U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

Bulletin (SB18-232)

Vulnerability Summary for the Week of August 13, 2018

Original release date: August 20, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
intel -- core_i3Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.2018-08-145.4CVE-2018-3615
CONFIRM
CONFIRM
BID
SECTRACK
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CISCO
CONFIRM
CERT-VN
CONFIRM
intel -- core_i3Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.2018-08-144.7CVE-2018-3620
CONFIRM
CONFIRM
BID
SECTRACK
CONFIRM
CONFIRM
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
MISC
FEDORA
FEDORA
CONFIRM
FREEBSD
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CISCO
UBUNTU
UBUNTU
UBUNTU
UBUNTU
UBUNTU
DEBIAN
CONFIRM
CERT-VN
CONFIRM
intel -- core_i3Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.2018-08-144.7CVE-2018-3646
CONFIRM
CONFIRM
BID
SECTRACK
CONFIRM
CONFIRM
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
MISC
FEDORA
FEDORA
CONFIRM
FREEBSD
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CISCO
UBUNTU
UBUNTU
UBUNTU
UBUNTU
UBUNTU
DEBIAN
CONFIRM
CERT-VN
CONFIRM
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
3par -- service_processorA security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow cross-site request forgery.2018-08-14not yet calculatedCVE-2018-7097
CONFIRM
3par -- service_processorA security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow disclosure of privileged information.2018-08-14not yet calculatedCVE-2018-7099
CONFIRM
3par -- service_processorA security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow access restriction bypass.2018-08-14not yet calculatedCVE-2018-7095
CONFIRM
3par -- service_processorA security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow directory traversal.2018-08-14not yet calculatedCVE-2018-7098
CONFIRM
3par -- service_processorA security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913(GA). The vulnerability may be exploited locally to allow disclosure of privileged information.2018-08-14not yet calculatedCVE-2018-7094
CONFIRM
3par -- service_processorA security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow code execution.2018-08-14not yet calculatedCVE-2018-7096
CONFIRM
apache -- commons_compressWhen reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package.2018-08-16not yet calculatedCVE-2018-11771
SECTRACK
MLIST

apache -- http_server

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).2018-08-14not yet calculatedCVE-2016-4975
BID
CONFIRM
CONFIRM
apache -- sparkFrom version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs via spark-submit. However, the REST API does not use this or any other authentication mechanism, and this is not adequately documented. In this case, a user would be able to run a driver program without authenticating, but not launch executors, using the REST API. This REST API is also used by Mesos, when set up to run in cluster mode (i.e., when also running MesosClusterDispatcher), for job submission. Future versions of Spark will improve documentation on these points, and prohibit setting 'spark.authenticate.secret' when running the REST APIs, to make this clear. Future versions will also disable the REST API by default in the standalone master by changing the default value of 'spark.master.rest.enabled' to 'false'.2018-08-13not yet calculatedCVE-2018-11770
BID
MLIST
CONFIRM
bytedance -- musical.ly_app_for_iosMusical.ly Inc., musical.ly - your video social network, 6.1.6, 2017-10-03, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.2018-08-15not yet calculatedCVE-2017-13101
CERT-VN
uber_technologies -- ubereats_app_for_iosUber Technologies, Inc. UberEATS: Uber for Food Delivery, 1.108.10001, 2017-11-02, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.2018-08-15not yet calculatedCVE-2017-13104
CERT-VN
pinterest -- pinterest_app_for_iosPinterest, 6.37, 2017-10-24, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.2018-08-15not yet calculatedCVE-2017-13103
CERT-VN
distinctdev -- the_moron_test_app_for_iosDistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.2018-08-15not yet calculatedCVE-2017-13100
CERT-VN
gameloft -- asphalt_xtreme_offroad_rally_racing_app_for_iosGameloft Asphalt Xtreme: Offroad Rally Racing, 1.6.0, 2017-08-13, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.2018-08-15not yet calculatedCVE-2017-13102
CERT-VN
asustor -- admASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell.2018-08-16not yet calculatedCVE-2018-11509
MISC
EXPLOIT-DB
asustor -- admThe tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'album_id' or 'scope' parameter via a photo-gallery/api/album/tree_lists/ URI.2018-08-16not yet calculatedCVE-2018-11511
MISC
EXPLOIT-DB
atlassian -- confluence_questionsThe acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability.2018-08-15not yet calculatedCVE-2018-13394
CONFIRM
atlassian -- confluence_questionsThe convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability.2018-08-15not yet calculatedCVE-2018-13393
CONFIRM
atlassian -- fisheye_and_crucibleSeveral resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys.2018-08-13not yet calculatedCVE-2018-13392
BID
CONFIRM
CONFIRM
btrfsmaintenance -- btrfsmaintenanceAn issue was discovered in evaluate_auto_mountpoint in btrfsmaintenance-functions in btrfsmaintenance through 0.4.1. Code execution as root can occur via a specially crafted filesystem label if btrfs-{scrub,balance,trim} are set to auto in /etc/sysconfig/btrfsmaintenance (this is not the default, though).2018-08-15not yet calculatedCVE-2018-14722
MLIST
CONFIRM
cisco -- asr_9000_series_aggregation_services_router_softwareA vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input and validation checking on certain Precision Time Protocol (PTP) ingress traffic to an affected device. An attacker could exploit this vulnerability by injecting malformed traffic into an affected device. A successful exploit could allow the attacker to cause services on the device to become unresponsive, resulting in a DoS condition. Cisco Bug IDs: CSCvj22858.2018-08-15not yet calculatedCVE-2018-0418
CISCO

cisco -- asyncos_software_for_cisco_web_security_appliances

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability exists because the affected software improperly manages memory resources for TCP connections to a targeted device. An attacker could exploit this vulnerability by establishing a high number of TCP connections to the data interface of an affected device via IPv4 or IPv6. A successful exploit could allow the attacker to exhaust system memory, which could cause the system to stop processing new connections and result in a DoS condition. System recovery may require manual intervention. Cisco Bug IDs: CSCvf36610.2018-08-15not yet calculatedCVE-2018-0410
BID
CISCO
qnap-- qtsCommand injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application.2018-08-13not yet calculatedCVE-2018-0714
CONFIRM
cisco -- email_security_appliancesA vulnerability in certain attachment detection mechanisms of Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected system. The vulnerability is due to the improper detection of content within executable (EXE) files. An attacker could exploit this vulnerability by sending a customized EXE file that is not recognized and blocked by the ESA. A successful exploit could allow an attacker to send email messages that contain malicious executable files to unsuspecting users. Cisco Bug IDs: CSCvh03786.2018-08-15not yet calculatedCVE-2018-0419
CISCO
cisco -- ios_software_and_ios_xe_softwareA vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful exploit could allow the attacker to obtain the encrypted nonces. Cisco Bug IDs: CSCve77140.2018-08-14not yet calculatedCVE-2018-0131
BID
CISCO
cisco -- multiple_productsA vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage for all IM&P users, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious IPv4 or IPv6 packet to an affected device on TCP port 7400. An exploit could allow the attacker to overread a buffer, resulting in a crash and restart of the XCP Router service. Cisco Bug IDs: CSCvg97663, CSCvi55947.2018-08-15not yet calculatedCVE-2018-0409
BID
BID
CISCO
cisco -- registered_envelope_serviceA vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. Cisco Bug IDs: CVE-2018-0367.2018-08-15not yet calculatedCVE-2018-0367
CISCO
cisco -- small_business_100_and_300_series_wireless_access_pointsA vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper processing of certain EAPOL frames. An attacker could exploit this vulnerability by sending a stream of crafted EAPOL frames to an affected device. A successful exploit could allow the attacker to force the access point (AP) to disassociate all the associated stations (STAs) and to disallow future, new association requests. Cisco Bug IDs: CSCvj97472.2018-08-15not yet calculatedCVE-2018-0415
CISCO
cisco -- small_business_100_and_300_series_wireless_access_pointsA vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of the encryption algorithm that is used between an authenticator (access point) and a supplicant (Wi-Fi client). The vulnerability is due to the improper processing of certain EAPOL messages that are received during the Wi-Fi handshake process. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between a supplicant and an authenticator and manipulating an EAPOL message exchange to force usage of a WPA-TKIP cipher instead of the more secure AES-CCMP cipher. A successful exploit could allow the attacker to conduct subsequent cryptographic attacks, which could lead to the disclosure of confidential information. Cisco Bug IDs: CSCvj29229.2018-08-15not yet calculatedCVE-2018-0412
CISCO
cisco -- unified_communications_domain_manager_softwareA vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on an affected system. The vulnerability is due to improper validation of input that is passed to the affected software. An attacker could exploit this vulnerability by persuading a user of the affected software to access a malicious URL. A successful exploit could allow the attacker to access sensitive, browser-based information on the affected system or perform arbitrary actions in the affected software in the security context of the user. Cisco Bug IDs: CSCvh49694.2018-08-15not yet calculatedCVE-2018-0386
CISCO
cisco -- web_security_applianceA vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerability is due to improper implementation of access controls. An attacker could exploit this vulnerability by authenticating to the device as a specific user to gain the information needed to elevate privileges to root in a separate login shell. A successful exploit could allow the attacker to escape the CLI subshell and execute system-level commands on the underlying operating system as root. Cisco Bug IDs: CSCvj93548.2018-08-15not yet calculatedCVE-2018-0428
BID
CISCO
cisco -- web_security_applianceA vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to incorrect input validation of user-supplied data. An attacker could exploit this vulnerability by sending a malicious packet. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. Cisco Bug IDs: CSCvi42263.2018-08-15not yet calculatedCVE-2018-0427
BID
CISCO
citrix -- xenserverCitrix XenServer 7.1 and newer allows Directory Traversal.2018-08-15not yet calculatedCVE-2018-14007
BID
CONFIRM
CONFIRM
clavister -- cos_coreThe IKEv1 implementation in Clavister cOS Core before 11.00.11, 11.20.xx before 11.20.06, and 12.00.xx before 12.00.09 allows remote attackers to decrypt RSA-encrypted nonces by leveraging a Bleichenbacher attack.2018-08-15not yet calculatedCVE-2018-8753
MISC
CONFIRM
crestron -- tsw-x60_and_mc3Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execute hidden API calls and escape the CTP console sandbox environment with elevated privileges.2018-08-10not yet calculatedCVE-2018-13341
BID
MISC
crestron -- tsw-x60_and_mc3For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open.2018-08-10not yet calculatedCVE-2018-10630
BID
MISC
cryo -- cryoA code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization.2018-08-17not yet calculatedCVE-2018-3784
MISC
delta_electronics -- cncsoft_with_screeneditorCNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remote code execution with administrator privileges if exploited.2018-08-13not yet calculatedCVE-2018-10636
BID
MISC
delta_electronics -- cncsoft_with_screeneditorCNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has two out-of-bounds read vulnerabilities could cause the software to crash due to lacking user input validation for processing project files. Which may allow an attacker to gain remote code execution with administrator privileges if exploited.2018-08-13not yet calculatedCVE-2018-10598
BID
MISC
dojo -- toolkitIn Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.2018-08-17not yet calculatedCVE-2018-15494
MISC
MISC
eclipse -- openj9In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows, Linux and AIX JVMs and can be disabled using the command line option -Dcom.ibm.tools.attach.enable=no.2018-08-14not yet calculatedCVE-2018-12539
CONFIRM
eclipse -- vert.xIn Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.2018-08-14not yet calculatedCVE-2018-12537
REDHAT
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
edimax -- ew-7438rpn_miniAn issue was discovered in Edimax EW-7438RPn Mini v2 before version 1.26. There is XSS in an SSID field.2018-08-13not yet calculatedCVE-2018-10569
MISC
MISC
eltex -- esp-200_firmwareAn authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0.2018-08-17not yet calculatedCVE-2018-15356
MISC
eltex -- esp-200_firmwareAn attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0.2018-08-17not yet calculatedCVE-2018-15360
MISC
eltex -- esp-200_firmwareAn authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0.2018-08-17not yet calculatedCVE-2018-15358
MISC
eltex -- esp-200_firmwareAn authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0.2018-08-17not yet calculatedCVE-2018-15357
MISC
eltex -- esp-200_firmwareAn authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0.2018-08-17not yet calculatedCVE-2018-15359
MISC
embedthis -- goahead_and_appwebAn issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address.2018-08-17not yet calculatedCVE-2018-15505
MISC
MISC
MISC
embedthis -- goahead_and_appwebAn issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.2018-08-17not yet calculatedCVE-2018-15504
MISC
MISC
MISC
ericsson-lg -- ipecs_nms_30mEricsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs.2018-08-15not yet calculatedCVE-2018-15138
EXPLOIT-DB
ethereum -- all_for_one_gameThe maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the _seed value can be retrieved with a getStorageAt call. Therefore, it allows attackers to always win and get rewards.2018-08-15not yet calculatedCVE-2018-12056
MISC
ethereum -- bitcoin_red_tokenAn integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red (BTCR), an Ethereum ERC20 token, allows the owner to accomplish an unauthorized increase of digital assets by providing a large address[] array, as exploited in the wild in May 2018, aka the "ownerUnderflow" issue.2018-08-15not yet calculatedCVE-2018-11687
MISC
f5 -- big-ipThe svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or assume super-user privileges on the local client host.2018-08-17not yet calculatedCVE-2018-5546
SECTRACK
CONFIRM
f5 -- big-ipWindows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature displays a certificate user interface dialog box which contains the link to the certificate policy. By clicking on the link, unprivileged users can open additional dialog boxes and get access to the local machine windows explorer which can be used to get administrator privilege. Windows Logon Integration is vulnerable when the APM client is installed by an administrator on a user machine. Users accessing the local machine can get administrator privileges2018-08-17not yet calculatedCVE-2018-5547
SECTRACK
CONFIRM
flintcms -- flintcmsA privilege escalation detected in flintcms versions <= 1.1.9 allows account takeover due to blind MongoDB injection in password reset.2018-08-17not yet calculatedCVE-2018-3783
MISC
git-dummy-commit -- git-dummy-commitA command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter.2018-08-17not yet calculatedCVE-2018-3785
MISC
gnome -- display_managerThe daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.2018-08-14not yet calculatedCVE-2018-14424
CONFIRM
UBUNTU
DEBIAN
ks_mobile-- live.me_app_for_androidLive.me - live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.2018-08-15not yet calculatedCVE-2017-13107
CERT-VN
cheetah_mobile-- cm_launcher_3d_app_for_androidCheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.2018-08-15not yet calculatedCVE-2017-13106
CERT-VN
hawk_mobile_hi_security_labs -- hi_security_virus_cleaner_app_for_androidHi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, 2017-09-13, Android application accepts all SSL certificates during SSL communication. This opens the application up to a man-in-the-middle attack having all of its encrypted traffic intercepted and read by an attacker.2018-08-15not yet calculatedCVE-2017-13105
CERT-VN
psafe_tools -- dfndr_security_app_for_androidDFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.2018-08-15not yet calculatedCVE-2017-13108
CERT-VN
hikvision -- ip_camerasA buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices. Due to the insufficient input validation, successful exploit can corrupt memory and lead to arbitrary code execution or crash the process.2018-08-13not yet calculatedCVE-2018-6414
CONFIRM
hp -- multiple_inkjet_printersA security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a static buffer overflow, which could allow remote code execution.2018-08-13not yet calculatedCVE-2018-5925
BID
SECTRACK
MISC
HP
hp -- multiple_inkjet_printersA security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack buffer overflow, which could allow remote code execution.2018-08-13not yet calculatedCVE-2018-5924
BID
SECTRACK
MISC
HP
hpe -- multiple_productsA security vulnerability in HPE Integrated Lights-Out 3 prior to v1.90, iLO 4 prior to v2.60, iLO 5 prior to v1.30, Moonshot Chassis Manager firmware prior to v1.58, and Moonshot Component Pack prior to v2.55 could be remotely exploited to create a denial of service.2018-08-14not yet calculatedCVE-2018-7093
SECTRACK
CONFIRM
hpe -- officeconnect_1810_switch_seriesA potential security vulnerability has been identified in HPE OfficeConnect 1810 Switch Series (HP 1810-24G - P.2.22 and previous versions, HP 1810-48G PK.1.34 and previous versions, HP 1810-8 v2 P.2.22 and previous versions). The vulnerability could allow local disclosure of sensitive information.2018-08-14not yet calculatedCVE-2018-7100
SECTRACK
CONFIRM
hpe -- xp_p9000_command_view_advanced_editionA security vulnerability in HPE XP P9000 Command View Advanced Edition (CVAE) Device Manager (DevMgr 8.5.0-00 and prior to 8.6.0-00), Configuration Manager (CM 8.5.0-00 and prior to 8.6.0-00) could be exploited to allow local and remote unauthorized access to sensitive information.2018-08-14not yet calculatedCVE-2018-7077
CONFIRM
ibm -- api_connectIBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.2018-08-16not yet calculatedCVE-2018-1712
XF
CONFIRM
ibm -- maximo_asset_managementIBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147003.2018-08-16not yet calculatedCVE-2018-1715
XF
CONFIRM
ibm -- rational_clearquestIBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353.2018-08-13not yet calculatedCVE-2016-2922
XF
CONFIRM
ibm -- security_access_manager_for enterprise_single_sign_onIBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 134913.2018-08-17not yet calculatedCVE-2017-1732
CONFIRM
XF
ibm -- tivoli_application_dependency_discovery_managerIBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 11029.2018-08-15not yet calculatedCVE-2018-1455
XF
CONFIRM
ibm -- urbancode_deployIBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter UCD deployments. IBM X-Force ID: 135522.2018-08-13not yet calculatedCVE-2017-1749
XF
CONFIRM

ibm -- urbancode_deploy

Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147.2018-08-13not yet calculatedCVE-2017-1286
XF
CONFIRM
intelbras -- win_240A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login.2018-08-15not yet calculatedCVE-2018-10369
MISC
jetbrains -- dotpeek_and_resharper_ultimateJetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data.2018-08-13not yet calculatedCVE-2018-14878
CONFIRM
MISC
keycloak -- keycloakIt was found that an authenticated user could manipulate user session information to trigger an infinite loop in keycloak. A malicious user could use this flaw to conduct a denial of service attack against the server.2018-08-13not yet calculatedCVE-2018-10842
CONFIRM
kraftway -- 24f2xg_router_firmwareDenial of service via crafting malicious link and sending it to a privileged user can cause Denial of Service in Kraftway 24F2XG Router firmware version 3.5.30.1118.2018-08-17not yet calculatedCVE-2018-15351
MISC
kraftway -- 24f2xg_router_firmwareAn attacker with low privileges can cause denial of service in Kraftway 24F2XG Router firmware version 3.5.30.1118.2018-08-17not yet calculatedCVE-2018-15352
MISC
kraftway -- 24f2xg_router_firmwareA Buffer Overflow exploited through web interface by remote attacker can cause remote code execution in Kraftway 24F2XG Router firmware 3.5.30.1118.2018-08-17not yet calculatedCVE-2018-15353
MISC
kraftway -- 24f2xg_router_firmwareA Buffer Overflow exploited through web interface by remote attacker can cause denial of service in Kraftway 24F2XG Router firmware 3.5.30.1118.2018-08-17not yet calculatedCVE-2018-15354
MISC
kraftway -- 24f2xg_router_firmwareRouter Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote attackers to get privileged access to the router.2018-08-17not yet calculatedCVE-2018-15350
MISC
kraftway -- 24f2xg_router_firmwareUsage of SSLv2 and SSLv3 leads to transmitted data decryption in Kraftway 24F2XG Router firmware 3.5.30.1118.2018-08-17not yet calculatedCVE-2018-15355
MISC
lg -- android_devicesCertain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004.2018-08-17not yet calculatedCVE-2018-14982
CONFIRM
lg -- android_devicesCertain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006.2018-08-17not yet calculatedCVE-2018-15482
CONFIRM
lg -- android_devicesCertain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. The LG ID is LVE-SMP-180005.2018-08-17not yet calculatedCVE-2018-14981
CONFIRM
libcgroup -- libcgrouplibcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information.2018-08-14not yet calculatedCVE-2018-14348
SUSE
CONFIRM
FEDORA
CONFIRM
libgit2 -- libgit2In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS.2018-08-17not yet calculatedCVE-2018-15501
MISC
MISC
MISC
MISC
MISC
MISC
libxml2 -- libxml2libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.2018-08-16not yet calculatedCVE-2018-14567
CONFIRM
UBUNTU
litecart -- litecartadmin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods&doc=vqmods request.2018-08-16not yet calculatedCVE-2018-12256
CONFIRM
CONFIRM
man-cgi -- man-cgiman-cgi before 1.16 allows Local File Inclusion via absolute path traversal, as demonstrated by a cgi-bin/man-cgi?/etc/passwd URI.2018-08-14not yet calculatedCVE-2018-14429
MISC
BUGTRAQ
medtronic -- minimed_508_insulin_pumpMedtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G The models identified above, when paired with a remote controller and having the "easy bolus" and "remote bolus" options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery.2018-08-13not yet calculatedCVE-2018-14781
BID
MISC
medtronic -- minimed_508_insulin_pumpMedtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G communications between the pump and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers.2018-08-13not yet calculatedCVE-2018-10634
BID
MISC
microsoft -- .net_frameworkAn information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2.2018-08-15not yet calculatedCVE-2018-8360
BID
SECTRACK
CONFIRM
microsoft -- chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8381.2018-08-15not yet calculatedCVE-2018-8384
BID
CONFIRM
microsoft -- chakracoreA remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.2018-08-15not yet calculatedCVE-2018-8359
BID
SECTRACK
CONFIRM
microsoft -- chakracore_and_edgeA remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389.2018-08-15not yet calculatedCVE-2018-8390
BID
SECTRACK
CONFIRM
microsoft -- chakracore_and_edgeA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8384.2018-08-15not yet calculatedCVE-2018-8381
BID
SECTRACK
CONFIRM
microsoft -- chakracore_and_edgeA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8381, CVE-2018-8384.2018-08-15not yet calculatedCVE-2018-8380
BID
SECTRACK
CONFIRM
microsoft -- multiple_productsA remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.2018-08-15not yet calculatedCVE-2018-8355
BID
SECTRACK
CONFIRM
microsoft -- multiple_productsA remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.2018-08-15not yet calculatedCVE-2018-8372
BID
SECTRACK
CONFIRM
microsoft -- edgeA remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8387.2018-08-15not yet calculatedCVE-2018-8377
BID
CONFIRM
microsoft -- edgeA security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.2018-08-15not yet calculatedCVE-2018-8358
BID
SECTRACK
CONFIRM
microsoft -- edgeA spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8383.2018-08-15not yet calculatedCVE-2018-8388
BID
SECTRACK
CONFIRM
microsoft -- edgeA spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8388.2018-08-15not yet calculatedCVE-2018-8383
BID
SECTRACK
CONFIRM
microsoft -- edgeA remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8377.2018-08-15not yet calculatedCVE-2018-8387
BID
CONFIRM
microsoft -- edgeA information disclosure vulnerability exists when WebAudio Library improperly handles audio requests, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge.2018-08-15not yet calculatedCVE-2018-8370
BID
SECTRACK
CONFIRM
microsoft -- edge_and_chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8380, CVE-2018-8381, CVE-2018-8384.2018-08-15not yet calculatedCVE-2018-8266
BID
SECTRACK
CONFIRM
microsoft -- excelA remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel. This CVE ID is unique from CVE-2018-8375.2018-08-15not yet calculatedCVE-2018-8379
BID
SECTRACK
CONFIRM
microsoft -- multiple_productsAn information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.2018-08-15not yet calculatedCVE-2018-8382
BID
SECTRACK
CONFIRM
microsoft -- multiple_productsA remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8379.2018-08-15not yet calculatedCVE-2018-8375
BID
SECTRACK
CONFIRM
microsoft -- exchange_serverA tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server.2018-08-15not yet calculatedCVE-2018-8374
BID
SECTRACK
CONFIRM
microsoft -- exchange_serverA remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.2018-08-15not yet calculatedCVE-2018-8302
BID
SECTRACK
CONFIRM
microsoft -- internet_explorerA remote code execution vulnerability exists when Internet Explorer improperly validates hyperlinks before loading executable libraries, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 11, Internet Explorer 10.2018-08-15not yet calculatedCVE-2018-8316
BID
SECTRACK
CONFIRM
microsoft -- internet_explorer_and_edgeAn elevation of privilege vulnerability exists in Microsoft browsers allowing sandbox escape, aka "Microsoft Browser Elevation of Privilege Vulnerability." This affects Internet Explorer 11, Microsoft Edge.2018-08-15not yet calculatedCVE-2018-8357
BID
SECTRACK
CONFIRM
microsoft -- multiple_productsA remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10.2018-08-15not yet calculatedCVE-2018-8403
BID
SECTRACK
CONFIRM
microsoft -- internet_explorerA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.2018-08-15not yet calculatedCVE-2018-8371
BID
SECTRACK
CONFIRM
microsoft -- internet_explorerA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8390.2018-08-15not yet calculatedCVE-2018-8389
BID
SECTRACK
CONFIRM
microsoft -- internet_explorerA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.2018-08-15not yet calculatedCVE-2018-8353
BID
SECTRACK
CONFIRM
microsoft -- internet_explorerA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.2018-08-15not yet calculatedCVE-2018-8373
BID
SECTRACK
CONFIRM
microsoft -- multiple_productsAn elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows NDIS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8342.2018-08-15not yet calculatedCVE-2018-8343
BID
SECTRACK
CONFIRM
microsoft -- multiple_productsA remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka "LNK Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8346.2018-08-15not yet calculatedCVE-2018-8345
BID
SECTRACK
CONFIRM
microsoft -- multiple_productsAn elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8399.2018-08-15not yet calculatedCVE-2018-8404
BID
SECTRACK
CONFIRM
microsoft -- multiple_productsA remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-08-15not yet calculatedCVE-2018-8344
BID
SECTRACK
CONFIRM
microsoft -- multiple_productsAn information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8396, CVE-2018-8398.2018-08-15not yet calculatedCVE-2018-8394
BID
SECTRACK
CONFIRM
microsoft -- multiple_productsAn elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8406.2018-08-15not yet calculatedCVE-2018-8405
BID
SECTRACK
CONFIRM
microsoft -- multiple_productsAn information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8348.2018-08-15not yet calculatedCVE-2018-8341
BID
CONFIRM
microsoft -- multiple_productsAn information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8341.2018-08-15not yet calculatedCVE-2018-8348
BID
CONFIRM
microsoft -- multiple_productsAn information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint, Microsoft Office.2018-08-15not yet calculatedCVE-2018-8378
BID
CONFIRM
microsoft -- multiple_productsAn information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8394, CVE-2018-8396.2018-08-15not yet calculatedCVE-2018-8398
BID
SECTRACK
CONFIRM
microsoft -- multiple_productsAn elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior, aka "Windows Installer Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-08-15not yet calculatedCVE-2018-8339
BID
SECTRACK
CONFIRM
microsoft -- multiple_productsA remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8389, CVE-2018-8390.2018-08-15not yet calculatedCVE-2018-8385
BID
SECTRACK
CONFIRM
microsoft -- multiple_products A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-08-15not yet calculatedCVE-2018-8349
BID
SECTRACK
CONFIRM
microsoft -- officeAn elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka "Microsoft (MAU) Office Elevation of Privilege Vulnerability." This affects Microsoft Office.2018-08-15not yet calculatedCVE-2018-8412
BID
SECTRACK
CONFIRM
microsoft -- powerpointA remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft PowerPoint.2018-08-15not yet calculatedCVE-2018-8376
BID
SECTRACK
CONFIRM
microsoft -- sql_serverA buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system, aka "Microsoft SQL Server Remote Code Execution Vulnerability." This affects Microsoft SQL Server.2018-08-15not yet calculatedCVE-2018-8273
BID
SECTRACK
CONFIRM
microsoft -- windows_10_servers_and_windows_10A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.2018-08-15not yet calculatedCVE-2018-8350
BID
SECTRACK
CONFIRM
microsoft -- multiple_productsAn information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10.2018-08-15not yet calculatedCVE-2018-8351
BID
SECTRACK
CONFIRM
microsoft -- windows_10_servers_and_windows_10An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8404.2018-08-15not yet calculatedCVE-2018-8399
BID
SECTRACK
CONFIRM
microsoft -- windows_10_servers_and_windows_10A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.2018-08-15not yet calculatedCVE-2018-8414
BID
SECTRACK
CONFIRM
microsoft -- windows_10_servers_and_windows_10An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8401, CVE-2018-8405, CVE-2018-8406.2018-08-15not yet calculatedCVE-2018-8400
BID
SECTRACK
CONFIRM
microsoft -- windows_7_and_windows_server_2008_r2An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows NDIS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8343.2018-08-15not yet calculatedCVE-2018-8342
BID
SECTRACK
CONFIRM
microsoft -- multiple_productsA remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka "LNK Remote Code Execution Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8345.2018-08-15not yet calculatedCVE-2018-8346
BID
SECTRACK
CONFIRM
microsoft -- multiple_productsA remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka "GDI+ Remote Code Execution Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.2018-08-15not yet calculatedCVE-2018-8397
BID
SECTRACK
CONFIRM
microsoft -- multiple_productsAn information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8394, CVE-2018-8398.2018-08-15not yet calculatedCVE-2018-8396
BID
SECTRACK
CONFIRM
microsoft -- windows_server_2016_and_windows_10An elevation of privilege vulnerability exists when Microsoft Cortana allows arbitrary website browsing on the lockscreen, aka "Microsoft Cortana Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10.2018-08-15not yet calculatedCVE-2018-8253
BID
SECTRACK
CONFIRM
microsoft -- multiple_productsA security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8204.2018-08-15not yet calculatedCVE-2018-8200
BID
SECTRACK
CONFIRM
microsoft -- multiple_productsA security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8200.2018-08-15not yet calculatedCVE-2018-8204
BID
SECTRACK
CONFIRM
microsoft -- multiple_productsAn elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.2018-08-15not yet calculatedCVE-2018-8347
BID
CONFIRM
microsoft -- multiple_productsAn elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8405, CVE-2018-8406.2018-08-15not yet calculatedCVE-2018-8401
BID
SECTRACK
CONFIRM
microsoft -- multiple_productsAn elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8405.2018-08-15not yet calculatedCVE-2018-8406
BID
SECTRACK
CONFIRM
microsoft -- multiple_productsA security feature bypass vulnerability exists when Active Directory Federation Services (AD FS) improperly handles multi-factor authentication requests, aka "AD FS Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows Server 2012 R2, Windows 10 Servers.2018-08-15not yet calculatedCVE-2018-8340
BID
SECTRACK
CONFIRM
microsoft – multiple_productsAn Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka "Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Microsoft Visual Studio, Windows 10 Servers.2018-08-15not yet calculatedCVE-2018-0952
BID
SECTRACK
CONFIRM
monstra -- cmsMultiple cross-site scripting (XSS) vulnerabilities in Monstra CMS 3.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name field in the edit profile page.2018-08-14not yet calculatedCVE-2018-14922
MISC
MISC
EXPLOIT-DB
multiple_vendors -- bios_firmwareAn issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can clear TPM 2.0. It allows local users to overwrite static PCRs of TPM and neutralize the security features of it, such as seal/unseal and remote attestation.2018-08-17not yet calculatedCVE-2018-6622
MISC
multiple_vendors -- multiple_productsmingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the "Dynamic base" PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are vulnerable to return-oriented programming (ROP) attacks. Windows executables generated by mingw-w64 claim to be ASLR compatible, but are not. Vulnerabilities in such executables are more easily exploitable as a result.2018-08-14not yet calculatedCVE-2018-5392
CERT-VN
mybb -- mybbinc/plugins/thankyoulike.php in the Eldenroot Thank You/Like plugin before 3.1.0 for MyBB allows XSS via a post or thread subject.2018-08-14not yet calculatedCVE-2018-14888
MISC
CONFIRM
CONFIRM
EXPLOIT-DB
nasdaq -- bwiseThe JMX/RMI interface in Nasdaq BWise 5.0 does not require authentication for an SAP BO Component, which allows remote attackers to execute arbitrary code via a session on port 81.2018-08-15not yet calculatedCVE-2018-11247
FULLDISC
netcomm_wireless -- g_lte_light_industrial_m2m_routerNetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device allows access to configuration files and profiles without authenticating the user.2018-08-10not yet calculatedCVE-2018-14782
BID
MISC
netcomm_wireless -- g_lte_light_industrial_m2m_routerNetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device is vulnerable to several cross-site scripting attacks, allowing a remote attacker to run arbitrary code on the device.2018-08-10not yet calculatedCVE-2018-14784
BID
MISC
netcomm_wireless -- g_lte_light_industrial_m2m_routerNetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The directory of the device is listed openly without authentication.2018-08-10not yet calculatedCVE-2018-14785
BID
MISC
netcomm_wireless -- g_lte_light_industrial_m2m_routerNetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. A cross-site request forgery condition can occur, allowing an attacker to change passwords of the device remotely.2018-08-10not yet calculatedCVE-2018-14783
BID
MISC
nextcloud -- serverA missing sanitization of search results for an autocomplete field in NextCloud Server <13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users.2018-08-13not yet calculatedCVE-2018-3780
MISC
CONFIRM
nextcloud -- serverImproper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication.2018-08-12not yet calculatedCVE-2018-3775
MISC
CONFIRM
nextcloud -- serverImproper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log.2018-08-12not yet calculatedCVE-2018-3776
MISC
CONFIRM
nextcloud -- talkA missing sanitization of search results for an autocomplete field in NextCloud Talk <3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users.2018-08-13not yet calculatedCVE-2018-3781
MISC
CONFIRM
openemr -- openemrSQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'text' parameter.2018-08-15not yet calculatedCVE-2018-15148
CONFIRM
MISC
MISC
CONFIRM
openemr -- openemrMultiple SQL injection vulnerabilities in portal/find_appt_popup_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) catid or (2) providerid parameter.2018-08-13not yet calculatedCVE-2018-15143
CONFIRM
MISC
openemr -- openemrMultiple SQL injection vulnerabilities in portal/add_edit_event_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) eid, (2) userid, or (3) pid parameter.2018-08-13not yet calculatedCVE-2018-15145
CONFIRM
MISC
openemr -- openemrSQL injection vulnerability in interface/de_identification_forms/de_identification_screen2.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'temporary_files_dir' variable in interface/super/edit_globals.php.2018-08-15not yet calculatedCVE-2018-15150
CONFIRM
MISC
MISC
CONFIRM
openemr -- openemrSQL injection vulnerability in interface/forms/eye_mag/php/Anything_simple.php from library/forms.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'encounter' parameter.2018-08-15not yet calculatedCVE-2018-15149
CONFIRM
MISC
MISC
CONFIRM
openemr -- openemrUnrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory.2018-08-13not yet calculatedCVE-2018-15139
CONFIRM
MISC
openemr -- openemrSQL injection vulnerability in interface/de_identification_forms/find_immunization_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter.2018-08-15not yet calculatedCVE-2018-15146
CONFIRM
MISC
MISC
CONFIRM
openemr -- openemrSQL injection vulnerability in interface/forms_admin/forms_admin.php from library/registry.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'id' parameter.2018-08-15not yet calculatedCVE-2018-15147
CONFIRM
MISC
MISC
CONFIRM
openemr -- openemrDirectory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" parameters and accessing it in the traversed directory.2018-08-13not yet calculatedCVE-2018-15142
CONFIRM
MISC
EXPLOIT-DB
openemr -- openemrAuthentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php, (5) portal/get_lab_results.php, (6) portal/get_medications.php, (7) portal/get_patient_documents.php, (8) portal/get_problems.php, (9) portal/get_profile.php, (10) portal/portal_payment.php, (11) portal/messaging/messages.php, (12) portal/messaging/secure_chat.php, (13) portal/report/pat_ledger.php, (14) portal/report/portal_custom_report.php, or (15) portal/report/portal_patient_report.php without authenticating as a patient.2018-08-15not yet calculatedCVE-2018-15152
CONFIRM
MISC
MISC
CONFIRM
openemr -- openemrSQL injection vulnerability in interface/de_identification_forms/find_drug_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the search_term parameter.2018-08-13not yet calculatedCVE-2018-15144
CONFIRM
MISC
openemr -- openemrSQL injection vulnerability in interface/de_identification_forms/find_code_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter.2018-08-15not yet calculatedCVE-2018-15151
CONFIRM
MISC
MISC
CONFIRM
openemr -- openemrOS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/fax_dispatch.php after modifying the "hylafax_enscript" global variable in interface/super/edit_globals.php.2018-08-15not yet calculatedCVE-2018-15155
CONFIRM
MISC
MISC
CONFIRM
openemr -- openemrOS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/billing/sl_eob_search.php after modifying the "print_command" global variable in interface/super/edit_globals.php.2018-08-15not yet calculatedCVE-2018-15154
CONFIRM
MISC
MISC
CONFIRM
openemr -- openemrOS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/main/daemon_frame.php after modifying the "hylafax_server" global variable in interface/super/edit_globals.php.2018-08-15not yet calculatedCVE-2018-15153
CONFIRM
MISC
MISC
EXPLOIT-DB
CONFIRM
openemr -- openemrOS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/faxq.php after modifying the "hylafax_server" global variable in interface/super/edit_globals.php.2018-08-15not yet calculatedCVE-2018-15156
CONFIRM
MISC
MISC
CONFIRM
openemr -- openemrDirectory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the "docid" parameter when the mode is set to get.2018-08-13not yet calculatedCVE-2018-15140
CONFIRM
MISC
EXPLOIT-DB
openemr -- openemrDirectory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete.2018-08-13not yet calculatedCVE-2018-15141
CONFIRM
MISC
EXPLOIT-DB
openssh -- opensshOpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.2018-08-17not yet calculatedCVE-2018-15473
MISC
SECTRACK
MISC
MISC
oracle -- database_serverA vulnerability was discovered in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).2018-08-10not yet calculatedCVE-2018-3110
CONFIRM
BID
palo_alto_networks -- pan-osThe PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. PAN-OS 6.1, PAN-OS 7.1 and PAN-OS 8.0 are NOT affected.2018-08-16not yet calculatedCVE-2018-10140
BID
CONFIRM
palo_alto_networks -- pan-osThe PAN-OS response page for GlobalProtect in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT affected.2018-08-16not yet calculatedCVE-2018-10139
BID
CONFIRM
pimcore -- pimcorePimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users / Roles" function.2018-08-17not yet calculatedCVE-2018-14057
MISC
FULLDISC
EXPLOIT-DB
MISC
pimcore -- pimcorePimcore before 5.3.0 allows SQL Injection via the REST web service API.2018-08-17not yet calculatedCVE-2018-14058
MISC
FULLDISC
EXPLOIT-DB
MISC
plex -- media_serverIn Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running Plex, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.2018-08-13not yet calculatedCVE-2018-13415
FULLDISC
EXPLOIT-DB
progress -- telerik_justassemblyAn issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or EXE) with an embedded resource file by clicking on the resource.2018-08-16not yet calculatedCVE-2018-15122
CONFIRM
CONFIRM

pulp -- pulp

pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories.2018-08-15not yet calculatedCVE-2018-10917
CONFIRM
red_hat -- jboss_core_serviceslibxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483.2018-08-16not yet calculatedCVE-2016-9598
REDHAT
CONFIRM

red_hat -- jboss_core_services

libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627.2018-08-16not yet calculatedCVE-2016-9596
CONFIRM
red_hat -- openshift_enterpriseThe OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens.2018-08-13not yet calculatedCVE-2017-15138
REDHAT
CONFIRM
redhat -- red_hat_certificationAn uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be opened and never closed, possibly producing a Denial of Service.2018-08-13not yet calculatedCVE-2018-10864
REDHAT
CONFIRM
responsive_filemanager -- responsive_filemanager/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.2018-08-17not yet calculatedCVE-2018-15495
MISC
MISC
rpm-software-management -- rpmIt was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.2018-08-13not yet calculatedCVE-2017-7500
CONFIRM
CONFIRM
CONFIRM
sap -- businessobjects_business_intelligenceIn SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid.2018-08-14not yet calculatedCVE-2018-2442
BID
MISC
CONFIRM
sap -- businessobjects_business_intelligenceAdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability.2018-08-14not yet calculatedCVE-2018-2445
BID
MISC
CONFIRM
sap -- businessobjects_business_intelligenceAdmin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure.2018-08-14not yet calculatedCVE-2018-2446
BID
MISC
CONFIRM
sap -- businessobjects_business_intelligenceSAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), version 4.2, allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database.2018-08-14not yet calculatedCVE-2018-2447
BID
MISC
CONFIRM
sap -- businessobjects_business_intelligenceAdmin tools in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, allows an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure.2018-08-14not yet calculatedCVE-2018-2448
BID
MISC
CONFIRM
sap -- businessobjects_financial_consolidationSAP BusinessObjects Financial Consolidation, versions 10.0, 10.1, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.2018-08-14not yet calculatedCVE-2018-2444
BID
MISC
CONFIRM
sap -- change_and_transport_system_and_kernelUnder certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted.2018-08-14not yet calculatedCVE-2018-2441
BID
MISC
CONFIRM
sap -- hana_extended_application_servicesXS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding authorizations have been revoked meanwhile by an administrator user. Similarly, an attacker who managed to gain access to the platform user's session might misuse the session token even after the session has been closed.2018-08-14not yet calculatedCVE-2018-2451
BID
MISC
CONFIRM
sap -- maxdbSAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who gets DBM operator privileges to execute crafted database queries and therefore read, modify or delete sensitive data from database.2018-08-14not yet calculatedCVE-2018-2450
BID
MISC
CONFIRM
sap -- srm_mdm_catalogSAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying.2018-08-14not yet calculatedCVE-2018-2449
BID
MISC
CONFIRM
sentinel -- license_managerA vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.2018-08-17not yet calculatedCVE-2018-15492
MISC
MISC
sony -- ipela_e_series_camera_g5_firmwareAn exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST request to trigger this vulnerability.2018-08-14not yet calculatedCVE-2018-3938
MISC
sony -- ipela_e_series_network_camera_g5_firmwareAn exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability.2018-08-14not yet calculatedCVE-2018-3937
MISC
spice -- spiceA vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.2018-08-17not yet calculatedCVE-2018-10873
CONFIRM
CONFIRM
swoole -- swooleThe unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV.2018-08-17not yet calculatedCVE-2018-15503
MISC
MISC
tiki -- tikiStored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image.2018-08-13not yet calculatedCVE-2018-14850
MLIST
MLIST
CONFIRM
tiki -- tikiTiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php.2018-08-13not yet calculatedCVE-2018-14849
MLIST
MLIST
CONFIRM
tp-link -- wr840n_devicesTP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header.2018-08-15not yet calculatedCVE-2018-15172
MISC
EXPLOIT-DB
trend_micro -- control_managerA vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS).2018-08-15not yet calculatedCVE-2018-10512
CONFIRM
trend_micro -- control_managerA vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations.2018-08-15not yet calculatedCVE-2018-10511
CONFIRM
trend_micro -- control_managerA Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations.2018-08-15not yet calculatedCVE-2018-10510
CONFIRM
unshiftio -- url-parseIncorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.2018-08-12not yet calculatedCVE-2018-3774
CONFIRM
CONFIRM
MISC
valeuraddons -- german_spelling_dictionaryA cross-site scripting (XSS) vulnerability was found in valeuraddons German Spelling Dictionary v1.3 (an Opera Browser add-on). Instead of providing text for a spelling check, remote attackers may inject arbitrary web script or HTML via the ajax query parameter in the URL Address Bar.2018-08-13not yet calculatedCVE-2018-12587
MISC
MISC
vmware -- horizon_and_horizon_clientVMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesn't apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems.2018-08-13not yet calculatedCVE-2018-6970
BID
SECTRACK
CONFIRM
vmware -- workstation_and_fusionVMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host.2018-08-15not yet calculatedCVE-2018-6973
BID
SECTRACK
CONFIRM
vuze -- bittorrent_clientIn Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running Vuze, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.2018-08-13not yet calculatedCVE-2018-13417
FULLDISC
EXPLOIT-DB
wordpress -- wordpressIn WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then execute the file. This represents a security risk in limited scenarios where an attacker (who does have the required capabilities for plugin uploads) cannot simply place arbitrary PHP code into a valid plugin ZIP file and upload that plugin, because a machine's wp-content/plugins directory permissions were set up to block all new plugins.2018-08-10not yet calculatedCVE-2018-14028
BID
MISC
MISC
MISC
xen -- xenAn issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service.2018-08-17not yet calculatedCVE-2018-15468
MISC
xen -- xenAn issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting in subsequent grant-related hypercalls hitting BUG() checks. An unprivileged guest can cause a BUG() check in the hypervisor, resulting in a denial-of-service (crash).2018-08-17not yet calculatedCVE-2018-15469
MISC
xen -- xenAn issue was discovered in Xen through 4.11.x. The logic in oxenstored for handling writes depended on the order of evaluation of expressions making up a tuple. As indicated in section 7.7.3 "Operations on data structures" of the OCaml manual, the order of evaluation of subexpressions is not specified. In practice, different implementations behave differently. Thus, oxenstored may not enforce the configured quota-maxentity. This allows a malicious or buggy guest to write as many xenstore entries as it wishes, causing unbounded memory usage in oxenstored. This can lead to a system-wide DoS.2018-08-17not yet calculatedCVE-2018-15470
MISC
xen -- xenAn issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks.2018-08-17not yet calculatedCVE-2018-15471
MISC
MISC
yubico -- pivAn out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer.2018-08-15not yet calculatedCVE-2018-14780
MLIST
MISC
CONFIRM
yubico -- pivA buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len - 2 > max_out) { fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy()`, but no error handling happens to avoid the `memcpy()` in such cases. This code path can be triggered with malicious data coming from a smartcard.2018-08-15not yet calculatedCVE-2018-14779
MLIST
MISC
CONFIRM
zemana -- anti-loggerA vulnerability in the permission and encryption implementation of Zemana Anti-Logger 1.9.3.527 and prior (fixed in 1.9.3.602) allows an attacker to take control of the whitelisting feature (MyRules2.ini under %LOCALAPPDATA%\Zemana\ZALSDK) to permit execution of unauthorized applications (such as ones that record keystrokes).2018-08-17not yet calculatedCVE-2018-15491
MISC
zipato -- zipaboxWeak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device.2018-08-13not yet calculatedCVE-2018-15124
MISC
zipato -- zipaboxInsecure configuration storage in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows remote attacker perform new attack vectors and take under control device and smart home.2018-08-13not yet calculatedCVE-2018-15123
MISC
zipato -- zipaboxSensitive Information Disclosure in Zipato Zipabox Smart Home Controller allows remote attacker get sensitive information that expands attack surface.2018-08-13not yet calculatedCVE-2018-15125
MISC
zyxel -- zywall/usg_series_devicesZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections.2018-08-15not yet calculatedCVE-2018-9129
CONFIRM
MISC
CONFIRM

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top