Vulnerability Summary for the Week of October 8, 2018
Released
Oct 15, 2018
Document ID
SB18-288
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no high vulnerabilities recorded this week. | ||||
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no medium vulnerabilities recorded this week. | ||||
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no low vulnerabilities recorded this week. | ||||
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-12860 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-12841 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-12842 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-12836 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-12873 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-12835 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-12876 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-12874 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-12875 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-12859 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-12855 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-12856 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-12857 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-12858 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-12844 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-12843 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-12832 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-12833 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-12834 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-12872 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-12831 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-12878 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-12862 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-12869 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-12866 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-12865 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-12769 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-12861 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-12759 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-12837 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-15934 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-12867 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-12879 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-12871 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-12880 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-12881 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-12877 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-12863 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-12868 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-12853 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-12864 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-12870 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-15936 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-12839 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-15926 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-15925 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-15922 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-15927 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-15940 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-15952 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-15953 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-15941 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-15937 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-15928 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a stack overflow vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-12838 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-15938 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-15935 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-15933 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-15939 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-15932 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-15930 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-15931 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-12852 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-15951 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-15924 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-15923 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-15946 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-15954 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-15942 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-15947 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-15948 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-15920 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-12847 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-12851 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-15929 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-15945 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-12845 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-15968 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-15955 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-15956 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-15943 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation. | 2018-10-12 | not yet calculated | CVE-2018-15966 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-15944 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-15949 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-10-12 | not yet calculated | CVE-2018-15950 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-12846 BID SECTRACK CONFIRM |
| apache -- activemq | An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter. | 2018-10-10 | not yet calculated | CVE-2018-8006 CONFIRM BID |
| apache -- pdfbox | In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. | 2018-10-05 | not yet calculated | CVE-2018-11797 MLIST MLIST |
| apache -- tika | In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. Apache Tika versions from 0.1 to 1.19 are therefore still vulnerable to entity expansions which can lead to a denial of service attack. Users should upgrade to 1.19.1 or later. | 2018-10-09 | not yet calculated | CVE-2018-11796 CONFIRM |
| auto-maskin -- dcu_210e | The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password only authentication not cryptographic keys, however the firmware image contains an RSA host-key for the server. An attacker can exploit this vulnerability to gain root access to the Angstrom Linux operating system and modify any binaries or configuration files in the firmware. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7. | 2018-10-08 | not yet calculated | CVE-2018-5399 CERT-VN |
| auto-maskin -- multiple_products | The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and upload executable code via file upload for firmware updates. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and the Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7. | 2018-10-08 | not yet calculated | CVE-2018-5402 CERT-VN |
| auto-maskin -- multiple_products | The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, "Hello World" over UDP ports 44444-44446 to the broadcast address for the LAN. Without verification devices respond to any of these broadcast messages on the LAN with a plaintext reply over UDP containing the device model and firmware version. Following this exchange the devices allow Modbus transmissions between the two devices on the standard Modbus port 502 TCP. Impact: An attacker can exploit this vulnerability to send arbitrary messages to any DCU or RP device through spoofing or replay attacks as long as they have access to the network. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7. | 2018-10-08 | not yet calculated | CVE-2018-5400 CERT-VN |
| auto-maskin -- multiple_products | The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus communications. Impact: An attacker can exploit this vulnerability to observe information about configurations, settings, what sensors are present and in use, and other information to aid in crafting spoofed messages. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7. | 2018-10-08 | not yet calculated | CVE-2018-5401 CERT-VN |
| bagesoft -- bagecms | An issue was discovered in BageCMS 3.1.3. An attacker can delete any files and folders on the web server via an index.php?r=admini/template/batch&command=deleteFile&fileName= or index.php?r=admini/template/batch&command=deleteFolder&folderName=../ directory traversal URI. | 2018-10-11 | not yet calculated | CVE-2018-18257 MISC |
| bagesoft -- bagecms | An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI. | 2018-10-11 | not yet calculated | CVE-2018-18258 MISC |
| blackberry -- unified_endpoint_manager | An information disclosure vulnerability in the Management Console of BlackBerry UEM 12.8.0 and 12.8.1 could allow an attacker to take over a UEM user's session and perform administrative actions in the context of the user. | 2018-10-12 | not yet calculated | CVE-2018-8890 CONFIRM |
| blueimp -- blueimp | Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0 | 2018-10-11 | not yet calculated | CVE-2018-9206 MISC |
| bytom -- bytom | In the client in Bytom before 1.0.6, checkTopicRegister in p2p/discover/net.go does not prevent negative idx values, leading to a crash. | 2018-10-10 | not yet calculated | CVE-2018-18206 MISC |
| cairo -- cairo | cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function). | 2018-10-08 | not yet calculated | CVE-2018-18064 MISC |
| cisco -- asa_software_and_firepower_threat_defense_software | A vulnerability in the implementation of Traffic Flow Confidentiality (TFC) over IPsec functionality in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to an error that may occur if the affected software renegotiates the encryption key for an IPsec tunnel when certain TFC traffic is in flight. An attacker could exploit this vulnerability by sending a malicious stream of TFC traffic through an established IPsec tunnel on an affected device. A successful exploit could allow the attacker to cause a daemon process on the affected device to crash, which could cause the device to crash and result in a DoS condition. | 2018-10-05 | not yet calculated | CVE-2018-15397 SECTRACK CISCO |
| cisco -- asa_software_and_firepower_threat_defense_software | A vulnerability in the cryptographic hardware accelerator driver of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the affected devices have a limited amount of Direct Memory Access (DMA) memory and the affected software improperly handles resources in low-memory conditions. An attacker could exploit this vulnerability by sending a sustained, high rate of malicious traffic to an affected device to exhaust memory on the device. A successful exploit could allow the attacker to exhaust DMA memory on the affected device, which could cause the device to reload and result in a temporary DoS condition. | 2018-10-05 | not yet calculated | CVE-2018-15383 SECTRACK CISCO |
| cisco -- asa_software_and_firepower_threat_defense_software | A vulnerability in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control list (ACL) that is configured for an interface of an affected device. The vulnerability is due to errors that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit this vulnerability by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to access resources that are behind the affected device and would typically be protected by the interface ACL. | 2018-10-05 | not yet calculated | CVE-2018-15398 BID SECTRACK CISCO |
| cisco -- asa_software_and_firepower_threat_defense_software | A vulnerability in the TCP syslog module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust the 1550-byte buffers on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing boundary check in an internal function. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between an affected device and its configured TCP syslog server and then maliciously modifying the TCP header in segments that are sent from the syslog server to the affected device. A successful exploit could allow the attacker to exhaust buffer on the affected device and cause all TCP-based features to stop functioning, resulting in a DoS condition. The affected TCP-based features include AnyConnect SSL VPN, clientless SSL VPN, and management connections such as Secure Shell (SSH), Telnet, and HTTPS. | 2018-10-05 | not yet calculated | CVE-2018-15399 SECTRACK CISCO |
| cisco -- catalyst_6800_series_switches | A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a hidden command in the affected software. An attacker could exploit this vulnerability by connecting to an affected device via the console, forcing the device into ROMMON mode, and writing a malicious pattern to a specific memory address on the device. A successful exploit could allow the attacker to bypass signature validation checks by Cisco Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco. | 2018-10-05 | not yet calculated | CVE-2018-15370 BID CISCO |
| cisco -- cloud_services_platform_2100 | A vulnerability in the web-based management interface of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to perform command injection. The vulnerability is due to insufficient input validation of command input. An attacker could exploit this vulnerability by sending customized commands to the web-based management interface. | 2018-10-05 | not yet calculated | CVE-2018-0454 SECTRACK CISCO |
| cisco -- data_center_network_manager | A vulnerability in the web interface of Cisco Data Center Network Manager could allow an authenticated application administrator to execute commands on the underlying operating system with root-level privileges. The vulnerability is due to incomplete input validation of user input within an HTTP request. An attacker could exploit this vulnerability by authenticating to the application and then sending a crafted HTTP request to the targeted application. A successful exploit could allow the authenticated attacker to issue commands on the underlying operating system as the root user. | 2018-10-05 | not yet calculated | CVE-2018-0440 SECTRACK CISCO |
| cisco -- data_center_network_manager | A vulnerability in the user management functionality of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a denial of service (DoS) attack against an affected system. The vulnerability is due to insufficient validation of user-provided input. An attacker could exploit this vulnerability by logging in with a highly privileged user account and performing a sequence of specific user management operations that interfere with the underlying operating system. A successful exploit could allow the attacker to permanently degrade the functionality of the affected system. | 2018-10-05 | not yet calculated | CVE-2018-0462 BID CISCO |
| cisco -- data_center_network_manager | A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the management interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. | 2018-10-05 | not yet calculated | CVE-2018-0450 BID CISCO |
| cisco -- digital_network_architecture_center | A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files. | 2018-10-05 | not yet calculated | CVE-2018-15386 BID CISCO |
| cisco -- digital_network_architecture_center | A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient security restrictions for critical management functions. An attacker could exploit this vulnerability by sending a valid identity management request to the affected system. An exploit could allow the attacker to view and make unauthorized modifications to existing system users as well as create new users. | 2018-10-05 | not yet calculated | CVE-2018-0448 BID CISCO |
| cisco -- email_security_appliance | A vulnerability in the anti-spam protection mechanisms of Cisco AsyncOS Software for the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass certain content filters on an affected device. The vulnerability is due to incomplete input and validation checking mechanisms for certain Sender Policy Framework (SPF) messages that are sent to an affected device. An attacker could exploit this vulnerability by sending a customized SPF packet to an affected device. If successful, an exploit could allow the attacker to bypass the URL filters that are configured for the affected device, which could allow malicious URLs to pass through the device. | 2018-10-05 | not yet calculated | CVE-2018-0447 BID SECTRACK CISCO |
| cisco -- enterprise_nfv_intrastructure_software | A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this vulnerability by sending a malicious API request with the authentication credentials of a low-privileged user. A successful exploit could allow the attacker to read any file on the affected system. | 2018-10-05 | not yet calculated | CVE-2018-0460 BID CISCO |
| cisco -- enterprise_nfv_intrastructure_software | A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to cause an affected system to reboot or shut down. The vulnerability is due to insufficient server-side authorization checks. An attacker who is logged in to the web-based management interface as a low-privileged user could exploit this vulnerability by sending a crafted HTTP request. A successful exploit could allow the attacker to use the low-privileged user account to reboot or shut down the affected system. | 2018-10-05 | not yet calculated | CVE-2018-0459 BID CISCO |
| cisco -- expressway_series_and_telepresense_video_communication_server | A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An attacker could exploit this vulnerability by uploading a malicious archive to the Upgrade page of the administrative web interface. A successful exploit could allow the attacker to execute code with user-level privileges on the underlying operating system. | 2018-10-05 | not yet calculated | CVE-2018-15430 SECTRACK CISCO |
| cisco -- firepower_threat_defense_software | A vulnerability in the FTP inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to release spinlocks when a device is running low on system memory, if the software is configured to apply FTP inspection and an access control rule to transit traffic, and the access control rule is associated with an FTP file policy. An attacker could exploit this vulnerability by sending a high rate of transit traffic through an affected device to cause a low-memory condition on the device. A successful exploit could allow the attacker to cause a software panic on the affected device, which could cause the device to reload and result in a temporary DoS condition. | 2018-10-05 | not yet calculated | CVE-2018-15390 BID CISCO |
| cisco -- hyperflex_software | A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid, signed session tokens. The vulnerability is due to a static signing key that is present in all Cisco HyperFlex systems. An attacker could exploit this vulnerability by accessing the static signing key from one HyperFlex system and using it to generate valid, signed session tokens for another HyperFlex system. A successful exploit could allow the attacker to access the HyperFlex Web UI of a system for which they are not authorized. | 2018-10-05 | not yet calculated | CVE-2018-15382 BID CISCO |
| cisco -- identity_services_engine | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server. | 2018-10-05 | not yet calculated | CVE-2018-15425 SECTRACK CISCO |
| cisco -- identity_services_engine | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server. | 2018-10-05 | not yet calculated | CVE-2018-15424 SECTRACK CISCO |
| cisco -- integrated_management_controller | A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device. | 2018-10-05 | not yet calculated | CVE-2018-0431 SECTRACK CISCO |
| cisco -- integrated_management_controller | A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device. | 2018-10-05 | not yet calculated | CVE-2018-0430 SECTRACK CISCO |
| cisco -- integrated_management_controller_supervisor_and_ucs_director | A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to an authorization check that does not properly include the access level of the web interface user. An attacker who has valid application credentials could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional reconnaissance attacks. | 2018-10-05 | not yet calculated | CVE-2018-15405 SECTRACK CISCO |
| cisco -- ios | A vulnerability in the IPsec driver code of multiple Cisco IOS XE Software platforms and the Cisco ASA 5500-X Series Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to improper processing of malformed IPsec Authentication Header (AH) or Encapsulating Security Payload (ESP) packets. An attacker could exploit this vulnerability by sending malformed IPsec packets to be processed by an affected device. An exploit could allow the attacker to cause a reload of the affected device. | 2018-10-05 | not yet calculated | CVE-2018-0472 BID SECTRACK SECTRACK CISCO |
| cisco -- ios_and_ios_xe | A vulnerability in the TACACS+ client subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of crafted TACACS+ response packets by the affected software. An attacker could exploit this vulnerability by injecting a crafted TACACS+ packet into an existing TACACS+ session between an affected device and a TACACS+ server or by impersonating a known, valid TACACS+ server and sending a crafted TACACS+ packet to an affected device when establishing a connection to the device. To exploit this vulnerability by using either method, the attacker must know the shared TACACS+ secret and the crafted packet must be sent in response to a TACACS+ request from a TACACS+ client. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | 2018-10-05 | not yet calculated | CVE-2018-15369 BID CISCO |
| cisco -- ios_and_ios_xe | A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to a logic error in how the affected software handles a subset of VTP packets. An attacker could exploit this vulnerability by sending VTP packets in a sequence that triggers a timeout in the VTP message processing code of the affected software. A successful exploit could allow the attacker to impact the ability to create, modify, or delete VLANs and cause a DoS condition. There are workarounds that address this vulnerability. | 2018-10-05 | not yet calculated | CVE-2018-0197 BID CISCO |
| cisco -- ios_and_ios_xe | A vulnerability in the implementation of Cisco Discovery Protocol functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper memory handling by the affected software when the software processes high rates of Cisco Discovery Protocol packets that are sent to a device. An attacker could exploit this vulnerability by sending a high rate of Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to exhaust memory on the affected device, resulting in a DoS condition. | 2018-10-05 | not yet calculated | CVE-2018-15373 BID CISCO |
| cisco -- ios_and_ios_xe | A vulnerability in the Precision Time Protocol (PTP) subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Precision Time Protocol. The vulnerability is due to insufficient processing of PTP packets. An attacker could exploit this vulnerability by sending a custom PTP packet to, or through, an affected device. A successful exploit could allow the attacker to cause a DoS condition for the PTP subsystem, resulting in time synchronization issues across the network. | 2018-10-05 | not yet calculated | CVE-2018-0473 BID SECTRACK CISCO |
| cisco -- ios_and_ios_xe | A vulnerability in the Open Shortest Path First version 3 (OSPFv3) implementation in Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. The vulnerability is due to incorrect handling of specific OSPFv3 packets. An attacker could exploit this vulnerability by sending crafted OSPFv3 Link-State Advertisements (LSA) to an affected device. An exploit could allow the attacker to cause an affected device to reload, leading to a denial of service (DoS) condition. | 2018-10-05 | not yet calculated | CVE-2018-0466 BID SECTRACK CISCO |
| cisco -- ios_and_ios_xe | A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system. The vulnerability is due to improper validation of user requests within the management interface. An attacker could exploit this vulnerability by sending malicious requests containing directory traversal character sequences within the management interface. An exploit could allow the attacker to view or create arbitrary files on the targeted system. | 2018-10-05 | not yet calculated | CVE-2018-0464 BID SECTRACK CISCO MISC |
| cisco -- ios_xe | A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device. | 2018-10-05 | not yet calculated | CVE-2018-0481 SECTRACK CISCO |
| cisco -- ios_xe | A vulnerability in the IPv6 processing code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handling of specific IPv6 hop-by-hop options. An attacker could exploit this vulnerability by sending a malicious IPv6 packet to or through the affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device. | 2018-10-05 | not yet calculated | CVE-2018-0467 SECTRACK CISCO |
| cisco -- ios_xe | A vulnerability in the web framework of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the affected software improperly parsing malformed HTTP packets that are destined to a device. An attacker could exploit this vulnerability by sending a malformed HTTP packet to an affected device for processing. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected device, resulting in a DoS condition. | 2018-10-05 | not yet calculated | CVE-2018-0470 BID SECTRACK CISCO |
| cisco -- ios_xe | A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. The vulnerability is due to the affected software improperly verifying digital signatures for software images and files that are uploaded to a device. An attacker could exploit this vulnerability by uploading a malicious software image or file to an affected device. A successful exploit could allow the attacker to bypass digital signature verification checks for software images and files and install a malicious software image or file on the affected device. | 2018-10-05 | not yet calculated | CVE-2018-15374 BID CISCO |
| cisco -- ios_xe | A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device. | 2018-10-05 | not yet calculated | CVE-2018-0477 SECTRACK CISCO |
| cisco -- ios_xe | A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of SIP packets in transit while NAT is performed on an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted SIP packets via UDP port 5060 through an affected device that is performing NAT for SIP packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition. | 2018-10-05 | not yet calculated | CVE-2018-0476 BID SECTRACK SECTRACK CISCO |
| cisco -- ios_xe | A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation when handling Cluster Management Protocol (CMP) messages. An attacker could exploit this vulnerability by sending a malicious CMP message to an affected device. A successful exploit could allow the attacker to cause the switch to crash and reload or to hang, resulting in a DoS condition. If the switch hangs it will not reboot automatically, and it will need to be power cycled manually to recover. | 2018-10-05 | not yet calculated | CVE-2018-0475 BID SECTRACK CISCO |
| cisco -- ios_xe | A vulnerability in the MACsec Key Agreement (MKA) using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic through a Layer 3 interface of an affected device. The vulnerability is due to a logic error in the affected software. An attacker could exploit this vulnerability by connecting to and passing traffic through a Layer 3 interface of an affected device, if the interface is configured for MACsec MKA using EAP-TLS and is running in access-session closed mode. A successful exploit could allow the attacker to bypass 802.1x network access controls and gain access to the network. | 2018-10-05 | not yet calculated | CVE-2018-15372 BID CISCO |
| cisco -- ios_xe | A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-memory handling by the affected software when specific HTTP requests are processed. An attacker could exploit this vulnerability by sending specific HTTP requests to the web user interface of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker must have access to the management interface of the affected software, which is typically connected to a restricted management network. | 2018-10-05 | not yet calculated | CVE-2018-0469 BID SECTRACK CISCO |
| cisco -- ios_xe | A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition. The vulnerability is due to a race condition that occurs when the VLAN and port enter an errdisabled state, resulting in an incorrect state in the software. An attacker could exploit this vulnerability by sending frames that trigger the errdisable condition. A successful exploit could allow the attacker to cause the affected device to crash, leading to a DoS condition. | 2018-10-05 | not yet calculated | CVE-2018-0480 BID SECTRACK CISCO |
| cisco -- ios_xe_and_asa_5500-x_series | A vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco IOS XE Software Releases 16.6.1 and 16.6.2 could allow an unauthenticated, adjacent attacker to cause a memory leak that may lead to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain CDP packets. An attacker could exploit this vulnerability by sending certain CDP packets to an affected device. A successful exploit could cause an affected device to continuously consume memory and eventually result in a memory allocation failure that leads to a crash, triggering a reload of the affected device. | 2018-10-05 | not yet calculated | CVE-2018-0471 BID SECTRACK CISCO |
| cisco -- ios_xr | A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP update messages. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer. | 2018-10-05 | not yet calculated | CVE-2018-15428 SECTRACK CISCO |
| cisco -- isr_g2_and_isr4451-x_routers | A vulnerability in the SM-1T3/E3 firmware on Cisco Second Generation Integrated Services Routers (ISR G2) and the Cisco 4451-X Integrated Services Router (ISR4451-X) could allow an unauthenticated, remote attacker to cause the ISR G2 Router or the SM-1T3/E3 module on the ISR4451-X to reload, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of user input. An attacker could exploit this vulnerability by first connecting to the SM-1T3/E3 module console and entering a string sequence. A successful exploit could allow the attacker to cause the ISR G2 Router or the SM-1T3/E3 module on the ISR4451-X to reload, resulting in a DoS condition on an affected device. | 2018-10-05 | not yet calculated | CVE-2018-0485 BID SECTRACK SECTRACK CISCO |
| cisco -- meeting_server | A vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user. | 2018-10-05 | not yet calculated | CVE-2018-0439 BID SECTRACK CISCO |
| cisco -- multiple_products | A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input to scripts by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the root user. | 2018-10-05 | not yet calculated | CVE-2018-0424 SECTRACK CISCO |
| cisco -- multiple_products | A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a denial of service condition or to execute arbitrary code. The vulnerability is due to improper boundary restrictions on user-supplied input in the Guest user feature of the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device, triggering a buffer overflow condition. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a denial of service condition, or could allow the attacker to execute arbitrary code. | 2018-10-05 | not yet calculated | CVE-2018-0423 BID SECTRACK CISCO |
| cisco -- multiple_products | A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to gain access to sensitive configuration information, including user authentication credentials. | 2018-10-05 | not yet calculated | CVE-2018-0425 SECTRACK CISCO |
| cisco -- multiple_products | A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted device. A successful exploit could allow the attacker to gain access to arbitrary files on the affected device, resulting in the disclosure of sensitive information. | 2018-10-05 | not yet calculated | CVE-2018-0426 SECTRACK CISCO |
| cisco -- multiple_products | A vulnerability in the web-based management interface of Cisco Webex Events Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2018-10-05 | not yet calculated | CVE-2018-15436 BID SECTRACK SECTRACK CISCO |
| cisco -- multiple_products | A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that causes the web interface to redirect a request to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites. | 2018-10-05 | not yet calculated | CVE-2018-15403 SECTRACK SECTRACK CISCO |
| cisco -- prime_access_registrar | A vulnerability in TCP connection management in Cisco Prime Access Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the application unexpectedly restarts. The vulnerability is due to incorrect handling of incoming TCP SYN packets to specific listening ports. The improper handling of the TCP SYN packets could cause a system file description to be allocated and not freed. An attacker could exploit this vulnerability by sending a crafted stream of TCP SYN packets to the application. A successful exploit could allow the attacker to cause the application to eventually restart if a file description cannot be obtained. | 2018-10-05 | not yet calculated | CVE-2018-0421 BID SECTRACK CISCO |
| cisco -- prime_collaboration_assurance | A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. | 2018-10-05 | not yet calculated | CVE-2018-0458 BID SECTRACK CISCO |
| cisco -- prime_infrastructure | A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of the user prime. This user does not have administrative or root privileges. The vulnerability is due to an incorrect permission setting for important system directories. An attacker could exploit this vulnerability by uploading a malicious file by using TFTP, which can be accessed via the web-interface GUI. A successful exploit could allow the attacker to run commands on the targeted application without authentication. | 2018-10-05 | not yet calculated | CVE-2018-15379 BID SECTRACK CISCO EXPLOIT-DB |
| cisco -- sd-wan_solution | A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges. | 2018-10-05 | not yet calculated | CVE-2018-0433 BID CISCO |
| cisco -- sd-wan_solution | A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the error reporting application configuration. An attacker could exploit this vulnerability by sending a crafted command to the error reporting feature. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. | 2018-10-05 | not yet calculated | CVE-2018-0432 BID CISCO |
| cisco -- sd-wan_solution | A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software. | 2018-10-05 | not yet calculated | CVE-2018-0434 BID CISCO |
| cisco -- sd-wan_solution | A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass certificate validation on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by supplying a system image signed with a crafted certificate to an affected device, bypassing the certificate validation. An exploit could allow an attacker to deploy a crafted system image. | 2018-10-05 | not yet calculated | CVE-2018-15387 BID CISCO |
| cisco -- secure_access_control_server | A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file. | 2018-10-05 | not yet calculated | CVE-2018-0414 BID SECTRACK CISCO |
| cisco -- tetration_analytics | A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user. | 2018-10-05 | not yet calculated | CVE-2018-0451 BID CISCO |
| cisco -- tetration_analytics | A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. | 2018-10-05 | not yet calculated | CVE-2018-0452 BID CISCO |
| cisco -- ucs_director | A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. | 2018-10-05 | not yet calculated | CVE-2018-15406 SECTRACK CISCO |
| cisco -- umbrella | A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges. | 2018-10-05 | not yet calculated | CVE-2018-0437 BID CISCO EXPLOIT-DB |
| cisco -- umbrella | A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges. | 2018-10-05 | not yet calculated | CVE-2018-0438 BID CISCO EXPLOIT-DB |
| cisco -- umbrella | A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could exploit this vulnerability to view and potentially modify data for their organization or other organizations. A successful exploit could allow the attacker to read or modify data across multiple organizations. | 2018-10-05 | not yet calculated | CVE-2018-0435 BID CISCO |
| cisco -- unified_ip_phone_7900_series | A vulnerability in the web-based management interface of Cisco Unified IP Phone 7900 Series could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2018-10-05 | not yet calculated | CVE-2018-15434 SECTRACK CISCO |
| cisco -- unity_connection | A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request to an affected system. A successful exploit could allow the attacker to write a file that consumes most of the available disk space on the system, causing application functions to operate abnormally and leading to a DoS condition. | 2018-10-05 | not yet calculated | CVE-2018-15396 SECTRACK CISCO |
| cisco -- unity_connection | A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the web-based interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2018-10-05 | not yet calculated | CVE-2018-15426 SECTRACK CISCO |
| cisco -- video_surveillance_manger_software | A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote attacker to log in to an affected system by using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, default, static user credentials for the root account of the affected software on certain systems. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user. | 2018-10-05 | not yet calculated | CVE-2018-15427 BID SECTRACK CISCO |
| cisco -- webex_meetings | A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. The vulnerability is due to folder permissions that grant a user the permission to read, write, and execute files in the Webex folders. An attacker could exploit this vulnerability to write malicious files to the Webex client directory, affecting all other users of the targeted device. A successful exploit could allow a user to execute commands with elevated privileges. Attacks on single-user systems are less likely to occur, as the attack must be carried out by the user on the user's own system. Multiuser systems have a higher risk of exploitation because folder permissions have an impact on all users of the device. For an attacker to exploit this vulnerability successfully, a second user must execute the locally installed malicious file to allow remote code execution to occur. | 2018-10-05 | not yet calculated | CVE-2018-0422 BID SECTRACK CISCO |
| cisco -- webex_network_recording_player_and_webex_player_for_microsoft_windows | A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system. | 2018-10-05 | not yet calculated | CVE-2018-15418 BID SECTRACK CISCO |
| cisco -- webex_network_recording_player_and_webex_player_for_microsoft_windows | A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system. | 2018-10-05 | not yet calculated | CVE-2018-15419 BID SECTRACK CISCO |
| cisco -- webex_network_recording_player_and_webex_player_for_microsoft_windows | A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system. | 2018-10-05 | not yet calculated | CVE-2018-15420 BID SECTRACK CISCO |
| cisco -- webex_network_recording_player_and_webex_player_for_microsoft_windows | A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system. | 2018-10-05 | not yet calculated | CVE-2018-15410 BID SECTRACK CISCO |
| cisco -- webex_network_recording_player_and_webex_player_for_microsoft_windows | A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system. | 2018-10-05 | not yet calculated | CVE-2018-15416 BID SECTRACK CISCO |
| cisco -- webex_network_recording_player_and_webex_player_for_microsoft_windows | A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system. | 2018-10-05 | not yet calculated | CVE-2018-15415 BID SECTRACK CISCO |
| cisco -- webex_network_recording_player_and_webex_player_for_microsoft_windows | A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system. | 2018-10-05 | not yet calculated | CVE-2018-15421 BID SECTRACK CISCO |
| cisco -- webex_network_recording_player_and_webex_player_for_microsoft_windows | A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system. | 2018-10-05 | not yet calculated | CVE-2018-15412 BID SECTRACK CISCO |
| cisco -- webex_network_recording_player_and_webex_player_for_microsoft_windows | A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system. | 2018-10-05 | not yet calculated | CVE-2018-15417 BID SECTRACK CISCO |
| cisco -- webex_network_recording_player_and_webex_player_for_microsoft_windows | A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system. | 2018-10-05 | not yet calculated | CVE-2018-15413 BID SECTRACK CISCO |
| cisco -- webex_network_recording_player_and_webex_player_for_microsoft_windows | A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system. | 2018-10-05 | not yet calculated | CVE-2018-15414 BID SECTRACK CISCO |
| cisco -- webex_network_recording_player_and_webex_player_for_microsoft_windows | A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system. | 2018-10-05 | not yet calculated | CVE-2018-15411 BID SECTRACK CISCO |
| cisco -- webex_network_recording_player_and_webex_player_for_microsoft_windows | A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system. | 2018-10-05 | not yet calculated | CVE-2018-15422 BID SECTRACK CISCO |
| cisco -- webex_network_recording_player_and_webex_player_for_microsoft_windows | A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system. | 2018-10-05 | not yet calculated | CVE-2018-15409 BID SECTRACK CISCO |
| cisco -- webex_network_recording_player_and_webex_player_for_microsoft_windows | A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system. | 2018-10-05 | not yet calculated | CVE-2018-15431 BID SECTRACK CISCO |
| cisco -- webex_network_recording_player_and_webex_player_for_microsoft_windows | A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system. | 2018-10-05 | not yet calculated | CVE-2018-15408 BID SECTRACK CISCO |
| cisco -- webex_player | A vulnerability in the Cisco Webex Player for Webex Recording Format (WRF) files could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by sending a user a link or email attachment with a malicious WRF file and persuading the user to open the file in the Cisco Webex Player. A successful exploit could cause the affected player to crash, resulting in a DoS condition. For more information about this vulnerability, see the Details section of this security advisory. | 2018-10-05 | not yet calculated | CVE-2018-0457 BID SECTRACK CISCO |
| cisco -- webex_teams | A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between user accounts and organization accounts. An attacker who has administrator or compliance officer privileges for one organization account could exploit this vulnerability by using those privileges to view and modify data for another organization account. No customer data was impacted by this vulnerability. | 2018-10-05 | not yet calculated | CVE-2018-0436 BID CISCO |
| claromentis -- claromentis | The Discuss v1.2.1 module in Claromentis 8.2.2 is vulnerable to stored Cross Site Scripting (XSS). An authenticated attacker will be able to place malicious JavaScript in the discussion forum, which is present in the login landing page. A low privilege user can use this to steal the session cookies from high privilege accounts and hijack these, enabling them to hijack the elevated session and perform actions in their security context. | 2018-10-08 | not yet calculated | CVE-2018-15903 FULLDISC |
| cloud_foundry -- cloud_foundry_networking_release | Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, contain an internal api endpoint vulnerable to SQL injection between Diego cells and the policy server. A remote authenticated malicious user with mTLS certs can issue arbitrary SQL queries and gain access to the policy server. | 2018-10-12 | not yet calculated | CVE-2018-15755 CONFIRM |
| cms_made_simple -- cms_made_simple | XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. | 2018-10-12 | not yet calculated | CVE-2018-18270 MISC |
| cms_made_simple -- cms_made_simple | XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. | 2018-10-12 | not yet calculated | CVE-2018-18271 MISC |
| contiki-ng -- contiki-ng | contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able to run malicious AQL code (e.g. via SQL-like Injection attack). | 2018-10-08 | not yet calculated | CVE-2018-1000804 CONFIRM CONFIRM |
| corsair -- utility_engine | The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the CorsairService BINARY_PATH_NAME, leading to complete control of the affected system. The issue exists due to the Windows "Everyone" group being granted SERVICE_ALL_ACCESS permissions to the CorsairService Service. | 2018-10-11 | not yet calculated | CVE-2018-12441 MISC |
| d-link -- central_wi-fi_manager | An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS. | 2018-10-08 | not yet calculated | CVE-2018-17443 FULLDISC CONFIRM MISC EXPLOIT-DB |
| d-link -- central_wi-fi_manager | An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code. | 2018-10-08 | not yet calculated | CVE-2018-17442 FULLDISC CONFIRM MISC EXPLOIT-DB |
| d-link -- central_wi-fi_manager | An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS. | 2018-10-08 | not yet calculated | CVE-2018-17441 FULLDISC CONFIRM MISC EXPLOIT-DB |
| d-link -- central_wi-fi_manager | An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any file in the web root directory and then accessing it via a request. | 2018-10-08 | not yet calculated | CVE-2018-17440 FULLDISC CONFIRM MISC EXPLOIT-DB |
| d-link -- multiple_products | An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Device passwords, such as the admin password and the WPA key, are stored in cleartext. | 2018-10-09 | not yet calculated | CVE-2018-14081 MISC |
| d-link -- multiple_products | An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. One can bypass authentication mechanisms to download the configuration file. | 2018-10-09 | not yet calculated | CVE-2018-14080 MISC |
| daimler_mercedes -- comand | An issue was discovered in Daimler Mercedes-Benz COMAND 17/13.0 50.12 on Mercedes-Benz C-Class 2018 vehicles. Defining or receiving a specific navigation route might cause the system to freeze and reboot after a few transmissions. When the system next starts, it tries to re-calculate the route, which will cause a boot loop. (Under certain circumstances, it is possible to quickly overwrite the malicious route to regain the stability of the system.) | 2018-10-09 | not yet calculated | CVE-2018-18070 MISC |
| daimler_mercedes -- mercedes_me_application_for_ios | An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as latitude, longitude, and direction of travel. | 2018-10-09 | not yet calculated | CVE-2018-18071 MISC MISC |
| dell -- encryption_and_endpoint_security_suite_enterprise | On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the "Minimum Password Length" group policy object to a value of 1 on that device. This allows for users to bypass any existing policy for password length and potentially create insecure password on their device. This value is defined during the installation of the "Encryption Management Agent" or "EMAgent" application. There are no other known values modified. | 2018-10-11 | not yet calculated | CVE-2018-15766 CONFIRM |
| dell_emc -- unity_oe_and_unityvsa_oe | Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability to alter multiple library files in service tools that might result in arbitrary code execution with elevated privileges. No user file systems are directly affected by this vulnerability. | 2018-10-05 | not yet calculated | CVE-2018-11064 BID FULLDISC |
| delta_electronics -- delta_industrial_automation_tpeditor | In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files lacking user input validation before copying data from project files onto the stack and may allow an attacker to remotely execute arbitrary code. | 2018-10-11 | not yet calculated | CVE-2018-17929 MISC |
| delta_industrial_automation -- tpeditor | In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files lacking user input validation, which may cause the system to write outside the intended buffer area and may allow remote code execution. | 2018-10-11 | not yet calculated | CVE-2018-17927 MISC |
| descor -- infocad.fm | An issue was discovered in Descor Infocad FM before 3.1.0.0. An unauthenticated web service allows the retrieval of files on the web server and on reachable SMB servers. | 2018-10-10 | not yet calculated | CVE-2018-13789 MISC |
| dilicms -- dilicms | XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_url parameter. | 2018-10-10 | not yet calculated | CVE-2018-18210 MISC |
| dilicms -- dilicms | XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_type parameter. | 2018-10-10 | not yet calculated | CVE-2018-18209 MISC |
| duomi_cms -- duomi_cms | An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter. | 2018-10-09 | not yet calculated | CVE-2018-18084 MISC MISC |
| duomi_cms -- duomi_cms | An issue was discovered in DuomiCMS 3.0. Remote PHP code execution is possible via the search.php searchword parameter because "eval" is used during "if" processing. | 2018-10-09 | not yet calculated | CVE-2018-18083 MISC MISC |
| eclipse -- vert.x | In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an HTTP response with the 413 status code and the connection gets closed. | 2018-10-10 | not yet calculated | CVE-2018-12541 CONFIRM CONFIRM |
| eclipse -- vert.x | In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema. | 2018-10-10 | not yet calculated | CVE-2018-12544 CONFIRM CONFIRM |
| eclipse -- vert.x | In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\' (forward slashes) sequences that can resolve to a location that is outside of that directory when running on Windows Operating Systems. | 2018-10-10 | not yet calculated | CVE-2018-12542 CONFIRM CONFIRM |
| empirecms -- empirecms | EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in users. | 2018-10-09 | not yet calculated | CVE-2018-18086 MISC |
| epicentro -- epicentro_e | Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to cause a denial of service attack remotely via a specially crafted GET request with a leading "/" in the URL. | 2018-10-09 | not yet calculated | CVE-2018-7632 MISC |
| epicentro -- epicentro_e | Code injection in the /ui/login form Language parameter in Epicentro E_7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request. | 2018-10-09 | not yet calculated | CVE-2018-7633 MISC |
| epicentro -- epicentro_e | Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to execute code remotely via a specially crafted GET request without a leading "/" and without authentication. | 2018-10-09 | not yet calculated | CVE-2018-7631 MISC |
| episerver -- ektron_cms | Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden (normally available exclusively for local admins). | 2018-10-10 | not yet calculated | CVE-2018-12596 FULLDISC MISC MISC EXPLOIT-DB |
| extplorer -- extplorer | ext_find_user in eXtplorer through 2.1.2 allows remote attackers to bypass authentication via a password[]= (aka an empty array) in an action=login request to index.php. | 2018-10-07 | not yet calculated | CVE-2012-6710 MISC MISC BID |
| f5 -- big-ip | Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles. | 2018-10-08 | not yet calculated | CVE-2016-7475 CONFIRM |
| f5 -- big-ip | When F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.5.1-11.5.6 is processing specially crafted TCP traffic with the Large Receive Offload (LRO) feature enabled, TMM may crash, leading to a failover event. This vulnerability is not exposed unless LRO is enabled, so most affected customers will be on 13.1.x. LRO has been available since 11.4.0 but is not enabled by default until 13.1.0. | 2018-10-10 | not yet calculated | CVE-2018-15311 CONFIRM |
| finecms -- finecms | Cross-site request forgery (CSRF) vulnerability in /admin.php?c=member&m=edit&uid=1 in dayrui FineCms 5.4 allows remote attackers to change the administrator's password. | 2018-10-09 | not yet calculated | CVE-2018-18191 MISC |
| foreman -- foreman | A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HTML code in the breadcrumbs bar. This allows a user with permissions to edit which attribute is used in the breadcrumbs bar to store code that will be executed on the client side. | 2018-10-12 | not yet calculated | CVE-2018-14664 CONFIRM CONFIRM |
| foxit -- foxit_pdf_reader | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 2018-10-08 | not yet calculated | CVE-2018-3992 SECTRACK MISC |
| foxit -- foxit_pdf_reader | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. | 2018-10-08 | not yet calculated | CVE-2018-3945 SECTRACK MISC |
| foxit -- foxit_pdf_reader | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 2018-10-08 | not yet calculated | CVE-2018-3997 SECTRACK MISC |
| foxit -- foxit_pdf_reader | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 2018-10-08 | not yet calculated | CVE-2018-3996 SECTRACK MISC |
| foxit -- foxit_pdf_reader | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. | 2018-10-08 | not yet calculated | CVE-2018-3942 SECTRACK MISC |
| foxit -- foxit_pdf_reader | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. | 2018-10-08 | not yet calculated | CVE-2018-3941 SECTRACK MISC |
| foxit -- foxit_pdf_reader | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused. An attacker needs to trick the user to open the malicious file to trigger. | 2018-10-08 | not yet calculated | CVE-2018-3940 SECTRACK MISC |
| foxit -- reader_and_phantompdf | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 2018-10-08 | not yet calculated | CVE-2018-16296 SECTRACK CONFIRM |
| foxit -- reader_and_phantompdf | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 2018-10-08 | not yet calculated | CVE-2018-16292 SECTRACK CONFIRM |
| foxit -- reader_and_phantompdf | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 2018-10-08 | not yet calculated | CVE-2018-16294 SECTRACK CONFIRM |
| foxit -- reader_and_phantompdf | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, and CVE-2018-16296. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 2018-10-08 | not yet calculated | CVE-2018-16297 SECTRACK CONFIRM |
| foxit -- reader_and_phantompdf | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 2018-10-08 | not yet calculated | CVE-2018-16295 SECTRACK CONFIRM |
| foxit -- reader_and_phantompdf | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 2018-10-08 | not yet calculated | CVE-2018-16291 SECTRACK CONFIRM |
| foxit -- reader_and_phantompdf | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16294, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 2018-10-08 | not yet calculated | CVE-2018-16293 SECTRACK CONFIRM |
| gigasoft -- ge_ifix | Multiple instances of this vulnerability (Unsafe ActiveX Control Marked Safe For Scripting) have been identified in the third-party ActiveX object provided to GE iFIX versions 2.0 - 5.8 by Gigasoft. Only the independent use of the Gigasoft charting package outside the iFIX product may expose users to the reported vulnerability. The reported method shown to impact Internet Explorer is not exposed in the iFIX product, nor is the core functionality of the iFIX product known to be impacted. | 2018-10-10 | not yet calculated | CVE-2018-17925 BID MISC |
| git -- git | Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. | 2018-10-06 | not yet calculated | CVE-2018-17456 BID SECTRACK MISC MISC MISC UBUNTU DEBIAN EXPLOIT-DB MISC |
| gitea -- gitea | Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. This attack appear to be exploitable via Watch a repository to receive email notifications. Emails received contain the other recipients even if they have the email set as private. This vulnerability appears to have been fixed in 1.5.1. | 2018-10-08 | not yet calculated | CVE-2018-1000803 CONFIRM CONFIRM |
| gopro -- gopro | An issue was discovered in GoPro gpmf-parser before 1.2.1. There is a divide-by-zero error in GPMF_ScaledData in GPMF_parser.c. | 2018-10-09 | not yet calculated | CVE-2018-18190 MISC MISC |
| hangzhou_xiongmai_technology -- xmeye_p2p_cloud_server | All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code. | 2018-10-10 | not yet calculated | CVE-2018-17915 MISC |
| hangzhou_xiongmai_technology -- xmeye_p2p_cloud_server | All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potential Cloud IDs. Using this ID, the attacker can discover and connect to valid devices using one of the supported apps. | 2018-10-10 | not yet calculated | CVE-2018-17917 MISC |
| hangzhou_xiongmai_technology -- xmeye_p2p_cloud_server | All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account "default" with its default password to login to XMeye and access/view video streams. | 2018-10-10 | not yet calculated | CVE-2018-17919 MISC |
| huawei -- smartphones | There is a security vulnerability which could lead to Factory Reset Protection (FRP) bypass in the MyCloud APP with the versions before 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old account with a new one through special steps by exploit this vulnerability. As a result, the FRP function is bypassed. | 2018-10-09 | not yet calculated | CVE-2018-7928 CONFIRM |
| ibm -- bigfix | IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123910. | 2018-10-12 | not yet calculated | CVE-2017-1231 XF CONFIRM |
| ibm -- bladecenter | The QLogic 4Gb Fibre Channel 5.5.2.6.0 and 4/8Gb SAN 7.10.1.20.0 modules for IBM BladeCenter have an undocumented support account with a support password, an undocumented diags account with a diags password, and an undocumented prom account with a prom password. | 2018-10-09 | not yet calculated | CVE-2018-18202 MISC |
| ibm -- cloud | IBM WebSphere Application Server 8.5 and 9.0 in IBM Cloud could allow a remote attacker to obtain sensitive information caused by improper handling of passwords. IBM X-Force ID: 150811. | 2018-10-12 | not yet calculated | CVE-2018-1838 XF CONFIRM |
| ibm -- filenet_content_manager | IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150904. | 2018-10-12 | not yet calculated | CVE-2018-1844 XF CONFIRM |
| ibm -- rational_publishing_engine | IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142431. | 2018-10-12 | not yet calculated | CVE-2018-1533 CONFIRM XF |
| ibm -- rational_publishing_engine | IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142432. | 2018-10-12 | not yet calculated | CVE-2018-1534 CONFIRM XF |
| ibm -- security_key_lifecycle_manager | IBM Security Key Lifecycle Manager 3.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 148511. | 2018-10-08 | not yet calculated | CVE-2018-1750 CONFIRM XF |
| ibm -- security_key_lifecycle_manager | IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the SKLM server due to missing authentication. IBM X-Force ID: 148424. | 2018-10-11 | not yet calculated | CVE-2018-1745 BID XF CONFIRM |
| ibm -- security_key_lifecycle_manager | IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. IBM X-Force ID: 147907. | 2018-10-11 | not yet calculated | CVE-2018-1738 CONFIRM XF |
| ibm -- spectrum_lsf | IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user to obtain highly sensitive information or escalate their privileges to root due to improper file permission settings. IBM X-Force ID: 147439. | 2018-10-11 | not yet calculated | CVE-2018-1724 XF CONFIRM |
| ibm -- spectrum_scale | IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. IBM X-Force ID: 147373. | 2018-10-05 | not yet calculated | CVE-2018-1723 XF CONFIRM |
| ibm -- spectrum_symphony | IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to obtain sensitive user information such as passwords through the WebUI. IBM X-Force ID: 146343. | 2018-10-11 | not yet calculated | CVE-2018-1708 XF CONFIRM |
| ibm -- spectrum_symphony | IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 146341. | 2018-10-11 | not yet calculated | CVE-2018-1706 CONFIRM XF |
| ibm -- tivoli_key_lifecycle_manager | IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 148422. | 2018-10-08 | not yet calculated | CVE-2018-1743 CONFIRM XF |
| ibm -- tivoli_key_lifecycle_manager | IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 148514. | 2018-10-08 | not yet calculated | CVE-2018-1753 CONFIRM XF |
| ibm -- tivoli_key_lifecycle_manager | IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 does not properly limit the number or frequency of interaction which could be used to cause a denial of service, compromise program logic or other consequences. IBM X-Force ID: 148420. | 2018-10-08 | not yet calculated | CVE-2018-1741 CONFIRM XF |
| ibm -- tivoli_key_lifecycle_manager | IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 148484. | 2018-10-08 | not yet calculated | CVE-2018-1749 CONFIRM XF |
| ibm -- tivoli_key_lifecycle_manager | IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 148421. | 2018-10-08 | not yet calculated | CVE-2018-1742 CONFIRM XF |
| ibm -- web_sphere_portal | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145108. | 2018-10-12 | not yet calculated | CVE-2018-1673 SECTRACK XF CONFIRM |
| ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148686. | 2018-10-12 | not yet calculated | CVE-2018-1770 XF CONFIRM MISC |
| imagemagick -- imagemagick | In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. | 2018-10-07 | not yet calculated | CVE-2018-18024 MISC |
| imagemagick -- imagemagick | In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the EncodeImage function of coders/pict.c, which allows attackers to cause a denial of service via a crafted SVG image file. | 2018-10-07 | not yet calculated | CVE-2018-18025 MISC |
| imagemagick -- imagemagick | In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file. | 2018-10-07 | not yet calculated | CVE-2018-18023 MISC |
| intel -- graphics_drivers | Denial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unprivileged user from a virtual machine guest to potentially crash the host system via local access. | 2018-10-10 | not yet calculated | CVE-2018-12153 CONFIRM |
| intel -- graphics_drivers | Pointer corruption in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unauthenticated remote user to potentially execute arbitrary WebGL code via local access. | 2018-10-10 | not yet calculated | CVE-2018-12152 CONFIRM |
| intel -- multiple_products | Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access. | 2018-10-10 | not yet calculated | CVE-2018-12173 CONFIRM |
| intel -- nuc_fw_kits | Insufficient input validation in BIOS update utility in Intel NUC FW kits downloaded before May 24, 2018 may allow a privileged user to potentially trigger a denial of service or information disclosure via local access. | 2018-10-10 | not yet calculated | CVE-2018-12158 CONFIRM |
| intel -- nvme | Permissions in the driver pack installers for Intel NVMe before version 4.0.0.1007 and Intel RSTe before version 4.7.0.2083 may allow an authenticated user to potentially escalate privilege via local access. | 2018-10-10 | not yet calculated | CVE-2018-12131 CONFIRM |
| intel -- quickassist_technology_for_linux | Insufficient access control in driver stack for Intel QuickAssist Technology for Linux before version 4.2 may allow an unprivileged user to potentially disclose information via local access. | 2018-10-10 | not yet calculated | CVE-2018-12193 CONFIRM |
| intel -- rapid_web_server_3 | Insufficient session validation in the webserver component of the Intel Rapid Web Server 3 may allow an unauthenticated user to potentially disclose information via network access. | 2018-10-10 | not yet calculated | CVE-2018-12161 CONFIRM |
| intel -- server_board | Improper password hashing in firmware in Intel Server Board (S7200AP,S7200APR) and Intel Compute Module (HNS7200AP, HNS7200AP) may allow a privileged user to potentially disclose firmware passwords via local access. | 2018-10-10 | not yet calculated | CVE-2018-12172 CONFIRM |
| intelbras -- nplug_1.0.0.14_devices | Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast. | 2018-10-10 | not yet calculated | CVE-2018-17337 FULLDISC |
| intelbras -- nplug_1.0.0.14_wireless_repeater | Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access. | 2018-10-10 | not yet calculated | CVE-2018-12456 FULLDISC |
| intelbras -- nplug_1.0.0.14_wireless_repeater | Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie. | 2018-10-10 | not yet calculated | CVE-2018-12455 FULLDISC |
| joomla! -- joomla! | An issue was discovered in Joomla! before 3.8.13. Inadequate checks on the tags search fields can lead to an access level violation. | 2018-10-09 | not yet calculated | CVE-2018-17857 BID CONFIRM |
| joomla! -- joomla! | An issue was discovered in Joomla! before 3.8.13. Inadequate checks in com_contact could allow mail submission in disabled forms. | 2018-10-09 | not yet calculated | CVE-2018-17859 BID CONFIRM |
| joomla! -- joomla! | An issue was discovered in Joomla! before 3.8.13. com_installer actions do not have sufficient CSRF hardening in the backend. | 2018-10-09 | not yet calculated | CVE-2018-17858 BID CONFIRM |
| joomla! -- joomla! | An issue was discovered in Joomla! before 3.8.13. com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled the ability of Administrator-level users to access com_joomlaupdate and trigger code execution. | 2018-10-09 | not yet calculated | CVE-2018-17856 BID CONFIRM |
| joomla! -- joomla! | An issue was discovered in Joomla! before 3.8.13. If an attacker gets access to the mail account of an user who can approve admin verifications in the registration process, he can activate himself. | 2018-10-09 | not yet calculated | CVE-2018-17855 BID CONFIRM |
| juniper -- extension_toolkit | A vulnerability in the Routing Protocols Daemon (RPD) with Juniper Extension Toolkit (JET) support can allow a network based unauthenticated attacker to cause a severe memory exhaustion condition on the device. This can have an adverse impact on the system performance and availability. This issue only affects devices with JET support running Junos OS 17.2R1 and subsequent releases. Other versions of Junos OS are unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R1-S5, 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3; | 2018-10-10 | not yet calculated | CVE-2018-0048 SECTRACK CONFIRM |
| juniper -- junos_os | Receipt of a specific Draft-Rosen MVPN control packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. By continuously sending the same specific Draft-Rosen MVPN control packet, an attacker can repeatedly crash the RPD process causing a prolonged denial of service. This issue may occur when the Junos OS device is configured for Draft-Rosen multicast virtual private network (MVPN). The VPN is multicast-enabled and configured to use Protocol Independent Multicast (PIM) protocol within the VPN. This issue can only be exploited from the PE device within the MPLS domain which is capable of forwarding IP multicast traffic in core. End-users connected to the CE device cannot cause this crash. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1F6; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX Series; 16.1 versions prior to 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.2 versions prior to 16.2R1-S6, 16.2R2-S6, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R2-S4, 17.2R3; 17.3 versions prior to 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.1 versions prior to 18.1R2. No other Juniper Networks products or platforms are affected by this issue. | 2018-10-10 | not yet calculated | CVE-2018-0045 SECTRACK CONFIRM |
| juniper -- junos_os | A vulnerability in the IP next-hop index database in Junos OS 17.3R3 may allow a flood of ARP requests, sent to the management interface, to exhaust the private Internal routing interfaces (IRIs) next-hop limit. Once the IRI next-hop database is full, no further next hops can be learned and existing entries cannot be cleared, leading to a sustained denial of service (DoS) condition. An indicator of compromise for this issue is the report of the following error message: %KERN-4: Nexthop index allocation failed: private index space exhausted This issue only affects the management interface, and does not impact regular transit traffic through the FPCs. This issue also only affects Junos OS 17.3R3. No prior versions of Junos OS are affected by this issue. Affected releases are Juniper Networks Junos OS: 17.3R3. | 2018-10-10 | not yet calculated | CVE-2018-0063 SECTRACK CONFIRM |
| juniper -- junos_os | An improper input validation weakness in the device control daemon process (dcd) of Juniper Networks Junos OS allows an attacker to cause a Denial of Service to the dcd process and interfaces and connected clients when the Junos device is requesting an IP address for itself. Junos devices are not vulnerable to this issue when not configured to use DHCP. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D40 on SRX Series; 12.3X48 versions prior to 12.3X48-D20 on SRX Series; 14.1X53 versions prior to 14.1X53-D40 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 15.1X49 versions prior to 15.1X49-D20 on SRX Series; 15.1X53 versions prior to 15.1X53-D68 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D235 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D495 on NFX150, NFX250; 15.1X53 versions prior to 15.1X53-D590 on EX2300/EX3400; 15.1 versions prior to 15.1R7-S2 ; 16.1 versions prior to 15.1R7-S2 16.1R4-S12, 16.1R6-S5, 16.1R7-S2; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S9; 17.2 versions prior to 17.2R1-S7, 17.2R2-S4; 17.3 versions prior to 17.3R2-S4, 17.3R3. | 2018-10-10 | not yet calculated | CVE-2018-0060 SECTRACK CONFIRM |
| juniper -- junos_os | A Denial of Service vulnerability in J-Web service may allow a remote unauthenticated user to cause Denial of Service which may prevent other users to authenticate or to perform J-Web operations. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D60 on SRX Series; 15.1 versions prior to 15.1R7; 15.1F6; 15.1X49 versions prior to 15.1X49-D120 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D470, 15.1X53-D495 on NFX Series; 16.1 versions prior to 16.1R6; 16.2 versions prior to 16.2R2-S6, 16.2R3; 17.1 versions prior to 17.1R2-S6, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R2. No other Juniper Networks products or platforms are affected by this issue. | 2018-10-10 | not yet calculated | CVE-2018-0062 SECTRACK CONFIRM |
| juniper -- junos_os | On MX Series and M120/M320 platforms configured in a Broadband Edge (BBE) environment, subscribers logging in with DHCP Option 50 to request a specific IP address will be assigned the requested IP address, even if there is a static MAC to IP address binding in the access profile. In the problem scenario, with a hardware-address and IP address configured under address-assignment pool, if a subscriber logging in with DHCP Option 50, the subscriber will not be assigned an available address from the matched pool, but will still get the requested IP address. A malicious DHCP subscriber may be able to utilize this vulnerability to create duplicate IP address assignments, leading to a denial of service for valid subscribers or unauthorized information disclosure via IP address assignment spoofing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S2, 15.1R8; 16.1 versions prior to 16.1R4-S12, 16.1R7-S2, 16.1R8; 16.2 versions prior to 16.2R2-S7, 16.2R3; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3. | 2018-10-10 | not yet calculated | CVE-2018-0057 CONFIRM |
| juniper -- junos_os | Receipt of a specially crafted DHCPv6 message destined to a Junos OS device configured as a DHCP server in a Broadband Edge (BBE) environment may result in a jdhcpd daemon crash. The daemon automatically restarts without intervention, but a continuous receipt of crafted DHCPv6 packets could leaded to an extended denial of service condition. This issue only affects Junos OS 15.1 and later. Earlier releases are unaffected by this issue. Devices are only vulnerable to the specially crafted DHCPv6 message if DHCP services are configured. Devices not configured to act as a DHCP server are not vulnerable to this issue. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S2; 15.1X49 versions prior to 15.1X49-D160; 15.1X53 versions prior to 15.1X53-D235, 15.1X53-D495; 16.1 versions prior to 16.1R4-S11, 16.1R6-S6, 16.1R7-S2; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S9; 17.2 versions prior to 17.2R2-S6; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R1-S5; 18.1 versions prior to 18.1R2-S3; 18.2 versions prior to 18.2R1-S2; 18.2X75 versions prior to 18.2X75-D20. | 2018-10-10 | not yet calculated | CVE-2018-0055 SECTRACK CONFIRM |
| juniper -- junos_os | Receipt of a specially crafted IPv6 exception packet may be able to trigger a kernel crash (vmcore), causing the device to reboot. The issue is specific to the processing of Broadband Edge (BBE) client route processing on MX Series subscriber management platforms, introduced by the Tomcat (Next Generation Subscriber Management) functionality in Junos OS 15.1. This issue affects no other platforms or configurations. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S2, 15.1R8 on MX Series; 16.1 versions prior to 16.1R4-S11, 16.1R7-S2, 16.1R8 on MX Series; 16.2 versions prior to 16.2R3 on MX Series; 17.1 versions prior to 17.1R2-S9, 17.1R3 on MX Series; 17.2 versions prior to 17.2R2-S6, 17.2R3 on MX Series; 17.3 versions prior to 17.3R2-S4, 17.3R3-S2, 17.3R4 on MX Series; 17.4 versions prior to 17.4R2 on MX Series; 18.1 versions prior to 18.1R2-S3, 18.1R3 on MX Series; 18.2 versions prior to 18.2R1-S1, 18.2R2 on MX Series. | 2018-10-10 | not yet calculated | CVE-2018-0058 CONFIRM MISC |
| juniper -- junos_os | A denial of service vulnerability in the telnetd service on Junos OS allows remote unauthenticated users to cause high CPU usage which may affect system performance. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D81 on SRX Series; 12.3 versions prior to 12.3R12-S11; 12.3X48 versions prior to 12.3X48-D80 on SRX Series; 15.1 versions prior to 15.1R7; 15.1X49 versions prior to 15.1X49-D150, 15.1X49-D160 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D68 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D235 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D495 on NFX Series; 16.1 versions prior to 16.1R4-S12, 16.1R6-S6, 16.1R7; 16.2 versions prior to 16.2R2-S7, 16.2R3; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R2-S6, 17.2R3; 17.2X75 versions prior to 17.2X75-D100; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R1-S5, 17.4R2; 18.2X75 versions prior to 18.2X75-D5. | 2018-10-10 | not yet calculated | CVE-2018-0061 SECTRACK CONFIRM |
| juniper -- junos_os | If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the device. RSH service is disabled by default on Junos. There is no documented CLI command to enable this service. However, an undocumented CLI command allows a privileged Junos user to enable RSH service and disable PAM, and hence expose the system to unauthenticated root access. When RSH is enabled, the device is listing to RSH connections on port 514. This issue is not exploitable on platforms where Junos release is based on FreeBSD 10+. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D75 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on QFX/EX Series; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D131, 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX Series; 16.1 versions prior to 16.1R3-S9, 16.1R4-S9, 16.1R5-S4, 16.1R6-S4, 16.1R7; 16.2 versions prior to 16.2R2-S5; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D110, 17.2X75-D91; 17.3 versions prior to 17.3R1-S4, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.2X75 versions prior to 18.2X75-D5. | 2018-10-10 | not yet calculated | CVE-2018-0052 SECTRACK CONFIRM |
| juniper -- junos_os | An error handling vulnerability in Routing Protocols Daemon (RPD) of Juniper Networks Junos OS allows an attacker to cause RPD to crash. Continued receipt of this malformed MPLS RSVP packet will cause a sustained Denial of Service condition. Affected releases are Juniper Networks Junos OS: 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D48 on QFX Switching; 14.2 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4. This issue does not affect versions of Junos OS before 14.1R1. Junos OS RSVP only supports IPv4. IPv6 is not affected by this issue. This issue require it to be received on an interface configured to receive this type of traffic. | 2018-10-10 | not yet calculated | CVE-2018-0050 SECTRACK CONFIRM |
| juniper -- junos_os | An authentication bypass vulnerability in the initial boot sequence of Juniper Networks Junos OS on vSRX Series may allow an attacker to gain full control of the system without authentication when the system is initially booted up. Affected releases are Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D30 on vSRX. | 2018-10-10 | not yet calculated | CVE-2018-0053 SECTRACK CONFIRM |
| juniper -- junos_os | Receipt of a specific MPLS packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. By continuously sending specific MPLS packets, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. This issue affects both IPv4 and IPv6. This issue can only be exploited from within the MPLS domain. End-users connected to the CE device cannot cause this crash. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D75 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on QFX/EX Series; 14.1X53 versions prior to 14.1X53-D130 on QFabric Series; 15.1F6 versions prior to 15.1F6-S10; 15.1 versions prior to 15.1R4-S9 15.1R7; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D471 15.1X53-D490 on NFX Series; 16.1 versions prior to 16.1R3-S8 16.1R4-S8 16.1R5-S4 16.1R6-S4 16.1R7; 16.1X65 versions prior to 16.1X65-D48; 16.2 versions prior to 16.2R1-S6 16.2R3; 17.1 versions prior to 17.1R1-S7 17.1R2-S6 17.1R3; 17.2 versions prior to 17.2R1-S6 17.2R2-S3 17.2R3; 17.2X75 versions prior to 17.2X75-D100 17.2X75-D42 17.2X75-D91; 17.3 versions prior to 17.3R1-S4 17.3R2-S2 17.3R3; 17.4 versions prior to 17.4R1-S3 17.4R2 . No other Juniper Networks products or platforms are affected by this issue. | 2018-10-10 | not yet calculated | CVE-2018-0043 SECTRACK CONFIRM |
| juniper -- junos_os | A Denial of Service vulnerability in the SIP application layer gateway (ALG) component of Junos OS based platforms allows an attacker to crash MS-PIC, MS-MIC, MS-MPC, MS-DPC or SRX flow daemon (flowd) process. This issue affects Junos OS devices with NAT or stateful firewall configuration in combination with the SIP ALG enabled. SIP ALG is enabled by default on SRX Series devices except for SRX-HE devices. SRX-HE devices have SIP ALG disabled by default. The status of ALGs in SRX device can be obtained by executing the command: show security alg status Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77; 12.3X48 versions prior to 12.3X48-D70; 15.1X49 versions prior to 15.1X49-D140; 15.1 versions prior to 15.1R4-S9, 15.1R7-S1; 15.1F6; 16.1 versions prior to 16.1R4-S9, 16.1R6-S1, 16.1R7; 16.2 versions prior to 16.2R2-S7, 16.2R3; 17.1 versions prior to 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.3 versions prior to 17.3R1-S5, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R2. No other Juniper Networks products or platforms are affected by this issue. | 2018-10-10 | not yet calculated | CVE-2018-0051 SECTRACK CONFIRM |
| juniper -- junos_os | A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to cause the Junos OS kernel to crash. Continued receipt of this specifically crafted malicious MPLS packet will cause a sustained Denial of Service condition. This issue require it to be received on an interface configured to receive this type of traffic. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D76 prior to 12.1X46-D81 on SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 12.3R12-S10; 12.3X48 versions above and including 12.3X48-D66 prior to 12.3X48-D75 on SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions above and including 14.1X53-D115 prior to 14.1X53-D130 on QFabric System; 15.1 versions above and including 15.1F6-S10; 15.1R4-S9; 15.1R6-S6; 15.1 versions above and including 15.1R7 prior to 15.1R7-S2; 15.1X49 versions above and including 15.1X49-D131 prior to 15.1X49-D150 on SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 15.1X53 versions above 15.1X53-D233 prior to 15.1X53-D235 on QFX5200/QFX5110; 15.1X53 versions up to and including 15.1X53-D471 prior to 15.1X53-D590 on NFX150, NFX250; 15.1X53-D67 on QFX10000 Series; 15.1X53-D59 on EX2300/EX3400; 16.1 versions above and including 16.1R3-S8; 16.1 versions above and including 16.1R4-S9 prior to 16.1R4-S12; 16.1 versions above and including 16.1R5-S4; 16.1 versions above and including 16.1R6-S3 prior to 16.1R6-S6; 16.1 versions above and including 16.1R7 prior to 16.1R7-S2; 16.2 versions above and including 16.2R1-S6; 16.2 versions above and including 16.2R2-S5 prior to 16.2R2-S7; 17.1R1-S7; 17.1 versions above and including 17.1R2-S7 prior to 17.1R2-S9; 17.2R1-S6; 17.2 versions above and including 17.2R2-S4 prior to 17.2R2-S6; 17.2X75 versions above and including 17.2X75-D100 prior to X17.2X75-D101, 17.2X75-D110; 17.3 versions above and including 17.3R1-S4 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.3 versions above and including 17.3R2-S2 prior to 17.3R2-S4 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.3R3 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.4 versions above and including 17.4R1-S3 prior to 17.4R1-S5 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.4R2 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 18.1 versions above and including 18.1R2 prior to 18.1R2-S3, 18.1R3 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 18.2 versions above and including 18.2R1 prior to 18.2R1-S2, 18.2R1-S3, 18.2R2 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 18.2X75 versions above and including 18.2X75-D5 prior to 18.2X75-D20. | 2018-10-10 | not yet calculated | CVE-2018-0049 SECTRACK CONFIRM MISC |
| juniper -- junos_os | If a duplicate MAC address is learned by two different interfaces on an MX Series device, the MAC address learning function correctly flaps between the interfaces. However, the Layer 2 Address Learning Daemon (L2ALD) daemon might crash when attempting to delete the duplicate MAC address when the particular entry is not found in the internal MAC address table. This issue only occurs on MX Series devices with l2-backhaul VPN configured. No other products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S1 on MX Series; 16.1 versions prior to 16.1R4-S12, 16.1R6-S6 on MX Series; 16.2 versions prior to 16.2R2-S7 on MX Series; 17.1 versions prior to 17.1R2-S9 on MX Series; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6 on MX Series; 17.3 versions prior to 17.3R2-S4, 17.3R3-S1 on MX Series; 17.4 versions prior to 17.4R1-S5 on MX Series; 18.1 versions prior to 18.1R2 on MX Series. | 2018-10-10 | not yet calculated | CVE-2018-0056 SECTRACK CONFIRM |
| juniper -- junos_space | A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2. | 2018-10-10 | not yet calculated | CVE-2018-0047 SECTRACK CONFIRM |
| juniper -- junos_space | A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1. | 2018-10-10 | not yet calculated | CVE-2018-0046 SECTRACK CONFIRM CONFIRM |
| juniper -- nfx_series_devices | An insecure SSHD configuration in Juniper Device Manager (JDM) and host OS on Juniper NFX Series devices may allow remote unauthenticated access if any of the passwords on the system are empty. The affected SSHD configuration has the PermitEmptyPasswords option set to "yes". Affected releases are Juniper Networks Junos OS: 18.1 versions prior to 18.1R4 on NFX Series. | 2018-10-10 | not yet calculated | CVE-2018-0044 CONFIRM |
| juniper -- qfs5000_series_and_ex4600_switches | On QFX5000 Series and EX4600 switches, a high rate of Ethernet pause frames or an ARP packet storm received on the management interface (fxp0) can cause egress interface congestion, resulting in routing protocol packet drops, such as BGP, leading to peering flaps. The following log message may also be displayed: fpc0 dcbcm_check_stuck_buffers: Buffers are stuck on queue 7 of port 45 This issue only affects the QFX5000 Series products (QFX5100, QFX5110, QFX5200, QFX5210) and the EX4600 switch. No other platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D47 on QFX5000 Series and EX4600; 15.1 versions prior to 15.1R7, 15.1R8 on QFX5000 Series and EX4600; 15.1X53 versions prior to 15.1X53-D233 on QFX5000 Series and EX4600; 16.1 versions prior to 16.1R7 on QFX5000 Series and EX4600; 16.2 versions prior to 16.2R3 on QFX5000 Series and EX4600; 17.1 versions prior to 17.1R2-S9, 17.1R3 on QFX5000 Series and EX4600; 17.2 versions prior to 17.2R2-S6, 17.2R3 on QFX5000 Series and EX4600; 17.2X75 versions prior to 17.2X75-D42 on QFX5000 Series and EX4600; 17.3 versions prior to 17.3R3 on QFX5000 Series and EX4600; 17.4 versions prior to 17.4R2 on QFX5000 Series and EX4600; 18.1 versions prior to 18.1R2 on QFX5000 Series and EX4600. | 2018-10-10 | not yet calculated | CVE-2018-0054 SECTRACK CONFIRM |
| juniper -- screenos | A persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. Affected releases are Juniper Networks ScreenOS 6.3.0 versions prior to 6.3.0r26. | 2018-10-10 | not yet calculated | CVE-2018-0059 CONFIRM |
| libgig -- libgig | An issue was discovered in libgig 4.1.0. There is an operator new[] failure (due to a big pSampleLoops heap request) in DLS::Sampler::Sampler in DLS.cpp. | 2018-10-09 | not yet calculated | CVE-2018-18197 MISC |
| libgig -- libgig | An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in RIFF::List::GetListTypeString in RIFF.cpp. | 2018-10-09 | not yet calculated | CVE-2018-18196 MISC |
| libgig -- libgig | An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in DLS::Region::GetSample() in DLS.cpp. | 2018-10-09 | not yet calculated | CVE-2018-18194 MISC |
| libgig -- libgig | An issue was discovered in libgig 4.1.0. There is a NULL pointer dereference in the function DLS::File::GetFirstSample() in DLS.cpp. | 2018-10-09 | not yet calculated | CVE-2018-18192 MISC |
| libgig -- libgig | An issue was discovered in libgig 4.1.0. There is operator new[] failure (due to a big pWavePoolTable heap request) in DLS::File::File in DLS.cpp. | 2018-10-09 | not yet calculated | CVE-2018-18193 MISC |
| libgig -- libgig | An issue discovered in libgig 4.1.0. There is an FPE (divide-by-zero error) in DLS::Sample::Sample in DLS.cpp. | 2018-10-09 | not yet calculated | CVE-2018-18195 MISC |
| linux -- linux_kernel | A missing address check in the callers of the show_opcodes() in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the dmesg log. | 2018-10-08 | not yet calculated | CVE-2018-14656 SECTRACK MISC CONFIRM CONFIRM MISC MISC |
| linux -- linux_kernel | arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control (with full register control). An attacker can also cause a denial of service (hypervisor panic) via an illegal exception return. This occurs because of insufficient restrictions on userspace access to the core register file, and because PSTATE.M validation does not prevent unintended execution modes. | 2018-10-07 | not yet calculated | CVE-2018-18021 MISC MISC BID MISC MISC MISC DEBIAN MISC |
| linux -- linux_kernel | The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7. | 2018-10-08 | not yet calculated | CVE-2018-17977 BID MLIST |
| micro_focus -- enterprise_developer_and_enterprise_server | Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination. | 2018-10-12 | not yet calculated | CVE-2018-12469 CONFIRM |
| microsoft -- chakracore | A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. | 2018-10-10 | not yet calculated | CVE-2018-8500 BID CONFIRM |
| microsoft -- edge | A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8530. | 2018-10-10 | not yet calculated | CVE-2018-8512 BID SECTRACK CONFIRM |
| microsoft -- edge | A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8512. | 2018-10-10 | not yet calculated | CVE-2018-8530 BID SECTRACK CONFIRM |
| microsoft -- edge | A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8473. | 2018-10-10 | not yet calculated | CVE-2018-8509 BID SECTRACK CONFIRM |
| microsoft -- edge_and_chakracore | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8505, CVE-2018-8510, CVE-2018-8511, CVE-2018-8513. | 2018-10-10 | not yet calculated | CVE-2018-8503 BID SECTRACK CONFIRM |
| microsoft -- edge_and_chakracore | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8505, CVE-2018-8510, CVE-2018-8513. | 2018-10-10 | not yet calculated | CVE-2018-8511 BID SECTRACK CONFIRM |
| microsoft -- edge_and_chakracore | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8505, CVE-2018-8511, CVE-2018-8513. | 2018-10-10 | not yet calculated | CVE-2018-8510 BID SECTRACK CONFIRM |
| microsoft -- edge_and_chakracore | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8505, CVE-2018-8510, CVE-2018-8511. | 2018-10-10 | not yet calculated | CVE-2018-8513 BID SECTRACK CONFIRM |
| microsoft -- edge_and_chakracore | A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8509. | 2018-10-10 | not yet calculated | CVE-2018-8473 BID SECTRACK CONFIRM |
| microsoft -- edge_and_chakracore | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8510, CVE-2018-8511, CVE-2018-8513. | 2018-10-10 | not yet calculated | CVE-2018-8505 BID SECTRACK CONFIRM |
| microsoft -- exchange_server | An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server. | 2018-10-10 | not yet calculated | CVE-2018-8448 BID SECTRACK CONFIRM |
| microsoft -- exchange_server | A remote code execution vulnerability exists in the way Microsoft Exchange software parses specially crafted email messages, aka "Microsoft Exchange Remote Code Execution Vulnerability." This affects Microsoft Exchange Server. | 2018-10-10 | not yet calculated | CVE-2018-8265 BID SECTRACK CONFIRM |
| microsoft -- hub_device_client_sdk_and_azure_iot_edge | A remote code execution vulnerability exists in the way that Azure IoT Hub Device Client SDK using MQTT protocol accesses objects in memory, aka "Azure IoT Device Client SDK Memory Corruption Vulnerability." This affects Hub Device Client SDK, Azure IoT Edge. | 2018-10-10 | not yet calculated | CVE-2018-8531 BID CONFIRM |
| microsoft -- internet_explorer | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8491. | 2018-10-10 | not yet calculated | CVE-2018-8460 BID SECTRACK CONFIRM |
| microsoft -- internet_explorer | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8460. | 2018-10-10 | not yet calculated | CVE-2018-8491 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8490. | 2018-10-10 | not yet calculated | CVE-2018-8489 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8482. | 2018-10-10 | not yet calculated | CVE-2018-8481 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2018-8489. | 2018-10-10 | not yet calculated | CVE-2018-8490 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-10-10 | not yet calculated | CVE-2018-8486 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8481. | 2018-10-10 | not yet calculated | CVE-2018-8482 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in Protected View, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. | 2018-10-10 | not yet calculated | CVE-2018-8502 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | An Information Disclosure vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka "Microsoft Windows Codecs Library Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019. | 2018-10-10 | not yet calculated | CVE-2018-8506 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-10-10 | not yet calculated | CVE-2018-8494 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in Protected View, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Office 365 ProPlus, PowerPoint Viewer, Microsoft Office, Microsoft PowerPoint. | 2018-10-10 | not yet calculated | CVE-2018-8501 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka "Windows TCP/IP Information Disclosure Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | 2018-10-10 | not yet calculated | CVE-2018-8493 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-10-10 | not yet calculated | CVE-2018-8453 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer, Microsoft Excel Viewer. | 2018-10-10 | not yet calculated | CVE-2018-8427 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Windows Server 2019, Windows Server 2008 R2, Windows 10, Windows Server 2008. | 2018-10-10 | not yet calculated | CVE-2018-8432 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-10-10 | not yet calculated | CVE-2018-8472 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-10-10 | not yet calculated | CVE-2018-8330 BID CONFIRM |
| microsoft -- multiple_products | A remote code execution vulnerability exists in the Microsoft JET Database Engine, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-10-10 | not yet calculated | CVE-2018-8423 SECTRACK MISC CONFIRM |
| microsoft -- multiple_products | A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files, aka "Windows Theme API Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-10-10 | not yet calculated | CVE-2018-8413 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | 2018-10-10 | not yet calculated | CVE-2018-8484 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 2018-10-10 | not yet calculated | CVE-2018-8495 BID CONFIRM |
| microsoft -- multiple_products | An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0. | 2018-10-10 | not yet calculated | CVE-2018-8292 BID REDHAT CONFIRM |
| microsoft -- multiple_products | A security feature bypass vulnerability exists in DNS Global Blocklist feature, aka "Windows DNS Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-10-10 | not yet calculated | CVE-2018-8320 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in Protected View, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft SharePoint Server, Office 365 ProPlus, Microsoft Office, Microsoft Word. | 2018-10-10 | not yet calculated | CVE-2018-8504 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | 2018-10-10 | not yet calculated | CVE-2018-8492 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | 2018-10-10 | not yet calculated | CVE-2018-8497 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory, aka "Microsoft Filter Manager Elevation Of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-10-10 | not yet calculated | CVE-2018-8333 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-10-10 | not yet calculated | CVE-2018-8411 BID SECTRACK CONFIRM |
| microsoft -- sharepoint | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8488, CVE-2018-8498. | 2018-10-10 | not yet calculated | CVE-2018-8518 BID SECTRACK CONFIRM |
| microsoft -- sharepoint | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8488, CVE-2018-8498, CVE-2018-8518. | 2018-10-10 | not yet calculated | CVE-2018-8480 BID SECTRACK CONFIRM |
| microsoft -- sharepoint | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8488, CVE-2018-8518. | 2018-10-10 | not yet calculated | CVE-2018-8498 BID SECTRACK CONFIRM |
| microsoft -- sharepoint | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8498, CVE-2018-8518. | 2018-10-10 | not yet calculated | CVE-2018-8488 BID SECTRACK CONFIRM |
| microsoft -- sql_server_management_studio | An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8533. | 2018-10-10 | not yet calculated | CVE-2018-8532 BID SECTRACK CONFIRM EXPLOIT-DB |
| microsoft -- sql_server_management_studio | An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8532, CVE-2018-8533. | 2018-10-10 | not yet calculated | CVE-2018-8527 BID SECTRACK CONFIRM EXPLOIT-DB |
| microsoft -- sql_server_management_studio | An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8532. | 2018-10-10 | not yet calculated | CVE-2018-8533 BID SECTRACK CONFIRM EXPLOIT-DB |
| microsoft -- windows_10_and_windows_10_servers | An Elevation of Privilege vulnerability exists in Windows Subsystem for Linux when it fails to properly handle objects in memory, aka "Linux On Windows Elevation Of Privilege Vulnerability." This affects Windows 10, Windows 10 Servers. | 2018-10-10 | not yet calculated | CVE-2018-8329 BID CONFIRM |
| naver -- whale | The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking. | 2018-10-11 | not yet calculated | CVE-2018-12449 CONFIRM |
| naviwebs -- navigate_cms | Navigate CMS has Stored XSS via the navigate.php Title field in an edit action. | 2018-10-09 | not yet calculated | CVE-2018-18029 CONFIRM CONFIRM |
| net-snmp -- net-snmp | _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | 2018-10-08 | not yet calculated | CVE-2018-18065 MISC MISC DEBIAN EXPLOIT-DB |
| net-snmp -- net-snmp | snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | 2018-10-08 | not yet calculated | CVE-2018-18066 MISC MISC MISC |
| nuuo -- nuuo_cms | NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution. | 2018-10-12 | not yet calculated | CVE-2018-17890 MISC |
| nuuo -- nuuo_cms | NUUO CMS all versions 3.1 and prior, The application creates default accounts that have hard-coded passwords, which could allow an attacker to gain privileged access. | 2018-10-12 | not yet calculated | CVE-2018-17894 MISC |
| nuuo -- nuuo_cms | NUUO CMS all versions 3.1 and prior, The application implements a method of user account control that causes standard account security features to not be utilized as intended, which could allow user account compromise and may allow for remote code execution. | 2018-10-12 | not yet calculated | CVE-2018-17892 MISC |
| nuuo -- nuuo_cms | NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution. | 2018-10-12 | not yet calculated | CVE-2018-17888 MISC |
| openjpeg -- openjpeg | OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c | 2018-10-09 | not yet calculated | CVE-2018-18088 MISC |
| opensuse -- open_build_service | A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df. | 2018-10-09 | not yet calculated | CVE-2018-12479 CONFIRM |
| opensuse -- open_build_service | A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Affected releases are openSUSE Open Build Service: status of is unknown. | 2018-10-09 | not yet calculated | CVE-2018-12478 CONFIRM |
| opensuse -- open_build_service | Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected releases are openSUSE Open Build Service: versions prior to 51a17c553b6ae2598820b7a90fd0c11502a49106. | 2018-10-09 | not yet calculated | CVE-2018-12474 CONFIRM CONFIRM |
| opensuse -- open_build_service | A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5367767efc989446fe4b5e4609cce. | 2018-10-09 | not yet calculated | CVE-2018-12477 CONFIRM |
| pagekit -- pagekit | The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user who has the "Manage portfolio" privilege can inject arbitrary web script or HTML via the Image URL field in the portfolio editor. The vulnerability is triggered by visiting /portfolio/${project_title}. | 2018-10-09 | not yet calculated | CVE-2018-18087 MISC |
| palo_alto -- pan-os | GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML. | 2018-10-12 | not yet calculated | CVE-2018-10141 CONFIRM |
| paramiko -- paramiko | Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. | 2018-10-08 | not yet calculated | CVE-2018-1000805 CONFIRM |
| pbootcms -- pbootcms | PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1 URI. | 2018-10-10 | not yet calculated | CVE-2018-18211 MISC |
| pdfalto -- pdfalto | A issue was found in pdfalto 0.2. There is a heap-based buffer overflow in the TextPage::addAttributsNode function in XmlAltoOutputDev.cc. | 2018-10-12 | not yet calculated | CVE-2018-18274 MISC MISC |
| pippo -- pippo | Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling. | 2018-10-11 | not yet calculated | CVE-2018-18240 MISC |
| privacyidea -- privacyidea | privacyIDEA version 2.23.1 and earlier contains a Improper Input Validation vulnerability in token validation api that can result in Denial-of-Service. This attack appear to be exploitable via http request with user=<space>&pass= to /validate/check url. This vulnerability appears to have been fixed in 2.23.2. | 2018-10-08 | not yet calculated | CVE-2018-1000809 CONFIRM CONFIRM |
| progress_software -- telerik_extensions_for_asp.net_mvc | Telerik Extensions for ASP.NET MVC (all versions) does not whitelist requests, which can allow a remote attacker to access files inside the server's web directory. NOTE: this product has been obsolete since June 2013. | 2018-10-08 | not yet calculated | CVE-2018-17060 CONFIRM |
| pyopenssl -- pyopenssl | Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.. This vulnerability appears to have been fixed in 17.5.0. | 2018-10-08 | not yet calculated | CVE-2018-1000808 CONFIRM |
| pyopenssl -- pyopenssl | Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0. | 2018-10-08 | not yet calculated | CVE-2018-1000807 CONFIRM |
| python -- python | The Requests package through 2.19.1 before 2018-09-14 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. | 2018-10-09 | not yet calculated | CVE-2018-18074 MISC MISC MISC MISC |
| qemu -- qemu | Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. | 2018-10-09 | not yet calculated | CVE-2018-17958 MLIST BID MLIST |
| qemu -- qemu | qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. | 2018-10-09 | not yet calculated | CVE-2018-17963 MLIST MLIST |
| qemu -- qemu | Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used. | 2018-10-09 | not yet calculated | CVE-2018-17962 MLIST MLIST |
| qibosoft -- qibosoft | qibosoft V7.0 allows CSRF via admin/index.php?lfj=member&action=addmember to add a user account. | 2018-10-09 | not yet calculated | CVE-2018-18201 MISC |
| red_hat -- ceph_storage_2_and_3 | It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell and escalate privileges. Once an attacker has successfully connected to this debug shell they will be able to execute arbitrary commands remotely. These commands will run with the same privileges as of user executing the application which is using python-werkzeug with debug shell mode enabled. In - Red Hat Ceph Storage 2 and 3, ceph-isci-cli package runs python-werkzeug library with root level permissions. | 2018-10-09 | not yet calculated | CVE-2018-14649 BID CONFIRM REDHAT REDHAT CONFIRM CONFIRM CONFIRM |
| rust -- rust | The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat, passed a large number, can overflow an internal buffer. This vulnerability appears to have been fixed in 1.29.1. | 2018-10-08 | not yet calculated | CVE-2018-1000810 CONFIRM CONFIRM |
| sap -- abap | In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 2018-10-09 | not yet calculated | CVE-2018-2470 BID MISC CONFIRM |
| sap -- adaptive_server_enterprise | Under certain conditions the backup server in SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted. | 2018-10-09 | not yet calculated | CVE-2018-2468 BID MISC CONFIRM |
| sap -- adaptive_server_enterprise | Under certain conditions SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted. | 2018-10-09 | not yet calculated | CVE-2018-2469 BID MISC CONFIRM |
| sap -- businessobjects_business_intelligence_platform | SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 2018-10-09 | not yet calculated | CVE-2018-2472 BID MISC CONFIRM |
| sap -- businessobjects_business_intelligence_platform | Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted. | 2018-10-09 | not yet calculated | CVE-2018-2471 BID MISC CONFIRM |
| sap -- businessobjects_business_intelligence_platform_servers | In the Software Development Kit in SAP BusinessObjects BI Platform Servers, versions 4.1 and 4.2, using the specially crafted URL in a Web Browser such as Chrome the system returns an error with the path of the used application server. | 2018-10-09 | not yet calculated | CVE-2018-2467 BID MISC CONFIRM |
| sap -- data_services | In Impact and Lineage Analysis in SAP Data Services, version 4.2, the management console does not sufficiently validate user-controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability. | 2018-10-09 | not yet calculated | CVE-2018-2466 BID MISC CONFIRM |
| sap -- erp_hcm | SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection. | 2018-10-09 | not yet calculated | CVE-2018-2474 BID MISC CONFIRM |
| sap -- gardener | Following the Gardener architecture, the Kubernetes apiserver of a Gardener managed shoot cluster resides in the corresponding seed cluster. Due to missing network isolation a shoot's apiserver can access services/endpoints in the private network of its corresponding seed cluster. Combined with other minor Kubernetes security issues, the missing network isolation theoretically can lead to compromise other shoot or seed clusters in the "Gardener" context. The issue is rated high due to the high impact of a potential exploitation in "Gardener" context. This was fixed in Gardener release 0.12.2. | 2018-10-09 | not yet calculated | CVE-2018-2475 CONFIRM MISC CONFIRM |
| seqrite -- endpoint_security | Seqrite Endpoint Security v7.4 has "Everyone: (F)" permission for %PROGRAMFILES%\Seqrite\Seqrite, which allows local users to gain privileges by replacing an executable file with a Trojan horse. | 2018-10-08 | not yet calculated | CVE-2018-17775 MISC EXPLOIT-DB |
| siemans -- multiple_products | A vulnerability has been identified in SIMATIC ET 200SP Open Controller (All versions >= V2.0), SIMATIC S7-1500 Software Controller (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 incl. F (All versions >= V2.0 and < V2.5). An attacker can cause a denial-of-service condition on the network stack by sending a large number of specially crafted packets to the PLC. The PLC will lose its ability to communicate over the network. This vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no privileges and no user interaction. An attacker could use this vulnerability to compromise availability of the network connectivity. | 2018-10-10 | not yet calculated | CVE-2018-13805 CONFIRM |
| siemans -- rox_ii | A vulnerability has been identified in ROX II (All versions < V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a low-privileged user but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. | 2018-10-10 | not yet calculated | CVE-2018-13801 BID CONFIRM MISC |
| siemans -- rox_ii | A vulnerability has been identified in ROX II (All versions < V2.12.1). An authenticated attacker with a high-privileged user account access via SSH could circumvent restrictions in place and execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the SSH interface in on port 22/tcp. The attacker must be authenticated to exploit the vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device. | 2018-10-10 | not yet calculated | CVE-2018-13802 BID CONFIRM MISC |
| siemans -- simatic_s7-1200_cpu | A vulnerability has been identified in SIMATIC S7-1200 CPU family version 4 (All versions < V4.2.3). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify parts of the device configuration. | 2018-10-10 | not yet calculated | CVE-2018-13800 BID CONFIRM |
| sugarcrm -- sugarcrm_community_edition | Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM Community Edition 6.5.26 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. | 2018-10-10 | not yet calculated | CVE-2018-17784 MISC EXPLOIT-DB |
| tecrail -- responsive_filemanager | An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML. | 2018-10-10 | not yet calculated | CVE-2018-18062 BUGTRAQ |
| tecrail -- responsive_filemanager | An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files. | 2018-10-10 | not yet calculated | CVE-2018-18061 BUGTRAQ |
| tibco -- spotfire_statistics_services | The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0. | 2018-10-10 | not yet calculated | CVE-2018-12410 BID CONFIRM |
| tinc -- tinc | tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation. | 2018-10-10 | not yet calculated | CVE-2018-16737 CONFIRM CONFIRM |
| tinc -- tinc | tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1. | 2018-10-10 | not yet calculated | CVE-2018-16738 CONFIRM CONFIRM DEBIAN |
| tinc -- tinc | Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets. | 2018-10-10 | not yet calculated | CVE-2018-16758 CONFIRM CONFIRM DEBIAN |
| virtualmin -- virtualmin | Virtualmin 6.03 allows Frame Injection via the settings-editor_read.cgi file parameter. | 2018-10-10 | not yet calculated | CVE-2018-18207 MISC |
| virtualmin -- virtualmin | Virtualmin 6.03 allows XSS via the query string, as demonstrated by the webmin_search.cgi URI. | 2018-10-10 | not yet calculated | CVE-2018-18208 MISC |
| vmware -- multiple_products | VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive. | 2018-10-09 | not yet calculated | CVE-2018-6977 BID SECTRACK SECTRACK CONFIRM |
| vmware -- workspace_one_unified_endpoint_manager_console | The VMware Workspace ONE Unified Endpoint Management Console (A/W Console) 9.7.x prior to 9.7.0.3, 9.6.x prior to 9.6.0.7, 9.5.x prior to 9.5.0.16, 9.4.x prior to 9.4.0.22, 9.3.x prior to 9.3.0.25, 9.2.x prior to 9.2.3.27, and 9.1.x prior to 9.1.5.6 contains a SAML authentication bypass vulnerability which can be leveraged during device enrollment. This vulnerability may allow for a malicious actor to impersonate an authorized SAML session if certificate-based authentication is enabled. This vulnerability is also relevant if certificate-based authentication is not enabled, but the outcome of exploitation is limited to an information disclosure (Important Severity) in those cases. | 2018-10-05 | not yet calculated | CVE-2018-6979 SECTRACK CONFIRM |
| wago -- 750-881_ethernet_controller_devices | WAGO 750-881 Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field. | 2018-10-12 | not yet calculated | CVE-2018-16210 EXPLOIT-DB |
| waimai_super_cms -- waimai_super_cms | XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food&a=addsave or admin.php?m=Food&a=editsave URI. | 2018-10-09 | not yet calculated | CVE-2018-18082 MISC |
| wecon -- levistudiou | An out-of-bounds vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project files. | 2018-10-09 | not yet calculated | CVE-2018-10610 MISC |
| wecon -- levistudiou | An XXE vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project XML files. | 2018-10-09 | not yet calculated | CVE-2018-10614 MISC |
| wecon -- pi_studio_hmi | WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior have a stack-based buffer overflow vulnerability which may allow remote code execution. | 2018-10-08 | not yet calculated | CVE-2018-14818 MISC |
| wecon -- pi_studio_hmi | WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior parse files and pass invalidated user data to an unsafe method call, which may allow code to be executed in the context of an administrator. | 2018-10-08 | not yet calculated | CVE-2018-14810 MISC |
| wecon -- pi_studio_hmi_and_pi_studio | In WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior when parsing project files, the XMLParser that ships with Wecon PIStudio is vulnerable to a XML external entity injection attack, which may allow sensitive information disclosure. | 2018-10-08 | not yet calculated | CVE-2018-17889 MISC |
| wikidforum -- wikidforum | WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or num_records parameter, or the index.php?action=search select_sort parameter. | 2018-10-09 | not yet calculated | CVE-2018-18075 MISC EXPLOIT-DB |
| wireshark -- wireshark | In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approach. | 2018-10-12 | not yet calculated | CVE-2018-18226 MISC MISC MISC |
| wireshark -- wireshark | In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed. | 2018-10-12 | not yet calculated | CVE-2018-18225 MISC MISC MISC |
| wireshark -- wireshark | In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values. | 2018-10-12 | not yet calculated | CVE-2018-18227 MISC MISC MISC |
| wordpress -- wordpress | process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php. | 2018-10-08 | not yet calculated | CVE-2018-18069 MISC |
| wordpress -- wordpress | Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field. | 2018-10-09 | not yet calculated | CVE-2018-17866 MISC CONFIRM |
| wordpress -- wordpress | The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking. | 2018-10-07 | not yet calculated | CVE-2015-9273 MISC MISC MISC |
| yakamara_media -- redaxo | There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4. | 2018-10-09 | not yet calculated | CVE-2018-18200 MISC |
| yakamara_media -- redaxo | Mediamanager in REDAXO before 5.6.4 has XSS. | 2018-10-09 | not yet calculated | CVE-2018-18199 MISC |
| yakamara_media -- redaxo | The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=[XSS] request. | 2018-10-09 | not yet calculated | CVE-2018-18198 MISC MISC |
| yokogawa -- stardom_controllers | Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers. | 2018-10-12 | not yet calculated | CVE-2018-17900 MISC CONFIRM |
| yokogawa -- stardom_controllers | Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable. | 2018-10-12 | not yet calculated | CVE-2018-17898 MISC CONFIRM |
| yokogawa -- stardom_controllers | Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions. | 2018-10-12 | not yet calculated | CVE-2018-17902 MISC CONFIRM |
| yokogawa -- stardom_controllers | Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work. | 2018-10-12 | not yet calculated | CVE-2018-17896 MISC CONFIRM |
| youke365 -- youke365 | youke365 v1.1.5 has SQL injection via admin/login.html, as demonstrated by username=admin&pass=123456&code=9823&act=login&submit=%E7%99%BB+%E9%99%86. | 2018-10-11 | not yet calculated | CVE-2018-18242 MISC |
| youke365 -- youke365 | In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can add an user account. | 2018-10-11 | not yet calculated | CVE-2018-18215 MISC |
| zeit -- next.js | Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page. | 2018-10-12 | not yet calculated | CVE-2018-18282 MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.