Why is Google selling potentially compromised Chinese security keys?

Threat Research

Threat Roundup for August 24-31

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between August 24 and August 31. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.

As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.

Read More

Tags:

from Cisco Blog » Security https://ift.tt/2PowjXE

​Troll-killing internet software Trollteq arrives

Cracking ransomware: RansomWarrior victims can now retrieve files for free

Know When to Have a Dedicated NGIPS vs. NGFW

With the ever-evolving threat of cyber-attacks, a network security solution requires unparalleled visibility and intelligence covering known and unknown threats for comprehensive protection.  And with so many organizational responsibilities with different agendas, you need one consistent security enforcement mechanism across all the different facets of your organization.  As these operational demands increase, there is a renewed focus on dedicated NGIPS to provide a deeper level of security and visibility for the enterprise.

The distinction between use case scenarios for standalone NGIPS vs. NGFW deployments can often be tricky to navigate. Although firewall deployments are better suited for some organizational requirements, there will continue to be a need for standalone NGIPS appliances in the enterprise.  Generally, the scenarios that require a standalone NGIPS appliance are as follows:

• The firewall is deployed with only firewall features enabled and does not have next gen IPS capabilities integrated.
• IPS usage on the NGFW causes significant throughput degradation.
• Deployment scenarios where blocking quality and performance are mandatory, exceeding the firewall capabilities
• Segregation of NetOps and SecOps responsibilities on the network
• Deployment mode requirements such as passive, inline without blocking or inline with blocking

The demand for dedicated NGIPS is driven by the industry requirements:

High Performance.  Often when businesses enable security applications on their NGFW such as NGIPS, they experience throughput degradation/increased latency.  In order to accommodate networks with high throughput requirements while maintaining a solid security profile, separating the NGFW and NGIPS functions optimizes throughput and security for the enterprise.

Resiliency.  NGIPS provides hardware-based fail-open/fail-closed or fail-to-wire capabilities ensuring increased network uptime.  This gives Security Operations the ability to have effective redundancy, reduces downtime risk and adds network resilience.

Security operations empowerment.  Enterprise organizations often require a separation of responsibilities when it comes to NGFW and NGIPS as NetOps and SecOps missions are different.  Network operations focus primarily on the network performance.  Security operations manage risk and implement rapid containment and response.  This can lead to conflict in the enterprise if these duties are managed in a single appliance.  The segregation of duties enables agility for policy change with no impact to the network.  By streamlining the security functions, the appropriate teams are able to add or modify security policies to the network without downtime including firewalls, malware protection and other preventative measures.

Interested in exploring even more ways a dedicated NGIPS can improve network security for your enterprise?

Read our newsletter, with content from Gartner, on The Evolution of Next Generation IPS.

For additonal information, please check out the Cisco Firepower NGIPS website.

from Cisco Blog » Security https://ift.tt/2Pow8eN

Former Qualys exec charged with insider trading after protecting brothers from financial loss

Bitfi finally gives up claim cryptocurrency wallet is unhackable

Hacker Who Leaked Celebrities' Naked Photos Gets 8 Months in Prison

George Garofano (left)

The fourth celebrity hacker—who was charged earlier this year with hacking into over 250 Apple iCloud accounts belonged to

Jennifer Lawrence

and other Hollywood celebrities—has been sentenced to eight months in prison.

Earlier this year, George Garofano, 26, of North Branford, admitted to illegally obtaining credentials of his victims'

iCloud accounts using a phishing

scheme, carried out from April 2013 to October 2014, in which he posed as a member of Apple's security team and tricked victims into revealing their iCloud credentials.

Using stolen credentials, Garofano then managed to steal victims' personal information, including their sensitive and intimate photographs and videos, from their iCloud accounts, and then leaked them on online forums, like 4Chan.

Among the victims were Jennifer Lawrence,

Kim Kardashian

, Kirsten Dunst, Kate Upton, American Olympic gold medallist Misty May Treanor and actors Alexandra Chando, Kelli Garner and Lauren O’Neil.

While prosecutors asked for a sentence of at least 10 to 16 months in prison, Garofano's lawyer requested the judge to give his client a lighter sentence of five months in prison and another five months of home confinement.

However, a federal judge at the US district court in Bridgeport on Wednesday

sentenced

Garofano to 8 months in prison and 3 years of supervised release after his prison term is over.

Garofano is one of the four hackers who stole and leaked celebrities' nude photographs in the 2014 event, which is well known as "

The Fappening

" or "

Celebgate

" scandal.

The other three Celebgate hackers had already been sentenced for their roles in the celebrity photo hack:

• Edward Majerczyk, 28, was sentenced to nine months in prison after pleading guilty to felony hacking and violating Computer Fraud and Abuse Act.
• Ryan Collins, 36, was sentenced to 18 months in prison after pleading guilty to the same.
• Emilio Herrera, 32, pled guilty to the same but is still awaiting his sentencing.

While the US Attorney says there's no evidence that Majerczyk, Collins, or Herrera shared or posted the stolen photos online, prosecutors allege that Garofano, in some instances, also traded the stolen iCloud credentials and the victims' intimate images with other people.

Garofano, who is released on a $50,000 bond, will surrender on October 10, 2018, to serve his prison sentence.

The judge has also ordered Garofano to perform 60 hours of community service while he is on supervised release.

from The Hacker News https://ift.tt/2wyFAo2

One in five employees share their email password with co-workers

Google 'Titan Security Key' Is Now On Sale For $50

Google just made its Titan Security Key available on its store for $50.

First announced last month at Google Cloud Next '18 convention,

Titan Security Key

is a tiny USB device—similar to Yubico's YubiKey—that offers hardware-based two-factor authentication (2FA) for online accounts with the highest level of protection against phishing attacks.

Google's Titan Security Key is now widely available in the United States, with a full kit available for $50, which includes:

• USB security key,
• Bluetooth security key,
• USB-C to USB-A adapter,
• USB-C to USB-A connecting cable.

What Is Google Titan Security Key?

Titan Security Keys is based on the FIDO (Fast IDentity Online) Alliance, U2F (universal 2nd factor) protocol and includes a secure element and a firmware developed by Google that verifies the integrity of security keys at the hardware level.

It adds an extra layer of authentication to an account on top of your password, and users can quickly log into their accounts securely just by inserting the USB security key and pressing a button.

Titan Security Key is compatible with browsers including Google's Chrome and a number of popular online services like Gmail, Facebook, Twitter, and Dropbox.

"Titan Security Keys are also compatible with the

Advanced Protection Program

, Google's strongest security for users at high risk," Google Said.

"And Google Cloud admins can enable

security key enforcement

in G Suite, Cloud Identity, and Google Cloud Platform to ensure that users use security keys for their accounts."

How Does Titan Security Key Secure Online Accounts?

According to Google, the FIDO-compatible hardware-based security keys are thought to be more safe and efficient at preventing phishing, man-in-the-middle (MITM) and other types of account-takeover attacks than other

2FA methods requiring SMS

, for example.

This is because even if an attacker manages to compromise your online account credentials, log into your account is impossible without the physical key.

Last month, Google said it started requiring its 85,000 employees to use Titan Security Keys internally for months last year, and the company said since then none of them had fallen victim to any phishing attack.

Google had already made the Titan Security Key available to its Cloud Security customers since July when the company first publicly announced the project.

How to Use Google Titan Security Keys?

To enable Titan Security Keys in your Google account, you need to first buy it from the

Google Store

.

• Sign in to your Google account and navigate to the 2-Step Verification page.
• Select "Add Security Key" and click Next.
• Now, insert your Titan Security Key and tap the gold disc.
• You'll be asked if Google can see the make and model of your security key. You can select Allow or Block. Allowing the company would make it able to help you in the future if it finds any issue with the type of key you use.
• Follow the instructions displayed on the screen to finish adding the Titan Security Key to your account.
• To help you sign in if your key is lost, add recovery info and backups.

Once you are done, next time when you sign in to your Google Account, your computer will detect that your account has a security key. Just connect your key to the USB port in your computer, and tap it, and you are good to go.

It should be noted that you will be asked for your security key or another second step any time you sign in from a new computer or device.

For any queries regarding the sign-up process, you can head on to the company's

support page

.

For now, Titan Security Key is only available to U.S. users, though the company says it will make the keys available in additional regions soon.

from The Hacker News https://ift.tt/2MI9RLY

USN-3758-2: libx11 vulnerabilities

libx11 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 ESM

Summary

Several security issues were fixed in libx11.

Software Description

• libx11 - X11 client-side library

Details

USN-3758-1 fixed several vulnerabilities in libx11. This update provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

Tobias Stoeckmann discovered that libx11 incorrectly handled certain images. An attacker could possibly use this issue to access sensitive information (CVE-2016-7942)

Tobias Stoeckmann discovered that libx11 incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. (CVE-2016-7943)

It was discovered that libx11 incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-14598, CVE-2018-14599, CVE-2018-14600)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 ESM

libx11-6 - 2:1.4.99.1-0ubuntu2.4

libx11-dev - 2:1.4.99.1-0ubuntu2.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References

• USN-3758-1
• CVE-2016-7942
• CVE-2016-7943
• CVE-2018-14598
• CVE-2018-14599
• CVE-2018-14600

from Ubuntu Security Notices https://ift.tt/2Nx3OGt

USN-3758-1: libx11 vulnerabilities

libx11 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 14.04 LTS

Summary

Several security issues were fixed in libx11.

Software Description

• libx11 - X11 client-side library

Details

Tobias Stoeckmann discovered that libx11 incorrectly handled certain images. An attacker could possibly use this issue to access sensitive information (CVE-2016-7942)

Tobias Stoeckmann discovered that libx11 incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. (CVE-2016-7943)

It was discovered that libx11 incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-14598, CVE-2018-14599, CVE-2018-14600)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS

libx11-6 - 2:1.6.4-3ubuntu0.1

libx11-dev - 2:1.6.4-3ubuntu0.1

Ubuntu 16.04 LTS

libx11-6 - 2:1.6.3-1ubuntu2.1

libx11-dev - 2:1.6.3-1ubuntu2.1

Ubuntu 14.04 LTS

libx11-6 - 2:1.6.2-1ubuntu2.1

libx11-dev - 2:1.6.2-1ubuntu2.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References

• CVE-2016-7942
• CVE-2016-7943
• CVE-2018-14598
• CVE-2018-14599
• CVE-2018-14600

from Ubuntu Security Notices https://ift.tt/2CaPmTE

Threat Research

Rocke: The Champion of Monero Miners

This post was authored by David Liebenberg.

Summary

Cryptocurrency miners are becoming an increasingly significant part of the threat landscape. These malicious miners steal CPU cycles from compromised devices to mine cryptocurrencies and bring in income for the threat actor.

In this post, we look at the activity of one particular threat actor: Rocke. We will examine several of Rocke’s campaigns, malware, and infrastructure while uncovering more information about the actor. After months of research, we believe that Rocke is an actor that must be followed, as they continue to add new features to their malware and are actively exploring new attack vectors.

Introduction

Talos has written widely about the issue of cryptomining malware and how organizations should protect systems against this threat. We continue to actively research developments in this threat through research that includes monitoring criminal forums and deploying honeypot systems to attract these threats. It is through these intelligence sources that the Chinese-speaking actor which we refer to as “Rocke” came to our attention.

Rocke actively engages in distributing and executing cyrptomining malware using a varied toolkit that includes Git repositories, HttpFileServers (HFS), and a myriad of different payloads, including shell scripts, JavaScript backdoors, as well as ELF and PE miners.

Read More here

Tags:

from Cisco Blog » Security https://ift.tt/2oormmd

Notorious cyber crime gang behind global bank hacking spree returns with new attacks

Misfortune Cookie vulnerability returns to impact medical devices

Android 'API breaking' vulnerability leaks device data, allows user tracking

Air Canada reveals mobile data breach, passport numbers potentially exposed

Air Canada Suffers Data Breach — 20,000 Mobile App Users Affected

Air Canada has

confirmed

a data breach that may have affected about 20,000 customers of its 1.7 million mobile app users.

The company said it had "detected unusual log-in behavior" on its mobile app between August 22 and 24, during which the personal information for some of its customers "may potentially have been improperly accessed."

The exposed information contains basic information such as customers' names, email addresses, phone numbers, and other information they have added to their profiles.

However, what's worrisome?

Hackers could have also accessed additional data including customer's passport number, passport expiration date, passport country of issuance and country of residence, Aeroplan number, known traveler number, NEXUS number, gender, date of birth, and nationality, if users had this information saved in their profile on the Air Canada mobile app.

The airline assured its customers that credit card information saved to their profile was "encrypted and stored in compliance with security standards set by the payment card industry or PCI standards," and therefore, are protected.

However, Air Canada still recommended affected customers to always monitor their credit card transactions and contact their financial services provider immediately if they found any unusual or unauthorized activity.

The company estimates about 1% of its 1.7 million people—or about 20,000 users in total—who use its mobile app may have been affected by the security breach.

Although currently, it is not clear how the data breach occurred, if it was a direct breach of Air Canada's systems, or if it was due to the reuse of passwords from other sites, the airline encourages users to reset their passwords using improved password guidelines, which says passwords should be at least 10 characters long and contain one symbol.

However, as a precaution, the airline has locked down all 1.7 million accounts until all of its customers—even those whose information was not exposed in the breach—change their passwords.

Air Canada has contacted potentially affected customers directly by email starting August 29 to tell them if their account has potentially been accessed by hackers improperly.

from The Hacker News https://ift.tt/2LGdVqR

Chinese police investigating major security breach of hotel group

Australian security trio aim for unbreakable encrypted data environment

New Report Shows Correlating Network and Endpoint Data is Highly Manual

We recently commissioned Forrester research to survey IT security professionals to find out what their desired end state was when it came to correlating security intelligence from network and endpoint. Bringing together these two disparate threat vectors allows organizations to:

• Increase in detection and prevention capabilities
• Reduction in manpower and resources needed for containment (and therefore costs)
• Exponential decrease in remediation

In short, these are perceived benefits as they are not really happening today. Surprisingly, most organizations reported high confidence in their current threat detection and remediation systems.

But do they really have the problem covered?

Turns out – No. Perception and reality differ in this case. While many respondents claim to have integrated systems but in practice, being able to make decisions about endpoint and network security requires considerable time and effort from teams, if the data can be used at all. This shouldn’t really come as much of a shock at all since we asked what security technologies they had implemented and what they were planning to implement. While there is no clear standout winner for what is going to be implemented, what is clear is of the 21 solutions that we inquired about, respondents are spreading their capital expenses all over the place. This is why most organizations are doing the work manually.

Too many tools, little integration, no automation

With so many different security solutions in place, it’s no wonder there is so much time spent doing manual analysis and investigation into security incidents. Earlier this summer I spoke with a lot of security professionals at the Gartner Security Summit and at Cisco Live who talked about how siloed their products were. The data produced by one tool couldn’t even be consumed by another, and the information they could correlated took forever. One conversation in particular that stands out was an incident responder from a large power company who talked about how they had taken more than 6 months to investigate a single incident because they couldn’t track back the path of infection, and identify how it was propagating through their network. This is not an uncommon story that we hear. Over the last decade so many tools have been deployed that it is now making the job harder, not easier. If only they could have a security architecture where the tools talked to each other, and correlated data automatically.

Automating data analysis for improved detection is a reality

The term “architecture” has been used so much it quite possibly is one of the few terms that requires more definition than “cloud”.  Simply put, we view an architecture as something that works together. Not a bunch of API’s that get cobbled together to push data somewhere (and eventually the API gets changed and that’s all broken…), and then the manual analysis happens, but a set of technologies, and specifically security tools, that all work together – automatically – to reduce the manual effort. This means having your endpoint detection and response solution (EDR) correlating files seen by your firewall or intrusion detection system with those analyzed your sandbox, and connect it with telemetry from the web proxy to identify associated traffic as well as command & control (CNC) infrastructure, and additional tools attackers are using – and all without you having to do anything.

While it may sound absurd, we call it Advanced Malware Protection, or AMP Everywhere. When you put the same eyes everywhere, you see everything. More visibility means a better ability to prevent advanced attacks.

For a good technical overview of how AMP works, check out this chalk talk.

And if you want to see it in action, check out this video that shows network, email, endpoint, and sandboxing technologies all working together, seamlessly, and automatically.

Join the webinar on September 12, 2018 at 1 PM ET / 10 AM PT to hear directly from Forrester research analyst Chris Sherman as we discuss key issues to integrating and automating threat data for faster detection and better protection.

 

 

from Cisco Blog » Security https://ift.tt/2orIeZn

Simple but extremely effective: Inside the world's most prolific mobile banking malware

USN-3757-1: poppler vulnerability

poppler vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 14.04 LTS

Summary

poppler could be made to crash if it received specially crafted PDF file.

Software Description

• poppler - PDF rendering library

Details

Hosein Askari discovered that poppler incorrectly handled certain PDF files. An attacker could possible use this issue to cause a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS

libpoppler73 - 0.62.0-2ubuntu2.2

poppler-utils - 0.62.0-2ubuntu2.2

Ubuntu 16.04 LTS

libpoppler58 - 0.41.0-0ubuntu1.8

poppler-utils - 0.41.0-0ubuntu1.8

Ubuntu 14.04 LTS

libpoppler44 - 0.24.5-2ubuntu4.12

poppler-utils - 0.24.5-2ubuntu4.12

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• CVE-2018-13988

from Ubuntu Security Notices https://ift.tt/2NuzVXx

IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects WebSphere Application Server July 2018 CPU

There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in July 2018. These may affect some configurations of IBM WebSphere Application Server Traditional, IBM WebSphere Application Server Liberty and IBM WebSphere Application Server Hypervisor Edition.

CVE(s): CVE-2018-1656 , CVE-2018-12539

Affected product(s) and affected version(s):

IBM SDK, Java Technology Editions shipped with WebSphere Application Server Liberty through 18.0.0.12. IBM SDK, Java Technology Editions shipped with IBM WebSphere Application Server Traditional Version 9.0.0.0 through 9.0.0.8, 8.5.0.0 through 8.5.5.14, Version 8.0.0.0 through 8.0.0.15, Version 7.0.0.0 through 7.0.0.45.

• This does not occur on IBM SDK, Java Technology Editions that are shipped with WebSphere Application Server Fix Packs 18.0.0.3, 9.0.0.9, 8.5.5.15 or later.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10729349
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/144882
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148389

The post IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects WebSphere Application Server July 2018 CPU appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2LE9gpz

IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by glibc vulnerabilities (CVE-2018-6485)

IBM Security Proventia Network Active Bypass has addressed the following vulnerabilities. (CVE-2018-6485)

CVE(s): CVE-2018-6485

Affected product(s) and affected version(s):

IBM Security 1G Network Active Bypass firmware version 1.x through 3.x firmware levels 1.0.849 through 3.30.10-37
IBM Security 10G Network Active Bypass firmware versions 1.x through 3.x firmware levels 1.0.1876 through 3.30.10-37

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10729421
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/138627

The post IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by glibc vulnerabilities (CVE-2018-6485) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2omeHQI

IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by glibc vulnerabilities (CVE-2018-1000001, CVE-2017-16997, CVE-2017-1000408, CVE-2017-1000409, CVE-2017-17426)

IBM Security Proventia Network Active Bypass has addressed the following vulnerabilities. (CVE-2018-1000001, CVE-2017-16997, CVE-2017-1000408, CVE-2017-1000409, CVE-2017-17426)

CVE(s): CVE-2017-17426, CVE-2017-1000409, CVE-2017-1000408, CVE-2017-16997, CVE-2018-1000001

Affected product(s) and affected version(s):

IBM Security 1G Network Active Bypass firmware version 1.x through 3.x firmware levels 1.0.849 through 3.30.10-37
IBM Security 10G Network Active Bypass firmware versions 1.x through 3.x firmware levels 1.0.1876 through 3.30.10-37

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10729419
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/135985
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136319
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136318
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136491
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137516

The post IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by glibc vulnerabilities (CVE-2018-1000001, CVE-2017-16997, CVE-2017-1000408, CVE-2017-1000409, CVE-2017-17426) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2wy51pE

IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2017-3738, CVE-2017-3737)

IBM Security Proventia Network Active Bypass has addressed the following vulnerabilities. (CVE-2017-3738, CVE-2017-3737)

CVE(s): CVE-2017-3738, CVE-2017-3737

Affected product(s) and affected version(s):

IBM Security 1G Network Active Bypass firmware version 1.x through 3.x firmware levels 1.0.849 through 3.30.10-37
IBM Security 10G Network Active Bypass firmware versions 1.x through 3.x firmware levels 1.0.1876 through 3.30.10-37

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10729415
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136078
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136077

The post IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2017-3738, CVE-2017-3737) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2N2dThy

IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by glibc vulnerabilities (CVE-2011-5320, CVE-2017-15670, CVE-2017-15671, CVE-2017-15804)

IBM Security Proventia Network Active Bypass has addressed the following vulnerabilities. (CVE-2011-5320, CVE-2017-15670, CVE-2017-15671, CVE-2017-15804)

CVE(s): CVE-2017-15804, CVE-2017-15671, CVE-2017-15670, CVE-2011-5320

Affected product(s) and affected version(s):

IBM Security 1G Network Active Bypass firmware version 1.x through 3.x firmware levels 1.0.849 through 3.30.10-37
IBM Security 10G Network Active Bypass firmware versions 1.x through 3.x firmware levels 1.0.1876 through 3.30.10-37

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10729413
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133996
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133909
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133915
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133667

The post IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by glibc vulnerabilities (CVE-2011-5320, CVE-2017-15670, CVE-2017-15671, CVE-2017-15804) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2LE93mh

Telegram starts to play nice with security agencies over user data, but not in Russia

Defense Distributed now sells 3D gun blueprints online, 'pay what you want'

Meet the malware which hijacks your browser and redirects you to fake pages

Instagram Adds 3 New Security Tools to Make its Platform More Secure

Instagram is growing quickly—and with the second most popular social media network in the world (behind just Facebook), the photo-sharing network absolutely dominates when it comes to user interactions.

And with great success comes great responsibility—responsibility to keep users' accounts safe, responsibility to fight fake accounts and news, and responsibility of being transparent.

You might know that the Facebook-owned photo-sharing network has recently been a victim of a

widespread hacking campaign

that has affected thousands of Instagram users, leaving them locked out of their accounts.

In the wake of the security mishappening, Instagram has announced a trio of security updates intended to discourage trolls, stop misinformation, and make the platform a little safer for its one billion users.

In an official

blog post

, titled "New Tools to Keep Instagram Safe," published by Instagram Co-Founder & CTO Mike Krieger on August 28, the company announced three features—support for Third-Party Two Factor Authenticator Apps, About This Account, and Request Verification.

Support for Third-Party Two-Factor Authentication Apps

To increase safety and secure logins to the app, Instagram adds support for third-party two-factor authentication (2FA) apps like Duo Mobile and Google Authenticator instead of traditional text-based 2FA.

Until now, Instagram relies on text-based two-factor authentication which is

believed to be less secure

because it is possible for attackers to hijack your phone number and therefore, SMSes, eventually allowing them to gain access to your accounts secured using text-based 2FA.

Users are strongly recommended to enable two-factor authentication on their apps to protect their account from hackers since the feature adds an extra step of entering a random passcode sent to an approved device when you log in to your account.

To enable this feature, head on to "Settings," scroll down to select "Two-Factor Authentication," and then select "

Authentication App

" as your preferred form of authentication.

"If you already have an authentication app installed, we will automatically find the app and send a login code to it. Go to the app, retrieve the code and enter it on Instagram, and two-factor authentication will turn on automatically," the company says.

"If you don't have one installed yet, we will send you to the App Store or Google Play Store to download the authenticator app of your choice. Once you've installed it, return to Instagram to continue setting up your two-factor authentication."

Support for different third-party authenticator apps has started to roll out and will be widely available in the "coming weeks."

Instagram "About This Account" Feature

This feature will allow Instagram users to see details for users with large followers, including when they joined the platform, where they are located, the ads they are running, any username changes in the last year, and their social connections, in order to determine the authenticity of a given account.

"Our community has told us that it's important to them to have a deeper understanding of accounts that reach many people on Instagram, particularly when those accounts are sharing information related to current events, political or social causes," Instagram writes.

The "About This Account" is available through the menu button, and starting from September, the feature will only be available to users with larger followers, while Instagram will release it globally later on.

Apply to Get Your Instagram Account Verified

Besides "About This Account," Instagram has also rolled out a feature that allows users to request the blue verified badge in its efforts towards transparency for large public accounts, helping users to know they interacting with a notable public figure, celebrity, global brand or entity.

To get verified, your Instagram account must comply with its

Terms of Service

and

Community Guidelines

. If your account meets the criteria, you can apply for verification directly through the app.

However, "Submitting a request for verification does not guarantee that your account will be verified," Instagram writes.

To apply for verification, head on to "Settings," select "

Request Verification

" under the Account section, then type your full name, attach a copy of a legal business identification or a government-issued photo ID that shows your full name and date of birth, and hit "Send."

The request will then be reviewed by Instagram to confirm the authenticity, uniqueness, completeness, and notability of the account, after which you will receive a notification confirming or declining the request.

For more information about the process and eligibility for account verification, you can visit the

Instagram Help Center

.

from The Hacker News https://ift.tt/2wlKZzo

Australian government moves to improve My Health Record privacy

Cisco Releases Security Update

FTC Promotes Resources to Prevent Cyberbullying

Original release date: August 28, 2018

The Federal Trade Commission (FTC) has released an announcement on the importance of addressing cyberbullying. As children return to school, FTC encourages parents and educators to monitor kids' online activity and engage in conversations about preventing cyberbullying.

NCCIC encourages users to review FTC’s article and the following resources for more information:

• Stand Up to Cyberbullying video
• StopBullying.gov website
• Dealing with Cyberbullies tip
• Keeping Children Safe Online tip

---

This product is provided subject to this Notification and this Privacy & Use policy.

from US-CERT National Cyber Alert System https://ift.tt/2wkC0yM

Instagram expands 2FA, account verifications in push to bolster security

Cisco Data Center Network Manager Path Traversal Vulnerability

Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.

When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution.

In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

Customers Without Service Contracts

Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC:
https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.

Fixed Releases

This vulnerability was first resolved in Cisco DCNM software version 11.0(1).

The software is available for download from the Software Center on Cisco.com by navigating to Products > Cloud and Systems Management > Data Center Infrastructure Management > Cisco Prime Data Center Network Manager or via direct link.

from Cisco Security Advisory https://ift.tt/2wkj7vS

USN-3752-3: Linux kernel (Azure, GCP, OEM) vulnerabilities

linux-azure, linux-oem, linux-gcp vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

Summary

Several security issues were fixed in the Linux kernel.

Software Description

• linux-azure - Linux kernel for Microsoft Azure Cloud systems
• linux-oem - Linux kernel for OEM processors
• linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems

Details

It was discovered that, when attempting to handle an out-of-memory situation, a null pointer dereference could be triggered in the Linux kernel in some circumstances. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1000200)

Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10323)

Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate xattr information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10840)

Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep meta-data information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10881)

Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service (system crash) when mounted. (CVE-2018-1093)

Jann Horn discovered that the Linux kernel’s implementation of random seed data reported that it was in a ready state before it had gathered sufficient entropy. An attacker could use this to expose sensitive information. (CVE-2018-1108)

It was discovered that the procfs filesystem did not properly handle processes mapping some memory elements onto files. A local attacker could use this to block utilities that examine the procfs filesystem to report operating system state, such as ps(1). (CVE-2018-1120)

Jann Horn discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep xattr information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-11412)

Piotr Gabriel Kosinski and Daniel Shapira discovered a stack-based buffer overflow in the CDROM driver implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-11506)

Shankara Pailoor discovered that a race condition existed in the socket handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-12232)

Shankara Pailoor discovered that the JFS filesystem implementation in the Linux kernel contained a buffer overflow when handling extended attributes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-12233)

Felix Wilhelm discovered that the KVM implementation in the Linux kernel did not properly perform permission checks in some situations when nested virtualization is used. An attacker in a guest VM could possibly use this to escape into an outer VM or the host OS. (CVE-2018-12904)

Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly handle an error condition with a corrupted xfs image. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13094)

It was discovered that the Linux kernel did not properly handle setgid file creation when performed by a non-member of the group. A local attacker could use this to gain elevated privileges. (CVE-2018-13405)

Silvio Cesare discovered that the generic VESA frame buffer driver in the Linux kernel contained an integer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-13406)

Jakub Jirasek discovered that multiple use-after-free errors existed in the USB/IP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5814)

It was discovered that a race condition existed in the ARM Advanced Microcontroller Bus Architecture (AMBA) driver in the Linux kernel that could result in a double free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-9415)

It was discovered that an information leak existed in the generic SCSI driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-1000204)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS

linux-image-4.15.0-1017-oem - 4.15.0-1017.20

linux-image-4.15.0-1022-azure - 4.15.0-1022.23

linux-image-azure - 4.15.0.1022.22

linux-image-azure-edge - 4.15.0.1022.22

linux-image-oem - 4.15.0.1017.19

Ubuntu 16.04 LTS

linux-image-4.15.0-1018-gcp - 4.15.0-1018.19~16.04.2

linux-image-4.15.0-1022-azure - 4.15.0-1022.22~16.04.1

linux-image-azure - 4.15.0.1022.28

linux-image-gcp - 4.15.0.1018.32

linux-image-gke - 4.15.0.1018.32

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References

• USN-3752-1
• CVE-2018-1000200
• CVE-2018-1000204
• CVE-2018-10323
• CVE-2018-10840
• CVE-2018-10881
• CVE-2018-1093
• CVE-2018-1108
• CVE-2018-1120
• CVE-2018-11412
• CVE-2018-11506
• CVE-2018-12232
• CVE-2018-12233
• CVE-2018-12904
• CVE-2018-13094
• CVE-2018-13405
• CVE-2018-13406
• CVE-2018-5814
• CVE-2018-9415

from Ubuntu Security Notices https://ift.tt/2MzeCaE

Microsoft adds support for Google Gmail IDs to Azure Active Directory

Adobe Releases Security Update for Creative Cloud

Original release date: August 28, 2018

Adobe has released a security update to address a vulnerability in Adobe Creative Cloud Desktop Application. An attacker could exploit this vulnerability to cause a denial-of-service condition.

NCCIC encourages users and administrators to review Adobe Security Bulletin APSB18-32 and apply the necessary update.

---

This product is provided subject to this Notification and this Privacy & Use policy.

from US-CERT National Cyber Alert System https://ift.tt/2LB7Sns

Free, easy to use, and available to anyone: The powerful malware hiding in plain sight on the open web

Cognitive Intelligence: Empowering Security Analysts, Defeating Polymorphic Malware

In psychology, the term “cognition” refers to a human function that is involved in gaining knowledge and intelligence. It helps describe how people process information and how the treatment of this information may lead to various decisions and actions. Individuals use cognition every day. Examples as simple as the formation of concepts, reasoning through logic, making judgments, problem-solving, and achieving goals all fall under the purview of this term.

In cybersecurity, applying the principles of cognition helps us turn individual observed threat events into actionable alerts full of rich investigative detail. This process improves over time through continuous learning. The goal is to boost discovery of novel or morphing threats and streamlining of the cybersecurity incident response. The work of the security operations teams can be vastly optimized by delivering prioritized actionable alerts with rich investigative context.

In a previous Cisco Security blog post, we discussed how Cisco applies machine learning in Advanced Threat Solutions. In this entry, let’s review how it contributes to threat hunting and incident response processes.

Enhancing Incident Response

Let’s take a moment to think of the tasks that a security team performs on a day-to-day basis:

• Looking through ever-increasing numbers of suspicious events coming from a myriad of security tools.
• Conducting initial assessments to determine whether each particular anomaly requires more investigation time or should be ignored.
• Triaging and assigning priorities.

All of these actions are based on the processes, technology, and knowledge of any particular security team. This initial decision-making process by itself is crucial. If a mistake is made, a valid security event could be ignored. Or, too much time could be spent to investigate what ends up being a false positive. These challenges, coupled with the limited resources that organizations typically have, as well as complexities associated with attack attribution, may be daunting.

That’s why security teams should embrace automation. At Cisco, we’re committed to helping organizations step up their game through the use of our Cognitive Intelligence. This technology allows correlating telemetry from various sources (Cisco and 3^rdparty web proxy logs, Netflow telemetry, SHA256 hash values and file behaviors from AMP and Threat Grid) to produce accurate context-rich threat knowledge specific to a particular organization. This data, combined with the Global Risk Map of domains on the Internet, allows organizations to confidently identify variants of memory-resident malware, polymorphic malware with diversified binaries, and in general any innovative malware, that attempts to avoid detection by an in-line blocking engine.

As a result of automation like this, less time needs to be spent on detailed threat investigations to confirm the presence of a breach, identify the scope and begin triage. And that will in turn dramatically help mitigate the shortage of skilled security personnel by increasing the effectiveness of each analyst.

Example of a Confirmed Threat Campaign

In a sense, Cognitive Intelligence algorithms mimic the threat hunting process for observed suspicious events. It identifies combinations of features that are indicative of malware activity, in a similar fashion that an incident responder would do, starting with relatively strong indicators from one dataset and pivoting through the other datasets at its disposal. The pivot point may lead to more evidence, such as behavioral anomalies that help reinforce the infection hypothesis. Alternatively, the breach presumption may fade away and can either be terminated very quickly or re-started when new data becomes available. These algorithms are similar to incident response playbooks used by Cisco CSIRT and other incident response teams, but operate on a much larger scale.

What’s New in 2018: Probabilistic Threat Propagation

One of the example algorithms that we call Probabilistic Threat Propagation (PTP) is designed to scale up the number of retrospectively convicted malware samples (threat actor weapon), as well as the number of malicious domains (threat actor infrastructure) across the Cisco AMP, Threat Grid, and Cognitive knowledge bases.

Probabilistic Threat Propagation in a Nutshell

PTP algorithm monitors network communications from individual hashes to hosts on the Internet and constructs a graph based on the observed connections. The goal is to accurately identify polymorphic malware families and yet unknown malicious domains, based on the partial knowledge of some of the already convicted hashes and domains. The key here is that malware authors often reuse the same command-and-control (C2) infrastructure. Hence the C2 domains often remain the same across polymorphic malware variants. At the same time, these domains are usually not accessed for benign purposes.

For example, if an unknown file connects to a confirmed malicious domain, there’s a certain probability that this sample is malicious. Likewise, if a malicious file establishes a connection to an unknown domain, there’s a probability for this domain to be harmful. To confirm such assumptions, Cisco leverages statistical data surrounding the domain to determine how frequently it’s accessed, by which files and so on.

Graph built by Probabilistic Threat Propagation Algorithm

The capability that we have introduced helps security analysts track and detect new versions of malware, including polymorphic and memory-resident malware, given the fact that C2 infrastructure remains intact. Similarly, this method is capable of tracking migrations of attacker’s C2 infrastructure, given the knowledge of malicious binaries which belong to the same malicious family. Cognitive Intelligence helps leverage specific telemetry from a stack of security products (file hashes from AMP, file behaviours from Threat Grid, anomalous traffic statistics and threat campaigns from Cognitive). That allows Cisco to model threat actor behaviors across both the endpoint and the network to be able to better protect its customers.

Probabilistic Threat Propagation algorithm also provides additional sensitivity to file-less malware (that doesn’t have file footprint on the disk of the system) and process injections. Such infections can be detected when a legitimate process or a business application starts communicating with domains associated with C2 infrastructure, that other malicious binaries predominantly contacted.

The beauty of this capability is that it runs offline in the Cisco cloud infrastructure, and therefore does not require any additional computational resources from customers’ endpoints or infrastructure. It simply works to provide better protection and the increased count of retrospective detections for novel variants of known malware.

Measuring Results

This blog entry wouldn’t be complete if we didn’t speak about the initial results, that just this single algorithm delivers. From a single malicious binary, Probabilistic Threat Propagation algorithm is able to identify tens if not hundreds of additional binaries that are a part of the same threat family and that also get convicted as a part of this analysis. Similarly, with this new mechanism of tackling polymorphism, we will generally be able to identify tens of additional infected hosts affected by a polymorphic variant of a particular threat. That is especially rewarding when it comes to measuring the positive impact on Cisco customers.

Scaling threat detection efficacy with Probabilistic Threat Propagation

Cisco AMP for Endpoints and other AMP-enabled integrations (AMP for Email Security, AMP for WSA, AMP for Networks, AMP for Umbrella) leverage AMP cloud intelligence to provide improved threat detection capabilities boosted by the PTP algorithm.

Conclusions

Cognitive Intelligence marries threat information from multiple knowledge bases to boost the efficacy of Cisco Security products. Finding novel variants of known malware (or totally unknown malware) is a difficult job to do. But it’s the job that Cisco’s research team loves and is very passionate about. Algorithms, such as probabilistic threat propagation, represent just a small fraction of the work that is being done to help defenders advance in what they do. Cisco continuously designs new algorithms to improve threat detection efficacy and to provide complete, accurate and actionable intelligence to empower customers in their day-to-day battle against the most sophisticated adversaries. With several other algorithms coming on board in the near future, check back for updates in one of my next blog posts!

 

from Cisco Blog » Security https://ift.tt/2wwAMPY

IBM Security Bulletin: Multiple Security Vulnerabilities in Jetty Affect IBM Sterling B2B Integrator

There are multiple security vulnerabilities in Jetty that affect IBM Sterling B2B Integrator

CVE(s): CVE-2017-7658, CVE-2018-12536, CVE-2017-7656, CVE-2017-7657, CVE-2018-12538

Affected product(s) and affected version(s):

IBM Sterling B2B Integrator 5.2.0.1 – 5.2.6.3

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10728823
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145522
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145523
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145520
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145521
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145321

The post IBM Security Bulletin: Multiple Security Vulnerabilities in Jetty Affect IBM Sterling B2B Integrator appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2Lx4KsF

IBM Security Bulletin: Security Vulnerability in TIBCO Jasper Reports Affects IBM Sterling B2B Integrator (CVE-2018-5429)

Security vulnerability in TIBCO Jasper Reports Affects IBM Sterling B2B Integrator

CVE(s): CVE-2018-5429

Affected product(s) and affected version(s):

IBM Sterling B2B Integrator 5.2.0.1 – 5.2..6.3

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10728825
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/142094

The post IBM Security Bulletin: Security Vulnerability in TIBCO Jasper Reports Affects IBM Sterling B2B Integrator (CVE-2018-5429) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2LxjDvc

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2018-2579, CVE-2018-2693, CVE-2018-2783)

There are multiple vulnerabilities in IBM® Runtime Environment Java™ that is used by IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center and IBM Spectrum Protect (formerly Tivoli Storage Manager) Client Management Service. These issues were disclosed as part of the IBM Java SDK updates in January and April 2018.

CVE(s): CVE-2018-2579, CVE-2018-2603, CVE-2018-2783

Affected product(s) and affected version(s):

The following levels of IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center are affected:

• 8.1.0.000 through 8.1.5.000
• 7.1.0.000 through 7.1.9.000

The following levels of IBM Spectrum Protect (formerly Tivoli Storage Manager) Client Management Services (CMS) are affected:

• 8.1.0.000 through 8.1.5.000
• 7.1.0.000 through 7.1.9.000

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22016107
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137833
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137855
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141939

The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2018-2579, CVE-2018-2693, CVE-2018-2783) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2PfrQXf

IBM Security Bulletin: Multiple Security Vulnerabilities in Apache Axis Affect IBM Sterling B2B Integrator (CVE-2014-3596, CVE-2012-5784)

IBM Sterling B2B Integrator uses ActiveMQ. ActiveMQ uses Axis and is vulnerable.

CVE(s): CVE-2012-5784, CVE-2014-3596

Affected product(s) and affected version(s):

IBM Sterling B2B Integrator 5.2.0.1 – 5.2.6.3

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10728839
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/79829
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/95377

The post IBM Security Bulletin: Multiple Security Vulnerabilities in Apache Axis Affect IBM Sterling B2B Integrator (CVE-2014-3596, CVE-2012-5784) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2LzQG1A

IBM Security Bulletin: Multiple Security Vulnerabilities in Jetspeed Affect IBM Sterling B2B Integrator

There are multiple security vulnerabilities in Jetspeed that affect IBM Sterling B2B Integrator

CVE(s): CVE-2016-0711, CVE-2016-0712, CVE-2016-2171, CVE-2016-0710, CVE-2016-0709

Affected product(s) and affected version(s):

IBM Sterling B2b Integrator 5.2.0.1 – 5.2.6.3

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10728893
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111887
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111888
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111889
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111886
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111885

The post IBM Security Bulletin: Multiple Security Vulnerabilities in Jetspeed Affect IBM Sterling B2B Integrator appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2Lxjmsa

IBM Security Bulletin: Multiple Security Vulnerabilities in ActiveMQ Affect IBM Sterling B2B Integrator

There are multiple security vulnerabilities in ActiveMQ that affect IBM Sterling B2B Integrator

CVE(s): CVE-2011-4905, CVE-2012-5784, CVE-2014-3576, CVE-2014-3600, CVE-2015-5254

Affected product(s) and affected version(s):

IBM Sterling B2B Integrator 5.2.0.1 – 5.2.6.3

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10728833
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/71620
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/79829
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/107290
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/100722
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/109632

The post IBM Security Bulletin: Multiple Security Vulnerabilities in ActiveMQ Affect IBM Sterling B2B Integrator appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2LAQnUt

WhatsApp warns free Google Drive backups are not encrypted

Facebook patches critical server remote code execution vulnerability

Hacker Discloses Unpatched Windows Zero-Day Vulnerability (With PoC)

A security researcher has publicly disclosed the details of a previously unknown zero-day vulnerability in the Microsoft's Windows operating system that could help a local user or malicious program obtain system privileges on the targeted machine.

And guess what? The zero-day flaw has been confirmed working on a "fully-patched 64-bit Windows 10 system."

The vulnerability is a privilege escalation issue which resides in the Windows' task scheduler program and occured due to errors in the handling of Advanced Local Procedure Call (ALPC) systems.

The revelation of the Windows zero-day came earlier today from a Twitter user with online alias SandboxEscaper, who also posted a link to a Github page hosting a proof-of-concept (PoC) exploit for the privilege escalation vulnerability in Windows.

"Here is the alpc bug as 0day: https://t.co/m1T3wDSvPX I don't fucking care about life anymore. Neither do I ever again want to submit to MSFT anyway. Fuck all of this shit," SandboxEscaper tweeted (archive), which has now been deleted.

Shortly after that, CERT/CC vulnerability analyst Will Dormann verified the authenticity of the zero-day bug, and

tweeted

:

"I've confirmed that this works well in a fully-patched 64-bit Windows 10 system. LPE right to SYSTEM!"

According to a short online advisory

published

by CERT/CC, the zero-day flaw, if exploited, could allow local users to obtain elevated (SYSTEM) privileges.

Since Advanced Local Procedure Call (ALPC) interface is a local system, the impact of the vulnerability is limited with a CVSS score of 6.4 to 6.8, but the PoC exploit released by the researcher could potentially help malware authors to target Windows users.

SandboxEscaper did not notify Microsoft of the zero-day vulnerability, leaving all Windows users vulnerable to the hackers until a security patch is release by the tech giant to address the issue.

Microsoft is likely to patch the vulnerability in its next month's security Patch Tuesday, which is scheduled for September 11.

The CERT/CC notes it is currently unaware of any practical solution to this zero-day bug.

from The Hacker News https://ift.tt/2ohaC09

Fortnite Epic Games CEO rails against Google vulnerability disclosure

Microsoft Windows zero-day vulnerability disclosed through Twitter

T-Mobile merger with Sprint would cost 28,000 jobs: Union

USN-3756-1: Intel Microcode vulnerabilities

intel-microcode vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 14.04 LTS

Summary

The system could be made to expose sensitive information.

Software Description

• intel-microcode - Processor microcode for Intel CPUs

Details

It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646)

Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639)

Zdenek Sojka, Rudolf Marek, Alex Zuepke, and Innokentiy Sennovskiy discovered that microprocessors that perform speculative reads of system registers may allow unauthorized disclosure of system parameters via a sidechannel attack. This vulnerability is also known as Rogue System Register Read (RSRE). An attacker could use this to expose sensitive information. (CVE-2018-3640)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS

intel-microcode - 3.20180807a.0ubuntu0.18.04.1

Ubuntu 16.04 LTS

intel-microcode - 3.20180807a.0ubuntu0.16.04.1

Ubuntu 14.04 LTS

intel-microcode - 3.20180807a.0ubuntu0.14.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References

• CVE-2018-3639
• CVE-2018-3640
• CVE-2018-3646

from Ubuntu Security Notices https://ift.tt/2PaDjao

USN-3755-1: GD vulnerabilities

libgd2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 14.04 LTS

Summary

Several security issues were fixed in GD.

Software Description

• libgd2 - GD Graphics Library

Details

It was discovered that GD incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-1000222)

It was discovered that GD incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-5711)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS

libgd-tools - 2.2.5-4ubuntu0.2

libgd3 - 2.2.5-4ubuntu0.2

Ubuntu 16.04 LTS

libgd-tools - 2.1.1-4ubuntu0.16.04.10

libgd3 - 2.1.1-4ubuntu0.16.04.10

Ubuntu 14.04 LTS

libgd-tools - 2.1.0-3ubuntu0.10

libgd3 - 2.1.0-3ubuntu0.10

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• CVE-2018-1000222
• CVE-2018-5711

from Ubuntu Security Notices https://ift.tt/2MSINJh

SB18-239: Vulnerability Summary for the Week of August 20, 2018

Original release date: August 27, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

• High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

• Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

• Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
There were no medium vulnerabilities recorded this week.

Back to top

 

Low Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
accupos -- accupos	AccuPOS 2017.8 is installed with the insecure "Authenticated Users: Modify" permission for files within the installation path. This may allow local attackers to compromise the integrity of critical resource and executable files.	2018-08-23	not yet calculated	CVE-2018-15809 MISC
actiontec -- t2200h_t2200h-31.128l.03_devices	fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices allows OS Command Injection via shell metacharacters in the smbdUserid or smbdPasswd field.	2018-08-19	not yet calculated	CVE-2018-15553 MISC
advanced_package_tool -- advanced_package_tool	The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.	2018-08-20	not yet calculated	CVE-2018-0501 MISC MISC MISC UBUNTU
amazon -- aws_cli_version	The Amazon Web Services (AWS) CLI version 1.15.85 (and possibly earlier versions) does not require the  owners flag when describing images, which makes it easier for remote attackers to trigger the loading of an undesired AMI by setting similar image properties (i.e., name), as exploited in the wild during August 2018 with a Monero miner AMI instead of the expected Ubuntu AMI.	2018-08-24	not yet calculated	CVE-2018-15869 MISC
ansible -- ansible_tower	Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users into visiting a malicious site and hijacking the authtoken cookie.	2018-08-22	not yet calculated	CVE-2018-10884 BID CONFIRM
apache -- cayenne	This affects Apache Cayenne 4.1.M1, 3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1, 4.0.B2, 4.0.RC1, 3.1, 3.1.1, 3.1.2. CayenneModeler is a desktop GUI tool shipped with Apache Cayenne and intended for editing Cayenne ORM models stored as XML files. If an attacker tricks a user of CayenneModeler into opening a malicious XML file, the attacker will be able to instruct the XML parser built into CayenneModeler to transfer files from a local machine to a remote machine controlled by the attacker. The cause of the issue is XML parser processing XML External Entity (XXE) declarations included in XML. The vulnerability is addressed in Cayenne by disabling XXE processing in all operations that require XML parsing.	2018-08-22	not yet calculated	CVE-2018-11758 MLIST
apache -- sentry	An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry before 2.0.1. This can allow an attacker unauthorized access to the partitioned data of a Sentry protected table and can allow an attacker to remove data from a Sentry protected table.	2018-08-23	not yet calculated	CVE-2018-8028 MISC
apache -- struts	Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper action(s) have no or wildcard namespace. Same possibility when using url tag which doesn't have value and action set and in same time, its upper action(s) have no or wildcard namespace.	2018-08-22	not yet calculated	CVE-2018-11776 CONFIRM BID SECTRACK CONFIRM MISC CONFIRM
bd -- alaris_plus_medical_syringe_pumps	Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA) versions 2.3.6 and prior are affected by an improper authentication vulnerability where the software does not perform authentication for functionality that requires a provable user identity, where it may allow a remote attacker to gain unauthorized access to various Alaris Syringe pumps and impact the intended operation of the pump when it is connected to a terminal server via the serial port.	2018-08-23	not yet calculated	CVE-2018-14786 CONFIRM MISC
beijing_ruoshen_technology -- xiuno_bbs	The editor in Xiuno BBS 4.0.4 allows stored XSS.	2018-08-19	not yet calculated	CVE-2018-15559 MISC
belkin -- wemo_insight_smart_plug	Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug allows remote attackers to bypass local security protection via a crafted HTTP post packet.	2018-08-21	not yet calculated	CVE-2018-6692 CONFIRM
bloop -- airmail	An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that OpenURL is the default URL handler. A navigation request is processed by the default URL handler only if the currentEvent is NX_LMOUSEUP or NX_OMOUSEUP. An attacker may abuse HTML elements with an EventHandler for a chance to validate navigation requests for URLs that are processed during the NX_LMOUSEUP event triggered by clicking an email.	2018-08-21	not yet calculated	CVE-2018-15670 MISC
bloop -- airmail	An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The "send" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the "send" command with the "attachment_" prefix designate attachment parameters. If the value of an attachment parameter corresponds to an accessible file path, the file is attached to the outbound message. In addition, relative file paths are acceptable attachment parameter values. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the "send" command, thus leading to automatic transmission of an email with designated attachments from the target account to a target address.	2018-08-21	not yet calculated	CVE-2018-15668 MISC
bloop -- airmail	An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter.	2018-08-21	not yet calculated	CVE-2018-15669 MISC
bloop -- airmail	An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. It registers and uses the airmail:// URL scheme. The "send" command in the URL scheme allows an external application to send arbitrary emails from an active account without authentication. The handler has no restriction on who can use its functionality. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the "send" command, thus leading to automatic transmission of an attacker crafted email from the target account.	2018-08-21	not yet calculated	CVE-2018-15667 MISC
cms_computers -- cmsuno	CMSUno before 1.5.3 has XSS via the title field.	2018-08-19	not yet calculated	CVE-2018-15567 MISC
cobbler -- cobbler	Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler-api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.	2018-08-20	not yet calculated	CVE-2018-1000226 CONFIRM MISC
cobbler -- cobbler	Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via "network connectivity". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler-api).	2018-08-20	not yet calculated	CVE-2018-1000225 CONFIRM MISC
cobbler -- cobbler	A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation.	2018-08-22	not yet calculated	CVE-2016-9605 CONFIRM
containous -- traefik	Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable.	2018-08-20	not yet calculated	CVE-2018-15598 MISC MISC MISC MISC
couchbase -- server	An issue was discovered in Couchbase Server. Authenticated users can send arbitrary Erlang code to the 'diag/eval' endpoint of the REST API (available by default on TCP/8091 and/or TCP/18091). The executed code in the underlying operating system will run with the privileges of the user running Couchbase server.	2018-08-24	not yet calculated	CVE-2018-15728 BUGTRAQ
curl -- curl	curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server.	2018-08-23	not yet calculated	CVE-2003-1605 BID MISC
d-link -- dir-615_routers	Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request.	2018-08-25	not yet calculated	CVE-2018-15875 MISC
d-link -- dir-615_routers	Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request.	2018-08-25	not yet calculated	CVE-2018-15874 MISC
d-link -- eyeon_baby_monitor	D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code execution vulnerability. A UDP "Discover" service, which provides multiple functions such as changing the passwords and getting basic information, was installed on the device. A remote attacker can send a crafted UDP request to finderd to perform stack overflow and execute arbitrary code with root privilege on the device.	2018-08-24	not yet calculated	CVE-2017-11563 FULLDISC MISC
d-link -- eyeon_baby_monitor	The D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has multiple command injection vulnerabilities in the web service framework. An attacker can forge malicious HTTP requests to execute commands; authentication is required before executing the attack.	2018-08-24	not yet calculated	CVE-2017-11564 FULLDISC MISC
damicms -- damicms	An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit.	2018-08-25	not yet calculated	CVE-2018-15844 MISC
davegamble/cjson -- davegamble/cjson	Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could be either local or over a network. This vulnerability appears to have been fixed in 1.7.3.	2018-08-20	not yet calculated	CVE-2018-1000216 CONFIRM
davegamble/cjson -- davegamble/cjson	Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network interface then can be exploited over a network, otherwise just local.. This vulnerability appears to have been fixed in 1.7.4.	2018-08-20	not yet calculated	CVE-2018-1000217 CONFIRM
davegamble/cjson -- davegamble/cjson	Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This vulnerability appears to have been fixed in 1.7.7.	2018-08-20	not yet calculated	CVE-2018-1000215 CONFIRM
daveismyname/simple-cms -- daveismyname/simple-cms	An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via admin/?delpage=8.	2018-08-19	not yet calculated	CVE-2018-15564 MISC
daveismyname/simple-cms -- daveismyname/simple-cms	An issue was discovered in daveismyname simple-cms through 2014-03-11. admin/addpage.php does not require authentication for adding a page. This can also be exploited via CSRF.	2018-08-19	not yet calculated	CVE-2018-15565 MISC MISC
dell -- 2335dn_printers	On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.15(2335dn MFP) 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the HTML source code of the Email Settings webpage. In some cases, authentication can be achieved with the blank default password for the admin account. NOTE: the vendor indicates that this is an "End Of Support Life" product.	2018-08-23	not yet calculated	CVE-2018-15748 MISC
dom4j -- dom4j	dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.	2018-08-20	not yet calculated	CVE-2018-1000632 CONFIRM CONFIRM MISC
dropbear -- dropbear	The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase.	2018-08-20	not yet calculated	CVE-2018-15599 MISC MISC MISC
easylogin -- easylogin_pro	An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize call that can be exploited for remote code execution in the decrypt function, if the attacker knows the key.	2018-08-24	not yet calculated	CVE-2018-15576 MISC EXPLOIT-DB
eclipse_rdf4j -- eclipse_rdf4j	Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted RDF file.	2018-08-20	not yet calculated	CVE-2018-1000644 MISC CONFIRM
egg-scripts -- egg-scripts	A command injection vulnerability in egg-scripts <v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument.	2018-08-24	not yet calculated	CVE-2018-3786 CONFIRM CONFIRM MISC
elefant_cms -- elefant_cms	apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism.	2018-08-20	not yet calculated	CVE-2018-15601 MISC
emerson -- deltav	DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files.	2018-08-21	not yet calculated	CVE-2018-14795 BID MISC
emerson -- deltav	DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution.	2018-08-21	not yet calculated	CVE-2018-14793 BID MISC
emerson -- deltav_dcs	Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution.	2018-08-23	not yet calculated	CVE-2018-14797 BID MISC
emerson -- deltav_dcs	Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products.	2018-08-23	not yet calculated	CVE-2018-14791 BID MISC
ffmpeg -- ffmpeg	The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 4.0.2 does not check for an empty audio packet, leading to an assertion failure.	2018-08-23	not yet calculated	CVE-2018-15822 MISC
fledrcms -- fledrcms	An issue was discovered in fledrCMS through 2014-02-03. There is a CSRF vulnerability that can change the administrator's password via index.php?p=done&savedata=1.	2018-08-25	not yet calculated	CVE-2018-15846 MISC
flexo_cms -- flexo_cms	An issue was discovered in Flexo CMS v0.1.6. There is a CSRF vulnerability that can add an administrator via /admin/user/add.	2018-08-25	not yet calculated	CVE-2018-15851 MISC
flightairmap -- flightairmap	FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting (XSS) vulnerability in GET variable used within registration sub menu page that can result in unauthorised actions and access to data, stealing session information. This vulnerability appears to have been fixed in after commit 22b09a3.	2018-08-20	not yet calculated	CVE-2018-1000642 MISC CONFIRM
foreman -- foreman	A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.	2018-08-22	not yet calculated	CVE-2017-2662 CONFIRM CONFIRM
gchq/stroom -- gchq/stroom	Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted XML file.	2018-08-20	not yet calculated	CVE-2018-1000651 MISC CONFIRM
gear_software -- multiple_products	GEAR Software products that include GEARAspiWDM.sys, 2.2.5.0, allow local users to cause a denial of service (Race Condition and BSoD on Windows) by not checking that user-mode memory is available right before writing to it. A check is only performed at the beginning of a long subroutine.	2018-08-24	not yet calculated	CVE-2018-15499 MISC MISC
getsimple_cms -- getsimple_cms	GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field.	2018-08-25	not yet calculated	CVE-2018-15843 MISC
geutebrueck -- re_porter	Geutebrueck re_porter 16 before 7.8.974.20 has a possibility of unauthenticated access to sensitive information including usernames and hashes via a direct request for /statistics/gscsetup.xml on TCP port 12003.	2018-08-21	not yet calculated	CVE-2018-15534 MISC EXPLOIT-DB
geutebrueck -- re_porter	A reflected cross-site scripting vulnerability exists in Geutebrueck re_porter 16 before 7.8.974.20 by appending a query string to /modifychannel/exec or /images/*.png on TCP port 12005.	2018-08-21	not yet calculated	CVE-2018-15533 MISC EXPLOIT-DB
github -- electron	GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution.	2018-08-23	not yet calculated	CVE-2018-15685 MISC
gleez_cms -- gleez_cms	There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add.	2018-08-25	not yet calculated	CVE-2018-15845 MISC
gnu -- gnutls	A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.	2018-08-22	not yet calculated	CVE-2018-10846 BID CONFIRM MISC CONFIRM
gnu -- gnutls	It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.	2018-08-22	not yet calculated	CVE-2018-10845 BID CONFIRM MISC CONFIRM
gnu -- gnutls	It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.	2018-08-22	not yet calculated	CVE-2018-10844 BID CONFIRM MISC CONFIRM
gnu -- libtasn1	GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.	2018-08-20	not yet calculated	CVE-2018-1000654 CONFIRM
godot_engine -- godot_engine	Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in (De)Serialization functions (core/io/marshalls.cpp) that can result in DoS (packet of death), possible leak of uninitialized memory. This attack appear to be exploitable via A malformed packet is received over the network by a Godot application that uses built-in serialization (e.g. game server, or game client). Could be triggered by multiplayer opponent. This vulnerability appears to have been fixed in 2.1.5, 3.0.6, master branch after commit feaf03421dda0213382b51aff07bd5a96b29487b.	2018-08-20	not yet calculated	CVE-2018-1000224 CONFIRM CONFIRM CONFIRM
hdf -- hdf5	An issue was discovered in the HDF HDF5 1.10.2 library. A SIGFPE is raised in the function H5D__chunk_init() of H5Dchunk.c during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero.	2018-08-21	not yet calculated	CVE-2018-15672 MISC
hdf -- hdf5	An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack consumption has been detected in the function H5P__get_cb() in H5Pint.c during an attempted parse of a crafted HDF file. This results in denial of service.	2018-08-21	not yet calculated	CVE-2018-15671 MISC
huawei -- multiple_firewall_products	Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Due to improper handling of the malformed messages, an attacker may sent crafted packets to the affected device to exploit these vulnerabilities. Successful exploit the vulnerability could lead to device deny of service.	2018-08-21	not yet calculated	CVE-2017-17311 CONFIRM
huawei -- multiple_firewall_products	Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Due to improper handling of the malformed messages, an attacker may sent crafted packets to the affected device to exploit these vulnerabilities. Successful exploit the vulnerability could lead to device deny of service.	2018-08-21	not yet calculated	CVE-2017-17312 CONFIRM
huawei -- multiple_firewall_products	Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbacher RSA padding oracle. Cause a Bleichenbacher oracle attack. Successful exploit this vulnerability can impact IPSec tunnel security.	2018-08-21	not yet calculated	CVE-2017-17305 CONFIRM
ibm -- api_connect	IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 143744.	2018-08-22	not yet calculated	CVE-2018-1599 CONFIRM XF
ibm -- maximo_asset_managment	IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145968.	2018-08-24	not yet calculated	CVE-2018-1699 XF CONFIRM
ibm -- multiple_rational_products	Multiple IBM Rational products are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 135655.	2018-08-20	not yet calculated	CVE-2017-1753 XF CONFIRM
ibm -- multiple_rational_products	Multiple IBM Rational products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138425.	2018-08-20	not yet calculated	CVE-2018-1394 XF CONFIRM
ibm -- sdk_java_technology_edition	A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681.	2018-08-20	not yet calculated	CVE-2018-1517 CONFIRM BID XF
ibm -- sdk_java_technology_edition	The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882.	2018-08-20	not yet calculated	CVE-2018-1656 CONFIRM BID XF
ibm -- security_access_manager_appliance	IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running. IBM X-Force ID: 147370.	2018-08-24	not yet calculated	CVE-2018-1722 SECTRACK XF CONFIRM
ibm -- websphere_applicaiton_server_liberty	IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication SPI for Containers (JASPIC). This can happen when the Application Server is configured to permit access on non-secure (http) port and using JASPIC or JSR375 authentication.	2018-08-24	not yet calculated	CVE-2018-1755 SECTRACK XF CONFIRM
imagemagick -- imagemagick	In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.	2018-08-21	not yet calculated	CVE-2018-15607 BID MISC
insteon -- insteon_hub	An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the firmware version that is going to be installed and thus allows for flashing older firmware images. To trigger this vulnerability, an attacker needs to impersonate the remote server 'cache.insteon.com' and serve any signed firmware image.	2018-08-23	not yet calculated	CVE-2018-3833 MISC
insteon -- insteon_hub	An exploitable denial of service vulnerability exists in Insteon Hub running firmware version 1012. Leftover demo functionality allows for arbitrarily rebooting the device without authentication. An attacker can send a UDP packet to trigger this vulnerability.	2018-08-23	not yet calculated	CVE-2017-16348 MISC
insteon -- insteon_hub	An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the device. To trigger this vulnerability, an attacker can upload an MPFS binary via the '/mpfsupload' HTTP form and later on upload the firmware via a POST request to 'firmware.htm'.	2018-08-23	not yet calculated	CVE-2018-3832 MISC
insteon -- insteon_hub	An exploitable buffer overflow vulnerability exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. A strcpy overflows the buffer insteon_pubnub.channel_cc_r, which has a size of 16 bytes. An attacker can send an arbitrarily long "c_r" parameter in order to exploit this vulnerability. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability.	2018-08-23	not yet calculated	CVE-2017-14452 MISC
insteon -- insteon_hub_2245-222_devices	On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A strcpy overflows the buffer insteon_pubnub.channel_ad_r, which has a size of 16 bytes. An attacker can send an arbitrarily long "ad_r" parameter in order to exploit this vulnerability.	2018-08-23	not yet calculated	CVE-2017-14453 MISC
insteon -- insteon_hub_2245-222_devices	On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A strcpy overflows the buffer insteon_pubnub.channel_ak, which has a size of 16 bytes. An attacker can send an arbitrarily long "ak" parameter in order to exploit this vulnerability.	2018-08-23	not yet calculated	CVE-2017-14455 MISC
insteon -- insteon_hub_2245-222_devices	On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. At 0x9d01ef24 the value for the s_offset key is copied using strcpy to the buffer at $sp+0x2b0. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.	2018-08-23	not yet calculated	CVE-2017-16337 MISC
jabref -- jabref	JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted MsBib file. This vulnerability appears to have been fixed in after commit 89f855d.	2018-08-20	not yet calculated	CVE-2018-1000652 MISC CONFIRM
java_system_solutions -- sso_plugin_for_bmc_myit	Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. A remote attacker can abuse this issue to inject client-side scripts into the "select_sso()" function. The payload is triggered when the victim opens a prepared /ux/jss-sso/arslogin?[XSS] link and then clicks the "Login" button.	2018-08-21	not yet calculated	CVE-2018-15528 MISC BUGTRAQ
jenkins -- jenkins	A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL.	2018-08-23	not yet calculated	CVE-2018-1999042 CONFIRM
jenkins -- jenkins	A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials.	2018-08-23	not yet calculated	CVE-2018-1999043 CONFIRM
jenkins -- jenkins	A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled.	2018-08-23	not yet calculated	CVE-2018-1999045 CONFIRM
jenkins -- jenkins	A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update center.	2018-08-23	not yet calculated	CVE-2018-1999047 CONFIRM
jenkins -- jenkins	A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.	2018-08-23	not yet calculated	CVE-2018-1999044 CONFIRM
jenkins -- jenkins	A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection log for any agent.	2018-08-23	not yet calculated	CVE-2018-1999046 CONFIRM
jerryscript -- jerryscript	JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726c8b3793. Analysing history it seems that the issue has been present since commit 64a340ffeb8809b2b66bbe32fd443a8b79fdd860 contains a CWE-476: NULL Pointer Dereference vulnerability in Triggering undefined behavior at jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray-prototype.c:598 (passing NULL to memcpy as 2nd argument) results in null pointer dereference (segfault) at jerry-core/jmem/jmem-heap.c:463 that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute specially crafted javascript code. This vulnerability appears to have been fixed in after commit 87897849f6879df10e8ad68a41bf8cf507edf710.	2018-08-20	not yet calculated	CVE-2018-1000636 CONFIRM
jsish -- jsish	Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsi_ValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault. This attack appear to be exploitable via a crafted javascript code. This vulnerability appears to have been fixed in 2.4.67.	2018-08-20	not yet calculated	CVE-2018-1000655 CONFIRM
latexdraw -- latexdraw	LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible rce. This attack appear to be exploitable via Specially crafted SVG file.	2018-08-20	not yet calculated	CVE-2018-1000639 MISC MISC
libbpg -- libbpg	A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL pointer dereference issue due to missing check of the return value of function malloc in the BPG encoder. This vulnerability appeared while converting a malicious JPEG file to BPG.	2018-08-22	not yet calculated	CVE-2017-2575 MLIST BID
libgd -- libgd	Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5.	2018-08-20	not yet calculated	CVE-2018-1000222 CONFIRM
libgit2 -- libgit2	In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS.	2018-08-17	not yet calculated	CVE-2018-15501 MISC MISC MISC MISC MISC MLIST MISC
libming -- libming	An invalid memory address dereference was discovered in decompileSingleArgBuiltInFunctionCall in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.	2018-08-25	not yet calculated	CVE-2018-15871 MISC
libming -- libming	An invalid memory address dereference was discovered in decompileGETVARIABLE in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.	2018-08-25	not yet calculated	CVE-2018-15870 MISC
librehealthio/lh-ehr -- librehealthio/lh-ehr	LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled input.	2018-08-20	not yet calculated	CVE-2018-1000649 MISC MISC
librehealthio/lh-ehr -- librehealthio/lh-ehr	LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled variable in import templates function.	2018-08-20	not yet calculated	CVE-2018-1000645 MISC CONFIRM
librehealthio/lh-ehr -- librehealthio/lh-ehr	LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter.	2018-08-20	not yet calculated	CVE-2018-1000647 MISC MISC
librehealthio/lh-ehr -- librehealthio/lh-ehr	LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution.	2018-08-20	not yet calculated	CVE-2018-1000646 MISC MISC
librehealthio/lh-ehr -- librehealthio/lh-ehr	LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters.	2018-08-20	not yet calculated	CVE-2018-1000650 MISC CONFIRM
librehealthio/lh-ehr -- librehealthio/lh-ehr	LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters.	2018-08-20	not yet calculated	CVE-2018-1000648 MISC MISC
libvirt -- libvirt	libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.	2018-08-20	not yet calculated	CVE-2015-5160 REDHAT MLIST CONFIRM CONFIRM CONFIRM
libvirt -- libvirt	A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service.	2018-08-22	not yet calculated	CVE-2017-2635 CONFIRM CONFIRM
linux -- linux_kernel	lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.	2018-08-21	not yet calculated	CVE-2018-10932 CONFIRM CONFIRM CONFIRM
linux -- linux_kernel	arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.	2018-08-20	not yet calculated	CVE-2018-15594 MISC BID MISC MISC MISC
linux -- linux_kernel	The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM (aka pam).	2018-08-23	not yet calculated	CVE-2018-6558 MISC MISC MISC MISC
linux -- linux_kernel	The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.	2018-08-19	not yet calculated	CVE-2018-15572 MISC MISC MISC
linux -- linux_kernel	It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.	2018-08-21	not yet calculated	CVE-2018-10902 BID SECTRACK CONFIRM MISC
mapr -- converged_data_platform_and_mapr-xd	An issue was discovered in the MapR File System in MapR Converged Data Platform and MapR-XD 6.x and earlier. Under certain conditions, it is possible for MapR ticket credentials to become compromised, allowing a user to escalate their privileges to act as (aka impersonate) any other user, including cluster administrators, aka bug# 31935. This affects all users who have enabled security on the MapR platform and is fixed in mapr-patch-5.2.1.42646.GA-20180731093831, mapr-patch-5.2.2.44680.GA-20180802011430, mapr-patch-6.0.0.20171109191718.GA-20180802011420, and mapr-patch-6.0.1.20180404222005.GA-20180806214919.	2018-08-23	not yet calculated	CVE-2018-15804 CONFIRM
mikrotik -- routeros	Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system via a crafted HTTP POST request.	2018-08-23	not yet calculated	CVE-2018-1157 CONFIRM CONFIRM MISC
mikrotik -- routeros	Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An authenticated remote attacker can crash the HTTP server by rapidly authenticating and disconnecting.	2018-08-23	not yet calculated	CVE-2018-1159 CONFIRM CONFIRM MISC
mikrotik -- routeros	Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON.	2018-08-23	not yet calculated	CVE-2018-1158 CONFIRM CONFIRM MISC
mikrotik -- routeros	Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system.	2018-08-23	not yet calculated	CVE-2018-1156 CONFIRM CONFIRM MISC
minicms -- minicms	MiniCMS version 1.1 contains a Cross Site Scripting (XSS) vulnerability in https://ift.tt/2MmKxuS that can result in code injection.	2018-08-20	not yet calculated	CVE-2018-1000638 MISC
my_little_forum -- my_little_forum	my little forum 2.4.12 allows CSRF for deletion of users.	2018-08-19	not yet calculated	CVE-2018-15569 MISC
mybb -- mybb	An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF.	2018-08-24	not yet calculated	CVE-2018-11502 MISC EXPLOIT-DB
national_payments_corporation_of_india -- bhim_app_for_android	The National Payments Corporation of India BHIM application 1.3 for Android does not properly restrict use of the OTP feature, which makes it easier for attackers to bypass authentication.	2018-08-24	not yet calculated	CVE-2017-9819 MISC
national_payments_corporation_of_india -- bhim_app_for_android	The National Payments Corporation of India BHIM application 1.3 for Android uses a custom keypad for which the input element is available to the Accessibility service, which makes it easier for attackers to bypass authentication.	2018-08-24	not yet calculated	CVE-2017-9820 MISC
national_payments_corporation_of_india -- bhim_app_for_android	The National Payments Corporation of India BHIM application 1.3 for Android relies on three hardcoded strings (AK-NPCIMB, IM-NPCIBM, and VK-NPCIBM) for SMS validation, which makes it easier for attackers to bypass authentication.	2018-08-24	not yet calculated	CVE-2017-9821 MISC
national_payments_corporation_of_india -- bhim_app_for_android	The National Payments Corporation of India BHIM application 1.3 for Android relies on a four-digit passcode, which makes it easier for attackers to obtain access.	2018-08-24	not yet calculated	CVE-2017-9818 MISC
nec -- aterm_wg2600hp2	An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don't require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmware version, and network status (ex.: curl -X http://[IP]/aterm_httpif.cgi/negotiate -d "REQ_ID=SUPPORT_IF_GET").	2018-08-24	not yet calculated	CVE-2017-12575 FULLDISC
netwave -- ip_camera	Information disclosure in Netwave IP camera at get_status.cgi (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information from the device.	2018-08-24	not yet calculated	CVE-2018-11654 MISC
netwave -- ip_camera	Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information about the network configuration like the network SSID and password.	2018-08-24	not yet calculated	CVE-2018-11653 MISC
node.js -- node.js	In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.	2018-08-21	not yet calculated	CVE-2018-12115 BID REDHAT REDHAT CONFIRM
node.js -- node.js	In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer's` internal "fill" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information.	2018-08-21	not yet calculated	CVE-2018-7166 REDHAT CONFIRM
ome -- open_microscopy_environment_omero	The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains an Improper Access Control vulnerability in User management that can result in administrative user with privilege restrictions logging in as a more powerful administrator. This attack appear to be exploitable via Use user administration privilege to set the password of a more powerful administrator. This vulnerability appears to have been fixed in 5.4.7.	2018-08-20	not yet calculated	CVE-2018-1000634 CONFIRM CONFIRM
ome -- open_microscopy_environment_omero	The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains a Information Exposure Through Sent Data vulnerability in OMERO.server that can result in an Attacker gaining full administrative access to server and may be able to disable it. This vulnerability appears to have been fixed in 5.4.7.	2018-08-20	not yet calculated	CVE-2018-1000635 CONFIRM CONFIRM
ome -- open_microscopy_environment_omero	The Open Microscopy Environment OMERO.web version prior to 5.4.7 contains an Information Exposure Through Log Files vulnerability in the login form and change password form that can result in User's password being revealed. Attacker can log in as that user. This attack appear to be exploitable via an attacker reading the web server log. This vulnerability appears to have been fixed in 5.4.7.	2018-08-20	not yet calculated	CVE-2018-1000633 CONFIRM CONFIRM
openemr -- openemr	OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'scan' parameter in line #41 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitable via The victim must visit on a specially crafted URL..	2018-08-20	not yet calculated	CVE-2018-1000219 MISC CONFIRM
openemr -- openemr	OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'file' parameter in line #43 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitable via The victim must visit on a specially crafted URL..	2018-08-20	not yet calculated	CVE-2018-1000218 MISC CONFIRM
openssh -- openssh	OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.	2018-08-17	not yet calculated	CVE-2018-15473 MISC SECTRACK MISC MISC MLIST DEBIAN EXPLOIT-DB EXPLOIT-DB
owasp -- antisamy	OWASP OWASP ANTISAMY version 1.5.7 and earlier contains a Cross Site Scripting (XSS) vulnerability in AntiSamy.scan() - for both SAX & DOM that can result in Cross Site Scripting.	2018-08-20	not yet calculated	CVE-2018-1000643 MISC
oxid -- eshop	An issue was discovered in the Paymorrow module 1.0.0 before 1.0.2 and 2.0.0 before 2.0.1 for OXID eShop. An attacker can bypass delivery-address change detection if the payment module doesn't use eShop's checkout procedure properly. To do so, the attacker must change the delivery address to one that is not verified by the Paymorrow module.	2018-08-20	not yet calculated	CVE-2018-14020 CONFIRM CONFIRM
oxid -- multiple_products	An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0. An attacker could gain access to the admin panel or a customer account when using the password reset function. To do so, it is required to own a domain name similar to the one the victim uses for their e-mail accounts.	2018-08-20	not yet calculated	CVE-2018-12579 CONFIRM CONFIRM
pallets_project -- flash	The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3.	2018-08-20	not yet calculated	CVE-2018-1000656 CONFIRM CONFIRM
pango -- pango	libpango in Pango before 1.42.4, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text.	2018-08-24	not yet calculated	CVE-2018-15120 MISC CONFIRM CONFIRM MLIST UBUNTU
philips -- intellispace_cardiovascular_products	In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges.	2018-08-22	not yet calculated	CVE-2018-14789 MISC CONFIRM
philips -- intellispace_cardiovascular_products	In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 2.x or prior and Xcelera Version 4.1 or prior), an attacker with escalated privileges could access folders which contain executables where authenticated users have write permissions, and could then execute arbitrary code with local administrative permissions.	2018-08-22	not yet calculated	CVE-2018-14787 MISC CONFIRM
philips -- pagewriter	In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords.	2018-08-22	not yet calculated	CVE-2018-14801 BID MISC CONFIRM
philips -- pagewriter	In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities.	2018-08-22	not yet calculated	CVE-2018-14799 BID MISC CONFIRM
phpmyadmin -- phpmyadmin	An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature.	2018-08-24	not yet calculated	CVE-2018-15605 SECTRACK CONFIRM CONFIRM
phpwhois -- phpwhois	phpWhois allows remote attackers to execute arbitrary code via a crafted whois record.	2018-08-20	not yet calculated	CVE-2015-5243 MISC CONFIRM CONFIRM CONFIRM MISC CONFIRM
pimcore -- pimcore	Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions.	2018-08-24	not yet calculated	CVE-2018-14059 MISC FULLDISC EXPLOIT-DB MISC
pkgconf -- pkgconf	pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow vulnerability in dequote() that can result in dequote() function returns 1-byte allocation if initial length is 0, leading to buffer overflow. This attack appear to be exploitable via specially crafted .pc file. This vulnerability appears to have been fixed in 1.5.3.	2018-08-20	not yet calculated	CVE-2018-1000221 CONFIRM
planex -- cs-qr20	An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command.	2018-08-24	not yet calculated	CVE-2017-12576 FULLDISC
planex -- cs-qr20	An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password") is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission.	2018-08-24	not yet calculated	CVE-2017-12577 FULLDISC
planex -- cs-w50hd_devices	An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack.	2018-08-24	not yet calculated	CVE-2017-12573 FULLDISC
planex -- cs-w50hd_devices	An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; the account can't be modified or deleted.	2018-08-24	not yet calculated	CVE-2017-12574 FULLDISC
portfoliocms -- portfoliocms	An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true.	2018-08-25	not yet calculated	CVE-2018-15848 MISC
portfoliocms -- portfoliocms	An issue was discovered in portfolioCMS 1.0.5. There is CSRF to update the website settings via admin/aboutus.php.	2018-08-25	not yet calculated	CVE-2018-15849 MISC
posim -- evo	POSIM EVO 15.13 for Windows includes hardcoded database credentials for the "root" database user. "root" access to POSIM EVO's database may result in a breach of confidentiality, integrity, or availability or allow for attackers to remotely execute code on associated POSIM EVO clients.	2018-08-23	not yet calculated	CVE-2018-15808 MISC
posim -- evo	POSIM EVO 15.13 for Windows includes an "Emergency Override" administrative account that may be accessed through POSIM's "override" feature. This Override prompt expects a code that is computed locally using a deterministic algorithm. This code may be generated by an attacker and used to bypass any POSIM EVO login prompt.	2018-08-23	not yet calculated	CVE-2018-15807 MISC
postgresql -- postgresql	The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.	2018-08-20	not yet calculated	CVE-2016-7048 CONFIRM CONFIRM
puppet -- puppet_enterprise	When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4.14, and is fixed in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. It scored an 8.5 CVSS score.	2018-08-24	not yet calculated	CVE-2018-11749 CONFIRM
puppycms -- puppycms	An issue was discovered in puppyCMS 5.1. There is an XSS vulnerability via menu.php in the "Add Page/URL" URL link field.	2018-08-25	not yet calculated	CVE-2018-15847 MISC
pycryptodome -- pycryptodome	PyCryptodome before 3.6.6 has an integer overflow in the data_len variable in AESNI.c, related to the AESNI_encrypt and AESNI_decrypt functions, leading to the mishandling of messages shorter than 16 bytes.	2018-08-19	not yet calculated	CVE-2018-15560 MISC MISC
pyro -- pyro	pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.	2018-08-20	not yet calculated	CVE-2011-2765 CONFIRM CONFIRM CONFIRM
red_hat -- cloudforms_management_engine_5	Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems (using callback).	2018-08-22	not yet calculated	CVE-2017-7528 CONFIRM
red_hat -- openstack_enterprise	A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allow directory traversal with '..' and it grants full passwordless root access to the validations user.	2018-08-22	not yet calculated	CVE-2017-2627 CONFIRM
red_hat -- satellite_5	It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a PostgreSQL server using a specially crafted X.509 certificate.	2018-08-22	not yet calculated	CVE-2017-7513 CONFIRM
redaxo -- redaxo_cms	An issue was discovered in REDAXO CMS 4.7.2. There is a CSRF vulnerability that can add an administrator account via index.php?page=user.	2018-08-25	not yet calculated	CVE-2018-15850 MISC
rsa -- archer	The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1, contains a SQL injection vulnerability. A malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to read certain data. Embedded WorkPoint is upgraded to version 4.10.16, which contains a fix for the vulnerability.	2018-08-24	not yet calculated	CVE-2018-11065 FULLDISC BID SECTRACK
rsa -- netwitness_platform_and_security_analytics	RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. A remote authenticated malicious RSA NetWitness Server user with an Admin or Operator role could exploit this vulnerability to execute arbitrary commands on the server with root privileges.	2018-08-24	not yet calculated	CVE-2018-11061 FULLDISC BID SECTRACK SECTRACK
rust -- rust	Rust Programming Language Rust standard library version Commit bfa0e1f58acf1c28d500c34ed258f09ae021893e and later; stable release 1.3.0 and later contains a Buffer Overflow vulnerability in std::collections::vec_deque::VecDeque::reserve() function that can result in Arbitrary code execution, but no proof-of-concept exploit is currently published.. This vulnerability appears to have been fixed in after commit fdfafb510b1a38f727e920dccbeeb638d39a8e60; stable release 1.22.0 and later.	2018-08-20	not yet calculated	CVE-2018-1000657 CONFIRM CONFIRM
samba -- samba	A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All versions of Samba from 4.8.0 onwards are vulnerable	2018-08-22	not yet calculated	CVE-2018-1140 BID CONFIRM CONFIRM CONFIRM CONFIRM
samba -- samba	A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Directory Domain Controller configuration. Samba versions before 4.7.9 and 4.8.4 are vulnerable.	2018-08-22	not yet calculated	CVE-2018-10918 BID CONFIRM CONFIRM UBUNTU CONFIRM
samba -- samba	The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.	2018-08-22	not yet calculated	CVE-2018-10919 BID CONFIRM CONFIRM UBUNTU DEBIAN CONFIRM
samba -- samba	A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.	2018-08-22	not yet calculated	CVE-2018-1139 BID CONFIRM CONFIRM UBUNTU CONFIRM
samba -- samba	A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.	2018-08-22	not yet calculated	CVE-2018-10858 BID CONFIRM CONFIRM UBUNTU DEBIAN CONFIRM
samsung -- smartthings_hub_sth-eth-250	An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in turn leads to a SQL injection in the video-core database. An attacker can send a series of HTTP requests to trigger this vulnerability.	2018-08-23	not yet calculated	CVE-2018-3879 MISC
samsung -- smartthings_hub_sth-eth-250	An exploitable buffer overflow vulnerability exists in the camera "create" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the "state" field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.	2018-08-23	not yet calculated	CVE-2018-3905 MISC
samsung -- smartthings_hub_sth-eth-250	An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, 'on_url' callback. An attacker can send an HTTP request to trigger this vulnerability.	2018-08-23	not yet calculated	CVE-2018-3907 MISC
samsung -- smartthings_hub_sth-eth-250	An exploitable buffer overflow vulnerability exists in the camera "replace" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the URL field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.	2018-08-23	not yet calculated	CVE-2018-3902 MISC
samsung -- smartthings_hub_sth-eth-250	An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, 'onmessagecomplete' callback. An attacker can send an HTTP request to trigger this vulnerability.	2018-08-23	not yet calculated	CVE-2018-3909 MISC
samsung -- smartthings_hub_sth-eth-250	On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. A strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "user" value in order to exploit this vulnerability.	2018-08-23	not yet calculated	CVE-2018-3863 MISC
samsung -- smartthings_hub_sth-eth-250	An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strcpy at [8] overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long 'callbackUrl' value in order to exploit this vulnerability.	2018-08-23	not yet calculated	CVE-2018-3866 MISC
samsung -- smartthings_hub_sth-eth-250	An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly handles the answer received from a smart camera, leading to a buffer overflow on the stack. An attacker can send a series of HTTP requests to trigger this vulnerability.	2018-08-23	not yet calculated	CVE-2018-3867 MISC
samsung -- smartthings_hub_sth-eth-250	An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely extracts the fields from the "clips" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send a series of HTTP requests to trigger this vulnerability.	2018-08-23	not yet calculated	CVE-2018-3919 MISC
samsung -- smartthings_hub_sth-eth-250	An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles existing records inside its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.	2018-08-23	not yet calculated	CVE-2018-3880 MISC
samsung -- smartthings_hub_sth-eth-250	Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. A strncpy overflows the destination buffer, which has a size of 16 bytes. An attacker can send an arbitrarily long "region" value in order to exploit this vulnerability.	2018-08-23	not yet calculated	CVE-2018-3878 MISC
samsung -- smartthings_hub_sth-eth-250	An exploitable buffer overflow vulnerability exists in the remote video-host communication of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely parses the AWSELB cookie while communicating with remote video-host servers, leading to a buffer overflow on the heap. An attacker able to impersonate the remote HTTP servers could trigger this vulnerability.	2018-08-23	not yet calculated	CVE-2018-3925 MISC
samsung -- smartthings_hub_sth-eth-250	On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The strcpy call overflows the destination buffer, which has a size of 16 bytes. An attacker can send an arbitrarily long "region" value in order to exploit this vulnerability.	2018-08-23	not yet calculated	CVE-2018-3917 MISC
samsung -- smartthings_hub_sth-eth-250	An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages, leading to partially controlled requests generated toward the internal video-core process. An attacker can send an HTTP request to trigger this vulnerability.	2018-08-23	not yet calculated	CVE-2018-3911 MISC
samsung -- smartthings_hub_sth-eth-250	An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts the videoHostUrl field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.	2018-08-23	not yet calculated	CVE-2018-3872 MISC
samsung -- smartthings_hub_sth-eth-250	On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. The strcpy call overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long "secretKey" value in order to exploit this vulnerability.	2018-08-23	not yet calculated	CVE-2018-3912 MISC
samsung -- smartthings_hub_sth-eth-250	On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The memcpy call overflows the destination buffer, which has a size of 512 bytes. An attacker can send an arbitrarily long "url" value in order to overwrite the saved-PC with 0x42424242.	2018-08-23	not yet calculated	CVE-2018-3903 MISC
samsung -- smartthings_hub_sth-eth-250	An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this vulnerability.	2018-08-23	not yet calculated	CVE-2018-3856 MISC
signal_messenger -- open_whisper_signal	Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage.	2018-08-20	not yet calculated	CVE-2018-14023 MISC MISC
soundtouch -- soundtouch	soundtouch version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() that can result in arbitrary code execution. This attack appear to be exploitable via victim must open maliocius file in soundstretch utility.	2018-08-20	not yet calculated	CVE-2018-1000223 CONFIRM
spice -- spice	A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.	2018-08-17	not yet calculated	CVE-2018-10873 CONFIRM CONFIRM UBUNTU
swoole -- swoole	The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV.	2018-08-17	not yet calculated	CVE-2018-15503 MISC MISC MISC
symantec -- encryption_management_server	The Symantec Encryption Management Server (SEMS) product, prior to version 3.4.2 MP1, may be susceptible to a denial of service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network.	2018-08-20	not yet calculated	CVE-2018-5243 BID SECTRACK CONFIRM
symantec -- norton_ppower_eraser_and_symdiag	Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application.	2018-08-22	not yet calculated	CVE-2018-5238 BID CONFIRM
symantec -- norton_utilities	Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application.	2018-08-22	not yet calculated	CVE-2018-5235 BID CONFIRM
technicolor -- tc7200.20_cable_modem_devices	Technicolor TC7200.20 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof.	2018-08-25	not yet calculated	CVE-2018-15852 MISC
tecrail -- responsive_filemanager	/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal.	2018-08-24	not yet calculated	CVE-2018-15536 FULLDISC
tecrail -- responsive_filemanager	/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is outside of that directory, aka Directory Traversal.	2018-08-24	not yet calculated	CVE-2018-15535 FULLDISC
tp5cms -- tp5cms	tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html q parameter.	2018-08-19	not yet calculated	CVE-2018-15566 MISC
tp5cms -- tp5cms	tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html.	2018-08-19	not yet calculated	CVE-2018-15568 MISC
tridium -- niagara	An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system.	2018-08-20	not yet calculated	CVE-2017-16748 BID MISC
tridium -- niagara	A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials.	2018-08-20	not yet calculated	CVE-2017-16744 BID MISC
ubuntu -- ubuntu	The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled.	2018-08-21	not yet calculated	CVE-2018-6557 SECTRACK UBUNTU
ucopia -- wireless_appliance_devices	Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices using firmware version 5.1.x before 5.1.13 allows authenticated remote attackers to escape the shell and escalate their privileges by adding a LocalCommand to the SSH configuration file in the user home folder.	2018-08-21	not yet calculated	CVE-2018-15481 MISC
victoralagwu/cmssite -- victoralagwu/cmssite	An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the Author field of the "Leave a Comment" screen.	2018-08-20	not yet calculated	CVE-2018-15603 MISC
villagedefrance -- opencart-overclocked	OpenCart-Overclocked version <=1.11.1 contains a Cross Site Scripting (XSS) vulnerability in User input entered unsanitised within JS function in the template that can result in Unauthorised actions and access to data, stealing session information, denial of service. This attack appear to be exploitable via Malicious input passed in GET parameter.	2018-08-20	not yet calculated	CVE-2018-1000640 MISC CONFIRM
waimai -- super_cms	In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter.	2018-08-19	not yet calculated	CVE-2018-15570 MISC
wi2be -- smart_hp_wmt	Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to obtain sensitive information via /Status/SystemStatusRpm.esp.	2018-08-20	not yet calculated	CVE-2018-14079 MISC
wi2be -- smart_hp_wmt	Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to reset the admin password via the /ConfigWizard/ChangePwd.esp?2admin URL (Attackers can login using the "admin" username with password "admin" after a successful attack).	2018-08-20	not yet calculated	CVE-2018-14078 MISC
wi2be -- smart_hp_wmt	Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to backup the device configuration via a direct request to /Maintenance/configfile.cfg.	2018-08-20	not yet calculated	CVE-2018-14077 MISC
wolfcms -- wolfcms	WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter.	2018-08-25	not yet calculated	CVE-2018-15842 MISC
x.org -- libx11	An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.	2018-08-24	not yet calculated	CVE-2018-14599 MLIST SECTRACK CONFIRM CONFIRM MLIST
x.org -- libx11	An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution.	2018-08-24	not yet calculated	CVE-2018-14600 MLIST SECTRACK CONFIRM CONFIRM MLIST
x.org -- libx11	An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).	2018-08-24	not yet calculated	CVE-2018-14598 MLIST SECTRACK CONFIRM CONFIRM MLIST
xkbcommon -- xkbcommon	Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled.	2018-08-25	not yet calculated	CVE-2018-15859 MISC MISC
xkbcommon -- xkbcommon	Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file.	2018-08-25	not yet calculated	CVE-2018-15858 MISC MISC
xkbcommon -- xkbcommon	Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled.	2018-08-25	not yet calculated	CVE-2018-15855 MISC MISC
xkbcommon -- xkbcommon	An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files.	2018-08-25	not yet calculated	CVE-2018-15856 MISC MISC
xkbcommon -- xkbcommon	An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file.	2018-08-25	not yet calculated	CVE-2018-15857 MISC MISC
xkbcommon -- xkbcommon	Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure.	2018-08-25	not yet calculated	CVE-2018-15861 MISC MISC
xkbcommon -- xkbcommon	Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created.	2018-08-25	not yet calculated	CVE-2018-15864 MISC MISC
xkbcommon -- xkbcommon	Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression.	2018-08-25	not yet calculated	CVE-2018-15863 MISC MISC
xkbcommon -- xkbcommon	Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers.	2018-08-25	not yet calculated	CVE-2018-15862 MISC MISC
xkbcommon -- xkbcommon	Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation.	2018-08-25	not yet calculated	CVE-2018-15853 MISC MISC
xkbcommon -- xkbcommon	Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly.	2018-08-25	not yet calculated	CVE-2018-15854 MISC MISC
yeswiki -- yeswiki	YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of information.	2018-08-20	not yet calculated	CVE-2018-1000641 MISC MISC
zutils -- zutils	zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed in 1.8-pre2.	2018-08-20	not yet calculated	CVE-2018-1000637 CONFIRM MLIST
zzcms -- zzcms	zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. This attack appear to be exploitable via running zzcms in nginx.	2018-08-20	not yet calculated	CVE-2018-1000653 MISC

Back to top

---

This product is provided subject to this Notification and this Privacy & Use policy.

from US-CERT National Cyber Alert System https://ift.tt/2No5Ico