U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

Bulletin (SB18-239)

Vulnerability Summary for the Week of August 20, 2018

Original release date: August 27, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no medium vulnerabilities recorded this week.
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
accupos -- accupos
 
AccuPOS 2017.8 is installed with the insecure "Authenticated Users: Modify" permission for files within the installation path. This may allow local attackers to compromise the integrity of critical resource and executable files.2018-08-23not yet calculatedCVE-2018-15809
MISC
actiontec -- t2200h_t2200h-31.128l.03_devicesfileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices allows OS Command Injection via shell metacharacters in the smbdUserid or smbdPasswd field.2018-08-19not yet calculatedCVE-2018-15553
MISC
advanced_package_tool -- advanced_package_tool
 
The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.2018-08-20not yet calculatedCVE-2018-0501
MISC
MISC
MISC
UBUNTU
amazon -- aws_cli_version
 
The Amazon Web Services (AWS) CLI version 1.15.85 (and possibly earlier versions) does not require the  owners flag when describing images, which makes it easier for remote attackers to trigger the loading of an undesired AMI by setting similar image properties (i.e., name), as exploited in the wild during August 2018 with a Monero miner AMI instead of the expected Ubuntu AMI.2018-08-24not yet calculatedCVE-2018-15869
MISC
ansible -- ansible_tower
 
Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users into visiting a malicious site and hijacking the authtoken cookie.2018-08-22not yet calculatedCVE-2018-10884
BID
CONFIRM
apache -- cayenne
 
This affects Apache Cayenne 4.1.M1, 3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1, 4.0.B2, 4.0.RC1, 3.1, 3.1.1, 3.1.2. CayenneModeler is a desktop GUI tool shipped with Apache Cayenne and intended for editing Cayenne ORM models stored as XML files. If an attacker tricks a user of CayenneModeler into opening a malicious XML file, the attacker will be able to instruct the XML parser built into CayenneModeler to transfer files from a local machine to a remote machine controlled by the attacker. The cause of the issue is XML parser processing XML External Entity (XXE) declarations included in XML. The vulnerability is addressed in Cayenne by disabling XXE processing in all operations that require XML parsing.2018-08-22not yet calculatedCVE-2018-11758
MLIST
apache -- sentry
 
An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry before 2.0.1. This can allow an attacker unauthorized access to the partitioned data of a Sentry protected table and can allow an attacker to remove data from a Sentry protected table.2018-08-23not yet calculatedCVE-2018-8028
MISC
apache -- struts
 
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper action(s) have no or wildcard namespace. Same possibility when using url tag which doesn't have value and action set and in same time, its upper action(s) have no or wildcard namespace.2018-08-22not yet calculatedCVE-2018-11776
CONFIRM
BID
SECTRACK
CONFIRM
MISC
CONFIRM
bd -- alaris_plus_medical_syringe_pumps
 
Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA) versions 2.3.6 and prior are affected by an improper authentication vulnerability where the software does not perform authentication for functionality that requires a provable user identity, where it may allow a remote attacker to gain unauthorized access to various Alaris Syringe pumps and impact the intended operation of the pump when it is connected to a terminal server via the serial port.2018-08-23not yet calculatedCVE-2018-14786
CONFIRM
MISC

beijing_ruoshen_technology -- xiuno_bbs

The editor in Xiuno BBS 4.0.4 allows stored XSS.2018-08-19not yet calculatedCVE-2018-15559
MISC
belkin -- wemo_insight_smart_plugStack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug allows remote attackers to bypass local security protection via a crafted HTTP post packet.2018-08-21not yet calculatedCVE-2018-6692
CONFIRM
bloop -- airmailAn issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that OpenURL is the default URL handler. A navigation request is processed by the default URL handler only if the currentEvent is NX_LMOUSEUP or NX_OMOUSEUP. An attacker may abuse HTML elements with an EventHandler for a chance to validate navigation requests for URLs that are processed during the NX_LMOUSEUP event triggered by clicking an email.2018-08-21not yet calculatedCVE-2018-15670
MISC
bloop -- airmailAn issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The "send" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the "send" command with the "attachment_" prefix designate attachment parameters. If the value of an attachment parameter corresponds to an accessible file path, the file is attached to the outbound message. In addition, relative file paths are acceptable attachment parameter values. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the "send" command, thus leading to automatic transmission of an email with designated attachments from the target account to a target address.2018-08-21not yet calculatedCVE-2018-15668
MISC
bloop -- airmailAn issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter.2018-08-21not yet calculatedCVE-2018-15669
MISC
bloop -- airmail
 
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. It registers and uses the airmail:// URL scheme. The "send" command in the URL scheme allows an external application to send arbitrary emails from an active account without authentication. The handler has no restriction on who can use its functionality. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the "send" command, thus leading to automatic transmission of an attacker crafted email from the target account.2018-08-21not yet calculatedCVE-2018-15667
MISC
cms_computers -- cmsunoCMSUno before 1.5.3 has XSS via the title field.2018-08-19not yet calculatedCVE-2018-15567
MISC
cobbler -- cobblerCobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler-api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.2018-08-20not yet calculatedCVE-2018-1000226
CONFIRM
MISC
cobbler -- cobbler
 
Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via "network connectivity". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler-api).2018-08-20not yet calculatedCVE-2018-1000225
CONFIRM
MISC
cobbler -- cobbler
 
A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation.2018-08-22not yet calculatedCVE-2016-9605
CONFIRM
containous -- traefik
 
Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable.2018-08-20not yet calculatedCVE-2018-15598
MISC
MISC
MISC
MISC
couchbase -- server
 
An issue was discovered in Couchbase Server. Authenticated users can send arbitrary Erlang code to the 'diag/eval' endpoint of the REST API (available by default on TCP/8091 and/or TCP/18091). The executed code in the underlying operating system will run with the privileges of the user running Couchbase server.2018-08-24not yet calculatedCVE-2018-15728
BUGTRAQ
curl -- curl
 
curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server.2018-08-23not yet calculatedCVE-2003-1605
BID
MISC
d-link -- dir-615_routersCross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request.2018-08-25not yet calculatedCVE-2018-15875
MISC
d-link -- dir-615_routersCross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request.2018-08-25not yet calculatedCVE-2018-15874
MISC
d-link -- eyeon_baby_monitorD-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code execution vulnerability. A UDP "Discover" service, which provides multiple functions such as changing the passwords and getting basic information, was installed on the device. A remote attacker can send a crafted UDP request to finderd to perform stack overflow and execute arbitrary code with root privilege on the device.2018-08-24not yet calculatedCVE-2017-11563
FULLDISC
MISC
d-link -- eyeon_baby_monitorThe D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has multiple command injection vulnerabilities in the web service framework. An attacker can forge malicious HTTP requests to execute commands; authentication is required before executing the attack.2018-08-24not yet calculatedCVE-2017-11564
FULLDISC
MISC
damicms -- damicmsAn issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit.2018-08-25not yet calculatedCVE-2018-15844
MISC
davegamble/cjson -- davegamble/cjsonDave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could be either local or over a network. This vulnerability appears to have been fixed in 1.7.3.2018-08-20not yet calculatedCVE-2018-1000216
CONFIRM
davegamble/cjson -- davegamble/cjsonDave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network interface then can be exploited over a network, otherwise just local.. This vulnerability appears to have been fixed in 1.7.4.2018-08-20not yet calculatedCVE-2018-1000217
CONFIRM

davegamble/cjson -- davegamble/cjson

Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This vulnerability appears to have been fixed in 1.7.7.2018-08-20not yet calculatedCVE-2018-1000215
CONFIRM

daveismyname/simple-cms -- daveismyname/simple-cms

An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via admin/?delpage=8.2018-08-19not yet calculatedCVE-2018-15564
MISC
daveismyname/simple-cms -- daveismyname/simple-cmsAn issue was discovered in daveismyname simple-cms through 2014-03-11. admin/addpage.php does not require authentication for adding a page. This can also be exploited via CSRF.2018-08-19not yet calculatedCVE-2018-15565
MISC
MISC
dell -- 2335dn_printers
 
On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.15(2335dn MFP) 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the HTML source code of the Email Settings webpage. In some cases, authentication can be achieved with the blank default password for the admin account. NOTE: the vendor indicates that this is an "End Of Support Life" product.2018-08-23not yet calculatedCVE-2018-15748
MISC
dom4j -- dom4j
 
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.2018-08-20not yet calculatedCVE-2018-1000632
CONFIRM
CONFIRM
MISC
dropbear -- dropbear
 
The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase.2018-08-20not yet calculatedCVE-2018-15599
MISC
MISC
MISC
easylogin -- easylogin_pro
 
An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize call that can be exploited for remote code execution in the decrypt function, if the attacker knows the key.2018-08-24not yet calculatedCVE-2018-15576
MISC
EXPLOIT-DB
eclipse_rdf4j -- eclipse_rdf4j
 
Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted RDF file.2018-08-20not yet calculatedCVE-2018-1000644
MISC
CONFIRM
egg-scripts -- egg-scripts
 
A command injection vulnerability in egg-scripts <v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument.2018-08-24not yet calculatedCVE-2018-3786
CONFIRM
CONFIRM
MISC
elefant_cms -- elefant_cms
 
apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism.2018-08-20not yet calculatedCVE-2018-15601
MISC
emerson -- deltavDeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files.2018-08-21not yet calculatedCVE-2018-14795
BID
MISC
emerson -- deltavDeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution.2018-08-21not yet calculatedCVE-2018-14793
BID
MISC
emerson -- deltav_dcsEmerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution.2018-08-23not yet calculatedCVE-2018-14797
BID
MISC
emerson -- deltav_dcs
 
Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products.2018-08-23not yet calculatedCVE-2018-14791
BID
MISC
ffmpeg -- ffmpeg
 
The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 4.0.2 does not check for an empty audio packet, leading to an assertion failure.2018-08-23not yet calculatedCVE-2018-15822
MISC
fledrcms -- fledrcms
 
An issue was discovered in fledrCMS through 2014-02-03. There is a CSRF vulnerability that can change the administrator's password via index.php?p=done&savedata=1.2018-08-25not yet calculatedCVE-2018-15846
MISC
flexo_cms -- flexo_cms
 
An issue was discovered in Flexo CMS v0.1.6. There is a CSRF vulnerability that can add an administrator via /admin/user/add.2018-08-25not yet calculatedCVE-2018-15851
MISC
flightairmap -- flightairmap
 
FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting (XSS) vulnerability in GET variable used within registration sub menu page that can result in unauthorised actions and access to data, stealing session information. This vulnerability appears to have been fixed in after commit 22b09a3.2018-08-20not yet calculatedCVE-2018-1000642
MISC
CONFIRM
foreman -- foreman
 
A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.2018-08-22not yet calculatedCVE-2017-2662
CONFIRM
CONFIRM

gchq/stroom -- gchq/stroom

Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted XML file.2018-08-20not yet calculatedCVE-2018-1000651
MISC
CONFIRM
gear_software -- multiple_products
 
GEAR Software products that include GEARAspiWDM.sys, 2.2.5.0, allow local users to cause a denial of service (Race Condition and BSoD on Windows) by not checking that user-mode memory is available right before writing to it. A check is only performed at the beginning of a long subroutine.2018-08-24not yet calculatedCVE-2018-15499
MISC
MISC
getsimple_cms -- getsimple_cms
 
GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field.2018-08-25not yet calculatedCVE-2018-15843
MISC
geutebrueck -- re_porterGeutebrueck re_porter 16 before 7.8.974.20 has a possibility of unauthenticated access to sensitive information including usernames and hashes via a direct request for /statistics/gscsetup.xml on TCP port 12003.2018-08-21not yet calculatedCVE-2018-15534
MISC
EXPLOIT-DB
geutebrueck -- re_porter
 
A reflected cross-site scripting vulnerability exists in Geutebrueck re_porter 16 before 7.8.974.20 by appending a query string to /modifychannel/exec or /images/*.png on TCP port 12005.2018-08-21not yet calculatedCVE-2018-15533
MISC
EXPLOIT-DB
github -- electronGitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution.2018-08-23not yet calculatedCVE-2018-15685
MISC
gleez_cms -- gleez_cmsThere is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add.2018-08-25not yet calculatedCVE-2018-15845
MISC
gnu -- gnutlsA cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.2018-08-22not yet calculatedCVE-2018-10846
BID
CONFIRM
MISC
CONFIRM
gnu -- gnutlsIt was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.2018-08-22not yet calculatedCVE-2018-10845
BID
CONFIRM
MISC
CONFIRM
gnu -- gnutls
 
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.2018-08-22not yet calculatedCVE-2018-10844
BID
CONFIRM
MISC
CONFIRM
gnu -- libtasn1
 
GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.2018-08-20not yet calculatedCVE-2018-1000654
CONFIRM
godot_engine -- godot_engine
 
Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in (De)Serialization functions (core/io/marshalls.cpp) that can result in DoS (packet of death), possible leak of uninitialized memory. This attack appear to be exploitable via A malformed packet is received over the network by a Godot application that uses built-in serialization (e.g. game server, or game client). Could be triggered by multiplayer opponent. This vulnerability appears to have been fixed in 2.1.5, 3.0.6, master branch after commit feaf03421dda0213382b51aff07bd5a96b29487b.2018-08-20not yet calculatedCVE-2018-1000224
CONFIRM
CONFIRM
CONFIRM
hdf -- hdf5An issue was discovered in the HDF HDF5 1.10.2 library. A SIGFPE is raised in the function H5D__chunk_init() of H5Dchunk.c during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero.2018-08-21not yet calculatedCVE-2018-15672
MISC
hdf -- hdf5
 
An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack consumption has been detected in the function H5P__get_cb() in H5Pint.c during an attempted parse of a crafted HDF file. This results in denial of service.2018-08-21not yet calculatedCVE-2018-15671
MISC
huawei -- multiple_firewall_productsSome Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Due to improper handling of the malformed messages, an attacker may sent crafted packets to the affected device to exploit these vulnerabilities. Successful exploit the vulnerability could lead to device deny of service.2018-08-21not yet calculatedCVE-2017-17311
CONFIRM
huawei -- multiple_firewall_productsSome Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Due to improper handling of the malformed messages, an attacker may sent crafted packets to the affected device to exploit these vulnerabilities. Successful exploit the vulnerability could lead to device deny of service.2018-08-21not yet calculatedCVE-2017-17312
CONFIRM
huawei -- multiple_firewall_productsSome Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbacher RSA padding oracle. Cause a Bleichenbacher oracle attack. Successful exploit this vulnerability can impact IPSec tunnel security.2018-08-21not yet calculatedCVE-2017-17305
CONFIRM
ibm -- api_connect
 
IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 143744.2018-08-22not yet calculatedCVE-2018-1599
CONFIRM
XF
ibm -- maximo_asset_managment
 
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145968.2018-08-24not yet calculatedCVE-2018-1699
XF
CONFIRM
ibm -- multiple_rational_productsMultiple IBM Rational products are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 135655.2018-08-20not yet calculatedCVE-2017-1753
XF
CONFIRM
ibm -- multiple_rational_products
 
Multiple IBM Rational products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138425.2018-08-20not yet calculatedCVE-2018-1394
XF
CONFIRM
ibm -- sdk_java_technology_edition
 
A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681.2018-08-20not yet calculatedCVE-2018-1517
CONFIRM
BID
XF
ibm -- sdk_java_technology_edition
 
The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882.2018-08-20not yet calculatedCVE-2018-1656
CONFIRM
BID
XF
ibm -- security_access_manager_appliance
 
IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running. IBM X-Force ID: 147370.2018-08-24not yet calculatedCVE-2018-1722
SECTRACK
XF
CONFIRM
ibm -- websphere_applicaiton_server_liberty
 
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication SPI for Containers (JASPIC). This can happen when the Application Server is configured to permit access on non-secure (http) port and using JASPIC or JSR375 authentication.2018-08-24not yet calculatedCVE-2018-1755
SECTRACK
XF
CONFIRM
imagemagick -- imagemagickIn ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.2018-08-21not yet calculatedCVE-2018-15607
BID
MISC
insteon -- insteon_hubAn exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the firmware version that is going to be installed and thus allows for flashing older firmware images. To trigger this vulnerability, an attacker needs to impersonate the remote server 'cache.insteon.com' and serve any signed firmware image.2018-08-23not yet calculatedCVE-2018-3833
MISC
insteon -- insteon_hubAn exploitable denial of service vulnerability exists in Insteon Hub running firmware version 1012. Leftover demo functionality allows for arbitrarily rebooting the device without authentication. An attacker can send a UDP packet to trigger this vulnerability.2018-08-23not yet calculatedCVE-2017-16348
MISC
insteon -- insteon_hubAn exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the device. To trigger this vulnerability, an attacker can upload an MPFS binary via the '/mpfsupload' HTTP form and later on upload the firmware via a POST request to 'firmware.htm'.2018-08-23not yet calculatedCVE-2018-3832
MISC
insteon -- insteon_hubAn exploitable buffer overflow vulnerability exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. A strcpy overflows the buffer insteon_pubnub.channel_cc_r, which has a size of 16 bytes. An attacker can send an arbitrarily long "c_r" parameter in order to exploit this vulnerability. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability.2018-08-23not yet calculatedCVE-2017-14452
MISC
insteon -- insteon_hub_2245-222_devicesOn Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A strcpy overflows the buffer insteon_pubnub.channel_ad_r, which has a size of 16 bytes. An attacker can send an arbitrarily long "ad_r" parameter in order to exploit this vulnerability.2018-08-23not yet calculatedCVE-2017-14453
MISC
insteon -- insteon_hub_2245-222_devicesOn Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A strcpy overflows the buffer insteon_pubnub.channel_ak, which has a size of 16 bytes. An attacker can send an arbitrarily long "ak" parameter in order to exploit this vulnerability.2018-08-23not yet calculatedCVE-2017-14455
MISC
insteon -- insteon_hub_2245-222_devicesOn Insteon Hub 2245-222 devices with firmware version 1012, specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. At 0x9d01ef24 the value for the s_offset key is copied using strcpy to the buffer at $sp+0x2b0. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2018-08-23not yet calculatedCVE-2017-16337
MISC
jabref -- jabref
 
JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted MsBib file. This vulnerability appears to have been fixed in after commit 89f855d.2018-08-20not yet calculatedCVE-2018-1000652
MISC
CONFIRM
java_system_solutions -- sso_plugin_for_bmc_myit
 
Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. A remote attacker can abuse this issue to inject client-side scripts into the "select_sso()" function. The payload is triggered when the victim opens a prepared /ux/jss-sso/arslogin?[XSS] link and then clicks the "Login" button.2018-08-21not yet calculatedCVE-2018-15528
MISC
BUGTRAQ
jenkins -- jenkinsA vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL.2018-08-23not yet calculatedCVE-2018-1999042
CONFIRM
jenkins -- jenkinsA denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials.2018-08-23not yet calculatedCVE-2018-1999043
CONFIRM
jenkins -- jenkinsA improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled.2018-08-23not yet calculatedCVE-2018-1999045
CONFIRM
jenkins -- jenkinsA improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update center.2018-08-23not yet calculatedCVE-2018-1999047
CONFIRM
jenkins -- jenkinsA denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.2018-08-23not yet calculatedCVE-2018-1999044
CONFIRM
jenkins -- jenkinsA exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection log for any agent.2018-08-23not yet calculatedCVE-2018-1999046
CONFIRM
jerryscript -- jerryscript
 
JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726c8b3793. Analysing history it seems that the issue has been present since commit 64a340ffeb8809b2b66bbe32fd443a8b79fdd860 contains a CWE-476: NULL Pointer Dereference vulnerability in Triggering undefined behavior at jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray-prototype.c:598 (passing NULL to memcpy as 2nd argument) results in null pointer dereference (segfault) at jerry-core/jmem/jmem-heap.c:463 that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute specially crafted javascript code. This vulnerability appears to have been fixed in after commit 87897849f6879df10e8ad68a41bf8cf507edf710.2018-08-20not yet calculatedCVE-2018-1000636
CONFIRM
jsish -- jsish
 
Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsi_ValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault. This attack appear to be exploitable via a crafted javascript code. This vulnerability appears to have been fixed in 2.4.67.2018-08-20not yet calculatedCVE-2018-1000655
CONFIRM
latexdraw -- latexdraw
 
LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible rce. This attack appear to be exploitable via Specially crafted SVG file.2018-08-20not yet calculatedCVE-2018-1000639
MISC
MISC
libbpg -- libbpg
 
A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL pointer dereference issue due to missing check of the return value of function malloc in the BPG encoder. This vulnerability appeared while converting a malicious JPEG file to BPG.2018-08-22not yet calculatedCVE-2017-2575
MLIST
BID
libgd -- libgd
 
Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5.2018-08-20not yet calculatedCVE-2018-1000222
CONFIRM
libgit2 -- libgit2
 
In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS.2018-08-17not yet calculatedCVE-2018-15501
MISC
MISC
MISC
MISC
MISC
MLIST
MISC
libming -- libmingAn invalid memory address dereference was discovered in decompileSingleArgBuiltInFunctionCall in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.2018-08-25not yet calculatedCVE-2018-15871
MISC
libming -- libming
 
An invalid memory address dereference was discovered in decompileGETVARIABLE in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.2018-08-25not yet calculatedCVE-2018-15870
MISC
librehealthio/lh-ehr -- librehealthio/lh-ehrLibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled input.2018-08-20not yet calculatedCVE-2018-1000649
MISC
MISC

librehealthio/lh-ehr -- librehealthio/lh-ehr

LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled variable in import templates function.2018-08-20not yet calculatedCVE-2018-1000645
MISC
CONFIRM
librehealthio/lh-ehr -- librehealthio/lh-ehrLibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter.2018-08-20not yet calculatedCVE-2018-1000647
MISC
MISC
librehealthio/lh-ehr -- librehealthio/lh-ehrLibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution.2018-08-20not yet calculatedCVE-2018-1000646
MISC
MISC
librehealthio/lh-ehr -- librehealthio/lh-ehrLibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters.2018-08-20not yet calculatedCVE-2018-1000650
MISC
CONFIRM
librehealthio/lh-ehr -- librehealthio/lh-ehrLibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters.2018-08-20not yet calculatedCVE-2018-1000648
MISC
MISC
libvirt -- libvirt
 
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.2018-08-20not yet calculatedCVE-2015-5160
REDHAT
MLIST
CONFIRM
CONFIRM
CONFIRM
libvirt -- libvirt
 
A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service.2018-08-22not yet calculatedCVE-2017-2635
CONFIRM
CONFIRM
linux -- linux_kernellldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.2018-08-21not yet calculatedCVE-2018-10932
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernelarch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.2018-08-20not yet calculatedCVE-2018-15594
MISC
BID
MISC
MISC
MISC
linux -- linux_kernel
 
The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM (aka pam).2018-08-23not yet calculatedCVE-2018-6558
MISC
MISC
MISC
MISC
linux -- linux_kernel
 
The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.2018-08-19not yet calculatedCVE-2018-15572
MISC
MISC
MISC
linux -- linux_kernel
 
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.2018-08-21not yet calculatedCVE-2018-10902
BID
SECTRACK
CONFIRM
MISC
mapr -- converged_data_platform_and_mapr-xd
 
An issue was discovered in the MapR File System in MapR Converged Data Platform and MapR-XD 6.x and earlier. Under certain conditions, it is possible for MapR ticket credentials to become compromised, allowing a user to escalate their privileges to act as (aka impersonate) any other user, including cluster administrators, aka bug# 31935. This affects all users who have enabled security on the MapR platform and is fixed in mapr-patch-5.2.1.42646.GA-20180731093831, mapr-patch-5.2.2.44680.GA-20180802011430, mapr-patch-6.0.0.20171109191718.GA-20180802011420, and mapr-patch-6.0.1.20180404222005.GA-20180806214919.2018-08-23not yet calculatedCVE-2018-15804
CONFIRM
mikrotik -- routerosMikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system via a crafted HTTP POST request.2018-08-23not yet calculatedCVE-2018-1157
CONFIRM
CONFIRM
MISC
mikrotik -- routerosMikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An authenticated remote attacker can crash the HTTP server by rapidly authenticating and disconnecting.2018-08-23not yet calculatedCVE-2018-1159
CONFIRM
CONFIRM
MISC
mikrotik -- routerosMikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON.2018-08-23not yet calculatedCVE-2018-1158
CONFIRM
CONFIRM
MISC
mikrotik -- routeros
 
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system.2018-08-23not yet calculatedCVE-2018-1156
CONFIRM
CONFIRM
MISC
minicms -- minicms
 
MiniCMS version 1.1 contains a Cross Site Scripting (XSS) vulnerability in http://example.org/mc-admin/page.php?date={payload} that can result in code injection.2018-08-20not yet calculatedCVE-2018-1000638
MISC
my_little_forum -- my_little_forummy little forum 2.4.12 allows CSRF for deletion of users.2018-08-19not yet calculatedCVE-2018-15569
MISC
mybb -- mybb
 
An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF.2018-08-24not yet calculatedCVE-2018-11502
MISC
EXPLOIT-DB
national_payments_corporation_of_india -- bhim_app_for_androidThe National Payments Corporation of India BHIM application 1.3 for Android does not properly restrict use of the OTP feature, which makes it easier for attackers to bypass authentication.2018-08-24not yet calculatedCVE-2017-9819
MISC
national_payments_corporation_of_india -- bhim_app_for_androidThe National Payments Corporation of India BHIM application 1.3 for Android uses a custom keypad for which the input element is available to the Accessibility service, which makes it easier for attackers to bypass authentication.2018-08-24not yet calculatedCVE-2017-9820
MISC
national_payments_corporation_of_india -- bhim_app_for_androidThe National Payments Corporation of India BHIM application 1.3 for Android relies on three hardcoded strings (AK-NPCIMB, IM-NPCIBM, and VK-NPCIBM) for SMS validation, which makes it easier for attackers to bypass authentication.2018-08-24not yet calculatedCVE-2017-9821
MISC
national_payments_corporation_of_india -- bhim_app_for_android
 
The National Payments Corporation of India BHIM application 1.3 for Android relies on a four-digit passcode, which makes it easier for attackers to obtain access.2018-08-24not yet calculatedCVE-2017-9818
MISC
nec -- aterm_wg2600hp2An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don't require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmware version, and network status (ex.: curl -X http://[IP]/aterm_httpif.cgi/negotiate -d "REQ_ID=SUPPORT_IF_GET").2018-08-24not yet calculatedCVE-2017-12575
FULLDISC
netwave -- ip_cameraInformation disclosure in Netwave IP camera at get_status.cgi (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information from the device.2018-08-24not yet calculatedCVE-2018-11654
MISC
netwave -- ip_camera
 
Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information about the network configuration like the network SSID and password.2018-08-24not yet calculatedCVE-2018-11653
MISC
node.js -- node.js
 
In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.2018-08-21not yet calculatedCVE-2018-12115
BID
REDHAT
REDHAT
CONFIRM
node.js -- node.js
 
In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer's` internal "fill" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information.2018-08-21not yet calculatedCVE-2018-7166
REDHAT
CONFIRM
ome -- open_microscopy_environment_omeroThe Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains an Improper Access Control vulnerability in User management that can result in administrative user with privilege restrictions logging in as a more powerful administrator. This attack appear to be exploitable via Use user administration privilege to set the password of a more powerful administrator. This vulnerability appears to have been fixed in 5.4.7.2018-08-20not yet calculatedCVE-2018-1000634
CONFIRM
CONFIRM
ome -- open_microscopy_environment_omeroThe Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains a Information Exposure Through Sent Data vulnerability in OMERO.server that can result in an Attacker gaining full administrative access to server and may be able to disable it. This vulnerability appears to have been fixed in 5.4.7.2018-08-20not yet calculatedCVE-2018-1000635
CONFIRM
CONFIRM
ome -- open_microscopy_environment_omero
 
The Open Microscopy Environment OMERO.web version prior to 5.4.7 contains an Information Exposure Through Log Files vulnerability in the login form and change password form that can result in User's password being revealed. Attacker can log in as that user. This attack appear to be exploitable via an attacker reading the web server log. This vulnerability appears to have been fixed in 5.4.7.2018-08-20not yet calculatedCVE-2018-1000633
CONFIRM
CONFIRM
openemr -- openemrOpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'scan' parameter in line #41 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitable via The victim must visit on a specially crafted URL..2018-08-20not yet calculatedCVE-2018-1000219
MISC
CONFIRM
openemr -- openemr
 
OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'file' parameter in line #43 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitable via The victim must visit on a specially crafted URL..2018-08-20not yet calculatedCVE-2018-1000218
MISC
CONFIRM
openssh -- openssh
 
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.2018-08-17not yet calculatedCVE-2018-15473
MISC
SECTRACK
MISC
MISC
MLIST
DEBIAN
EXPLOIT-DB
EXPLOIT-DB
owasp -- antisamyOWASP OWASP ANTISAMY version 1.5.7 and earlier contains a Cross Site Scripting (XSS) vulnerability in AntiSamy.scan() - for both SAX & DOM that can result in Cross Site Scripting.2018-08-20not yet calculatedCVE-2018-1000643
MISC
oxid -- eshop
 
An issue was discovered in the Paymorrow module 1.0.0 before 1.0.2 and 2.0.0 before 2.0.1 for OXID eShop. An attacker can bypass delivery-address change detection if the payment module doesn't use eShop's checkout procedure properly. To do so, the attacker must change the delivery address to one that is not verified by the Paymorrow module.2018-08-20not yet calculatedCVE-2018-14020
CONFIRM
CONFIRM
oxid -- multiple_products
 
An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0. An attacker could gain access to the admin panel or a customer account when using the password reset function. To do so, it is required to own a domain name similar to the one the victim uses for their e-mail accounts.2018-08-20not yet calculatedCVE-2018-12579
CONFIRM
CONFIRM
pallets_project -- flash
 
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3.2018-08-20not yet calculatedCVE-2018-1000656
CONFIRM
CONFIRM
pango -- pango
 
libpango in Pango before 1.42.4, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text.2018-08-24not yet calculatedCVE-2018-15120
MISC
CONFIRM
CONFIRM
MLIST
UBUNTU
philips -- intellispace_cardiovascular_productsIn Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges.2018-08-22not yet calculatedCVE-2018-14789
MISC
CONFIRM
philips -- intellispace_cardiovascular_products
 
In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 2.x or prior and Xcelera Version 4.1 or prior), an attacker with escalated privileges could access folders which contain executables where authenticated users have write permissions, and could then execute arbitrary code with local administrative permissions.2018-08-22not yet calculatedCVE-2018-14787
MISC
CONFIRM
philips -- pagewriterIn Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords.2018-08-22not yet calculatedCVE-2018-14801
BID
MISC
CONFIRM
philips -- pagewriter
 
In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities.2018-08-22not yet calculatedCVE-2018-14799
BID
MISC
CONFIRM
phpmyadmin -- phpmyadmin
 
An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature.2018-08-24not yet calculatedCVE-2018-15605
SECTRACK
CONFIRM
CONFIRM
phpwhois -- phpwhois
 
phpWhois allows remote attackers to execute arbitrary code via a crafted whois record.2018-08-20not yet calculatedCVE-2015-5243
MISC
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
pimcore -- pimcore
 
Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions.2018-08-24not yet calculatedCVE-2018-14059
MISC
FULLDISC
EXPLOIT-DB
MISC
pkgconf -- pkgconf
 
pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow vulnerability in dequote() that can result in dequote() function returns 1-byte allocation if initial length is 0, leading to buffer overflow. This attack appear to be exploitable via specially crafted .pc file. This vulnerability appears to have been fixed in 1.5.3.2018-08-20not yet calculatedCVE-2018-1000221
CONFIRM
planex -- cs-qr20An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command.2018-08-24not yet calculatedCVE-2017-12576
FULLDISC
planex -- cs-qr20An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password") is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission.2018-08-24not yet calculatedCVE-2017-12577
FULLDISC
planex -- cs-w50hd_devicesAn issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack.2018-08-24not yet calculatedCVE-2017-12573
FULLDISC
planex -- cs-w50hd_devicesAn issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; the account can't be modified or deleted.2018-08-24not yet calculatedCVE-2017-12574
FULLDISC
portfoliocms -- portfoliocmsAn issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true.2018-08-25not yet calculatedCVE-2018-15848
MISC
portfoliocms -- portfoliocmsAn issue was discovered in portfolioCMS 1.0.5. There is CSRF to update the website settings via admin/aboutus.php.2018-08-25not yet calculatedCVE-2018-15849
MISC
posim -- evoPOSIM EVO 15.13 for Windows includes hardcoded database credentials for the "root" database user. "root" access to POSIM EVO's database may result in a breach of confidentiality, integrity, or availability or allow for attackers to remotely execute code on associated POSIM EVO clients.2018-08-23not yet calculatedCVE-2018-15808
MISC
posim -- evo
 
POSIM EVO 15.13 for Windows includes an "Emergency Override" administrative account that may be accessed through POSIM's "override" feature. This Override prompt expects a code that is computed locally using a deterministic algorithm. This code may be generated by an attacker and used to bypass any POSIM EVO login prompt.2018-08-23not yet calculatedCVE-2018-15807
MISC
postgresql -- postgresql
 
The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.2018-08-20not yet calculatedCVE-2016-7048
CONFIRM
CONFIRM
puppet -- puppet_enterprise
 
When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4.14, and is fixed in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. It scored an 8.5 CVSS score.2018-08-24not yet calculatedCVE-2018-11749
CONFIRM
puppycms -- puppycmsAn issue was discovered in puppyCMS 5.1. There is an XSS vulnerability via menu.php in the "Add Page/URL" URL link field.2018-08-25not yet calculatedCVE-2018-15847
MISC
pycryptodome -- pycryptodome
 
PyCryptodome before 3.6.6 has an integer overflow in the data_len variable in AESNI.c, related to the AESNI_encrypt and AESNI_decrypt functions, leading to the mishandling of messages shorter than 16 bytes.2018-08-19not yet calculatedCVE-2018-15560
MISC
MISC
pyro -- pyro
 
pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.2018-08-20not yet calculatedCVE-2011-2765
CONFIRM
CONFIRM
CONFIRM
red_hat -- cloudforms_management_engine_5
 
Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems (using callback).2018-08-22not yet calculatedCVE-2017-7528
CONFIRM
red_hat -- openstack_enterprise
 
A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allow directory traversal with '..' and it grants full passwordless root access to the validations user.2018-08-22not yet calculatedCVE-2017-2627
CONFIRM
red_hat -- satellite_5
 
It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a PostgreSQL server using a specially crafted X.509 certificate.2018-08-22not yet calculatedCVE-2017-7513
CONFIRM
redaxo -- redaxo_cmsAn issue was discovered in REDAXO CMS 4.7.2. There is a CSRF vulnerability that can add an administrator account via index.php?page=user.2018-08-25not yet calculatedCVE-2018-15850
MISC
rsa -- archer
 
The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1, contains a SQL injection vulnerability. A malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to read certain data. Embedded WorkPoint is upgraded to version 4.10.16, which contains a fix for the vulnerability.2018-08-24not yet calculatedCVE-2018-11065
FULLDISC
BID
SECTRACK
rsa -- netwitness_platform_and_security_analytics
 
RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. A remote authenticated malicious RSA NetWitness Server user with an Admin or Operator role could exploit this vulnerability to execute arbitrary commands on the server with root privileges.2018-08-24not yet calculatedCVE-2018-11061
FULLDISC
BID
SECTRACK
SECTRACK
rust -- rust
 
Rust Programming Language Rust standard library version Commit bfa0e1f58acf1c28d500c34ed258f09ae021893e and later; stable release 1.3.0 and later contains a Buffer Overflow vulnerability in std::collections::vec_deque::VecDeque::reserve() function that can result in Arbitrary code execution, but no proof-of-concept exploit is currently published.. This vulnerability appears to have been fixed in after commit fdfafb510b1a38f727e920dccbeeb638d39a8e60; stable release 1.22.0 and later.2018-08-20not yet calculatedCVE-2018-1000657
CONFIRM
CONFIRM
samba -- sambaA missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All versions of Samba from 4.8.0 onwards are vulnerable2018-08-22not yet calculatedCVE-2018-1140
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
samba -- sambaA null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Directory Domain Controller configuration. Samba versions before 4.7.9 and 4.8.4 are vulnerable.2018-08-22not yet calculatedCVE-2018-10918
BID
CONFIRM
CONFIRM
UBUNTU
CONFIRM
samba -- sambaThe Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.2018-08-22not yet calculatedCVE-2018-10919
BID
CONFIRM
CONFIRM
UBUNTU
DEBIAN
CONFIRM
samba -- samba
 
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.2018-08-22not yet calculatedCVE-2018-1139
BID
CONFIRM
CONFIRM
UBUNTU
CONFIRM
samba -- samba
 
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.2018-08-22not yet calculatedCVE-2018-10858
BID
CONFIRM
CONFIRM
UBUNTU
DEBIAN
CONFIRM
samsung -- smartthings_hub_sth-eth-250An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in turn leads to a SQL injection in the video-core database. An attacker can send a series of HTTP requests to trigger this vulnerability.2018-08-23not yet calculatedCVE-2018-3879
MISC
samsung -- smartthings_hub_sth-eth-250An exploitable buffer overflow vulnerability exists in the camera "create" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the "state" field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.2018-08-23not yet calculatedCVE-2018-3905
MISC
samsung -- smartthings_hub_sth-eth-250An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, 'on_url' callback. An attacker can send an HTTP request to trigger this vulnerability.2018-08-23not yet calculatedCVE-2018-3907
MISC
samsung -- smartthings_hub_sth-eth-250An exploitable buffer overflow vulnerability exists in the camera "replace" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the URL field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.2018-08-23not yet calculatedCVE-2018-3902
MISC
samsung -- smartthings_hub_sth-eth-250An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, 'onmessagecomplete' callback. An attacker can send an HTTP request to trigger this vulnerability.2018-08-23not yet calculatedCVE-2018-3909
MISC
samsung -- smartthings_hub_sth-eth-250On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. A strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "user" value in order to exploit this vulnerability.2018-08-23not yet calculatedCVE-2018-3863
MISC
samsung -- smartthings_hub_sth-eth-250An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strcpy at [8] overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long 'callbackUrl' value in order to exploit this vulnerability.2018-08-23not yet calculatedCVE-2018-3866
MISC
samsung -- smartthings_hub_sth-eth-250An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly handles the answer received from a smart camera, leading to a buffer overflow on the stack. An attacker can send a series of HTTP requests to trigger this vulnerability.2018-08-23not yet calculatedCVE-2018-3867
MISC
samsung -- smartthings_hub_sth-eth-250An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely extracts the fields from the "clips" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send a series of HTTP requests to trigger this vulnerability.2018-08-23not yet calculatedCVE-2018-3919
MISC
samsung -- smartthings_hub_sth-eth-250An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles existing records inside its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.2018-08-23not yet calculatedCVE-2018-3880
MISC
samsung -- smartthings_hub_sth-eth-250Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. A strncpy overflows the destination buffer, which has a size of 16 bytes. An attacker can send an arbitrarily long "region" value in order to exploit this vulnerability.2018-08-23not yet calculatedCVE-2018-3878
MISC
samsung -- smartthings_hub_sth-eth-250An exploitable buffer overflow vulnerability exists in the remote video-host communication of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely parses the AWSELB cookie while communicating with remote video-host servers, leading to a buffer overflow on the heap. An attacker able to impersonate the remote HTTP servers could trigger this vulnerability.2018-08-23not yet calculatedCVE-2018-3925
MISC
samsung -- smartthings_hub_sth-eth-250On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The strcpy call overflows the destination buffer, which has a size of 16 bytes. An attacker can send an arbitrarily long "region" value in order to exploit this vulnerability.2018-08-23not yet calculatedCVE-2018-3917
MISC
samsung -- smartthings_hub_sth-eth-250An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages, leading to partially controlled requests generated toward the internal video-core process. An attacker can send an HTTP request to trigger this vulnerability.2018-08-23not yet calculatedCVE-2018-3911
MISC
samsung -- smartthings_hub_sth-eth-250An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts the videoHostUrl field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.2018-08-23not yet calculatedCVE-2018-3872
MISC
samsung -- smartthings_hub_sth-eth-250On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. The strcpy call overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long "secretKey" value in order to exploit this vulnerability.2018-08-23not yet calculatedCVE-2018-3912
MISC
samsung -- smartthings_hub_sth-eth-250On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The memcpy call overflows the destination buffer, which has a size of 512 bytes. An attacker can send an arbitrarily long "url" value in order to overwrite the saved-PC with 0x42424242.2018-08-23not yet calculatedCVE-2018-3903
MISC
samsung -- smartthings_hub_sth-eth-250
 
An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this vulnerability.2018-08-23not yet calculatedCVE-2018-3856
MISC
signal_messenger -- open_whisper_signal
 
Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage.2018-08-20not yet calculatedCVE-2018-14023
MISC
MISC
soundtouch -- soundtouch
 
soundtouch version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() that can result in arbitrary code execution. This attack appear to be exploitable via victim must open maliocius file in soundstretch utility.2018-08-20not yet calculatedCVE-2018-1000223
CONFIRM
spice -- spice
 
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.2018-08-17not yet calculatedCVE-2018-10873
CONFIRM
CONFIRM
UBUNTU
swoole -- swoole
 
The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV.2018-08-17not yet calculatedCVE-2018-15503
MISC
MISC
MISC
symantec -- encryption_management_server
 
The Symantec Encryption Management Server (SEMS) product, prior to version 3.4.2 MP1, may be susceptible to a denial of service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network.2018-08-20not yet calculatedCVE-2018-5243
BID
SECTRACK
CONFIRM
symantec -- norton_ppower_eraser_and_symdiag
 
Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application.2018-08-22not yet calculatedCVE-2018-5238
BID
CONFIRM
symantec -- norton_utilitiesNorton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application.2018-08-22not yet calculatedCVE-2018-5235
BID
CONFIRM
technicolor -- tc7200.20_cable_modem_devices
 
Technicolor TC7200.20 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof.2018-08-25not yet calculatedCVE-2018-15852
MISC
tecrail -- responsive_filemanager/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal.2018-08-24not yet calculatedCVE-2018-15536
FULLDISC
tecrail -- responsive_filemanager
 
/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is outside of that directory, aka Directory Traversal.2018-08-24not yet calculatedCVE-2018-15535
FULLDISC
tp5cms -- tp5cmstp5cms through 2017-05-25 has XSS via the admin.php/article/index.html q parameter.2018-08-19not yet calculatedCVE-2018-15566
MISC
tp5cms -- tp5cmstp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html.2018-08-19not yet calculatedCVE-2018-15568
MISC
tridium -- niagaraAn attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system.2018-08-20not yet calculatedCVE-2017-16748
BID
MISC
tridium -- niagaraA path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials.2018-08-20not yet calculatedCVE-2017-16744
BID
MISC
ubuntu -- ubuntu
 
The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled.2018-08-21not yet calculatedCVE-2018-6557
SECTRACK
UBUNTU
ucopia -- wireless_appliance_devicesImproper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices using firmware version 5.1.x before 5.1.13 allows authenticated remote attackers to escape the shell and escalate their privileges by adding a LocalCommand to the SSH configuration file in the user home folder.2018-08-21not yet calculatedCVE-2018-15481
MISC

victoralagwu/cmssite -- victoralagwu/cmssite

An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the Author field of the "Leave a Comment" screen.2018-08-20not yet calculatedCVE-2018-15603
MISC
villagedefrance -- opencart-overclocked
 
OpenCart-Overclocked version <=1.11.1 contains a Cross Site Scripting (XSS) vulnerability in User input entered unsanitised within JS function in the template that can result in Unauthorised actions and access to data, stealing session information, denial of service. This attack appear to be exploitable via Malicious input passed in GET parameter.2018-08-20not yet calculatedCVE-2018-1000640
MISC
CONFIRM
waimai -- super_cms
 
In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter.2018-08-19not yet calculatedCVE-2018-15570
MISC
wi2be -- smart_hp_wmtWi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to obtain sensitive information via /Status/SystemStatusRpm.esp.2018-08-20not yet calculatedCVE-2018-14079
MISC
wi2be -- smart_hp_wmtWi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to reset the admin password via the /ConfigWizard/ChangePwd.esp?2admin URL (Attackers can login using the "admin" username with password "admin" after a successful attack).2018-08-20not yet calculatedCVE-2018-14078
MISC
wi2be -- smart_hp_wmt
 
Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to backup the device configuration via a direct request to /Maintenance/configfile.cfg.2018-08-20not yet calculatedCVE-2018-14077
MISC
wolfcms -- wolfcmsWolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter.2018-08-25not yet calculatedCVE-2018-15842
MISC
x.org -- libx11An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.2018-08-24not yet calculatedCVE-2018-14599
MLIST
SECTRACK
CONFIRM
CONFIRM
MLIST
x.org -- libx11An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution.2018-08-24not yet calculatedCVE-2018-14600
MLIST
SECTRACK
CONFIRM
CONFIRM
MLIST
x.org -- libx11An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).2018-08-24not yet calculatedCVE-2018-14598
MLIST
SECTRACK
CONFIRM
CONFIRM
MLIST
xkbcommon -- xkbcommonUnchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled.2018-08-25not yet calculatedCVE-2018-15859
MISC
MISC
xkbcommon -- xkbcommonUnchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file.2018-08-25not yet calculatedCVE-2018-15858
MISC
MISC
xkbcommon -- xkbcommonUnchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled.2018-08-25not yet calculatedCVE-2018-15855
MISC
MISC
xkbcommon -- xkbcommonAn infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files.2018-08-25not yet calculatedCVE-2018-15856
MISC
MISC
xkbcommon -- xkbcommonAn invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file.2018-08-25not yet calculatedCVE-2018-15857
MISC
MISC
xkbcommon -- xkbcommonUnchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure.2018-08-25not yet calculatedCVE-2018-15861
MISC
MISC
xkbcommon -- xkbcommonUnchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created.2018-08-25not yet calculatedCVE-2018-15864
MISC
MISC
xkbcommon -- xkbcommonUnchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression.2018-08-25not yet calculatedCVE-2018-15863
MISC
MISC
xkbcommon -- xkbcommonUnchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers.2018-08-25not yet calculatedCVE-2018-15862
MISC
MISC

xkbcommon -- xkbcommon

Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation.2018-08-25not yet calculatedCVE-2018-15853
MISC
MISC
xkbcommon -- xkbcommon
 
Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly.2018-08-25not yet calculatedCVE-2018-15854
MISC
MISC
yeswiki -- yeswiki
 
YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of information.2018-08-20not yet calculatedCVE-2018-1000641
MISC
MISC
zutils -- zutils
 
zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed in 1.8-pre2.2018-08-20not yet calculatedCVE-2018-1000637
CONFIRM
MLIST
zzcms -- zzcms
 
zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. This attack appear to be exploitable via running zzcms in nginx.2018-08-20not yet calculatedCVE-2018-1000653
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top