The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no high vulnerabilities recorded this week. |
Medium Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no medium vulnerabilities recorded this week. |
Low Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no low vulnerabilities recorded this week. |
Severity Not Yet Assigned
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
389-ds-base -- 389-ds-base |
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. | 2018-06-22 | not yet calculated | CVE-2017-2668 BID REDHAT REDHAT CONFIRM CONFIRM |
aaugustin/websockets -- aaugustin/websockets |
aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sending a specially crafted frame on an established connection. This vulnerability appears to have been fixed in 5. | 2018-06-26 | not yet calculated | CVE-2018-1000518 MISC |
adm -- asustor_nas_devices |
ASUSTOR ADM 3.1.2.RHG1 and earlier uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell. | 2018-06-28 | not yet calculated | CVE-2018-11510 MISC MISC |
aef -- advanced_electron_forum |
An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A persistent XSS vulnerability is located in the `FTP Link` element of the `Private Message` module. The editor of the private message module allows inserting links without sanitizing the content. This allows remote attackers to inject malicious script code payloads as a private message (aka pmbody). The injection point is the editor ftp link element and the execution point occurs in the message body context on arrival. The request method to inject is POST with restricted user privileges. | 2018-06-29 | not yet calculated | CVE-2018-13000 MISC |
aio-libs/aiohttp-session -- aio-libs/aiohttp-session |
aio-libs aiohttp-session contains a Session Fixation vulnerability in load_session function for RedisStorage (see: https://ift.tt/2MECnKg) that can result in Session Hijacking. This attack appear to be exploitable via Any method that allows setting session cookies (?session=<>, or meta tags or script tags with Set-Cookie). | 2018-06-26 | not yet calculated | CVE-2018-1000519 MISC MISC |
all_nippon_airways -- ana_app_for_ios |
The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2018-06-26 | not yet calculated | CVE-2018-0611 JVN MISC |
allen-bradley -- l30erms_safety_devices |
Improperly implemented option-field processing in the TCP/IP stack on Allen-Bradley L30ERMS safety devices v30 and earlier causes a denial of service. When a crafted TCP packet is received, the device reboots immediately. | 2018-06-25 | not yet calculated | CVE-2017-9312 BID MISC |
apache -- cassandra |
The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in https://ift.tt/294JTvN. The fix for the regression is implemented in https://ift.tt/2KbWliN. This fix is contained in the 3.11.2 release of Apache Cassandra. | 2018-06-28 | not yet calculated | CVE-2018-8016 MISC |
apache -- hbase |
CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be treated as an authenticated user. https://ift.tt/2yxtgZr implements a fix for this issue. It has been fixed in versions: 1.2.6.1, 1.3.2.1, 1.4.5, 2.0.1. | 2018-06-27 | not yet calculated | CVE-2018-8025 BID MISC |
apache -- pluto |
The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information. | 2018-06-27 | not yet calculated | CVE-2018-1306 MISC |
arm -- mbedtls |
ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be exploitable via Peers negotiate a TLS-ECDH-RSA-* ciphersuite. Any of the peers can then provide an ECDSA-signed certificate, when only an RSA-signed one should be accepted.. | 2018-06-26 | not yet calculated | CVE-2018-1000520 MISC |
atlassian -- fisheye_and_crucible |
The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command parameter. | 2018-06-28 | not yet calculated | CVE-2017-16859 BID CONFIRM CONFIRM |
axis_communications -- ip_cameras | An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface. | 2018-06-26 | not yet calculated | CVE-2018-10662 MISC CONFIRM CONFIRM |
axis_communications -- ip_cameras | There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction. | 2018-06-26 | not yet calculated | CVE-2018-10659 MISC CONFIRM CONFIRM |
axis_communications -- ip_cameras | An issue was discovered in multiple models of Axis IP Cameras. There is an Incorrect Size Calculation. | 2018-06-26 | not yet calculated | CVE-2018-10663 MISC CONFIRM CONFIRM |
axis_communications -- ip_cameras | An issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory Corruption. | 2018-06-26 | not yet calculated | CVE-2018-10664 MISC CONFIRM CONFIRM |
axis_communications -- ip_cameras | An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control. | 2018-06-26 | not yet calculated | CVE-2018-10661 MISC CONFIRM CONFIRM |
axis_communications -- ip_cameras | An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection. | 2018-06-26 | not yet calculated | CVE-2018-10660 MISC CONFIRM CONFIRM |
axis_communications -- ip_cameras |
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or similar. | 2018-06-26 | not yet calculated | CVE-2018-10658 MISC CONFIRM CONFIRM |
axpdfium -- axpdfium |
Untrusted search path vulnerability in axpdfium v0.01 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-06-26 | not yet calculated | CVE-2018-0601 JVN MISC |
baseon_latronix -- mss_devices |
Baseon Lantronix MSS devices do not require a password for TELNET access. | 2018-06-28 | not yet calculated | CVE-2018-12925 MISC |
basercms -- basercms | baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0572 JVN MISC |
basercms -- basercms | Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0570 JVN MISC |
basercms -- basercms | Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0574 JVN MISC |
basercms -- basercms | baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files. | 2018-06-26 | not yet calculated | CVE-2018-0571 JVN MISC |
basercms -- basercms | baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0575 JVN MISC |
basercms -- basercms | baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0573 JVN MISC |
basercms -- basercms |
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0569 JVN MISC |
beckoff -- twincat_3 |
Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. Precondition of the exploitation of this weakness is network access at the moment a route is added. | 2018-06-27 | not yet calculated | CVE-2017-16718 MISC |
beckoff -- twincat |
Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbirtrary ADS packets when legitimate ADS traffic is observable. | 2018-06-27 | not yet calculated | CVE-2017-16726 MISC |
bigtree-cms -- bigtree-cms |
BigTree-CMS contains a Cross Site Scripting (XSS) vulnerability in /users/create that can result in The low-privileged users can use this vulnerability to attack high-privileged(Developer) users.. This attack appear to be exploitable via no. This vulnerability appears to have been fixed in after commit b652cfdc14d0670c81ac4401ad5a04376745c279. | 2018-06-26 | not yet calculated | CVE-2018-1000521 MISC |
busybox -- busybox |
Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://ift.tt/2MIsYBn". | 2018-06-26 | not yet calculated | CVE-2018-1000500 MISC MISC |
busybox -- busybox |
BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e. | 2018-06-26 | not yet calculated | CVE-2018-1000517 MISC |
bws_systems -- ha-bridge |
BWS Systems HA-Bridge devices allow remote attackers to obtain potentially sensitive information via a direct request for the #!/system URI. | 2018-06-28 | not yet calculated | CVE-2018-12923 MISC |
centreon -- centreon | Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php. | 2018-06-25 | not yet calculated | CVE-2018-11588 CONFIRM CONFIRM CONFIRM CONFIRM |
centreon -- centreon | Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php. | 2018-06-25 | not yet calculated | CVE-2018-11589 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
centreon -- centreon |
There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php. | 2018-06-25 | not yet calculated | CVE-2018-11587 CONFIRM CONFIRM CONFIRM |
civetweb -- civetweb | Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file. | 2018-06-22 | not yet calculated | CVE-2018-12684 MISC MISC |
cloud_foundry -- cloud_foundry |
Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open redirects. A remote attacker can craft a malicious link that, when clicked, will redirect users to arbitrary websites after a successful login attempt. | 2018-06-25 | not yet calculated | CVE-2018-11041 CONFIRM |
cloudwu/pbc -- cloudwu/pbc |
In libpbc.a in PBC through 2017-03-02, there is a buffer over-read in calc_hash in map.c. | 2018-06-27 | not yet calculated | CVE-2018-12915 MISC |
cloudwu/pbc -- cloudwu/pbc | In libpbc.a in PBC through 2017-03-02, there is a heap-based buffer over-read in _pbcM_ip_new in map.c. | 2018-06-27 | not yet calculated | CVE-2018-12917 MISC |
cloudwu/pbc -- cloudwu/pbc | In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcP_message_default in proto.c. | 2018-06-27 | not yet calculated | CVE-2018-12916 MISC |
cloudwu/pbc -- cloudwu/pbc | In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcB_register_fields in bootstrap.c. | 2018-06-27 | not yet calculated | CVE-2018-12918 MISC |
cnn-lite -- cnn-lite |
An issue was discovered in CCN-lite 2.0.1. There is a heap-based buffer overflow in mkAddToRelayCacheRequest and in ccnl_populate_cache for an array lacking '\0' termination when reading a binary CCNx or NDN file. This can result in Heap Corruption. This was addressed by fixing the memory management in mkAddToRelayCacheRequest in ccn-lite-ctrl.c. | 2018-06-26 | not yet calculated | CVE-2018-12889 MISC |
codecanyon -- brynamics_online_trade |
Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for the /dashboard/deposit URI, as demonstrated by discovering database credentials. | 2018-06-27 | not yet calculated | CVE-2018-12908 MISC |
corebos -- corebos |
coreBOS version 7.0 and earlier contains a Incorrect Access Control vulnerability in Module: Contacts that can result in The error allows you to access records that you have no permissions to. . | 2018-06-26 | not yet calculated | CVE-2018-1000547 MISC |
craftedweb -- craftedweb |
In CraftedWeb through 2013-09-24, aasp_includes/pages/notice.php allows XSS via the e parameter. | 2018-06-27 | not yet calculated | CVE-2018-12919 MISC |
cyberark -- endpoint_privilege_manager |
In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application Group Wizard. | 2018-06-26 | not yet calculated | CVE-2018-12903 MISC |
cybozu -- mailwise | Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0559 JVN CONFIRM |
cybozu -- mailwise |
Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0558 JVN CONFIRM |
cybozu -- mailwise |
Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0557 JVN CONFIRM |
cybozu -- office | Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0529 JVN CONFIRM |
cybozu -- office | Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0527 JVN CONFIRM |
cybozu -- office | Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0565 JVN CONFIRM |
cybozu -- office | Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0566 JVN CONFIRM |
cybozu -- office | Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0567 JVN CONFIRM |
cybozu -- office | Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0528 JVN CONFIRM |
cybozu -- office |
Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0526 JVN CONFIRM |
dell -- emc_idrac_service_module |
Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content. | 2018-06-26 | not yet calculated | CVE-2018-11053 MISC BID |
delta_electronics -- delta_industrial_automation_commgr |
Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server. | 2018-06-26 | not yet calculated | CVE-2018-10594 BID MISC |
denx -- u-boot |
U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality. | 2018-06-26 | not yet calculated | CVE-2018-1000205 MISC MISC |
digisol -- dg-br4000ng_devices | DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header. | 2018-06-24 | not yet calculated | CVE-2018-12706 MISC EXPLOIT-DB |
digisol -- dg-br4000ng_devices |
DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side). | 2018-06-24 | not yet calculated | CVE-2018-12705 MISC EXPLOIT-DB |
easycms -- easycms |
EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users. | 2018-06-29 | not yet calculated | CVE-2018-12971 MISC |
eclipse -- jetty_server |
In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system. | 2018-06-27 | not yet calculated | CVE-2018-12536 SECTRACK CONFIRM |
eclipse -- jetty |
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore. | 2018-06-22 | not yet calculated | CVE-2018-12538 SECTRACK CONFIRM |
eclipse -- jetty | In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request. | 2018-06-26 | not yet calculated | CVE-2017-7657 SECTRACK CONFIRM |
eclipse -- jetty_server | In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization. | 2018-06-26 | not yet calculated | CVE-2017-7658 SECTRACK CONFIRM |
eclipse -- jetty |
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response. | 2018-06-26 | not yet calculated | CVE-2017-7656 SECTRACK CONFIRM |
electro_industries/gaugetech -- nexus_devices |
Electro Industries GaugeTech Nexus devices allow remote attackers to obtain potentially sensitive information via a direct request for the meter_information.htm, diag_system.htm, or diag_dnp_lan_wan.htm URI. | 2018-06-28 | not yet calculated | CVE-2018-12921 MISC |
emerson_liebert -- intellislot_web_card_devices |
Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control via the config/configUser.htm or config/configTelnet.htm URI. | 2018-06-28 | not yet calculated | CVE-2018-12922 MISC |
ethereum -- bitasean_token |
The mintToken function of a smart contract implementation for BitAsean (BAS), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue. | 2018-06-25 | not yet calculated | CVE-2018-12084 MISC |
ethereum -- block_18 |
The approveAndCallcode function of a smart contract implementation for Block 18 (18T), an tradable Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spender.call(_extraData)) is not verified, aka the "evilReflex" issue. NOTE: a PeckShield disclosure states "some researchers have independently discussed the mechanism of such vulnerability." | 2018-06-25 | not yet calculated | CVE-2018-12703 MISC MISC |
ethereum -- fujinto_token |
The mintToken function of a smart contract implementation for Fujinto (NTO), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue. | 2018-06-25 | not yet calculated | CVE-2018-12082 MISC |
ethereum -- globalvillage_ecosystem_token |
The approveAndCallcode function of a smart contract implementation for Globalvillage ecosystem (GVE), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spender.call(_extraData)) is not verified, aka the "evilReflex" issue. NOTE: a PeckShield disclosure states "some researchers have independently discussed the mechanism of such vulnerability." | 2018-06-25 | not yet calculated | CVE-2018-12702 MISC MISC |
ethereum -- goal_bonanza_token |
The mintToken function of a smart contract implementation for GOAL Bonanza (GOAL), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue. | 2018-06-25 | not yet calculated | CVE-2018-12083 MISC |
ethereum -- gold_reward_token |
The buy function of a smart contract implementation for Gold Reward (GRX), an Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the buyer because of overflow of the multiplication of its argument amount and a manipulable variable buyPrice, aka the "tradeTrap" issue. | 2018-06-25 | not yet calculated | CVE-2018-11446 MISC |
ethereum -- internet_node_token | The mintToken function of a smart contract implementation for Internet Node Token (INT), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue. | 2018-06-25 | not yet calculated | CVE-2018-12080 MISC |
ethereum -- internet_node_token |
The sell function of a smart contract implementation for Internet Node Token (INT), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue. | 2018-06-25 | not yet calculated | CVE-2018-12063 MISC |
ethereum -- polyai_token |
The mintToken function of a smart contract implementation for PolyAI (AI), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue. | 2018-06-25 | not yet calculated | CVE-2018-12078 MISC |
ethereum -- sec_token |
The sell function of a smart contract implementation for SEC, a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue. | 2018-06-25 | not yet calculated | CVE-2018-12070 MISC |
ethereum -- substratum_token |
The sell function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue. | 2018-06-25 | not yet calculated | CVE-2018-12067 MISC |
ethereum -- substraum_token |
The mintToken function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue. | 2018-06-25 | not yet calculated | CVE-2018-12079 MISC |
ethereum -- swftcoin_token |
The sell function of a smart contract implementation for SwftCoin (SWFTC), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue. | 2018-06-25 | not yet calculated | CVE-2018-12062 MISC |
ethereum -- target_coin_token | The mintToken function of a smart contract implementation for Target Coin (TGT), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue. | 2018-06-25 | not yet calculated | CVE-2018-12081 MISC |
ethereum -- target_coin_token |
The sell function of a smart contract implementation for Target Coin (TGT), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue. | 2018-06-25 | not yet calculated | CVE-2018-12068 MISC |
exempi -- exempi |
The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference. | 2018-06-22 | not yet calculated | CVE-2018-12648 MISC |
f5 -- big-ip | On BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed methods against virtual servers configured with a Client SSL or Server SSL profile that has the SSL Forward Proxy feature enabled can force the Traffic Management Microkernel (tmm) to leak memory. As a result, system memory usage increases over time, which may eventually cause a decrease in performance or a system reboot due to memory exhaustion. | 2018-06-27 | not yet calculated | CVE-2018-5527 SECTRACK CONFIRM |
f5 -- big-ip |
Under certain conditions, TMM may restart and produce a core file while processing APM data on BIG-IP 13.0.1 or 13.1.0.4-13.1.0.7. | 2018-06-27 | not yet calculated | CVE-2018-5528 SECTRACK CONFIRM |
flir -- brickstream_2300_devices |
Brickstream 2300 devices allow remote attackers to obtain potentially sensitive information via a direct request for the basic.html#ipsettings or basic.html#datadelivery URI. | 2018-06-28 | not yet calculated | CVE-2018-12920 MISC |
fortinet -- fortimanager | An improper access control vulnerability in Fortinet FortiManager 6.0.0 and below versions, FortiAnalyzer 6.0.0 and below versions allows a regular user edit the avatar picture of other users with arbitrary content. | 2018-06-27 | not yet calculated | CVE-2018-1354 BID SECTRACK SECTRACK CONFIRM |
fortinet -- fortimanager | An open redirect vulnerability in Fortinet FortiManager 6.0.0 and below versions, FortiAnalyzer 6.0.0 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs. | 2018-06-27 | not yet calculated | CVE-2018-1355 BID SECTRACK SECTRACK CONFIRM |
fortinet -- fortimanager |
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0 and below versions allows attacker to execute HTML/javascript code via managed remote devices' CLI commands by viewing the remote device CLI config installation log. | 2018-06-28 | not yet calculated | CVE-2018-1351 BID SECTRACK CONFIRM |
froxlor -- froxlor |
Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $_POST['ssl_ipandport']. This vulnerability appears to have been fixed in after commit c1e62e6. | 2018-06-26 | not yet calculated | CVE-2018-1000527 MISC MISC |
froxlor -- froxlor |
Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user. | 2018-06-22 | not yet calculated | CVE-2018-12642 MISC |
galaxy_project -- galaxy |
The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many templates used in the Galaxy server did not properly sanitize user's input, which would allow for cross-site scripting (XSS) attacks. In this form of attack, a malicious person can create a URL which, when opened by a Galaxy user or administrator, would allow the malicious user to execute arbitrary Javascript. that can result in Arbitrary JavaScript code execution. This attack appear to be exploitable via The victim must interact with component on page witch contains injected JavaScript code.. This vulnerability appears to have been fixed in v14.10.1, v15.01. | 2018-06-26 | not yet calculated | CVE-2018-1000516 MISC |
gimp -- gimp |
GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was intended to be private. | 2018-06-24 | not yet calculated | CVE-2018-12713 MISC MISC |
gnu -- binutils | demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump. | 2018-06-23 | not yet calculated | CVE-2018-12698 BID MISC MISC MISC |
gnu -- binutils | A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion. | 2018-06-23 | not yet calculated | CVE-2018-12700 BID MISC MISC MISC |
gnu -- binutils | finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump. | 2018-06-23 | not yet calculated | CVE-2018-12699 BID MISC MISC MISC |
gnu -- binutils |
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump. | 2018-06-23 | not yet calculated | CVE-2018-12697 BID MISC MISC MISC |
gnu -- binutils |
remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt. | 2018-06-28 | not yet calculated | CVE-2018-12934 MISC MISC MISC |
gnu -- bitutils |
An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new. | 2018-06-22 | not yet calculated | CVE-2018-12641 MISC MISC MISC |
gonicus/gosa -- gonicus/gosa |
GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password form (html/password.php, #308) that can result in injection of arbitrary web script or HTML. This attack appear to be exploitable via the victim must open a specially crafted web page. This vulnerability appears to have been fixed in after commit 56070d6289d47ba3f5918885954dcceb75606001. | 2018-06-26 | not yet calculated | CVE-2018-1000528 MISC MISC |
google -- google_home_and_chromecast_devices |
The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its local network, extracting the scan_results bssid fields, and sending these fields in a geolocation/v1/geolocate Google Maps Geolocation API request. | 2018-06-24 | not yet calculated | CVE-2018-12716 MISC MISC MISC MISC |
gpac -- gpac |
An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read. | 2018-06-29 | not yet calculated | CVE-2018-13005 MISC |
gpac -- gpac |
An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump. | 2018-06-29 | not yet calculated | CVE-2018-13006 MISC |
gpmf-parser -- gpmf-parser | An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for GPMF_KEY_END and nest_level (conditional on a buffer_size_longs check). | 2018-06-29 | not yet calculated | CVE-2018-13009 MISC |
gpmf-parser -- gpmf-parser | An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Validate. | 2018-06-29 | not yet calculated | CVE-2018-13011 MISC |
gpmf-parser -- gpmf-parser |
An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for GPMF_KEY_END and nest_level (not conditional on a buffer_size_longs check). | 2018-06-29 | not yet calculated | CVE-2018-13007 MISC |
gpmf-parser -- gpmf-parser |
An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for a positive nest_level. | 2018-06-29 | not yet calculated | CVE-2018-13008 MISC |
grails -- fields_plugin |
Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in Using the display tag that can result in XSS . This vulnerability appears to have been fixed in 2.2.8. | 2018-06-26 | not yet calculated | CVE-2018-1000529 MISC |
greencms -- greencms |
GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI. | 2018-06-29 | not yet calculated | CVE-2018-12988 MISC |
h2o -- h2o |
Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0608 JVN MISC |
hongcms -- hongcms |
An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI. | 2018-06-27 | not yet calculated | CVE-2018-12912 MISC |
hongcms -- hongcms |
An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI. | 2018-06-29 | not yet calculated | CVE-2018-13021 MISC |
hycuscms -- hycuscms |
Hycus CMS 1.0.4 allows Authentication Bypass via "'=' 'OR'" credentials. | 2018-06-29 | not yet calculated | CVE-2018-12984 EXPLOIT-DB |
ibm -- aix |
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748. | 2018-06-22 | not yet calculated | CVE-2018-1655 CONFIRM BID SECTRACK XF |
ibm -- doors_next_generation |
IBM DOORS Next Generation (DNG/RRC) 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141415. | 2018-06-27 | not yet calculated | CVE-2018-1507 CONFIRM XF |
ibm -- rational_doors |
An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. IBM X-Force ID: 140208. | 2018-06-27 | not yet calculated | CVE-2018-1457 CONFIRM BID XF |
ibm -- websphere_application_server |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. IBM X-Force ID: 144270. | 2018-06-26 | not yet calculated | CVE-2018-1614 SECTRACK XF CONFIRM |
ibm -- websphere_applications_server_liberty |
IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow a remote attacker to obtain sensitive information, caused by mishandling of exceptions by the SAML Web SSO feature. IBM X-Force ID: 142890. | 2018-06-27 | not yet calculated | CVE-2018-1553 CONFIRM XF |
ibm -- websphere_mq | IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142598. | 2018-06-27 | not yet calculated | CVE-2018-1543 CONFIRM XF |
ibm -- websphere_mq |
An IBM WebSphere MQ (Maintenance levels 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.8, 8.0.0.0 - 8.0.0.8, 9.0.0.0 - 9.0.0.2, and 9.0.0 - 9.0.4) client connecting to a Queue Manager could cause a SIGSEGV in the Channel process amqrmppa. IBM X-Force ID: 137775. | 2018-06-26 | not yet calculated | CVE-2018-1374 CONFIRM XF |
instant_update -- cms |
Instant Update CMS contains a Password Reset Vulnerability vulnerability in /iu-application/controllers/administration/auth.php that can result in Account Tackover. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in v0.3.3. | 2018-06-26 | not yet calculated | CVE-2018-1000501 MISC MISC |
insteon -- hd_ip_camera_white_2864-222 |
The webService binary on Insteon HD IP Camera White 2864-222 devices has a Buffer Overflow via a crafted pid, pwd, or usr key in a GET request on port 34100. | 2018-06-23 | not yet calculated | CVE-2018-12640 MISC |
insteon -- hd_ip_camera_white_2864-222 |
The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100. | 2018-06-23 | not yet calculated | CVE-2018-11560 MISC |
internet_initiative_japan -- iij_smartkey_app_for_android |
IIJ SmartKey App for Android version 2.1.0 and earlier allows remote attackers to bypass authentication [effect_of_bypassing_authentication] via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0584 JVN |
inversoft -- prime-jwt |
inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-20 vulnerability in JWTDecoder.decode that can result in an incorrect signature validation of a JWT token. This attack can be exploitable when an attacker crafts a JWT token with a valid header using 'none' as algorithm and a body to requests it be validated. This vulnerability was fixed after commit abb0d479389a2509f939452a6767dc424bb5e6ba. | 2018-06-26 | not yet calculated | CVE-2018-1000531 MISC |
ipconfigure -- orchid_core_vms |
IPConfigure Orchid Core VMS 2.0.5 allows Directory Traversal. | 2018-06-25 | not yet calculated | CVE-2018-10956 MISC EXPLOIT-DB |
ivanti -- avalanche | An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects customers who have enabled LDAP authentication in their configuration. | 2018-06-29 | not yet calculated | CVE-2018-8901 CONFIRM |
ivanti -- avalanche |
An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. The impacted products used a single shared key encryption model to encrypt data. A user with access to system databases can use the discovered key to access potentially confidential stored data, which may include Wi-Fi passwords. This discovered key can be used for all instances of the product. | 2018-06-29 | not yet calculated | CVE-2018-8902 CONFIRM |
jenkins -- jenkins | A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration. | 2018-06-26 | not yet calculated | CVE-2018-1000609 CONFIRM |
jenkins -- jenkins | A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. | 2018-06-26 | not yet calculated | CVE-2018-1000604 CONFIRM |
jenkins -- jenkins | A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords configured using Configuration as Code Plugin. | 2018-06-26 | not yet calculated | CVE-2018-1000610 CONFIRM |
jenkins -- jenkins | A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to. | 2018-06-26 | not yet calculated | CVE-2018-1000605 CONFIRM |
jenkins -- jenkins | A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session. | 2018-06-26 | not yet calculated | CVE-2018-1000602 CONFIRM |
jenkins -- jenkins | A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jenkins administrator’s web browser (e.g. malicious extension) to retrieve the configured password. | 2018-06-26 | not yet calculated | CVE-2018-1000608 CONFIRM |
jenkins -- jenkins | A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | 2018-06-26 | not yet calculated | CVE-2018-1000606 CONFIRM |
jenkins -- jenkins | A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java, JCloudsSlaveTemplate.java, LauncherFactory.java, OpenstackCredentials.java, OpenStackMachineStep.java, SlaveOptions.java, SlaveOptionsDescriptor.java that allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins, and to cause Jenkins to submit HTTP requests to attacker-specified URLs. | 2018-06-26 | not yet calculated | CVE-2018-1000603 CONFIRM |
jenkins -- jenkins | A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any file on the Jenkins master file system, only limited by the permissions of the user the Jenkins master process is running as. | 2018-06-26 | not yet calculated | CVE-2018-1000607 CONFIRM |
jenkins -- jenkins |
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 2018-06-26 | not yet calculated | CVE-2018-1000600 CONFIRM |
jenkins -- jenkins |
A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system. | 2018-06-26 | not yet calculated | CVE-2018-1000601 CONFIRM |
johnath/beep -- johnath/beep |
beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users to run beep. | 2018-06-26 | not yet calculated | CVE-2018-1000532 MISC |
joomla! -- joomla! | An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the "class_exists" function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File Inclusion. | 2018-06-26 | not yet calculated | CVE-2018-12712 BID CONFIRM |
joomla! -- joomla! |
An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL. | 2018-06-26 | not yet calculated | CVE-2018-12711 BID CONFIRM |
joplin -- joplin |
Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field - information on the fix can be found here https://ift.tt/2KsTFxd that can result in executing unauthorized code within the rights in which the application is running. This attack appear to be exploitable via Victim synchronizing notes from the cloud services or other note-keeping services which contain malicious code. This vulnerability appears to have been fixed in 1.0.90 and later. | 2018-06-26 | not yet calculated | CVE-2018-1000534 MISC MISC |
joyplus/joyplus-cms -- joyplus/joyplus-cms |
joyplus-cms 1.6.0 has XSS in admin_player.php, related to manager/index.php "system manage" and "add" actions. | 2018-06-27 | not yet calculated | CVE-2018-12905 MISC |
klaussilveira/gitlist -- klaussilveira/gitlist |
klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user. This attack appear to be exploitable via Send POST request using search form. This vulnerability appears to have been fixed in 0.7 after commit 87b8c26b023c3fc37f0796b14bb13710f397b322. | 2018-06-26 | not yet calculated | CVE-2018-1000533 MISC MISC |
lfcms -- lfcms | Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114. | 2018-06-25 | not yet calculated | CVE-2018-12603 MISC EXPLOIT-DB |
lfcms -- lfcms |
A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitrarily. | 2018-06-25 | not yet calculated | CVE-2018-12602 MISC EXPLOIT-DB |
libtiff -- libtiff |
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file. | 2018-06-26 | not yet calculated | CVE-2018-12900 MISC |
limesurvey -- limesurvey | LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Boxes that can result in CSRF admins to delete boxes. This vulnerability appears to have been fixed in 3.6.x. | 2018-06-26 | not yet calculated | CVE-2018-1000514 MISC MISC |
limesurvey -- limesurvey |
LimeSurvey version 3.0.0-beta.3+17110 contains a Cross Site Scripting (XSS) vulnerability in Boxes that can result in JS code execution against LimeSurvey admins. This vulnerability appears to have been fixed in 3.6.x. | 2018-06-26 | not yet calculated | CVE-2018-1000513 MISC |
line -- line_for_windows |
Untrusted search path vulnerability in LINE for Windows versions before 5.8.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-06-26 | not yet calculated | CVE-2018-0609 JVN MISC |
linux -- linux_kernel | ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem. | 2018-06-28 | not yet calculated | CVE-2018-12930 MISC MISC |
linux -- linux_kernel | ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem. | 2018-06-28 | not yet calculated | CVE-2018-12929 MISC MISC |
linux -- linux_kernel |
ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem. | 2018-06-28 | not yet calculated | CVE-2018-12931 MISC MISC |
linux -- linux_kernel |
Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream already: https://ift.tt/2sT56mh The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible. | 2018-06-26 | not yet calculated | CVE-2018-1000204 CONFIRM |
linux -- linux_kernel |
An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1 index invalid. This allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via crafted perf_event_open and mmap system calls. | 2018-06-24 | not yet calculated | CVE-2018-12714 MISC BID MISC MISC MISC |
linux -- linux_kernel |
In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL. | 2018-06-27 | not yet calculated | CVE-2018-12904 MISC MISC MISC MISC EXPLOIT-DB |
linux -- linux_kernel |
In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem. | 2018-06-28 | not yet calculated | CVE-2018-12928 MISC MISC |
lmsgit/lms -- lmsgit/lms |
lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. This attack appear to be exploitable via GET parameter. This vulnerability appears to have been fixed in after commit 254765e. | 2018-06-26 | not yet calculated | CVE-2018-1000535 MISC MISC |
maelostore -- maelostore |
An issue was discovered CMS MaeloStore V.1.5.0. There is stored XSS in the Telephone field of the admin interface. | 2018-06-29 | not yet calculated | CVE-2018-12992 MISC |
marlin -- marlin_firmware |
Marlin Firmware Marlin version 1.1.x and earlier contains a Buffer Overflow vulnerability in cardreader.cpp (Depending on branch/version) that can result in Arbitrary code execution. This attack appear to be exploitable via Crafted G-Code instruction/file is sent to the printer. | 2018-06-26 | not yet calculated | CVE-2018-1000537 MISC MISC |
mcafee -- web_gateway |
Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX). | 2018-06-26 | not yet calculated | CVE-2018-6667 BID SECTRACK CONFIRM |
medis -- medis |
Medis version 0.6.1 and earlier contains a XSS vulnerability evolving into code execution due to enabled nodeIntegration for the renderer process vulnerability in Key name parameter on new key creation that can result in Unauthorized code execution in the victim's machine, within the rights of the running application. This attack appear to be exploitable via Victim is synchronizing data from the redis server which contains malicious key value. | 2018-06-26 | not yet calculated | CVE-2018-1000536 MISC |
metinfo -- metinfo |
Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action. | 2018-06-29 | not yet calculated | CVE-2018-13024 MISC |
micro_focus -- secure_messaging_gateway | An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5). | 2018-06-29 | not yet calculated | CVE-2018-12465 CONFIRM CONFIRM |
micro_focus -- secure_messaging_gateway |
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5). | 2018-06-29 | not yet calculated | CVE-2018-12464 CONFIRM CONFIRM |
micro_focus -- solutions_business_manager |
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains. | 2018-06-22 | not yet calculated | CVE-2018-7682 CONFIRM |
microsoft -- c++_redistributable |
Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-06-26 | not yet calculated | CVE-2018-0599 JVN MISC |
microsoft -- onedrive | Untrusted search path vulnerability in the installer of Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-06-26 | not yet calculated | CVE-2018-0593 JVN BID MISC |
microsoft -- onedrive |
Untrusted search path vulnerability in Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-06-26 | not yet calculated | CVE-2018-0592 JVN BID MISC |
microsoft -- playmemories_home_for_windows |
Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-06-26 | not yet calculated | CVE-2018-0600 JVN MISC |
microsoft -- skype_for_windows | Untrusted search path vulnerability in the installer of Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-06-26 | not yet calculated | CVE-2018-0595 JVN BID MISC |
microsoft -- skype_for_windows |
Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-06-26 | not yet calculated | CVE-2018-0594 JVN BID MISC |
microsoft -- visual_code_studio |
Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-06-26 | not yet calculated | CVE-2018-0597 JVN BID MISC |
microsoft -- visual_studio_community |
Untrusted search path vulnerability in the installer of Visual Studio Community allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-06-26 | not yet calculated | CVE-2018-0596 JVN BID MISC |
microsoft -- windows |
Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-06-26 | not yet calculated | CVE-2018-0598 JVN MISC |
minio -- minio_s3_server |
Minio Inc. Minio S3 server version prior to RELEASE.2018-05-16T23-35-33Z contains a Allocation of Memory Without Limits or Throttling (similar to CWE-774) vulnerability in write-to-RAM that can result in Denial of Service. This attack appear to be exploitable via Sending V4-(pre)signed requests with large bodies . This vulnerability appears to have been fixed in after commit 9c8b7306f55f2c8c0a5c7cea9a8db9d34be8faa7. | 2018-06-26 | not yet calculated | CVE-2018-1000538 MISC MISC |
minisphere -- minisphere |
miniSphere version 5.2.9 and earlier contains a Integer Overflow vulnerability in layer_resize() function in map_engine.c that can result in remote denial of service. This attack appear to be exploitable via the victim must load a specially-crafted map which calls SetLayerSize in its entry script. This vulnerability appears to have been fixed in 5.0.3, 5.1.5, 5.2.10 and later. | 2018-06-26 | not yet calculated | CVE-2018-1000524 MISC MISC |
miniz -- miniz |
In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero. | 2018-06-27 | not yet calculated | CVE-2018-12913 MISC |
misp_project -- misp |
An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. An adversary can bypass the brute-force protection by using a PUT HTTP method instead of a POST HTTP method in the login part, because this protection was only covering POST requests. | 2018-06-22 | not yet calculated | CVE-2018-12649 CONFIRM |
mybb -- mybb |
MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be exploitable via Subscribe to a forum through IDOR. This vulnerability appears to have been fixed in 1.8.15. | 2018-06-26 | not yet calculated | CVE-2018-1000503 MISC MISC |
mybb -- mybb |
MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. This attack appear to be exploitable via Must have access to admin panel. This vulnerability appears to have been fixed in 1.8.15. | 2018-06-26 | not yet calculated | CVE-2018-1000502 MISC MISC |
netapp -- oncommand_unified_manager_for_7-mode |
NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface. | 2018-06-22 | not yet calculated | CVE-2017-7568 BID CONFIRM |
northern_electric_and_power -- inverter_devices |
Northern Electric & Power (NEP) inverter devices allow remote attackers to obtain potentially sensitive information via a direct request for the nep/status/index/1 URI. | 2018-06-28 | not yet calculated | CVE-2018-12927 MISC |
nov/json-jwt -- nov/json-jwt |
Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 1.9.4 and later. | 2018-06-26 | not yet calculated | CVE-2018-1000539 MISC |
nsmaomao/mao10cms -- nsmaomao/mao10cms |
mao10cms 6 allows XSS via the m=bbs&a=index page. | 2018-06-23 | not yet calculated | CVE-2018-12695 MISC |
nsmaomao/mao10cms -- nsmaomao/mao10cms |
mao10cms 6 allows XSS via the article page. | 2018-06-23 | not yet calculated | CVE-2018-12696 MISC |
ntt-cert -- flets_virus_clear |
Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-06-26 | not yet calculated | CVE-2018-0563 JVN MISC MISC |
nucom -- wr644gacv_devices |
NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. By downloading this file, an attacker can access the admin password, WPA key, and any config information of the device. | 2018-06-25 | not yet calculated | CVE-2018-8755 MISC |
ocs_inventory_ng -- ocs_inventory_ng | OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By sending crafted requests it is possible to gain database access. This vulnerability appears to have been fixed in 2.4.1. | 2018-06-26 | not yet calculated | CVE-2018-1000558 MISC MISC |
ocs_inventory_ng -- ocs_inventory_ng |
OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search functionality that can result in An attacker is able to execute arbitrary (javascript) code within a victims' browser. This attack appear to be exploitable via Victim must open a crafted link to the application. This vulnerability appears to have been fixed in ocsreports 2.4.1. | 2018-06-26 | not yet calculated | CVE-2018-1000557 MISC MISC |
octopus -- deploy |
In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user with incorrect permissions may be able to create Accounts under the Infrastructure menu. | 2018-06-26 | not yet calculated | CVE-2018-12884 MISC |
onefilecms -- onefilecms | onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen. | 2018-06-29 | not yet calculated | CVE-2018-12995 MISC |
onefilecms -- onefilecms |
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force attacks via the onefilecms_username and onefilecms_password fields. | 2018-06-29 | not yet calculated | CVE-2018-12993 MISC |
onefilecms -- onefilecms |
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen. | 2018-06-29 | not yet calculated | CVE-2018-12994 MISC |
openpsa -- openpsa | Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. This attack appear to be exploitable via Specially crafted XML file. This vulnerability appears to have been fixed in after commit 4974a26. | 2018-06-26 | not yet calculated | CVE-2018-1000526 MISC MISC |
openpsa -- openpsa |
openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This vulnerability appears to have been fixed in after commit 097eae0. | 2018-06-26 | not yet calculated | CVE-2018-1000525 MISC MISC |
openslp -- openslp |
slpd_process.c in OpenSLP 2.0.0 has a double free resulting in denial of service (daemon crash) or possibly unauthenticated remote code execution. | 2018-06-28 | not yet calculated | CVE-2018-12938 BID BID MISC |
opentsdb -- opentsdb | An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'json' to the /q URI. | 2018-06-29 | not yet calculated | CVE-2018-12973 MISC |
opentsdb -- opentsdb |
An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input. | 2018-06-29 | not yet calculated | CVE-2018-12972 MISC |
opentsdb -- opentsdb |
An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI. | 2018-06-29 | not yet calculated | CVE-2018-13003 MISC |
oswetto/loboevolution -- oswetto/loboevolution |
LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted XML file. | 2018-06-26 | not yet calculated | CVE-2018-1000540 MISC |
ovirt -- engine |
ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run with one of the options "--provision*db", the database username and password were logged in cleartext. Sharing the provisioning log might inadvertently leak database passwords. | 2018-06-26 | not yet calculated | CVE-2018-1072 REDHAT CONFIRM |
owen -- 5000_trillion_yen_converter_chrome_extension |
Cross-site scripting vulnerability in 5000 trillion yen converter v1.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0612 JVN MISC |
perl -- perl |
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter. | 2018-06-29 | not yet calculated | CVE-2018-10860 CONFIRM |
pharos_controls -- pharos_controls_devices |
Pharos Controls devices allow remote attackers to obtain potentially sensitive information via a direct request for the default/index.lsp or default/log.lsp URI. | 2018-06-28 | not yet calculated | CVE-2018-12926 MISC |
php -- php |
exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function. | 2018-06-25 | not yet calculated | CVE-2018-12882 BID CONFIRM |
phpldapadmin -- phpldapadmin | phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel. | 2018-06-22 | not yet calculated | CVE-2018-12689 EXPLOIT-DB |
pivotal -- operations_manager |
Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. An attacker with access to the NGINX processes and knowledge of how to exploit the unpatched vulnerabilities may be able to impact Operations Manager | 2018-06-25 | not yet calculated | CVE-2018-11046 BID CONFIRM |
pivotal -- spring | Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests. | 2018-06-25 | not yet calculated | CVE-2018-11040 CONFIRM |
pivotal -- spring |
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack. | 2018-06-25 | not yet calculated | CVE-2018-11039 CONFIRM |
pixar -- renderman | A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x67). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read by the application is not validated, and its use can lead to a null pointer dereference. The IT application is opened by a user and then listens for a connection on port 4001. An attacker can deliver an attack once the application has been opened. | 2018-06-26 | not yet calculated | CVE-2018-3840 MISC |
pixar -- renderman |
A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x69). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read-in is not validated, and its use can lead to a null pointer dereference. The IT application is opened by a user and then listens for a connection on port 4001. An attacker can deliver an attack once the application has been opened. | 2018-06-26 | not yet calculated | CVE-2018-3841 MISC |
pixelpost -- pixelpost | Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0605 JVN |
pixelpost -- pixelpost | SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0606 JVN |
pixelpost -- pixelpost |
Pixelpost v1.7.3 and earlier allows remote code execution via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0604 JVN |
podofo -- podofo | A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file. | 2018-06-29 | not yet calculated | CVE-2018-12983 MISC |
podofo -- podofo |
Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file. | 2018-06-29 | not yet calculated | CVE-2018-12982 MISC |
polaris -- office |
Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkproresenu.dll file in the current working directory. | 2018-06-28 | not yet calculated | CVE-2018-12589 MISC |
portainer -- portainer |
Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks. | 2018-06-22 | not yet calculated | CVE-2018-12678 CONFIRM CONFIRM |
qutebrowser -- qutebrowser |
qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This attack appear to be exploitable via the victim must open a page with a specially crafted <title> attribute, and then open the qute://history site via the :history command. This vulnerability appears to have been fixed in fixed in v1.3.3 (4c9360237f186681b1e3f2a0f30c45161cf405c7, to be released today) and v1.4.0 (5a7869f2feaa346853d2a85413d6527c87ef0d9f, released later this week). | 2018-06-26 | not yet calculated | CVE-2018-1000559 MISC MISC MISC |
raydac/netbeans-mmd-plugin -- raydac/netbeans-mmd-plugin |
netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted MMD file. | 2018-06-26 | not yet calculated | CVE-2018-1000542 MISC MISC |
rclone -- rclone |
In Rclone 1.42, use of "rclone sync" to migrate data between two Google Cloud Storage buckets might allow attackers to trigger the transmission of any URL's content to Google, because there is no validation of a URL field received from the Google Cloud Storage API server, aka a "RESTLESS" issue. | 2018-06-27 | not yet calculated | CVE-2018-12907 MISC MISC |
red_hat -- fedora |
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3. | 2018-06-26 | not yet calculated | CVE-2018-10852 BID CONFIRM |
red_hat -- ansible |
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. | 2018-06-22 | not yet calculated | CVE-2017-7466 BID REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT CONFIRM |
red_hat -- jboss_eap |
It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection. An attacker could use this flaw to cause remote code execution if they are able to provide XSLT content for parsing. Doing a transform in JAXP requires the use of a 'javax.xml.transform.TransformerFactory'. If the FEATURE_SECURE_PROCESSING feature is set to 'true', it mitigates this vulnerability. | 2018-06-27 | not yet calculated | CVE-2017-7465 BID CONFIRM |
rockiger/akiee -- rockiger/akiee |
Akiee version 0.0.3 contains a XSS leading to code execution due to the use of node integration vulnerability in "Details" of a task is not validated that can result in XSS leading to abritrary code execution. This attack appear to be exploitable via The attacker tricks the victim into opening a crafted markdown. | 2018-06-26 | not yet calculated | CVE-2018-1000543 MISC |
ruby-ffi -- ruby-ffi |
ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later. | 2018-06-22 | not yet calculated | CVE-2018-1000201 CONFIRM CONFIRM |
rubygems -- rubyzip |
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem.. | 2018-06-26 | not yet calculated | CVE-2018-1000544 MISC |
safe-n-sec -- multiple_products | Improper check of unusual conditions when launching msiexec.exe in safensec.com (SysWatch service) in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.9 allows the local attacker to bypass a code-signing protection mechanism and install/execute an unauthorized program by modifying the system configuration and installing a forged MSI file. (The intended behavior is that the component SysWatch does not allow installation of MSI files unless they are signed by a limited list of certificates.) | 2018-06-29 | not yet calculated | CVE-2018-13013 MISC |
safe-n-sec -- multiple_products | Storing password in recoverable format in safensec.com (SysWatch service) in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.2 allows the local attacker to restore the SysWatch password from the settings database and modify program settings. | 2018-06-29 | not yet calculated | CVE-2018-13014 MISC |
safe-n-sec -- multiple_products |
Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.12 allows the remote attacker to execute unauthorized code by substituting a forged update server. | 2018-06-29 | not yet calculated | CVE-2018-13012 MISC |
saj -- solar_inverter |
SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a direct request for the inverter_info.htm or english_main.htm URI. | 2018-06-25 | not yet calculated | CVE-2018-12735 MISC |
sandoba -- cp:shop |
An XSS issue was discovered in Sandoba CP:Shop v2016.1. The vulnerability is located in the `admin.php` file of the `./cpshop/` module. Remote attackers are able to inject their own script codes to the client-side requested vulnerable web-application parameters. The attack vector of the vulnerability is non-persistent and the request method to inject/execute is GET with the path, search, rename, or dir parameter. | 2018-06-29 | not yet calculated | CVE-2018-13001 MISC |
sanluan/publiccms -- sanluan/publiccms |
A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI. | 2018-06-27 | not yet calculated | CVE-2018-12914 MISC |
siemens -- multiple_products | A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200 Series (All versions < V3.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions >= V3.0 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (V2.4.X_with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions =< V2.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 400 systems (All versions _with_ Siemens Healthineers Informatics products). A factory account with hardcoded password might allow attackers access to the device over port 5900/tcp. Successful exploitation requires no user interaction or privileges and impacts the confidentiality, integrity, and availability of the affected device. At the time of advisory publication, no public exploitation of this security vulnerability is known. Siemens Healthineers confirms the security vulnerability and provides mitigations to resolve the security issue. | 2018-06-26 | not yet calculated | CVE-2018-4846 CONFIRM |
siemens -- multiple_products |
A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200 Series (All versions < V3.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions >= V3.0 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (V2.4.X_with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions =< V2.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 400 systems (All versions _with_ Siemens Healthineers Informatics products). Remote attackers with either local or remote credentialed access to the "Remote View" feature might be able to elevate their privileges, compromising confidentiality, integrity, and availability of the system. No special skills or user interaction are required to perform this attack. At the time of advisory publication, no public exploitation of this security vulnerability is known. Siemens Healthineers confirms the security vulnerability and provides mitigations to resolve the security issue. | 2018-06-26 | not yet calculated | CVE-2018-4845 CONFIRM |
siemens -- scalance_m875 | A vulnerability has been identified in SCALANCE M875 (All versions). An attacker with access to the local file system might obtain passwords for administratrive users. Successful exploitation requires read access to files on the local file system. A successful attack could allow an attacker to obtain administrative passwords. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2018-06-26 | not yet calculated | CVE-2018-11449 CONFIRM |
siemens -- scalance_m875 | A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a stored Cross-Site Scripting (XSS) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires that the attacker has access to the web interface of an affected device. The attacker must be authenticated as administrative user on the web interface. Afterwards, a legitimate user must access the web interface. A successful attack could allow an attacker to execute malicious code in the browser of a legitimate user. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2018-06-26 | not yet calculated | CVE-2018-11448 CONFIRM |
siemens -- scalance_m875 | A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2018-06-26 | not yet calculated | CVE-2018-4860 CONFIRM |
siemens -- scalance_m875 | A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2018-06-26 | not yet calculated | CVE-2018-4859 CONFIRM |
siemens -- scalance_m875 |
A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could potentially read and download arbitrary files from the device's file system. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2018-06-26 | not yet calculated | CVE-2018-4861 CONFIRM |
siemens -- scalance_m875 |
A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by an legitimate user, who must be authenticated to the web interface as administrative user. A successful attack could allow an attacker to interact with the web interface as an administrative user. This could allow the attacker to read or modify the device configuration, or to exploit other vulnerabilities that require authentication as administrative user. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2018-06-26 | not yet calculated | CVE-2018-11447 CONFIRM |
slims -- slims_8_akasia | Reflected Cross-Site Scripting (XSS) exists in the Membership module in SLiMS 8 Akasia 8.3.1 via an admin/modules/membership/index.php?keywords= URI. | 2018-06-22 | not yet calculated | CVE-2018-12656 MISC |
slims -- slims_8_akasia | Reflected Cross-Site Scripting (XSS) exists in the Master File module in SLiMS 8 Akasia 8.3.1 via an admin/modules/master_file/rda_cmc.php?keywords= URI. | 2018-06-22 | not yet calculated | CVE-2018-12657 MISC |
slims -- slims_8_akasia | Reflected Cross-Site Scripting (XSS) exists in the Circulation module in SLiMS 8 Akasia 8.3.1 via an admin/modules/circulation/loan_rules.php?keywords= URI, a related issue to CVE-2017-7242. | 2018-06-22 | not yet calculated | CVE-2018-12655 MISC |
slims -- slims_8_akasia | Reflected Cross-Site Scripting (XSS) exists in the Stock Take module in SLiMS 8 Akasia 8.3.1 via an admin/modules/stock_take/index.php?keywords= URI. | 2018-06-22 | not yet calculated | CVE-2018-12658 MISC |
slims -- slims_8_akasia | Reflected Cross-Site Scripting (XSS) exists in the Bibliography module in SLiMS 8 Akasia 8.3.1 via an admin/modules/bibliography/index.php?keywords= URI. | 2018-06-22 | not yet calculated | CVE-2018-12654 MISC |
slims -- slims_8_akasia | SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protection mechanism and obtain admin access by omitting the csrf_token parameter. | 2018-06-22 | not yet calculated | CVE-2018-12659 MISC |
sollae -- serial-ethernet-module_and_remote-i/o-device-server_devices |
Sollae Serial-Ethernet-Module and Remote-I/O-Device-Server devices have a default password of sollae for the TELNET service. | 2018-06-28 | not yet calculated | CVE-2018-12924 MISC |
sprockets -- sprockets |
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately. | 2018-06-26 | not yet calculated | CVE-2018-3760 MISC MISC |
sympa_community -- sympa |
The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This vulnerability appears to have been fixed in 6.2.32. | 2018-06-26 | not yet calculated | CVE-2018-1000550 MISC |
tibco -- multiple_products | The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for unauthorized information disclosure. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0. | 2018-06-27 | not yet calculated | CVE-2018-5437 MISC CONFIRM |
tibco -- multiple_products |
The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for remote code execution. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0. | 2018-06-27 | not yet calculated | CVE-2018-5435 MISC CONFIRM |
tibco -- multiple_products |
The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contain multiple vulnerabilities that may allow for the disclosure of information, including user and data source credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Server: versions up to and including 7.8.1; 7.9.0; 7.10.0; 7.11.0; 7.12.0. | 2018-06-27 | not yet calculated | CVE-2018-5436 MISC CONFIRM |
tinyexr -- tinyexr | tinyexr 0.9.5 has a segmentation fault in the wav2Decode function. | 2018-06-22 | not yet calculated | CVE-2018-12688 MISC |
tinyexr -- tinyexr | tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h. | 2018-06-22 | not yet calculated | CVE-2018-12687 MISC |
topydo -- topydo |
topydo contains a CWE-20: Improper Input Validation vulnerability in ListFormatParser::parse, file topydo/lib/ListFormat.py line 292 as of d4f843dac71308b2f29a7c2cdc76f055c3841523 that can result in Injection of arbitrary bytes to the terminal, including terminal escape code sequences. This attack appear to be exploitable via The victim must open a todo.txt with at least one specially crafted line.. | 2018-06-26 | not yet calculated | CVE-2018-1000523 MISC MISC |
tp-link -- tl-wa850re_wi-fi_range_extenders | TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json. | 2018-06-23 | not yet calculated | CVE-2018-12694 MISC |
tp-link -- tl-wa850re_wi-fi_range_extenders | Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to cause a denial of service (outage) via a long type parameter to /data/syslog.filter.json. | 2018-06-23 | not yet calculated | CVE-2018-12693 MISC |
tp-link -- tl-wa850re_wi-fi_range_extenders |
TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wps_setup_pin parameter to /data/wps.setup.json. | 2018-06-23 | not yet calculated | CVE-2018-12692 MISC EXPLOIT-DB |
triplea -- triplea |
Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted game data file (XML). | 2018-06-26 | not yet calculated | CVE-2018-1000546 MISC MISC |
trovebox -- trovebox | Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in user component that can result in Password reset. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed. | 2018-06-26 | not yet calculated | CVE-2018-1000554 MISC |
trovebox -- trovebox | Trovebox version <= 4.0.0-rc6 contains a Server-Side request forgery vulnerability in webhook component that can result in read or update internal resources. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed. | 2018-06-26 | not yet calculated | CVE-2018-1000553 MISC |
trovebox -- trovebox | Trovebox version <= 4.0.0-rc6 contains a SQL Injection vulnerability in album component that can result in SQL code injection. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed. | 2018-06-26 | not yet calculated | CVE-2018-1000552 MISC |
trovebox -- trovebox |
Trovebox version <= 4.0.0-rc6 contains a PHP Type juggling vulnerability in album view component that can result in Authentication bypass. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit 742b8edbe. | 2018-06-26 | not yet calculated | CVE-2018-1000551 MISC |
umlet -- umlet |
Umlet version < 14.3 contains a XML External Entity (XXE) vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted UXF file. This vulnerability appears to have been fixed in 14.3. | 2018-06-26 | not yet calculated | CVE-2018-1000548 MISC MISC |
ventrian/news-articles -- ventrian/news-articles |
ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity (XXE) vulnerability in News-Articles/API/MetaWebLog/Handler.ashx.vb that can result in Attacker can read any file in the server or use smbrelay attack to access to server.. | 2018-06-26 | not yet calculated | CVE-2018-1000515 MISC |
weblication -- cms_core_and_grid |
An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the `wFilemanager.php` and `index.php` files of the `/grid5/scripts/` modules. The injection point is located in the Project `Title` and the execution point occurs in the `Inhaltsprojekte` output listing section. Remote attackers with privileged user accounts are able to inject their own malicious script code with a persistent attack vector to compromise user session credentials or to manipulate the affected web-application module output context. The request method to inject is POST. | 2018-06-29 | not yet calculated | CVE-2018-13002 MISC |
wekan -- wekan |
Wekan version 1.04.0 contains a Email / Username Enumeration vulnerability in Register' and 'Forgot your password?' pages that can result in A remote attacker could perform a brute force attack to obtain valid usernames and email addresses.. This attack appear to be exploitable via HTTP Request. | 2018-06-26 | not yet calculated | CVE-2018-1000549 MISC |
wine -- wine |
PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by triggering a large pAlphaBlend->cbBitsSrc value. | 2018-06-28 | not yet calculated | CVE-2018-12932 MISC MISC MISC MISC MISC |
wine -- wine |
PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact because the attacker controls the pCreatePen->ihPen array index. | 2018-06-28 | not yet calculated | CVE-2018-12933 MISC MISC MISC MISC MISC |
wordpress -- wordpress | WP Image Zoom version 1.23 contains a Incorrect Access Control vulnerability in AJAX settings that can result in allows anybody to cause denial of service. This attack appear to be exploitable via Can be triggered intentionally (or unintentionally via CSRF) by any logged in user. This vulnerability appears to have been fixed in 1.24. | 2018-06-26 | not yet calculated | CVE-2018-1000510 MISC |
wordpress -- wordpress | Tooltipy Tooltipy (tooltips for WP) version 5 contains a Cross Site Scripting (XSS) vulnerability in Glossary shortcode that can result in could allow anybody to do almost anything an admin can. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1. | 2018-06-26 | not yet calculated | CVE-2018-1000512 MISC |
wordpress -- wordpress | Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody to do almost anything an admin can. This attack appear to be exploitable via Logged in user must follow a link. This vulnerability appears to have been fixed in 1.2.9. | 2018-06-26 | not yet calculated | CVE-2018-1000506 MISC |
wordpress -- wordpress | Tooltipy (tooltips for WP) version 5 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1. | 2018-06-26 | not yet calculated | CVE-2018-1000505 MISC |
wordpress -- wordpress | Redirection version 2.7.3 contains a ACE via file inclusion vulnerability in Pass-through mode that can result in allows admins to execute any PHP file in the filesystem. This attack appear to be exploitable via Attacker must be have access to an admin account on the target site. This vulnerability appears to have been fixed in 2.8. | 2018-06-26 | not yet calculated | CVE-2018-1000504 MISC |
wordpress -- wordpress | WP ULike version 2.8.1, 3.1 contains a Cross Site Scripting (XSS) vulnerability in Settings screen that can result in allows unauthorised users to do almost anything an admin can. This attack appear to be exploitable via Admin must visit logs page. This vulnerability appears to have been fixed in 3.2. | 2018-06-26 | not yet calculated | CVE-2018-1000508 MISC |
wordpress -- wordpress | WP User Groups version 2.0.0 contains a Cross Site Request Forgery (CSRF) vulnerability in Settings page that can result in allows anybody to modify user groups and types. This attack appear to be exploitable via Admin must click on link. This vulnerability appears to have been fixed in 2.1.1. | 2018-06-26 | not yet calculated | CVE-2018-1000507 MISC |
wordpress -- wordpress | WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulnerability in AJAX that can result in allows anybody to delete any row in certain tables. This attack appear to be exploitable via Attacker must make AJAX request. This vulnerability appears to have been fixed in 3.2. | 2018-06-26 | not yet calculated | CVE-2018-1000511 MISC |
wordpress -- wordpress | Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE vulnerability in Settings page AJAX that can result in could allow admin to execute arbitrary code in some circumstances. This attack appear to be exploitable via Attacker must have access to admin account. This vulnerability appears to have been fixed in 2.8. | 2018-06-26 | not yet calculated | CVE-2018-1000509 MISC |
wordpress -- wordpress |
WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing a cookie to code injection. This attack appear to be exploitable via an attacker must craft an URL with payload and send to the user. Victim need to open the link to be affected by reflected XSS. . | 2018-06-26 | not yet calculated | CVE-2018-1000556 MISC |
wordpress -- wordpress |
WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the wp-includes/post.php wp_delete_attachment function. The attacker must have capabilities for files and posts that are normally available only to the Author, Editor, and Administrator roles. The attack methodology is to delete wp-config.php and then launch a new installation process to increase the attacker's privileges. | 2018-06-26 | not yet calculated | CVE-2018-12895 BID MISC |
wordpress -- wordpress |
The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page. | 2018-06-22 | not yet calculated | CVE-2018-12636 CONFIRM EXPLOIT-DB |
wordpress -- wordpress |
Cross-site scripting vulnerability in Email Subscribers & Newsletters versions prior to 3.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0602 JVN MISC |
wordpress -- wordpress |
Cross-site scripting vulnerability in Site Reviews versions prior to 2.15.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2018-06-26 | not yet calculated | CVE-2018-0603 JVN MISC MISC |
wordpress -- wordpress |
In Easy Magazine through 2012-10-26, there is XSS in the search bar of the web site. | 2018-06-26 | not yet calculated | CVE-2018-12902 MISC |
wstmall -- wstmall |
WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account. | 2018-06-29 | not yet calculated | CVE-2018-13010 MISC |
yaml/pyyaml -- yaml/pyyaml |
In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used. | 2018-06-27 | not yet calculated | CVE-2017-18342 MISC MISC |
yxcms -- yxcms |
protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter. | 2018-06-29 | not yet calculated | CVE-2018-13025 MISC |
zenphoto -- zenphoto |
Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information. | 2018-06-26 | not yet calculated | CVE-2018-0610 JVN MISC |
zoho -- manageengine | A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13780) allows remote attackers to inject arbitrary web script or HTML via the parameter 'method' to GraphicalView.do. | 2018-06-29 | not yet calculated | CVE-2018-12996 MISC |
zoho -- manageengine | Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring. | 2018-06-29 | not yet calculated | CVE-2018-12997 MISC |
zoho -- manageengine | A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. | 2018-06-29 | not yet calculated | CVE-2018-12998 MISC |
zoho -- manageengine |
Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI. | 2018-06-29 | not yet calculated | CVE-2018-12999 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System https://ift.tt/2KA0coX
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.