rss_dashlet/magpierss/scripts/magpie_slashbox.php is not filtered, resulting in an XSS vulnerability.2018-12-17not yet calculatedCVE-2018-20172
MISC
MISC
tenable -- nagios_xiAn issue was discovered in Nagios XI before 5.5.8. The url parameter of rss_dashlet/magpierss/scripts/magpie_simple.php is not filtered, resulting in an XSS vulnerability.2018-12-17not yet calculatedCVE-2018-20171
MISC
MISC
tenda -- adsl_modem_routersTenda ADSL modem routers 1.0.1 allow XSS via the hostname of a DHCP client.2018-12-22not yet calculatedCVE-2018-20373
MISC
MISC
thehive-project -- cortexAn organization administrator can add a super administrator in THEHIVE PROJECT Cortex before 2.1.3 due to the lack of overriding the Role.toString method.2018-12-21not yet calculatedCVE-2018-20226
CONFIRM
CONFIRM
CONFIRM
tp-link -- td-w8961nd devicesTP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client.2018-12-22not yet calculatedCVE-2018-20372
MISC
MISC
traccar -- traccar_server
 
Traccar Traccar Server version 4.0 and earlier contains a CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability in ComputedAttributesHandler.java that can result in Remote Command Execution. This attack appear to be exploitable via Remote: web application request by a self-registered user. This vulnerability appears to have been fixed in 4.1 and later.2018-12-20not yet calculatedCVE-2018-1000881
MISC
trend_micro -- dr._safety_for_androidAn Address Bar Spoofing vulnerability in Trend Micro Dr. Safety for Android (Consumer) versions 3.0.1324 and below could allow an attacker to potentially trick a victim into visiting a malicious URL using address bar spoofing on the Private Browser of the app on vulnerable installations.2018-12-21not yet calculatedCVE-2018-18330
MISC
trend_micro -- officescanA Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations.2018-12-21not yet calculatedCVE-2018-18332
CONFIRM
trend_micro -- officescanA Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerable installations.2018-12-21not yet calculatedCVE-2018-18331
CONFIRM
trendnet -- tew-632brp_and_tew-673gru_routersBuffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (with authentication).2018-12-20not yet calculatedCVE-2018-19242
MISC
FULLDISC
trendnet -- tew-673gru_routersTRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vulnerability in the start_arpping function of the timer binary, which allows remote attackers to execute arbitrary commands via three parameters (dhcpd_start, dhcpd_end, and lan_ipaddr) passed to the apply.cgi binary through a POST request.2018-12-20not yet calculatedCVE-2018-19239
MISC
FULLDISC
trendnet -- tv-ip110wn_camerasBuffer overflow in network.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (without authentication).2018-12-20not yet calculatedCVE-2018-19240
MISC
FULLDISC
trendnet -- tv-ip110wn_camerasBuffer overflow in video.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (without authentication).2018-12-20not yet calculatedCVE-2018-19241
MISC
FULLDISC
ubilling -- ubilling
 
Ubilling version <= 0.9.2 contains a Other/Unknown vulnerability in user-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.2018-12-20not yet calculatedCVE-2018-1000827
MISC
MISC
uml_designer -- uml_designer
 
UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious plugins.xml file.2018-12-20not yet calculatedCVE-2018-1000837
MISC
MISC
vesta -- vesta
 
Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, line 51 that can result in Possible to determine password reset codes, attacker is able to change administrator password. This attack appear to be exploitable via Unauthenticated network connectivity. This vulnerability appears to have been fixed in After commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- release version 0.9.8-19.2018-12-20not yet calculatedCVE-2018-1000884
MISC
virus_total -- yaraIn YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine.2018-12-17not yet calculatedCVE-2018-19976
MISC
MISC
CONFIRM
virus_total -- yaraIn YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (not the YARA virtual stack).2018-12-17not yet calculatedCVE-2018-19974
MISC
MISC
CONFIRM
virus_total -- yaraIn YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OP_COUNT can read a DWORD.2018-12-17not yet calculatedCVE-2018-19975
MISC
MISC
CONFIRM
vmware -- vrealize_operations_managervRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. Note: the admin user (non-sudoer) should not be confused with root of the vROps machine.2018-12-18not yet calculatedCVE-2018-6978
BID
CONFIRM
vyos -- vyosA privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows operator users to execute the pppd binary with elevated (sudo) permissions. Certain input parameters are not properly validated. A malicious operator user can run the binary with elevated permissions and leverage its improper input validation condition to spawn an attacker-controlled shell with root privileges.2018-12-17not yet calculatedCVE-2018-18556
MISC
CONFIRM
vyos -- vyos
 
A sandbox escape issue was discovered in VyOS 1.1.8. It provides a restricted management shell for operator users to administer the device. By issuing various shell special characters with certain commands, an authenticated operator user can break out of the management shell and gain access to the underlying Linux shell. The user can then run arbitrary operating system commands with the privileges afforded by their account.2018-12-17not yet calculatedCVE-2018-18555
CONFIRM
wampserver -- wampserver
 
Wampserver version prior to version 3.1.5 contains a Cross Site Scripting (XSS) vulnerability in index.php localhost page that can result in very low. This attack appear to be exploitable via payload onmouseover. This vulnerability appears to have been fixed in 3.1.5 and later.2018-12-20not yet calculatedCVE-2018-1000848
MISC
webid -- webidWeBid version up to current version 1.2.2 contains a Cross Site Scripting (XSS) vulnerability in user_login.php, register.php that can result in Javascript execution in the user's browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must click a malicous link. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f.2018-12-20not yet calculatedCVE-2018-1000868
MISC
MISC
MISC
webid -- webid
 
WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f.2018-12-20not yet calculatedCVE-2018-1000882
MISC
MISC
MISC
webid -- webid
 
WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions*.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f.2018-12-20not yet calculatedCVE-2018-1000867
MISC
MISC
MISC
webroo -- brightcloud_sdkAn exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. The configuration of the HTTP client does not enforce a secure connection by default, resulting in a failure to validate TLS certificates. An attacker could impersonate a remote BrightCloud server to exploit this vulnerability.2018-12-18not yet calculatedCVE-2018-4015
MISC
weixin-java-tools -- weixin-java-tools
 
An issue was discovered in weixin-java-tools v3.2.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file.2018-12-20not yet calculatedCVE-2018-20318
MISC
wizvera -- veraportIn Veraport G3 ALL on MacOS, due to insufficient domain validation, It is possible to overwrite installation file to malicious file. A remote unauthenticated attacker may use this vulnerability to execute arbitrary file.2018-12-20not yet calculatedCVE-2018-5199
MISC
wizvera -- veraport
 
In Veraport G3 ALL on MacOS, a race condition when calling the Veraport API allow remote attacker to cause arbitrary file download and execution. This results in remote code execution.2018-12-20not yet calculatedCVE-2018-5198
MISC
wordpress -- wordpressIn WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.2018-12-14not yet calculatedCVE-2018-20150
BID
MISC
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpressIn WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS.2018-12-14not yet calculatedCVE-2018-20153
BID
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpressThe Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback.2018-12-22not yet calculatedCVE-2018-20368
MISC
wordpress -- wordpressIn WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input.2018-12-14not yet calculatedCVE-2018-20152
BID
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpressCross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation.2018-12-19not yet calculatedCVE-2018-20231
MISC
wordpress -- wordpressIn WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data.2018-12-14not yet calculatedCVE-2018-20149
BID
MISC
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpressIn WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default.2018-12-14not yet calculatedCVE-2018-20151
BID
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpressIn WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files.2018-12-14not yet calculatedCVE-2018-20147
BID
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpressIn WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_thumb_file function in wp-includes/post.php.2018-12-14not yet calculatedCVE-2018-20148
BID
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpress
 
The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php.2018-12-20not yet calculatedCVE-2018-14846
MISC
MISC
wstmart -- wstmart
 
The "mall some commodity details: commodity consultation" component in WSTMart 2.0.8_181212 has stored XSS via the consultContent parameter, as demonstrated by the index.php/home/goodsconsult/add.html URI.2018-12-22not yet calculatedCVE-2018-20367
MISC
xml_parser -- xml_parser
 
neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 45bc09c.2018-12-20not yet calculatedCVE-2018-1000820
MISC
MISC
xr3player -- xr3player
 
XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.2018-12-20not yet calculatedCVE-2018-1000830
MISC
MISC
ymlref -- ymlref
 
ymlref allows code injection.2018-12-17not yet calculatedCVE-2018-20133
MISC
zend.to -- zend.to
 
Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim's browser.. This attack appear to be exploitable via HTTP POST request. This vulnerability appears to have been fixed in 5.16-1 Beta.2018-12-20not yet calculatedCVE-2018-1000841
MISC
zoho_manageengine -- opmanagerZoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API.2018-12-17not yet calculatedCVE-2018-20173
MISC
zoho_manageengine -- opmanagerZoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section.2018-12-21not yet calculatedCVE-2018-20338
MISC
zoho_manageengine -- opmanagerZoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section.2018-12-21not yet calculatedCVE-2018-20339
MISC
zoneminder -- zoneminderZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.2018-12-20not yet calculatedCVE-2018-1000833
MISC
MISC
zoneminder -- zoneminder
 
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.2018-12-20not yet calculatedCVE-2018-1000832
MISC
MISC
zte -- usmartviewAll versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations.2018-12-20not yet calculatedCVE-2018-7365
CONFIRM
zurmo -- zurmo
 
Zurmo 3.2.4 allows HTML Injection via an admin's use of HTML in the report section, a related issue to CVE-2018-19506.2018-12-19not yet calculatedCVE-2018-19596
MISC
zurmo -- zurmo
 
Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the reports section, aka the app/index.php/reports/default/details?id=1 URI.2018-12-19not yet calculatedCVE-2018-19506
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://bit.ly/2GQzCYj