Monday, June 4, 2018

SB18-155: Vulnerability Summary for the Week of May 28, 2018

Original release date: June 04, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no medium vulnerabilities recorded this week.
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info

1000ch -- dwebp-bin


 
dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. dwebp-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10633
MISC

aerospike -- aerospike-client-nodejs


 
aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-05-29 not yet calculated CVE-2016-10558
MISC
air-sdk -- air-sdk
 
air-sdk is a NPM wrapper for the Adobe AIR SDK. air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10603
MISC
airbrake -- node-airbrake
 
The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending. This goes against common best practice, which is to use HTTPS. 2018-05-31 not yet calculated CVE-2016-10530
MISC
MISC
alexyoung -- jadedown
 
jadedown is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in. 2018-05-31 not yet calculated CVE-2016-10520
MISC
andzdroid -- paypal-ipn
 
paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would fool any application which does not explicitly check for test_ipn in production. 2018-05-29 not yet calculated CVE-2014-10067
MISC
MISC
appgyver -- steroids
 
Steroids is PhoneGap on Steroids, providing native UI elements, multiple WebViews and enhancements for better developer productivity. steroids downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10581
MISC

appium -- appium-chromedriver


 
appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-05-31 not yet calculated CVE-2016-10557
MISC
apple -- safari
 
webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as distributed in Safari Technology Preview Release 57, mishandle an unset pageURL, leading to an application crash. 2018-06-01 not yet calculated CVE-2018-11646
MISC
MISC
appnitro -- machform
 
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter. 2018-05-26 not yet calculated CVE-2018-6409
MISC
EXPLOIT-DB
MISC
appnitro -- machform
 
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter. 2018-05-26 not yet calculated CVE-2018-6410
MISC
EXPLOIT-DB
MISC
appnitro -- machform
 
An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection. 2018-05-26 not yet calculated CVE-2018-6411
MISC
EXPLOIT-DB
MISC

arian -- selenium-wrapper


 
selenium-wrapper is a selenium server wrapper, including installation and chrome webdriver. selenium-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10628
MISC

arrayfire -- arrayfire-js


 
arrayfire-js is a module for ArrayFire for the Node.js platform. arrayfire-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10598
MISC
artifex -- ghostscript
 
psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977. 2018-06-01 not yet calculated CVE-2018-11645
MISC
MISC

artiomshapovalov -- tomita-parser


 
tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. 2018-05-29 not yet calculated CVE-2016-10666
MISC
arve0 -- node-geoip-country
 
geoip-lite-country is a stripped down version of geoip-lite, supporting only country lookup. geoip-lite-country before 1.1.4 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. 2018-05-29 not yet calculated CVE-2016-10568
MISC
atob -- atob
 
atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below. 2018-05-29 not yet calculated CVE-2018-3745
MISC
auth0 -- node-jsonwebtoken In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family). 2018-05-29 not yet calculated CVE-2015-9235
MISC
MISC
MISC
MISC

barretts -- node-iedriver


 
iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-05-31 not yet calculated CVE-2016-10562
MISC

bem-archive -- imageoptim


 
imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10596
MISC

bionode -- bionode-sra


 
bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. 2018-06-01 not yet calculated CVE-2016-10613
MISC
bitmain -- antminer_d3_and_l3+_and_s9_devices
 
Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Execution via the system restore function. 2018-05-31 not yet calculated CVE-2018-11220
EXPLOIT-DB

bloodaxe -- npm-native-opencv

native-opencv is the OpenCV library installed via npm native-opencv downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. 2018-05-29 not yet calculated CVE-2016-10658
MISC

bluesmoon -- node-geoip


 
adamvr-geoip-lite is a light weight native JavaScript implementation of GeoIP API from MaxMind adamvr-geoip-lite downloads geoip resources over HTTP, which leaves it vulnerable to MITM attacks. This impacts the integrity and availability of this geoip data that may alter the decisions made by an application using this data. 2018-05-29 not yet calculated CVE-2016-10680
MISC
bmw -- multiple_vehicles The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network. 2018-05-31 not yet calculated CVE-2018-9318
BID
MISC
MISC
bmw -- multiple_vehicles
 
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware updates, and consequently obtain a root shell. 2018-05-31 not yet calculated CVE-2018-9322
BID
MISC
MISC
bmw -- multiple_vehicles
 
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a remote attack via Bluetooth when in pairing mode, leading to a Head Unit reboot. 2018-05-31 not yet calculated CVE-2018-9313
BID
MISC
MISC
bmw -- multiple_vehicles
 
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in. 2018-05-31 not yet calculated CVE-2018-9320
BID
MISC
MISC
bmw -- multiple_vehicles
 
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in. 2018-05-31 not yet calculated CVE-2018-9312
BID
MISC
MISC
bmw -- multiple_vehicles
 
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows an attack by an attacker who has direct physical access. 2018-05-31 not yet calculated CVE-2018-9314
BID
MISC
MISC
bmw -- multiple_vehicles
 
The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network. 2018-05-31 not yet calculated CVE-2018-9311
BID
MISC
MISC

broccoli -- broccoli


 
broccoli-closure is a Closure compiler plugin for Broccoli. broccoli-closure before 1.3.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-05-29 not yet calculated CVE-2016-10635
MISC
brother -- hl-l2340d_and_hl-l2380dw_series_printers
 
Cross-site scripting (XSS) vulnerability on Brother HL-L2340D and HL-L2380DW series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html. 2018-06-01 not yet calculated CVE-2018-11581
MISC

bulain -- grunt-webdriver-qunit


 
grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in grunt grunt-webdriver-qunit downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10606
MISC

caspervonb -- bitty


 
Bitty is a development web server tool that functions similar to `python -m SimpleHTTPServer`. Version 0.2.10 has a directory traversal vulnerability that is exploitable via the URL path in GET requests. 2018-05-31 not yet calculated CVE-2016-10561
MISC
clippercms -- clippercms
 
ClipperCMS 1.3.3 allows Session Fixation. 2018-05-30 not yet calculated CVE-2018-11571
MISC
clippercms -- clippercms
 
ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -> Manage modules -> edit" action to the manager/ URI. 2018-05-30 not yet calculated CVE-2018-11572
MISC
cloudcmd -- console-io
 
console-io is a module that allows users to implement a web console in their application. A malicious user could bypass the authentication and execute any command that the user who is running the console-io application 2.2.13 and earlier is able to run. This means that if console-io was running from root, the attacker would have full access to the system. This vulnerability exists because the console-io application does not configure socket.io to require authentication, which allows a malicious user to connect via a websocket to send commands and receive the response. 2018-05-31 not yet calculated CVE-2016-10532
MISC
cmseasy -- cmseasy
 
An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin. 2018-06-02 not yet calculated CVE-2018-11679
MISC
MISC
cmseasy -- cmseasy
 
An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate. 2018-06-02 not yet calculated CVE-2018-11680
MISC
cnpm -- node-operadriver
 
operadriver is a Opera Driver for Selenium. operadriver versions below 0.2.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-05-31 not yet calculated CVE-2016-10565
MISC
cobalt-cli -- cobalt-cli
 
cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks. 2018-06-01 not yet calculated CVE-2016-10597
MISC
codecanyon.net -- easyservice_billing
 
The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0. 2018-05-25 not yet calculated CVE-2018-11443
MISC
EXPLOIT-DB
codecanyon.net -- easyservice_billing
 
A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role. 2018-05-25 not yet calculated CVE-2018-11445
MISC
EXPLOIT-DB
codecanyon.net -- easyservice_billing
 
A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0. 2018-05-25 not yet calculated CVE-2018-11444
MISC
EXPLOIT-DB
codecanyon.net -- easyservice_billing
 
A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation. 2018-05-25 not yet calculated CVE-2018-11442
MISC
EXPLOIT-DB
coderaiser -- node-restafary
 
restafary is a REpresentful State Transfer API for Creating, Reading, Using, Deleting files on a server from the web. Restafary before 1.6.1 is able to set up a root path, which should only allow it to run inside of that root path it specified. 2018-05-31 not yet calculated CVE-2016-10528
MISC

connected-web -- product-monitor


 
product-monitor is a HTML/JavaScript template for monitoring a product by encouraging product developers to gather all the information about the status of a product, including live monitoring, statistics, endpoints, and test results into one place. product-monitor versions below 2.2.5 download JavaScript resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server. 2018-05-29 not yet calculated CVE-2016-10567
MISC
creatiwity -- witycms
 
Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general. 2018-05-28 not yet calculated CVE-2018-11512
MISC
MISC
EXPLOIT-DB
cscms -- cscms
 
An issue was discovered in CScms v4.1. A Cross-site request forgery (CSRF) vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator's username and password via /admin.php/sys/editpass_save. 2018-05-29 not yet calculated CVE-2018-11527
MISC

dalekjs -- dalek-browser-chrome

dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10604
MISC
dalekjs -- dalek-browser-chrome-canary
 
dalek-browser-chrome-canary provides Google Chrome bindings for DalekJS. dalek-browser-chrome-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-05-29 not yet calculated CVE-2016-10584
MISC
dalekjs -- dalek-browser-ie
 
dalek-browser-ie is Internet Explorer bindings for DalekJS. dalek-browser-ie downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10605
MISC

dalekjs -- dalek-browser-ie


 
dalek-browser-ie-canary is Internet Explorer bindings for DalekJS. dalek-browser-ie-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10612
MISC

danielcardoso -- html-pages


 
The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL. 2018-05-29 not yet calculated CVE-2018-3744
MISC
MISC
danielfm -- jshamcrest jshamcrest is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in to the emailAddress validator. 2018-05-31 not yet calculated CVE-2016-10521
MISC
dataiku -- dataiku_dss
 
The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pictures visibility. 2018-05-28 not yet calculated CVE-2018-10732
MISC
MISC

davidmarkclements -- install-nw


 
install-nw is a module which quickly and robustly installs and caches NW.js. install-nw versions below 1.1.5 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-05-29 not yet calculated CVE-2016-10566
MISC
dchem -- node-ibapi
 
ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-05-29 not yet calculated CVE-2016-10593
MISC
dcodeio -- closurecompiler.js
 
closurecompiler is a Closure Compiler for node.js. closurecompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10582
MISC

ddopson -- node-sauce-connect


 
sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar program for establishing a secure tunnel for intranet testing. sauce-connect downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10599
MISC
dell_emc -- recoverpoint_and_recoverpoint_for_vms
 
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. An authenticated malicious user with access to the RecoverPoint log files may obtain the exposed LDAP password to use it in further attacks. 2018-05-29 not yet calculated CVE-2018-1241
FULLDISC
BID
dell_emc -- recoverpoint_and_recoverpoint_for_vms
 
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to execute arbitrary commands on the affected system with root privilege. 2018-05-29 not yet calculated CVE-2018-1235
FULLDISC
BID
dell_emc -- recoverpoint_and_recoverpoint_for_vms
 
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files that require root permission cannot be read. 2018-05-29 not yet calculated CVE-2018-1242
FULLDISC
BID
delta_electronics -- automation_tpeditor
 
In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution. 2018-05-25 not yet calculated CVE-2018-8871
BID
MISC
dirtyhairy -- node-libxl
 
libxl provides Node bindings for the libxl library for reading and writing excel (XLS and XLSX) spreadsheets. libxl downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10585
MISC
domainmod -- domainmod
 
DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter. 2018-05-30 not yet calculated CVE-2018-11559
MISC
domainmod -- domainmod
 
DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_first_name parameter. 2018-05-30 not yet calculated CVE-2018-11558
MISC
dtao -- fancy-server
 
Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory. 2018-05-31 not yet calculated CVE-2014-10066
MISC
dtsearch -- dtsearch
 
A stack exhaustion vulnerability in the search function of dtSearch 7.90.8538.1 and prior allows remote attackers to cause a denial of service condition by sending a specially crafted HTTP request. 2018-05-29 not yet calculated CVE-2018-11488
MISC
MISC
MISC
dwyl -- hapi-auth-jwt2
 
When attempting to allow authentication mode `try` in hapi, hapi-auth-jwt2 version 5.1.1 introduced an issue whereby people could bypass authentication. 2018-05-29 not yet calculated CVE-2016-10525
MISC
MISC
MISC
electron-userland -- electron-packager
 
electron-packager is a command line tool that packages Electron source code into `.app` and `.exe` packages. along with Electron. The `--strict-ssl` command line option in electron-packager >= 5.2.1 <= 6.0.0 || >=6.0.0 <= 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a man in the middle attack. 2018-05-31 not yet calculated CVE-2016-10534
MISC
MISC
ems_software -- ems_master_calendar
 
Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS. 2018-06-01 not yet calculated CVE-2018-11628
MISC
MISC

eosio -- eos

An issue was discovered in EOS.IO DAWN 4.2. plugins/net_plugin/net_plugin.cpp does not limit the number of P2P connections from the same source IP address. 2018-05-29 not yet calculated CVE-2018-11548
MISC
espruino -- espruino
 
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Information Disclosure with user crafted input files via a Buffer Overflow or Out-of-bounds Read during syntax parsing of certain for loops in jsparse.c. 2018-05-31 not yet calculated CVE-2018-11598
MISC
MISC
MISC
MISC
MISC
espruino -- espruino
 
Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via an Out-of-bounds Read during syntax parsing in which certain height validation is missing in libs/graphics/jswrap_graphics.c. 2018-05-31 not yet calculated CVE-2018-11592
MISC
MISC
MISC
espruino -- espruino
 
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and potential Information Disclosure with a user crafted input file via a Buffer Overflow during syntax parsing because strncpy is misused in jslex.c. 2018-05-31 not yet calculated CVE-2018-11593
MISC
MISC
MISC
espruino -- espruino
 
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing of "VOID" tokens in jsparse.c. 2018-05-31 not yet calculated CVE-2018-11594
MISC
MISC
MISC
espruino -- espruino
 
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because a check for '\0' is made for the wrong array element in jsvar.c. 2018-05-31 not yet calculated CVE-2018-11596
MISC
MISC
espruino -- espruino
 
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because of a missing check for stack exhaustion with many '{' characters in jsparse.c. 2018-05-31 not yet calculated CVE-2018-11597
MISC
MISC
espruino -- espruino
 
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Escalation of Privileges with a user crafted input file via a Buffer Overflow during syntax parsing, because strncat is misused. 2018-05-31 not yet calculated CVE-2018-11595
MISC
MISC
MISC
MISC
MISC
espruino -- espruino
 
Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via a NULL pointer dereference during syntax parsing. This was addressed by adding validation for a debug trace print statement in jsvar.c. 2018-05-31 not yet calculated CVE-2018-11591
MISC
MISC
MISC
espruino -- espruino
 
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via an integer overflow during syntax parsing. This was addressed by fixing stack size detection on Linux in jsutils.c. 2018-05-31 not yet calculated CVE-2018-11590
MISC
MISC
MISC

eversport -- node-unicodetable

unicode loads unicode data downloaded from unicode.org into nodejs. Unicode before 9.0.0 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. 2018-05-29 not yet calculated CVE-2016-10578
MISC
exiv2 -- exiv2
 
Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. 2018-05-29 not yet calculated CVE-2018-11531
CONFIRM
f5 -- big-ip
 
A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxied traffic, or other potentially sensitive customer data. 2018-06-01 not yet calculated CVE-2018-5525
SECTRACK
CONFIRM
f5 -- big-ip
 
Under certain conditions, on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.6.1 HF2-11.6.3.1, virtual servers configured with Client SSL or Server SSL profiles which make use of network hardware security module (HSM) functionality are exposed and impacted by this issue. 2018-06-01 not yet calculated CVE-2018-5524
SECTRACK
CONFIRM
f5 -- big-ip
 
On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impacted by this issue. 2018-06-01 not yet calculated CVE-2018-5513
SECTRACK
CONFIRM
f5 -- big-ip
 
Under certain conditions, on F5 BIG-IP ASM 13.1.0-13.1.0.5, Behavioral DOS (BADOS) protection may fail during an attack. 2018-06-01 not yet calculated CVE-2018-5526
SECTRACK
CONFIRM
f5 -- big-ip
 
Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a "Zip Bomb" attack. 2018-06-01 not yet calculated CVE-2017-6153
SECTRACK
CONFIRM
f5 -- big-ip
 
On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS. 2018-06-01 not yet calculated CVE-2018-5521
SECTRACK
CONFIRM
f5 -- big-ip
 
On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. 2018-06-01 not yet calculated CVE-2018-5523
SECTRACK
SECTRACK
CONFIRM
f5 -- big-ip
 
On F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, when processing DIAMETER transactions with carefully crafted attribute-value pairs, TMM may crash. 2018-06-01 not yet calculated CVE-2018-5522
CONFIRM

felixrieseberg -- windows-build-tools


 
windows-build-tools is a module for installing C++ Build Tools for Windows using npm. windows-build-tools versions below 1.0.0 download resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. 2018-05-29 not yet calculated CVE-2017-16003
MISC
MISC

fengmk2 -- node-curl


 
httpsync is a port of libcurl to node.js. httpsync downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10614
MISC
fibjs -- fibjs
 
fibjs is a runtime for javascript applictions built on google v8 JS. fibjs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10621
MISC
flif-hub -- flif
 
An issue was discovered in Free Lossless Image Format (FLIF) 0.3. An attacker can trigger a long loop in image_load_pnm in image/image-pnm.cpp. 2018-05-28 not yet calculated CVE-2018-11507
MISC
florianholzapfel -- express-restify-mongoose
 
express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send a request for `GET /User?distinct=password` and get all the passwords for all the users in the database, despite the field being set to private. This can be used for other private data if the malicious user knew what was set as private for specific routes. 2018-05-31 not yet calculated CVE-2016-10533
MISC
MISC
fortinet -- fortiauthenticator
 
A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator below 5.3.0 versions "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header. 2018-05-31 not yet calculated CVE-2018-9186
CONFIRM
fortinet -- fortios
 
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal. 2018-05-25 not yet calculated CVE-2017-14185
BID
CONFIRM

fresc81 -- node-curses


 
curses is bindings for the native curses library, a full featured console IO library. curses downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10615
MISC
gaelb -- massif
 
massif is a Phantomjs fork massif downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. 2018-05-29 not yet calculated CVE-2016-10682
MISC
gaoxuyan -- gaoxuyan gaoxuyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. 2018-05-29 not yet calculated CVE-2017-16153
MISC
MISC

gergelyke -- apk-parser2


 
apk-parser2 is a module which extracts Android Manifest info from an APK file. apk-parser2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10632
MISC
giflib -- giflib
 
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact. 2018-05-26 not yet calculated CVE-2018-11490
BID
MISC
giflib -- giflib
 
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact. 2018-05-26 not yet calculated CVE-2018-11489
BID
MISC

giggio -- node-chromedriver


 
Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver before 2.26.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10579
MISC
git -- git
 
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. 2018-05-30 not yet calculated CVE-2018-11233
BID
SECTRACK
MISC
git -- git
 
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. 2018-05-30 not yet calculated CVE-2018-11235
BID
SECTRACK
MISC
MISC
DEBIAN
EXPLOIT-DB
gitlab -- community_edition_and_enterprise_edition
 
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability. 2018-05-31 not yet calculated CVE-2018-10379
CONFIRM
google -- android
 
The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings. 2018-05-29 not yet calculated CVE-2018-11544
MISC
google -- android
 
The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output. 2018-05-26 not yet calculated CVE-2018-11505
MISC
EXPLOIT-DB
graphviz -- graphviz
 
NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file. 2018-05-30 not yet calculated CVE-2018-10196
CONFIRM
MISC
FEDORA
FEDORA
graylog -- graylog
 
Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js. 2018-06-01 not yet calculated CVE-2018-11650
MISC
MISC
graylog -- graylog
 
Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.jsx, components/dashboard/EditDashboardModal.jsx, and pages/ShowDashboardPage.jsx. 2018-06-01 not yet calculated CVE-2018-11651
MISC
MISC
greencms -- greencms
 
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin account via index.php?m=admin&c=access&a=adduserhandle. 2018-06-01 not yet calculated CVE-2018-11671
MISC
greencms -- greencms
 
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to execute arbitrary PHP code via the content parameter to index.php?m=admin&c=media&a=fileconnect. 2018-06-01 not yet calculated CVE-2018-11670
MISC

groupon -- selenium-download


 
selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-05-29 not yet calculated CVE-2016-10559
MISC

hakatashi -- kindlegen


 
Kindlegen is a simple Node.js wrapper of the official kindlegen program. Kindlegen versions before 1.1.0 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10575
MISC
hapijs -- hapi
 
Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. Instead of sending a HTTP 500 error back to the sender, hapi node module before 11.1.3 will continue to hold the socket open until timed out (default node timeout is 2 minutes). 2018-05-29 not yet calculated CVE-2015-9241
MISC
MISC
MISC
hapijs -- hapi
 
call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call versions 2.0.1-3.0.1 that does not validate empty parameters, which could result in invalid input bypassing the route validation rules. 2018-05-31 not yet calculated CVE-2016-10543
MISC
MISC
hapijs -- hapi
 
Hapi versions less than 11.0.0 implement CORS incorrectly and allowed for configurations that at best returned inconsistent headers and at worst allowed cross-origin activities that were expected to be forbidden. If the connection has CORS enabled but one route has it off, and the route is not GET, the OPTIONS prefetch request will return the default CORS headers and then the actual request will go through and return no CORS headers. This defeats the purpose of turning CORS on the route. 2018-05-31 not yet calculated CVE-2015-9236
MISC
MISC
MISC
hapijs -- hapi
 
When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have those restrictions overridden by less restrictive defaults (e.g. origin defaults to all origins `*`). 2018-05-29 not yet calculated CVE-2015-9243
MISC
MISC

hapijs -- inert

The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when `showHidden` is false. 2018-05-29 not yet calculated CVE-2014-10068
MISC
MISC
MISC
haproxy -- haproxy
 
Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function. 2018-05-25 not yet calculated CVE-2018-11469
BID
CONFIRM
UBUNTU
haxefoundation -- npm-haxe
 
haxe is a cross-platform toolkit haxe downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10602
MISC
hcl -- ivr_systems
 
A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller's physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller's earpiece). 2018-05-30 not yet calculated CVE-2018-11518
MISC
MISC
MISC
MISC

headless-browser-lite -- headless-browser-lite


 
headless-browser-lite is a minimal npm installer for phantomjs and slimerjs with no external dependencies. headless-browser-lite downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10625
MISC
hekto -- hekto
 
Open redirect in hekto <=0.2.3 when target domain name is used as html filename on server. 2018-06-01 not yet calculated CVE-2018-3743
MISC

hokaccha -- jwt-simple


 
Since "algorithm" isn't enforced in jwt.decode()in jwt-simple 0.3.0 and earlier, a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants. 2018-05-31 not yet calculated CVE-2016-10555
MISC
MISC
MISC
MISC
huawei -- espace_desktop
 
There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the eSpace Desktop to hang up, and the function will restore to normal after restarting the eSpace Desktop. 2018-06-01 not yet calculated CVE-2018-7976
CONFIRM
huawei -- multiple_smart_phones
 
Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processing of malicious parameters. An attacker may trick a target user into installing a malicious APK and launch attacks using a pre-installed app with specific permissions. Successful exploit could allow the app to send specific parameters to the smart phone driver, which will result in system restart. 2018-06-01 not yet calculated CVE-2017-17171
CONFIRM
huawei -- servers
 
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users. 2018-06-01 not yet calculated CVE-2018-7949
CONFIRM
huawei -- servers
 
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system. 2018-06-01 not yet calculated CVE-2018-7951
CONFIRM
huawei -- servers
 
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system. 2018-06-01 not yet calculated CVE-2018-7950
CONFIRM
hue -- hue
 
Hue 3.12 has XSS via the /pig/save/ name and script parameters. 2018-06-01 not yet calculated CVE-2018-11649
MISC
hyperledger -- iroha
 
Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block signature verification bypass in the transaction and block validator allowing a single node to sign a transaction and/or block multiple times, each with a random nonce, and have other validating nodes accept them as separate valid signatures. 2018-06-01 not yet calculated CVE-2018-3756
CONFIRM

hypery2k -- galenframework-cli


 
galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-05-31 not yet calculated CVE-2016-10560
MISC

i18next -- i18next


 
i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but is not. This vulnerability affects i18next 2.0.0 and later. 2018-05-29 not yet calculated CVE-2017-16010
MISC
MISC
ibm -- api_connect
 
IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 142430. 2018-05-31 not yet calculated CVE-2018-1532
CONFIRM
XF
ibm -- content_navigator
 
IBM Content Navigator 2.0.3, 3.0.0, 3.0.1, 3.0.2, and 3.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141219. 2018-05-31 not yet calculated CVE-2018-1496
CONFIRM
XF
ibm -- db2_for_linux_and_unix_and_windows
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140045. 2018-05-25 not yet calculated CVE-2018-1450
CONFIRM
XF
ibm -- flashsystem_v840_and_v900_products
 
IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148. 2018-05-29 not yet calculated CVE-2018-1495
CONFIRM
CONFIRM
XF
ibm -- security_guardium_big_data_intelligence
 
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 137767. 2018-05-29 not yet calculated CVE-2018-1369
CONFIRM
XF
ibm -- security_guardium_big_data_intelligence
 
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137777. 2018-05-29 not yet calculated CVE-2018-1376
CONFIRM
XF
ibm -- security_guardium_big_data_intelligence
 
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 137769. 2018-05-29 not yet calculated CVE-2018-1370
CONFIRM
XF
ibm -- security_guardium_big_data_intelligence
 
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 137776. 2018-05-29 not yet calculated CVE-2018-1375
CONFIRM
XF
ibm -- security_guardium_big_data_intelligence
 
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 136471. 2018-05-29 not yet calculated CVE-2017-1768
CONFIRM
XF
ibm -- storwize_v7000_unified_management_web_interface
 
The IBM Storwize V7000 Unified management Web interface 1.6 exposes internal cluster details to unauthenticated users. IBM X-Force ID: 140398. 2018-05-25 not yet calculated CVE-2018-1467
CONFIRM
BID
XF
ibm -- urbancode_deploy IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547. 2018-05-25 not yet calculated CVE-2017-1752
CONFIRM
BID
XF

ibmdb -- node-ibm_db


 
ibm_db is an asynchronous/synchronous interface for node.js to IBM DB2 and IBM Informix. ibm_db before 1.0.2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-05-29 not yet calculated CVE-2016-10577
MISC
MISC
igniteui -- igniteui
 
igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol. 2018-05-31 not yet calculated CVE-2016-10552
MISC
imagemagick -- imagemagick In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file. 2018-06-01 not yet calculated CVE-2018-11656
CONFIRM
imagemagick -- imagemagick
 
In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file. 2018-05-31 not yet calculated CVE-2018-11624
MISC
imagemagick -- imagemagick
 
In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file. 2018-06-01 not yet calculated CVE-2018-11655
CONFIRM
imagemagick -- imagemagick
 
In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file. 2018-05-31 not yet calculated CVE-2018-11625
MISC
imsobear -- node-browser
 
node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks. 2018-06-01 not yet calculated CVE-2016-10618
MISC
install-g-test -- install-g-test
 
install-g-test downloads resources over HTTP, which leaves it vulnerable to MITM attacks. 2018-06-01 not yet calculated CVE-2016-10630
MISC

ipfs -- npm-go-ipfs-dep


 
During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this module and could allow for further compromise. 2018-05-31 not yet calculated CVE-2016-10563
MISC
MISC
isaacs -- csrf-lite
 
csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enables an attacker to guess the secret in no more than (16*18)288 guesses, instead of the 16^18 guesses required were the timing attack not present. 2018-05-31 not yet calculated CVE-2016-10535
MISC
MISC
isaacs -- minimatch
 
Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter. 2018-05-31 not yet calculated CVE-2016-10540
MISC
janpot -- mongodb-instance
 
mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instance downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-05-31 not yet calculated CVE-2016-10572
MISC
jashkenas -- backbone
 
backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the `Model#Escape` function of backbone 0.3.3 and earlier, if a user is able to supply input. This is due to the regex that's replacing things to miss the conversion of things such as `<` to `<`. 2018-05-31 not yet calculated CVE-2016-10537
MISC
MISC

jefflembeck -- pngcrush-installer


 
pngcrush-installer is an installer for Pngcrush. pngcrush-installer versions below 1.8.10 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-05-29 not yet calculated CVE-2016-10570
MISC
jfhbrook -- node-ecstatic
 
Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header. 2018-05-29 not yet calculated CVE-2015-9242
MISC
MISC
MISC
jigowatt -- php_login_&_user_management
 
An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt "PHP Login & User Management" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user to upload .php files to the web server via a profile avatar field. This results in arbitrary code execution by requesting the .php file. 2018-05-29 not yet calculated CVE-2018-11392
MISC
BUGTRAQ
CONFIRM
jonschlinkert -- remarkable
 
Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content. 2018-05-31 not yet calculated CVE-2014-10065
MISC
MISC

jser -- jser-stat

jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. 2018-06-01 not yet calculated CVE-2016-10592
MISC
MISC
jshttp -- negotiator
 
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string. 2018-05-31 not yet calculated CVE-2016-10539
MISC

jugglinmike -- selenium-chromedriver


 
selenium-chromedriver is a simple utility for downloading the Selenium Webdriver for Google Chrome selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10624
MISC
jvminstall -- jvminstall
 
jvminstall is a module for downloading and unpacking jvm to local system. jvminstall downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10631
MISC

k-kinzal -- scala-bin


 
scala-bin is a binary wrapper for Scala. scala-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-05-29 not yet calculated CVE-2016-10627
MISC

k-kinzal -- scalajs-standalone-bin

scala-standalone-bin is a Binary wrapper for ScalaJS. scala-standalone-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10634
MISC

karimsa -- pennyworth


 
pennyworth is a natural language templating engine. pennyworth downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. 2018-06-01 not yet calculated CVE-2016-10619
MISC
keystonejs -- keystone
 
Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. A correct password is still required to complete sign in. 2018-05-29 not yet calculated CVE-2015-9240
MISC

killmag10 -- nodeschnaps


 
nodeschnaps is a NodeJS compatibility layer for Java (Rhino). nodeschnaps downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10622
MISC

koorchik -- node-mystem3


 
mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10626
MISC
kubernetes -- kubernetes
 
In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files. 2018-06-01 not yet calculated CVE-2018-1002100
CONFIRM
CONFIRM
MISC
legion_of_the_bouncy_castle -- bouncy_castle_jce_provider In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure. 2018-06-01 not yet calculated CVE-2016-1000338
CONFIRM
liblouis -- liblouis
 
Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. 2018-05-30 not yet calculated CVE-2018-11577
MISC
MISC
liblouis -- liblouis
 
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c. 2018-05-25 not yet calculated CVE-2018-11440
BID
MISC
libmobi -- libmobi
 
The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file. 2018-05-30 not yet calculated CVE-2018-11437
FULLDISC
libmobi -- libmobi
 
The buffer_addraw function in buffer.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file. 2018-05-30 not yet calculated CVE-2018-11436
FULLDISC
libmobi -- libmobi
 
The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allows remote attackers to cause remote code execution (heap-based buffer overflow) via a crafted mobi file. 2018-05-30 not yet calculated CVE-2018-11438
FULLDISC
libmobi -- libmobi
 
The mobi_parse_mobiheader function in read.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file. 2018-05-30 not yet calculated CVE-2018-11432
FULLDISC
libmobi -- libmobi
 
The mobi_decompress_huffman_internal function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file. 2018-05-30 not yet calculated CVE-2018-11435
FULLDISC
libmobi -- libmobi
 
The mobi_get_kf8boundary_seqnumber function in util.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file. 2018-05-30 not yet calculated CVE-2018-11433
FULLDISC
libmobi -- libmobi
 
The buffer_fill64 function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file. 2018-05-30 not yet calculated CVE-2018-11434
FULLDISC

liluo -- ipip


 
ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. 2018-06-01 not yet calculated CVE-2016-10594
MISC
linux -- linux_kernel
 
The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex. 2018-05-28 not yet calculated CVE-2018-11508
MISC
BID
MISC
MISC
MISC
linux -- linux_kernel
 
The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call. 2018-05-28 not yet calculated CVE-2018-11506
MISC
MISC
MISC
little_cms -- little_cms
 
tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file. 2018-05-30 not yet calculated CVE-2018-11556
MISC
MISC
little_cms -- little_cms
 
tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file. 2018-05-30 not yet calculated CVE-2018-11555
MISC
MISC
ljharb -- qs
 
The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example, in a web application, other requests would not be processed while this blocking is occurring. 2018-05-31 not yet calculated CVE-2014-10064
MISC
lutron_electronics -- multiple_products
 
Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y. 2018-06-02 not yet calculated CVE-2018-11681
MISC
lutron_electronics -- multiple_products
 
Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y. 2018-06-02 not yet calculated CVE-2018-11682
MISC
lutron_electronics -- multiple_products
 
Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y. 2018-06-02 not yet calculated CVE-2018-11629
MISC

macacajs -- macaca-chromedriver


 
macaca-chromedriver-zxa is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver-zxa downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10623
MISC
macacajs -- macaca-chromedriver
 
macaca-chromedriver is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver before 1.0.29 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-05-29 not yet calculated CVE-2016-10586
MISC
mahara -- mahara
 
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara credentials. 2018-06-01 not yet calculated CVE-2018-11195
CONFIRM
CONFIRM
mahara -- mahara
 
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning the usernames that are already taken by people registered in the system rather than masking that information. 2018-05-30 not yet calculated CVE-2018-11565
CONFIRM
CONFIRM
mahara -- mahara
 
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 can be used as medium to transmit viruses by placing infected files into a Leap2A archive and uploading that to Mahara. In contrast to other ZIP files that are uploaded, ClamAV (when activated) does not check Leap2A archives for viruses, allowing malicious files to be available for download. While files cannot be executed on Mahara itself, Mahara can be used to transfer such files to user computers. 2018-06-01 not yet calculated CVE-2018-11196
CONFIRM
CONFIRM
markedjs -- marked
 
marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (`sanitize: true`) to inject a `javascript:` URL. This flaw exists because `&#xNNanything;` gets parsed to what it could and leaves the rest behind, resulting in just `anything;` being left. 2018-05-31 not yet calculated CVE-2016-10531
MISC
MISC
MISC
mcafee -- data_loss_prevention_endpoint
 
Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility. 2018-05-25 not yet calculated CVE-2018-6664
BID
SECTRACK
CONFIRM
md4c -- md4c md_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based buffer over-read because md_is_link_label mishandles loop termination. 2018-05-29 not yet calculated CVE-2018-11547
MISC
md4c -- md4c
 
md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one error. 2018-05-29 not yet calculated CVE-2018-11546
MISC
md4c -- md4c
 
md4c before 0.2.5 has a heap-based buffer overflow because md_split_simple_pairing_mark mishandles splits. 2018-05-29 not yet calculated CVE-2018-11536
MISC
md4c -- md4c
 
md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because md_is_link_label mishandles the case of a link label composed solely of backslash escapes. 2018-05-29 not yet calculated CVE-2018-11545
MISC
miniupnp -- ngiflib
 
ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in DecodeGifImg. 2018-05-30 not yet calculated CVE-2018-11575
MISC
MISC
miniupnp -- ngiflib
 
ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg and LoadGif. 2018-06-01 not yet calculated CVE-2018-11657
MISC
miniupnp -- ngiflib
 
GifIndexToTrueColor in ngiflib.c in MiniUPnP ngiflib 0.4 has a Segmentation fault. 2018-05-30 not yet calculated CVE-2018-11578
MISC
MISC
miniupnp -- ngiflib
 
ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor. 2018-05-30 not yet calculated CVE-2018-11576
MISC
MISC
misp -- misp
 
An issue was discovered in MISP 2.4.91. A vulnerability in app/View/Elements/eventattribute.ctp allows reflected XSS if a user clicks on a malicious link for an event view and then clicks on the deleted attributes quick filter. 2018-05-30 not yet calculated CVE-2018-11562
CONFIRM
modx -- revolution
 
MODX Revolution 2.6.3 has XSS. 2018-06-01 not yet calculated CVE-2018-10382
CONFIRM
CONFIRM
moodle -- moodle An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection. 2018-05-25 not yet calculated CVE-2018-1133
BID
CONFIRM
moodle -- moodle
 
An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL. 2018-05-25 not yet calculated CVE-2018-1135
BID
CONFIRM
moodle -- moodle
 
An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL. 2018-05-25 not yet calculated CVE-2018-1134
BID
CONFIRM
moodle -- moodle
 
An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users. 2018-05-25 not yet calculated CVE-2018-1136
BID
CONFIRM
moodle -- moodle
 
An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack. 2018-05-25 not yet calculated CVE-2018-1137
BID
CONFIRM
moox -- reduce-css-calc
 
Arbitrary code execution is possible in reduce-css-calc node module <=1.2.4 through crafted css. This makes cross sites scripting (XSS) possible on the client and arbitrary code injection possible on the server and user input is passed to the `calc` function. 2018-05-31 not yet calculated CVE-2016-10548
MISC
MISC
mozilla -- nunjucks
 
Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as `name[]=<script>alert(1)</script>`, it is possible to bypass autoescaping and inject content into the DOM. 2018-05-31 not yet calculated CVE-2016-10547
MISC
MISC
MISC
mqttjs -- mqtt-packet
 
MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted MQTT packets to crash the application, making a DoS attack feasible with very little bandwidth. 2018-05-31 not yet calculated CVE-2016-10523
MISC
MISC
MISC
mybb -- mybb
 
An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. The XSS is located in the mod notes textarea. 2018-05-28 not yet calculated CVE-2018-11430
EXPLOIT-DB
mybb -- mybb
 
An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field. 2018-05-29 not yet calculated CVE-2018-11532
MISC
EXPLOIT-DB
myscada -- mypro
 
mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010. 2018-05-28 not yet calculated CVE-2018-11517
MISC
MISC
mysqljs -- mysqljs
 
mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. 2018-05-29 not yet calculated CVE-2017-16047
MISC
mysqljs -- mysql
 
Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection. 2018-05-29 not yet calculated CVE-2015-9244
MISC
MISC
natus -- xltek_neuroworks_8 An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. 2018-06-01 not yet calculated CVE-2017-2858
MISC
natus -- xltek_neuroworks_8
 
An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. 2018-06-01 not yet calculated CVE-2017-2852
MISC
natus -- xltek_neuroworks_8
 
An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. 2018-06-01 not yet calculated CVE-2017-2860
MISC
nch_software -- axon_pbx
 
There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable application. 2018-06-01 not yet calculated CVE-2018-11552
FULLDISC
nch_software -- axon_pbx
 
AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file is loaded by 'pbxsetup.exe' improperly. 2018-06-01 not yet calculated CVE-2018-11551
FULLDISC
nikto -- nikto
 
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report. 2018-06-01 not yet calculated CVE-2018-11652
MISC
node-js-libs -- cli
 
The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to. 2018-05-31 not yet calculated CVE-2016-10538
MISC
MISC
MISC
node-tkinter -- node-tkinter
 
node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. 2018-05-29 not yet calculated CVE-2017-16062
MISC
nodeca -- embedza
 
embedza is a module to create HTML snippets/embeds from URLs using info from oEmbed, Open Graph, meta tags. embedza versions below 1.2.4 download JavaScript resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server. 2018-05-31 not yet calculated CVE-2016-10569
MISC
ntfserver -- ntfserver
 
ntfserver is a Network Testing Framework Server. ntfserver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-05-29 not yet calculated CVE-2016-10650
MISC
nuuo -- nvrmini_2_devices
 
upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files. 2018-05-29 not yet calculated CVE-2018-11523
MISC
EXPLOIT-DB

nwjs -- nw


 
nw is an installer for nw.js. nw downloads zipped resources over HTTP, It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10588
MISC
oliversalzburg -- i18n-node-angular
 
i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of Service or content injection. 2018-05-31 not yet calculated CVE-2016-10524
MISC
MISC

omphalos -- crud-file-server


 
crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path. 2018-05-29 not yet calculated CVE-2018-3733
MISC
MISC
openframeproject -- openframe-glslviewer
 
openframe-glsviewer is a Openframe extension which adds support for shaders via glslViewer. openframe-glsviewer downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10607
MISC
openframeproject -- openframe-image
 
openframe-image is an Openframe extension which adds support for images via fbi. openframe-image downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. 2018-06-01 not yet calculated CVE-2016-10616
MISC

openlayers -- closure-util


 
closure-utils is Utilities for Closure Library based projects. closure-utils downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10583
MISC
pdf-image -- pdf-image
 
Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter. 2018-06-01 not yet calculated CVE-2018-3757
CONFIRM
MISC
pdfinfojs -- pdfinfojs
 
The pdfinfojs NPM module versions <= 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine. 2018-06-01 not yet calculated CVE-2018-3746
MISC
phpscriptsmall.com -- naukri_clone_script
 
PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dangerous Type in edit_resume_det.php, as demonstrated by changing .docx to .php. 2018-05-28 not yet calculated CVE-2018-11514
MISC
poco -- poco
 
poco - The POCO libraries, downloads source file resources used for compilation over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. 2018-05-29 not yet calculated CVE-2016-10659
MISC
pouchdb -- pouchdb
 
An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands. 2018-05-31 not yet calculated CVE-2016-10546
MISC
probablycorey -- atom-node-module-installer
 
atom-node-module-installer installs node modules for atom-shell applications. atom-node-module-installer binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10620
MISC
pulpiks -- node-mystem
 
mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. 2018-05-29 not yet calculated CVE-2016-10698
MISC

putaoshu -- jdf-sass


 
jdf-sass is a fork from node-sass, jdf use only. jdf-sass downloads executable resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested file with an attacker controlled file if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10595
MISC
quest -- dr_series_disk_backup Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 29 of 46). 2018-06-01 not yet calculated CVE-2018-11171
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 21 of 46). 2018-06-01 not yet calculated CVE-2018-11163
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 23 of 46). 2018-06-01 not yet calculated CVE-2018-11165
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 24 of 46). 2018-06-01 not yet calculated CVE-2018-11166
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 25 of 46). 2018-06-01 not yet calculated CVE-2018-11167
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 22 of 46). 2018-06-01 not yet calculated CVE-2018-11164
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 20 of 46). 2018-06-01 not yet calculated CVE-2018-11162
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 18 of 46). 2018-06-01 not yet calculated CVE-2018-11160
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 19 of 46). 2018-06-01 not yet calculated CVE-2018-11161
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 26 of 46). 2018-06-01 not yet calculated CVE-2018-11168
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 27 of 46). 2018-06-01 not yet calculated CVE-2018-11169
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 33 of 46). 2018-06-01 not yet calculated CVE-2018-11175
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 34 of 46). 2018-06-01 not yet calculated CVE-2018-11176
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 32 of 46). 2018-06-01 not yet calculated CVE-2018-11174
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 31 of 46). 2018-06-01 not yet calculated CVE-2018-11173
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 28 of 46). 2018-06-01 not yet calculated CVE-2018-11170
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 30 of 46). 2018-06-01 not yet calculated CVE-2018-11172
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 17 of 46). 2018-06-01 not yet calculated CVE-2018-11159
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 16 of 46). 2018-06-01 not yet calculated CVE-2018-11158
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 6 of 46). 2018-06-01 not yet calculated CVE-2018-11148
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 7 of 46). 2018-06-01 not yet calculated CVE-2018-11149
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 5 of 46). 2018-06-01 not yet calculated CVE-2018-11147
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 4 of 46). 2018-06-01 not yet calculated CVE-2018-11146
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 1 of 46). 2018-06-01 not yet calculated CVE-2018-11143
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 3 of 46). 2018-06-01 not yet calculated CVE-2018-11145
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 8 of 46). 2018-06-01 not yet calculated CVE-2018-11150
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 9 of 46). 2018-06-01 not yet calculated CVE-2018-11151
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 14 of 46). 2018-06-01 not yet calculated CVE-2018-11156
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 15 of 46). 2018-06-01 not yet calculated CVE-2018-11157
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 13 of 46). 2018-06-01 not yet calculated CVE-2018-11155
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 12 of 46). 2018-06-01 not yet calculated CVE-2018-11154
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 10 of 46). 2018-06-01 not yet calculated CVE-2018-11152
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 11 of 46). 2018-06-01 not yet calculated CVE-2018-11153
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 35 of 46). 2018-06-01 not yet calculated CVE-2018-11177
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 2 of 46). 2018-06-01 not yet calculated CVE-2018-11144
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 46 of 46). 2018-06-01 not yet calculated CVE-2018-11188
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 45 of 46). 2018-06-01 not yet calculated CVE-2018-11187
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 43 of 46). 2018-06-01 not yet calculated CVE-2018-11185
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 42 of 46). 2018-06-01 not yet calculated CVE-2018-11184
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of 6). 2018-06-01 not yet calculated CVE-2018-11189
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6). 2018-06-01 not yet calculated CVE-2018-11190
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6). 2018-06-01 not yet calculated CVE-2018-11194
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6). 2018-06-01 not yet calculated CVE-2018-11193
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6). 2018-06-01 not yet calculated CVE-2018-11192
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6). 2018-06-01 not yet calculated CVE-2018-11191
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 41 of 46). 2018-06-01 not yet calculated CVE-2018-11183
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 44 of 46). 2018-06-01 not yet calculated CVE-2018-11186
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 39 of 46). 2018-06-01 not yet calculated CVE-2018-11181
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 37 of 46). 2018-06-01 not yet calculated CVE-2018-11179
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 36 of 46). 2018-06-01 not yet calculated CVE-2018-11178
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 40 of 46). 2018-06-01 not yet calculated CVE-2018-11182
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 38 of 46). 2018-06-01 not yet calculated CVE-2018-11180
MISC
FULLDISC
MISC
quest -- kace_system_management_appliance
 
The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks. 2018-05-31 not yet calculated CVE-2018-11135
MISC
quest -- kace_system_management_appliance
 
The 'reportID' parameter received by the '/common/run_report.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, an error-based type). 2018-05-31 not yet calculated CVE-2018-11140
MISC
quest -- kace_system_management_appliance
 
The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. This script is vulnerable to command injection via the unsanitized user input 'TEST_SERVER' sent to the script via the POST method. 2018-05-31 not yet calculated CVE-2018-11139
MISC
quest -- kace_system_management_appliance
 
The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system. 2018-05-31 not yet calculated CVE-2018-11138
MISC
quest -- kace_system_management_appliance
 
The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, a blind time-based type). 2018-05-31 not yet calculated CVE-2018-11136
MISC
quest -- kace_system_management_appliance
 
The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script. 2018-05-31 not yet calculated CVE-2018-11137
MISC
quest -- kace_system_management_appliance
 
In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue managed that runs with root privileges and only allows a set of commands. One of the available commands allows changing any user's password (including root). A low-privilege user could abuse this feature by changing the password of the 'kace_support' account, which comes disabled by default but has full sudo privileges. 2018-05-31 not yet calculated CVE-2018-11134
MISC
quest -- kace_system_management_appliance
 
In order to perform actions that require higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue that runs daemonized with root privileges and only allows a set of commands to be executed. A command injection vulnerability exists within this message queue which allows low-privilege users to append arbitrary commands that will be run as root. 2018-05-31 not yet calculated CVE-2018-11132
MISC
quest -- kace_system_management_appliance
 
The 'fmt' parameter of the '/common/run_cross_report.php' script in the the Quest KACE System Management Appliance 8.0.318 is vulnerable to cross-site scripting. 2018-05-31 not yet calculated CVE-2018-11133
MISC
quest -- kace_system_management_appliance
 
The 'systemui/settings_network.php' and 'systemui/settings_patching.php' scripts in the Quest KACE System Management Appliance 8.0.318 are accessible only from localhost. This restriction can be bypassed by modifying the 'Host' and 'X_Forwarded_For' HTTP headers in a POST request. An anonymous user can abuse this vulnerability to execute critical functions without authorization. 2018-05-31 not yet calculated CVE-2018-11142
MISC
quest -- kace_system_management_appliance
 
The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be at any location where the 'www' user has write permissions. 2018-05-31 not yet calculated CVE-2018-11141
MISC
ralphbean -- ansi2html
 
ansi2html is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in. 2018-05-31 not yet calculated CVE-2015-9239
MISC

redien -- limbus-buildgen


 
limbus-buildgen is a "build anywhere" build system. limbus-buildgen versions below 0.1.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. 2018-05-29 not yet calculated CVE-2016-10674
MISC
riot -- compiler
 
The riot-compiler version version 2.3.21 has an issue in a regex (Catastrophic Backtracking) thats make it unusable under certain conditions. 2018-05-31 not yet calculated CVE-2016-10527
MISC
MISC

robot -- robot-js

robot-js is a module for native system automation for node.js. robot-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10608
MISC
robotwebtools -- groslibjs
 
roslib-socketio - The standard ROS Javascript Library fork for add support to socket.io roslib-socketio downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. 2018-05-29 not yet calculated CVE-2016-10681
MISC
rondaful -- m1_wristband_smart_band_1_devices
 
Rondaful M1 Wristband Smart Band 1 devices allow remote attackers to send an arbitrary number of call or SMS notifications via crafted Bluetooth Low Energy (BLE) traffic. 2018-05-31 not yet calculated CVE-2018-11631
MISC

rse -- node-prince


 
Prince is a Node API for executing XML/HTML to PDF renderer PrinceXML via prince(1) CLI. prince downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server. 2018-05-29 not yet calculated CVE-2016-10591
MISC

rubenv -- apk-parser


 
apk-parser is a tool to extract Android Manifest info from an APK file. apk-parser versions below 0.1.6 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-05-31 not yet calculated CVE-2016-10564
MISC
ruckus -- icx7450-48_devices
 
A reflected XSS vulnerability on Ruckus ICX7450-48 devices allows remote attackers to inject arbitrary web script or HTML. 2018-05-29 not yet calculated CVE-2018-11027
BUGTRAQ
ruckus -- smartzone
 
Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3.5.1, 3.6.0, and 3.6.1 (Essentials and High Scale) on vSZ, SZ-100, SZ-300, and SCG-200 devices allows remote attackers to obtain sensitive information or modify data. 2018-05-31 not yet calculated CVE-2018-11036
MISC
samsung -- s7_edge_device
 
A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463. 2018-05-29 not yet calculated CVE-2018-10751
MISC
CONFIRM
EXPLOIT-DB
schedmd -- slurm
 
SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields). 2018-05-30 not yet calculated CVE-2018-10995
MISC
MISC
seacms -- seacms
 
SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter. 2018-05-30 not yet calculated CVE-2018-11583
MISC
searchblox -- searchblox
 
servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass. 2018-06-01 not yet calculated CVE-2018-11538
MISC
MISC
EXPLOIT-DB
sela -- sela
 
SELA (aka SimplE Lossless Audio) v0.1.2-alpha has a stack-based buffer overflow in the core/apev2.c init_apev2_keys function. 2018-05-31 not yet calculated CVE-2018-11626
MISC

selenium-standalone-painful -- selenium-standalone-painful

selenium-standalone-painful installs a start-selenium command line to start a standalone selenium server with chrome-driver. selenium-standalone-painful downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. 2018-05-29 not yet calculated CVE-2016-10679
MISC
sequelize -- sequelize
 
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier. 2018-05-31 not yet calculated CVE-2016-10553
MISC
MISC
sequelize -- sequelize
 
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escaping. 2018-05-31 not yet calculated CVE-2016-10554
MISC
MISC
sequelize -- sequelize
 
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the `limit` or `order` parameters, a malicious user can put in their own SQL statements. This affects sequelize 3.16.0 and earlier. 2018-05-31 not yet calculated CVE-2016-10550
MISC
MISC
sequelize -- sequelize
 
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This causes potential SQL injection in sequelize 3.19.3 and earlier, where a malicious user could put `["test", "'); DELETE TestTable WHERE Id = 1 --')"]` inside of ``` database.query('SELECT * FROM TestTable WHERE Name IN (:names)', { replacements: { names: directCopyOfUserInput } }); ``` and cause the SQL statement to become `SELECT Id FROM Table WHERE Name IN ('test', '\'); DELETE TestTable WHERE Id = 1 --')`. In Postgres, MSSQL, and SQLite, the backslash has no special meaning. This causes the the statement to delete whichever Id has a value of 1 in the TestTable table. 2018-05-29 not yet calculated CVE-2016-10556
MISC
MISC
serve -- serve
 
Information exposure through directory listings in serve 6.5.3 allows directory listing and file access even when they have been set to be ignored. 2018-06-01 not yet calculated CVE-2018-3809
MISC
sexstatic -- sexstatic
 
XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name. 2018-06-01 not yet calculated CVE-2018-3755
MISC

shama -- nodewebkit


 
nodewebkit is an installer for node-webkit. nodewebkit downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10580
MISC
silverwind -- droppy
 
Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under his control and delete others. 2018-05-31 not yet calculated CVE-2016-10529
MISC
sinatra -- sinatra
 
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception. 2018-05-31 not yet calculated CVE-2018-11627
MISC
MISC
sitemakin -- site_login_and_access_control
 
An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. The parameter "my_item_search" in users.php is exploitable using SQL injection. 2018-05-29 not yet calculated CVE-2018-11535
MISC
EXPLOIT-DB
socketio -- engine.io-client
 
engine.io-client is the client for engine.io, the implementation of a transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. The vulnerability is related to the way that node.js handles the `rejectUnauthorized` setting. If the value is something that evaluates to false, certificate verification will be disabled. This is problematic as engine.io-client 1.6.8 and earlier passes in an object for settings that includes the rejectUnauthorized property, whether it has been set or not. If the value has not been explicitly changed, it will be passed in as `null`, resulting in certificate verification being turned off. 2018-05-31 not yet calculated CVE-2016-10536
MISC
MISC
MISC

spunjs -- selenium-binaries


 
selenium-binaries downloads Selenium related binaries for your OS. selenium-binaries downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-05-29 not yet calculated CVE-2016-10589
MISC
stattic -- stattic
 
stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path. 2018-05-29 not yet calculated CVE-2018-3734
MISC
strider-cd -- strider-sauce
 
strider-sauce is Sauce Labs / Selenium support for Strider. strider-sauce downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server. 2018-05-29 not yet calculated CVE-2016-10611
MISC
strongswan -- strongswan
 
In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket. 2018-05-31 not yet calculated CVE-2018-5388
CERT-VN
BID
CONFIRM
substack -- shell-quote
 
The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ">" and "<" operator used for redirection in shell. Applications that depend on shell-quote may also be vulnerable. A malicious user could perform code injection. 2018-05-31 not yet calculated CVE-2016-10541
MISC
sudo -- sudo
 
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges. 2018-05-29 not yet calculated CVE-2016-7076
REDHAT
BID
CONFIRM
CONFIRM

swangful -- chromedriver126


 
chromedriver126 is chromedriver version 1.26 for linux OS. chromedriver126 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10609
MISC
symantec -- advanced_secure_gateway_and_proxysg
 
Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles. 2018-05-29 not yet calculated CVE-2018-5241
BID
SECTRACK
CONFIRM
synology -- drive
 
Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or folders via unspecified vectors. 2018-06-01 not yet calculated CVE-2018-8922
CONFIRM
synology -- drive
 
Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. 2018-06-01 not yet calculated CVE-2018-8921
CONFIRM
taglib -- taglib
 
The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file. 2018-05-30 not yet calculated CVE-2018-11439
FULLDISC

the_sails_company -- sails


 
Sails is an MVC style framework for building realtime web applications. Version 0.12.7 and lower have an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This would allow an attacker to make AJAX requests to vulnerable hosts through cross site scripting or a malicious HTML Document, effectively bypassing the Same Origin Policy. Note that this is only an issue when `allRoutes` is set to `true` and `origin` is set to `*` or left commented out in the sails CORS config file. The problem can be compounded when the cors `credentials` setting is not provided. At that point authenticated cross domain requests are possible. 2018-05-31 not yet calculated CVE-2016-10549
MISC
MISC
MISC
the_sails_company -- waterline-sequel
 
waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's `like`, `contains`, `startsWith`, or `endsWith` will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in waterline-sequel 0.50 that will get executed and have full access to the database. 2018-05-29 not yet calculated CVE-2016-10551
MISC
MISC
tkinter -- tkinter
 
tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. 2018-05-29 not yet calculated CVE-2017-16061
MISC

tobli -- baryton-saxophone


 
baryton-saxophone is a module to install and launch Selenium Server for Mac, Linux and Windows. baryton-saxophone versions below 3.0.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-05-29 not yet calculated CVE-2016-10573
MISC

toni89 -- nw-with-arm


 
nw-with-arm is a NW Installer including ARM-Build. nw-with-arm downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10629
MISC
tp-link -- ipc_tl-ipc223(p)-6_and_tl-ipc323k-d_and_tl-ipc325(kp)-*_and_tl-ipc40a-4_devices
 
TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters. 2018-05-30 not yet calculated CVE-2018-11481
MISC
tp-link -- ipc_tl-ipc223(p)-6_and_tl-ipc323k-d_and_tl-ipc325(kp)-*_and_tl-ipc40a-4_devices
 
/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password. 2018-05-30 not yet calculated CVE-2018-11482
MISC
tschaub -- grunt-gh-pages
 
A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly available then the credentials should be considered compromised. 2018-05-31 not yet calculated CVE-2016-10526
MISC
MISC
ubuntu -- ubuntu
 
Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc/<global pid>/ does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc/<global pid>/ does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, and 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17. 2018-05-31 not yet calculated CVE-2018-6552
UBUNTU

unetworking -- uwebsockets

uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data will then inflate up to 256mb and crash the node process by exceeding V8's maximum string size. This affects uws >=0.10.0 <=0.10.8. 2018-05-31 not yet calculated CVE-2016-10544
MISC
MISC
unisys -- stealth_solution
 
In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth Solution, an encryption key may be left in memory. 2018-05-30 not yet calculated CVE-2018-7534
CONFIRM

uxebu -- webdrvr


 
webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver / IEDriver / IOSDriver / Ghostdriver. webdrvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-05-29 not yet calculated CVE-2016-10601
MISC
vadimdemedes -- secure-compare
 
secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, meaning the check passed for any two strings of the same length. 2018-05-31 not yet calculated CVE-2015-9238
MISC
MISC
vgate -- icar_2_wifi_obd2_dongle_devices
 
An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The dongle opens an unprotected wireless LAN that cannot be configured with encryption or a password. This enables anyone within the range of the WLAN to connect to the network without authentication. 2018-05-30 not yet calculated CVE-2018-11476
FULLDISC
MISC
vgate -- icar_2_wifi_obd2_dongle_devices
 
An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The OBD port is used to receive measurement data and debug information from the car. This on-board diagnostics feature can also be used to send commands to the car (different for every vendor / car product line / car). No authentication is needed, which allows attacks from the local Wi-Fi network. 2018-05-30 not yet calculated CVE-2018-11478
FULLDISC
MISC
vgate -- icar_2_wifi_obd2_dongle_devices
 
An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The data packets that are sent between the iOS or Android application and the OBD dongle are not encrypted. The combination of this vulnerability with the lack of wireless network protection exposes all transferred car data to the public. 2018-05-30 not yet calculated CVE-2018-11477
FULLDISC
MISC
videolan -- vlc_media_player
 
The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file. 2018-05-28 not yet calculated CVE-2018-11516
MISC
BID

vmolsa -- webrtc-native


 
webrtc-native uses WebRTC from chromium project. webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10600
MISC
vmware -- horizon_client_for_linux
 
VMware Horizon Client for Linux (4.x before 4.8.0 and prior) contains a local privilege escalation vulnerability due to insecure usage of SUID binary. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on a Linux machine where Horizon Client is installed. 2018-05-29 not yet calculated CVE-2018-6964
BID
SECTRACK
CONFIRM

vseryakov --- backendjs


 
bkjs-wand is imagemagick wand support for node.js and backendjs bkjs-wand versions lower than 0.3.2 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-05-31 not yet calculated CVE-2016-10571
MISC

wasdk -- wasdk


 
wasdk is a toolkit for creating WebAssembly modules. wasdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10587
MISC
websockets -- ws
 
A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but internally ws always transforms all data that we need to send to a Buffer instance and that is where the vulnerability existed. ws didn't do any checks for the type of data it was sending. With buffers in node when you allocate it when a number instead of a string it will allocate the amount of bytes. 2018-05-31 not yet calculated CVE-2016-10518
MISC
MISC
MISC
websockets -- ws
 
ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier. 2018-05-31 not yet calculated CVE-2016-10542
MISC
MISC
webtorrent -- bittorrent-dht
 
A security issue was found in bittorrent-dht before 5.1.3 that allows someone to send a specific series of messages to a listening peer and get it to reveal internal memory. 2018-05-31 not yet calculated CVE-2016-10519
MISC
MISC
wordpress -- wordpress
 
The wpForo plugin through 2018-02-05 for WordPress has SQL Injection via a search with the /forum/ wpfo parameter. 2018-05-28 not yet calculated CVE-2018-11515
MISC
MISC
wordpress -- wordpress
 
class-woo-banner-management.php in the MULTIDOTS WooCommerce Category Banner Management plugin 1.1.0 for WordPress has an Unauthenticated Settings Change Vulnerability, related to certain wp_ajax_nopriv_ usage. Anyone can change the plugin's setting by simply sending a request with a wbm_save_shop_page_banner_data action. 2018-05-30 not yet calculated CVE-2018-11579
MISC
MISC
wordpress -- wordpress
 
The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. It allows an attacker to inject malicious JavaScript code on the WooCommerce -> Orders admin page. The attack is possible by modifying the "referral_site" cookie to have an XSS payload, and placing an order. 2018-06-01 not yet calculated CVE-2018-11485
MISC
wordpress -- wordpress
 
An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings. The function woo_checkout_settings_page in the file class-woo-checkout-for-digital-goods-admin.php doesn't do any check against wp-admin/admin-post.php Cross-site request forgery (CSRF) and user capabilities. 2018-05-31 not yet calculated CVE-2018-11633
MISC
MISC
wordpress -- wordpress
 
Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for WordPress because of insufficient input sanitization, as demonstrated by the s parameter. In some (but not all) cases, the '<' and '>' characters have &lt; and &gt; representations. 2018-05-30 not yet calculated CVE-2018-11568
MISC
wordpress -- wordpress
 
An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting (XSS) vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CSS textarea field, which will be loaded on every site page. 2018-06-01 not yet calculated CVE-2018-11486
MISC
wordpress -- wordpress
 
An issue was discovered in mass-pages-posts-creator.php in the MULTIDOTS Mass Pages/Posts Creator plugin 1.2.2 for WordPress. Any logged in user can launch Mass Pages/Posts creation with custom content. There is no nonce or user capability check, so anyone can launch a DoS attack against a site and create hundreds of thousands of posts with custom content. 2018-05-30 not yet calculated CVE-2018-11580
MISC
MISC
wordpress -- wordpress
 
Blind SQL injection in coupon_code in the MemberMouse plugin 2.2.8 and prior for WordPress allows an unauthenticated attacker to dump the WordPress MySQL database via an applyCoupon action in an admin-ajax.php request. 2018-05-28 not yet calculated CVE-2018-11309
MISC
wordpress -- wordpress
 
An issue was discovered in the MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugin 1.0.8 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings via wp-admin/admin-post.php CSRF. There's no nonce or capability check in the whatsapp_share_setting_add_update() function. 2018-05-31 not yet calculated CVE-2018-11632
MISC
MISC
wuzhi_cms -- wuzhi_cms
 
WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI. 2018-05-29 not yet calculated CVE-2018-11528
MISC
wuzhi_cms -- wuzhi_cms
 
An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring. 2018-05-29 not yet calculated CVE-2018-11549
MISC

yannicked -- node-cue-sdk


 
cue-sdk-node is a Corsair Cue SDK wrapper for node.js. cue-sdk-node downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server. 2018-05-29 not yet calculated CVE-2016-10590
MISC
yiban – easy_class_education_platform
 
YIBAN Easy class education platform 2.0 has XSS via the articlelist.php k parameter. 2018-05-30 not yet calculated CVE-2018-11557
MISC
yootheme -- pagekit_cms
 
Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/poc.svg" that will point to http://localhost/pagekit/storage/poc.svg. When a user comes along to click that link, it will trigger a XSS attack. 2018-06-01 not yet calculated CVE-2018-11564
MISC
MISC
yosoro -- yosoro
 
Yosoro 1.0.4 has stored XSS. 2018-06-01 not yet calculated CVE-2018-11522
MISC
CONFIRM
EXPLOIT-DB

zazukoians -- fuseki


 
Fuseki server wrapper and management API in fuseki before 1.0.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10576
MISC

zertz -- unicode-json


 
unicode-json is a unicode lookup table. unicode-json before 2.0.0 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. 2018-06-01 not yet calculated CVE-2016-10610
MISC

zhao0 -- node-apk-parser3


 
apk-parser3 is a module to extract Android Manifest info from an APK file. apk-parser3 versions before 0.1.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10574
MISC
zimbra -- zimbra_collaboration_suite
 
Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token. 2018-05-30 not yet calculated CVE-2015-7610
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
zimbra -- zimbra_collaboration_suite
 
Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group. 2018-05-30 not yet calculated CVE-2018-10939
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
zoho -- manageengine_adaudit_plus Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection. 2018-05-29 not yet calculated CVE-2018-10466
CONFIRM

zuker -- box2d-native


 
box2d-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10617
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System https://ift.tt/2J9KKQr

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.