Monday, October 29, 2018

SB18-302: Vulnerability Summary for the Week of October 22, 2018

Original release date: October 29, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
imagemagick -- imagemagick There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16. 2018-10-20 4.3 CVE-2018-18544
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adrenalin -- hrms Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting (XSS) vulnerability in the ApplicationtEmployeeSearch page via 'prntDDLCntrlName' and 'prntFrmName'. 2018-10-24 not yet calculated CVE-2018-12650
MISC
advanced_maryland_automatic_network_disk_archiver -- advanced_maryland_automatic_network_disk_archiver  An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the command line argument --star-path. 2018-10-24 not yet calculated CVE-2016-10730
EXPLOIT-DB
advanced_maryland_automatic_network_disk_archiver -- advanced_maryland_automatic_network_disk_archiver 
 
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root. 2018-10-24 not yet calculated CVE-2016-10729
EXPLOIT-DB
advantech -- webaccess Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level. 2018-10-23 not yet calculated CVE-2018-14828
BID
SECTRACK
MISC
advantech -- webaccess Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp. 2018-10-22 not yet calculated CVE-2018-15704
MISC
advantech -- webaccess Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing. 2018-10-23 not yet calculated CVE-2018-14820
BID
SECTRACK
MISC
advantech -- webaccess Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code. 2018-10-23 not yet calculated CVE-2018-14806
BID
SECTRACK
MISC
advantech -- webaccess Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code. 2018-10-23 not yet calculated CVE-2018-14816
BID
SECTRACK
MISC
advantech -- webaccess Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser. 2018-10-22 not yet calculated CVE-2018-15703
MISC
ajenti -- ajenti ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager. 2018-10-24 not yet calculated CVE-2018-18548
MISC
ansible -- ansible Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list. 2018-10-23 not yet calculated CVE-2018-16837
BID
CONFIRM
apache -- impala Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query. 2018-10-24 not yet calculated CVE-2018-11785
MISC
apache -- impala In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. This may pose a potential security risk, such as having ALTER on a table and ALL on a particular database allows a user to move the table to a database with ALL, which will automatically grant that user with ALL privilege on that table due to the privilege inherited from the database. 2018-10-24 not yet calculated CVE-2018-11792
MISC
apache -- spark Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation. It has been included in release branches since 1.3.x, up to and including master. This server will accept connections from external hosts by default. A specially-crafted request to the zinc server could cause it to reveal information in files readable to the developer account running the build. Note that this issue does not affect end users of Spark, only developers building Spark from source code. 2018-10-24 not yet calculated CVE-2018-11804
MLIST
CONFIRM
arcserve -- unified_data_protection_platform An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in /management/UdpHttpService issue. 2018-10-26 not yet calculated CVE-2018-18659
MISC
MISC
MISC
arcserve -- unified_data_protection_platform An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclosure via /UDPUpdates/Config/FullUpdateSettings.xml issue. 2018-10-26 not yet calculated CVE-2018-18658
MISC
MISC
MISC
arcserve -- unified_data_protection_platform An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue. 2018-10-26 not yet calculated CVE-2018-18660
MISC
MISC
MISC
arcserve -- unified_data_protection_platform An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated Sensitive Information Disclosure via /gateway/services/EdgeServiceImpl issue. 2018-10-26 not yet calculated CVE-2018-18657
MISC
MISC
MISC
ardawan -- user_management
 
Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI. 2018-10-19 not yet calculated CVE-2018-18419
MISC
artifex -- ghostscript Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. 2018-10-19 not yet calculated CVE-2018-18284
CONFIRM
MLIST
MISC
MISC
MLIST
artifex -- mupdf There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool. 2018-10-26 not yet calculated CVE-2018-18662
MISC
MISC
atlassian -- jira The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability. 2018-10-23 not yet calculated CVE-2018-13401
CONFIRM
atlassian -- jira Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability. 2018-10-23 not yet calculated CVE-2018-13402
CONFIRM
atlassian -- jira Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability. 2018-10-23 not yet calculated CVE-2018-13400
CONFIRM
audiocodes -- 440hd_and_450hd_devices AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business. 2018-10-24 not yet calculated CVE-2018-18567
SECTRACK
BUGTRAQ
MISC
axios_italia -- axios_cloud_sissiweb_registro_elettronico In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret/relogoff.aspx has XSS via the Error_Desc parameter. 2018-10-23 not yet calculated CVE-2018-18437
MISC
EXPLOIT-DB
bigprof -- appgini BigProf AppGini 5.70 stores the passwords in the database using the MD5 hash. 2018-10-23 not yet calculated CVE-2018-18587
MISC
bigtree -- bigtree_cms A Session Fixation issue was discovered in Bigtree. admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The Session Fixation could allow an attacker to hijack an admin session. 2018-10-19 not yet calculated CVE-2018-18380
MISC
CONFIRM
bitdefender -- gravityzone The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing the filename while leaving the file's digital signature unchanged. 2018-10-24 not yet calculated CVE-2018-8955
MISC
FULLDISC
SECTRACK
MISC
cisco -- webex_meetings_desktop_app_for_windows A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access, administrators should be aware that in Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools. 2018-10-24 not yet calculated CVE-2018-15442
BID
SECTRACK
CISCO
citrix -- netscaler_gateway Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS. 2018-10-24 not yet calculated CVE-2018-18517
BID
CONFIRM
citrix -- sd-wan_and_netscaler A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. 2018-10-23 not yet calculated CVE-2018-17446
BID
CONFIRM
citrix -- sd-wan_and_netscaler An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. 2018-10-23 not yet calculated CVE-2018-17448
BID
CONFIRM
citrix -- sd-wan_and_netscaler An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. 2018-10-23 not yet calculated CVE-2018-17447
BID
CONFIRM
citrix -- sd-wan_and_netscaler
 
A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. 2018-10-23 not yet calculated CVE-2018-17444
BID
CONFIRM
citrix -- sd-wan_and_netscaler
 
A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. 2018-10-23 not yet calculated CVE-2018-17445
BID
CONFIRM
creativeitem-- ekushey_project_manager_crm In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI. 2018-10-19 not yet calculated CVE-2018-18417
MISC
crossroads-- crossroads Crossroads 2.81 does not properly handle the /tmp directory during a build of xr. A local attacker can first create a world-writable subdirectory in a certain location under the /tmp directory, wait until a user process copies xr there, and then replace the entire contents of this subdirectory to include a Trojan horse xr. 2018-10-25 not yet calculated CVE-2018-18654
MISC
d-link -- dsl-2640t_routers
 
XSS exists in cgi-bin/webcm on D-Link DSL-2640T routers via the var:RelaodHref or var:conid parameter. 2018-10-24 not yet calculated CVE-2018-18636
MISC
MISC
desdev -- dedecms DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php. 2018-10-23 not yet calculated CVE-2018-18608
MISC
MISC
desdev-- dedecms Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter. 2018-10-22 not yet calculated CVE-2018-18579
MISC
MISC
desdev-- dedecms DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter. 2018-10-22 not yet calculated CVE-2018-18578
MISC
MISC
eaton -- ups_9px_8000_sp_devices An issue was discovered on Eaton UPS 9PX 8000 SP devices. The administration panel is vulnerable to a CSRF attack on the change-password functionality. This vulnerability could be used to force a logged-in administrator to perform a silent password update. The affected forms are also vulnerable to Reflected Cross-Site Scripting vulnerabilities. This flaw could be triggered by driving an administrator logged into the Eaton application to a specially crafted web page. This attack could be done silently. 2018-10-24 not yet calculated CVE-2018-9281
MISC
eaton -- ups_9px_8000_sp_devices An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the SNMP version 3 user's password. The web page displayed by the appliance contains the password in cleartext. Passwords of the read and write users could be retrieved by browsing the source code of the webpage. 2018-10-24 not yet calculated CVE-2018-9280
MISC
eaton -- ups_9px_8000_sp_devices
 
An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the user's password. The web page displayed by the appliance contains the password in cleartext. Passwords could be retrieved by browsing the source code of the webpage. 2018-10-24 not yet calculated CVE-2018-9279
MISC
elfutils -- elfutils Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. 2018-10-19 not yet calculated CVE-2018-18521
MISC
MISC
elfutils -- elfutils An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file. 2018-10-19 not yet calculated CVE-2018-18520
MISC
MISC
f5 -- big-ip On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a reflected Cross Site Scripting (XSS) vulnerability in an undisclosed Configuration Utility page. 2018-10-19 not yet calculated CVE-2018-15315
SECTRACK
CONFIRM
f5 -- big-ip On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page. 2018-10-19 not yet calculated CVE-2018-15314
BID
SECTRACK
CONFIRM
f5 -- big-ip On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page. 2018-10-19 not yet calculated CVE-2018-15313
BID
SECTRACK
CONFIRM
f5 -- big-ip
 
On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an authenticated user to execute JavaScript for the currently logged-in user. 2018-10-19 not yet calculated CVE-2018-15312
SECTRACK
CONFIRM
f5 -- mutiple_products In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint checks. 2018-10-19 not yet calculated CVE-2018-15316
BID
SECTRACK
CONFIRM
fiyo_cms -- fiyo_cms Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name parameter. 2018-10-20 not yet calculated CVE-2018-18545
MISC
fuji_electric -- energy_savings_estimator An uncontrolled search path element (DLL Hijacking) vulnerability has been identified in Fuji Electric Energy Savings Estimator versions V.1.0.2.0 and prior. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL. 2018-10-24 not yet calculated CVE-2018-14812
BID
MISC
gain_electronic -- saga1-l8b SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it. 2018-10-24 not yet calculated CVE-2018-17923
BID
MISC
gain_electronic -- saga1-l8b SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction. 2018-10-24 not yet calculated CVE-2018-17921
BID
MISC
gain_electronic -- saga1-l8b SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery. 2018-10-24 not yet calculated CVE-2018-17903
BID
MISC
geovap -- reliance_4_scada/hmi Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerability could allow an unauthorized attacker to inject arbitrary code. 2018-10-25 not yet calculated CVE-2018-17904
BID
MISC
gnu -- binutils A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. 2018-10-23 not yet calculated CVE-2018-18605
MISC
MISC
gnu -- binutils An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. 2018-10-23 not yet calculated CVE-2018-18607
MISC
MISC
gnu -- binutils An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. 2018-10-23 not yet calculated CVE-2018-18606
MISC
MISC
greedy_599-- greedy_599 A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. The developer used the extcodesize() function to prevent a malicious contract from being called, but the attacker can bypass it by writing the core code in the constructor of their exploit code. Therefore, it allows attackers to always win and get rewards. 2018-10-23 not yet calculated CVE-2018-17877
MISC
huawei -- smartphones Some Huawei smartphones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed. 2018-10-23 not yet calculated CVE-2018-7911
CONFIRM
ibm -- security_access_manager_appliance IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. IBM X-Force ID: 150998. 2018-10-22 not yet calculated CVE-2018-1850
CONFIRM
XF
ibm -- websphere_commerce_enterprise IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142596. 2018-10-24 not yet calculated CVE-2018-1541
XF
CONFIRM
iobit -- malware_fighter IMFCameraProtect.sys in IObit Malware Fighter 6.2 (and possibly lower versions) is vulnerable to a stack-based buffer overflow. The attacker can use DeviceIoControl to pass a user specified size which can be used to overwrite return addresses. This can lead to a denial of service or code execution attack. 2018-10-19 not yet calculated CVE-2018-18026
MISC
kaptcha -- kaptcha text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random (rather than SecureRandom) function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force approach. 2018-10-19 not yet calculated CVE-2018-18531
MISC
kerui -- wifi_endoscope_camera_ypc99 Lack of an authentication mechanism in KERUI Wifi Endoscope Camera (YPC99) allows an attacker to watch or block the camera stream. The RTSP server on port 7070 accepts the command STOP to stop streaming, and the command SETSSID to disconnect a user. 2018-10-22 not yet calculated CVE-2018-13115
MISC
kerui -- wifi_endoscope_camera_ypc99 Missing authentication and improper input validation in KERUI Wifi Endoscope Camera (YPC99) allow an attacker to execute arbitrary commands (with a length limit of 19 characters) via the "ssid" value, as demonstrated by ssid:;ping 192.168.1.2 in the body of a SETSSID command. 2018-10-22 not yet calculated CVE-2018-13114
MISC
lango -- codeigniter_multilingual_script LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upload sections, as demonstrated by the site_name parameter to the admin/settings/update URI. 2018-10-19 not yet calculated CVE-2018-18416
MISC
EXPLOIT-DB
leanote -- leanote Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes" page. 2018-10-21 not yet calculated CVE-2018-18553
MISC
libmspack -- libmspack chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name). 2018-10-22 not yet calculated CVE-2018-18585
MISC
MISC
MISC
libmspack -- libmspack
 
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. 2018-10-22 not yet calculated CVE-2018-18584
MISC
MISC
MISC
MISC
libtiff -- libtiff An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c. 2018-10-26 not yet calculated CVE-2018-18661
MISC
libtiff -- libtiff LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write. 2018-10-22 not yet calculated CVE-2018-18557
MISC
linux -- linux_kernel The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. This occurs because a modified kernel/module.c, in conjunction with certain configuration options, leads to mishandling of the result of signature verification. 2018-10-25 not yet calculated CVE-2018-18653
MISC
linux -- linux_kernel In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control. 2018-10-22 not yet calculated CVE-2018-18559
MISC
linux -- linux_kernel The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace. 2018-10-26 not yet calculated CVE-2018-6559
CONFIRM
CONFIRM
CONFIRM
live555 -- live555 An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability. 2018-10-19 not yet calculated CVE-2018-4013
MLIST
MISC
lupng -- lupng An issue has been found in LuPng through 2017-03-10. It is a heap-based buffer overflow in insertByte in miniz/lupng.c during a write operation for data obtained from a swap. 2018-10-22 not yet calculated CVE-2018-18583
MISC
MISC
lupng -- lupng An issue has been found in LuPng through 2017-03-10. It is a heap-based buffer overflow in insertByte in miniz/lupng.c during a write operation for data obtained from a palette. 2018-10-22 not yet calculated CVE-2018-18582
MISC
MISC
lupng -- lupng An issue has been found in LuPng through 2017-03-10. It is a heap-based buffer over-read in internalPrintf in miniz/lupng.c. 2018-10-22 not yet calculated CVE-2018-18581
MISC
MISC
mailcleaner -- mailcleaner_community_edition www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO. 2018-10-24 not yet calculated CVE-2018-18635
MISC
MISC
micro_focus -- real_user_monitoring A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary code. 2018-10-23 not yet calculated CVE-2018-18589
CONFIRM
microsoft-- yammer A remote code execution vulnerability exists in the Yammer desktop application due to the loading of arbitrary content, aka "Yammer Desktop Application Remote Code Execution Vulnerability." This affects Yammer Desktop App. 2018-10-23 not yet calculated CVE-2018-8569
BID
CONFIRM
mitel -- mivoice_5330e_voip_device The Mitel MiVoice 5330e VoIP device is affected by memory corruption flaws in the SIP/SDP packet handling functionality. An attacker can exploit this issue remotely, by sending a particular pattern of SIP/SDP packets, to cause a denial of service state in the affected devices and probably remote code execution. 2018-10-23 not yet calculated CVE-2018-15497
CONFIRM
MISC
mitel -- mivoice_office_400 A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack, due to insufficient validation for the start.asp page. A successful exploit could allow the attacker to execute arbitrary scripts to access sensitive browser-based information. 2018-10-23 not yet calculated CVE-2018-16226
CONFIRM
mitel -- st A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit could allow an attacker to execute arbitrary scripts. 2018-10-23 not yet calculated CVE-2018-12901
CONFIRM
mkvtoolnix -- mkvtoolnix A use-after-free vulnerability exists in the way MKVToolNix MKVINFO v25.0.0 handles the MKV (matroska) file format. A specially crafted MKV file can cause arbitrary code execution in the context of the current user. 2018-10-26 not yet calculated CVE-2018-4022
MISC
moxa -- thingspro Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. 2018-10-19 not yet calculated CVE-2018-18395
MISC
moxa -- thingspro Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. 2018-10-19 not yet calculated CVE-2018-18394
MISC
moxa -- thingspro Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. 2018-10-19 not yet calculated CVE-2018-18396
MISC
moxa -- thingspro Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. 2018-10-19 not yet calculated CVE-2018-18392
MISC
moxa -- thingspro User Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. 2018-10-19 not yet calculated CVE-2018-18391
MISC
moxa -- thingspro Password Management Issue in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. 2018-10-19 not yet calculated CVE-2018-18393
MISC
moxa -- thingspro User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. 2018-10-19 not yet calculated CVE-2018-18390
MISC

mysql-binuuid-rails -- mysql-binuuid-rails

mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns. 2018-10-24 not yet calculated CVE-2018-18476
MISC
CONFIRM
neato_robotics -- botvac_connected_vacuums A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network attackers to execute arbitrary commands via shell metacharacters in the ntp field within JSON data to the /robot/initialize endpoint. 2018-10-24 not yet calculated CVE-2018-18638
MISC
open_design_alliance -- drawings_sdk A vulnerability exists in the file reading procedure in Open Design Alliance Drawings SDK 2019Update1 on non-Windows platforms in which attackers could perform read operations past the end, or before the beginning, of the intended buffer. This can allow attackers to obtain sensitive information from process memory or cause a crash. 2018-10-19 not yet calculated CVE-2018-18224
BID
CONFIRM
open_design_alliance -- drawings_sdk Open Design Alliance Drawings SDK 2019Update1 has a vulnerability during the reading of malformed files, allowing attackers to obtain sensitive information from process memory or cause a crash. 2018-10-19 not yet calculated CVE-2018-18223
BID
CONFIRM
ownticket -- ownticket OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter. 2018-10-19 not yet calculated CVE-2018-18527
EXPLOIT-DB
phpyun -- phpyun An issue was discovered in PHPYun V4.6. There is a vulnerability that can delete any file or directory via the "admin/index.php?m=database&c=del" sql parameter because del_action() in admin/model/database.class.php mishandles this parameter. 2018-10-23 not yet calculated CVE-2018-18626
MISC
pippo -- pippo An issue was discovered in Pippo 1.11.0. The function SerializationSessionDataTranscoder.decode() calls ObjectInputStream.readObject() to deserialize a SessionData object without checking the object types. An attacker can create a malicious object, base64 encode it, and place it in the PIPPO_SESSION field of a cookie. Sending this cookie may lead to remote code execution. 2018-10-23 not yet calculated CVE-2018-18628
MISC
pippo -- pippo parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java. 2018-10-23 not yet calculated CVE-2017-18349
MISC
MISC
MISC
polycomm -- vvx_500_and_601_devices The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business. 2018-10-24 not yet calculated CVE-2018-18566
BUGTRAQ
MISC
polycomm -- vvx_500_and_601_devices Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business. 2018-10-24 not yet calculated CVE-2018-18568
BUGTRAQ
MISC
prayer -- prayer Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting. 2018-10-25 not yet calculated CVE-2018-18655
MISC
purevpn -- purevpn_for_windows The PureVPN client before 6.1.0 for Windows stores Login Credentials (username and password) in cleartext. The location of such files is %PROGRAMDATA%\purevpn\config\login.conf. Additionally, all local users can read this file. 2018-10-26 not yet calculated CVE-2018-18656
MISC
qemu -- qemu Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value. 2018-10-19 not yet calculated CVE-2018-18438
MLIST
MLIST
MLIST
qualcomm -- snapdragon While processing the sensors registry configuration file, if inputs are not validated a buffer overflow will occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MMDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDA660, SDX20. 2018-10-23 not yet calculated CVE-2017-18303
SECTRACK
CONFIRM
CONFIRM
qualcomm -- snapdragon When FW tries to get random mac address generated from new SW RNG and ADC values read are constant then DUT get struck in loop while trying to get random ADC samples in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52 2018-10-26 not yet calculated CVE-2018-11828
CONFIRM
qualcomm -- snapdragon A stack-based buffer overflow can occur in a firmware routine in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, SDA660 2018-10-26 not yet calculated CVE-2018-11824
CONFIRM
qualcomm -- snapdragon Access control on applications is not applied while accessing SafeSwitch services can lead to improper access in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20. 2018-10-23 not yet calculated CVE-2017-18296
SECTRACK
CONFIRM
CONFIRM
qualcomm -- snapdragon Possible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016 2018-10-26 not yet calculated CVE-2018-11821
CONFIRM
qualcomm -- snapdragon While accessing SafeSwitch services, third party can manipulate a given device and perform unauthorized operation due to lack of checking of same state transitions in Snapdragon Automobile, Snapdragon Mobile in version MSM8996AU, SD 410/12, SD 617, SD 650/52, SD 810, SD 820, SD 820A 2018-10-23 not yet calculated CVE-2017-18312
CONFIRM
CONFIRM
qualcomm -- snapdragon Lack of check on out of range of bssid parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9886, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016 2018-10-26 not yet calculated CVE-2018-11849
CONFIRM
qualcomm -- snapdragon XPU Master privilege escalation is possible due to improper access control of unused configuration xPU ports where unused configuration ports are open in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016. 2018-10-26 not yet calculated CVE-2017-18311
CONFIRM
qualcomm -- snapdragon The use of a non-time-constant memory comparison operation can lead to timing/side channel attacks in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 845, SD 850 2018-10-26 not yet calculated CVE-2018-11846
CONFIRM
qualcomm -- snapdragon Lack of check on out of range for channels When processing channel list set command will lead to buffer flow in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016 2018-10-26 not yet calculated CVE-2018-11853
CONFIRM
qualcomm -- snapdragon Improper access control in core module lead XBL_LOADER performs the ZI region clear for QTEE instead of XBL_SEC in Snapdragon Mobile in version SD 845, SD 850. 2018-10-26 not yet calculated CVE-2018-11951
CONFIRM
qualcomm -- snapdragon Unapproved TrustZone applications can be loaded and executed in Snapdragon Mobile in version SD 845, SD 850 2018-10-26 not yet calculated CVE-2018-11950
CONFIRM
qualcomm -- snapdragon Lack of check of valid length of input parameter may cause buffer overwrite in WLAN in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660 2018-10-26 not yet calculated CVE-2018-11854
CONFIRM
qualcomm -- snapdragon Insufficient memory allocation in boot due to incorrect size being passed could result in out of bounds access in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660 and SDX20 2018-10-23 not yet calculated CVE-2017-18304
SECTRACK
CONFIRM
CONFIRM
qualcomm -- snapdragon Under certain mode of operations, HLOS may be able get direct or indirect access through DXE channels to tamper with the authenticated WCNSS firmware stored in DDR because DXE-accessible memory is located within the authenticated image in Snapdragon Mobile and Snapdragon Wear in version MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 617. 2018-10-23 not yet calculated CVE-2017-18313
CONFIRM
CONFIRM
qualcomm -- snapdragon Secure display content could be accessed by third party trusted application after creating a fault in other trusted applications in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SDA660. 2018-10-23 not yet calculated CVE-2017-18300
SECTRACK
CONFIRM
CONFIRM
qualcomm -- snapdragon A micro-core of QMP transportation may cause a macro-core to read from or write to arbitrary memory in Snapdragon Mobile in version SD 845, SD 850. 2018-10-26 not yet calculated CVE-2017-18309
CONFIRM
qualcomm -- snapdragon Lack of Input Validation in SDMX API can lead to NULL pointer access in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660 . 2018-10-23 not yet calculated CVE-2017-18298
SECTRACK
CONFIRM
CONFIRM
qualcomm -- snapdragon Improper translation table consolidation logic leads to resource exhaustion and QSEE error in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660 2018-10-23 not yet calculated CVE-2017-18299
SECTRACK
CONFIRM
CONFIRM
qualcomm -- snapdragon ClientEnv exposes services 0-32 to HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016 2018-10-26 not yet calculated CVE-2017-18310
CONFIRM
qualcomm -- snapdragon Double memory free while closing TEE SE API Session management in Snapdragon Mobile in version SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820. 2018-10-23 not yet calculated CVE-2017-18297
SECTRACK
CONFIRM
CONFIRM
qualcomm -- snapdragon Modem segments are unlocked after authentication, leaving modem segments open to all in Snapdragon Mobile, Snapdragon Wear in version MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430 2018-10-26 not yet calculated CVE-2017-18308
CONFIRM
qualcomm -- snapdragon There is improper access control of the SSC and GPU mapped regions which lead to inject code from HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660. 2018-10-26 not yet calculated CVE-2018-3588
CONFIRM
qualcomm -- snapdragon Improper input validation in TZ led to array out of bound in TZ function while accessing the peripheral details using the incoming data in Snapdragon Mobile, Snapdragon Wear version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660. 2018-10-26 not yet calculated CVE-2018-5914
CONFIRM
qualcomm -- snapdragon XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835. 2018-10-23 not yet calculated CVE-2017-18305
SECTRACK
CONFIRM
CONFIRM
qualcomm -- snapdragon While processing logs, data is copied into a buffer pointed to by an untrusted pointer in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660. 2018-10-26 not yet calculated CVE-2018-5866
CONFIRM
qualcomm -- snapdragon A possible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660 2018-10-26 not yet calculated CVE-2018-11822
CONFIRM
qualcomm -- snapdragon While reading file class type from ELF header, a buffer overread may happen if the ELF file size is less than the size of ELF64 header size in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20. 2018-10-23 not yet calculated CVE-2017-18294
SECTRACK
CONFIRM
CONFIRM
qualcomm -- snapdragon During secure boot, addition is performed on uint8 ptrs which led to overflow issue in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20 2018-10-26 not yet calculated CVE-2017-18124
CONFIRM
qualcomm -- snapdragon Improper input validation for GATT data packet received in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016. 2018-10-23 not yet calculated CVE-2017-18171
CONFIRM
CONFIRM
qualcomm -- snapdragon Possible memory corruption when Read Val Blob Req is received with invalid parameters in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 625, SD 835, SD 845, SD 850, SDA660. 2018-10-23 not yet calculated CVE-2017-18283
SECTRACK
CONFIRM
CONFIRM
qualcomm -- snapdragon Improper input validation in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016. 2018-10-23 not yet calculated CVE-2017-18170
CONFIRM
CONFIRM
qualcomm -- snapdragon When dynamic memory allocation fails, currently the process sleeps for one second and continues with infinite loop without retrying for memory allocation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCN5502, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835. 2018-10-23 not yet calculated CVE-2017-18277
CONFIRM
CONFIRM
qualcomm -- snapdragon Secure app running in non secure space can restart TZ by calling Widevine app API repeatedly in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A. 2018-10-23 not yet calculated CVE-2017-18292
SECTRACK
CONFIRM
CONFIRM
qualcomm -- snapdragon Possible buffer overflow if input is not null terminated in DSP Service module in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDX20. 2018-10-23 not yet calculated CVE-2017-18295
SECTRACK
CONFIRM
CONFIRM
qualcomm -- snapdragon Lack of check on remaining length parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 625, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20 2018-10-26 not yet calculated CVE-2018-11850
CONFIRM
qualcomm -- snapdragon When a series of FDAL messages are sent to the modem, a Use After Free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20. 2018-10-26 not yet calculated CVE-2018-11305
CONFIRM
qualcomm -- snapdragon When a particular GPIO is protected by blocking access to the corresponding GPIO resource registers, the protection can be bypassed using the corresponding banked GPIO registers instead in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660. 2018-10-23 not yet calculated CVE-2017-18293
SECTRACK
CONFIRM
CONFIRM
qualcomm -- snapdragon Non-secure SW can cause SDCC to generate secure bus accesses, which may expose RPM access in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660. 2018-10-23 not yet calculated CVE-2017-18282
SECTRACK
CONFIRM
CONFIRM
qualcomm -- snapdragon In a device, with screen size 1440x2560, the check of contiguous buffer will overflow on certain buffer size resulting in an Integer Overflow or Wraparound in System UI in Snapdragon Automobile, Snapdragon Mobile in version MDM9635M, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016. 2018-10-23 not yet calculated CVE-2017-18172
CONFIRM
CONFIRM
ruletkaio-- ruletkaio
 
A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. The developer wrote a random() function that uses a block timestamp and block hash from the Ethereum blockchain. This can be predicted by writing the same random function code in an exploit contract to determine the deadSeat value. 2018-10-23 not yet calculated CVE-2018-17968
MISC
saltstack -- salt SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi). 2018-10-24 not yet calculated CVE-2018-15751
CONFIRM
CONFIRM
MLIST
MLIST
saltstack -- salt Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server. 2018-10-24 not yet calculated CVE-2018-15750
CONFIRM
CONFIRM
MLIST
MLIST
serverscheck -- monitoring_software ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service (menu functionality loss) by creating an LNK file that points to a second LNK file, if this second LNK file is associated with a Start menu. Ultimately, this behavior comes from a Directory Traversal bug (via the sensor_details.html id parameter) that allows creating empty files in arbitrary directories. 2018-10-24 not yet calculated CVE-2018-18552
MISC
MISC
serverscheck -- monitoring_software ServersCheck Monitoring Software before 14.3.4 allows SQL Injection by an authenticated user. 2018-10-21 not yet calculated CVE-2018-18550
MISC
serverscheck -- monitoring_software ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, group_delete.html group parameter, report_save.html query parameter, sensors.html location parameter, or group_delete.html group parameter. 2018-10-24 not yet calculated CVE-2018-18551
MISC
MISC

siacs/conversations -- siacs/conversations

An issue was discovered in Daniel Gultsch Conversations 2.3.4. It is possible to spoof a custom message to an existing opened conversation by sending an intent. 2018-10-23 not yet calculated CVE-2018-18467
CONFIRM
sophos -- hitmanpro.alert An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to write data under controlled by an attacker address, resulting in memory corruption. An attacker can send IRP request to trigger this vulnerability. 2018-10-25 not yet calculated CVE-2018-3971
MISC
sophos -- hitmanpro.alert An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability. 2018-10-25 not yet calculated CVE-2018-3970
MISC
splunk -- enterprise Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and insert Trojan horse programs into $SPLUNK_HOME/bin, because the non-root setup instructions state that chown should be run across all of $SPLUNK_HOME to give non-root access. 2018-10-19 not yet calculated CVE-2017-18348
BID
MISC
MISC
splunk -- enterprise_and _light Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2018-10-23 not yet calculated CVE-2018-7427
CONFIRM
splunk -- enterprise_and _light Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, and 6.4.x before 6.4.8; and Splunk Light before 6.5.0 allow remote attackers to cause a denial of service via a malformed HTTP request. 2018-10-23 not yet calculated CVE-2018-7429
CONFIRM
splunk -- enterprise_and _light Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allow remote attackers to cause a denial of service via a crafted HTTP request. 2018-10-23 not yet calculated CVE-2018-7432
CONFIRM
splunk -- enterprise_and _light Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote authenticated users to read arbitrary files via unspecified vectors. 2018-10-23 not yet calculated CVE-2018-7431
CONFIRM
stalker_software-- communigate_pro
 
CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto! Mail Composer, which is mishandled in /MIME/INBOX-MM-1/ if the raw email link (in .txt format) is modified and then renamed with a .html or .wssp extension. 2018-10-24 not yet calculated CVE-2018-18621
MISC
MISC
stegdetect -- stegdetect Stegdetect through 2018-05-26 has an out-of-bounds write in f5_compress in the f5.c file. 2018-10-23 not yet calculated CVE-2018-18599
MISC
sv3c -- l-series_hd_cameras An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including camera hardware, wireless network, and local area network information. 2018-10-19 not yet calculated CVE-2018-12673
MISC
sv3c -- l-series_hd_cameras The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) is affected by an improper authentication vulnerability that allows requests to be made to back-end CGI scripts without a valid session. This vulnerability could be used to read and modify the configuration. The vulnerability affects all versions. 2018-10-19 not yet calculated CVE-2018-12667
MISC
sv3c -- l-series_hd_cameras The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) stores the username and password within the cookies of a session. If an attacker gained access to these session cookies, it would be possible to gain access to the username and password of the logged-in account. 2018-10-19 not yet calculated CVE-2018-12674
MISC
sv3c -- l-series_hd_cameras The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) does not perform origin checks on URLs that the camera's web interface redirects a user to. This can be leveraged to send a user to an unexpected endpoint. 2018-10-19 not yet calculated CVE-2018-12675
MISC
sv3c -- l-series_hd_cameras SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow OS Command Injection. 2018-10-19 not yet calculated CVE-2018-12670
MISC
sv3c -- l-series_hd_cameras An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including all password sets set within the camera. This information can then be used to gain access to the web interface. 2018-10-19 not yet calculated CVE-2018-12671
MISC
sv3c -- l-series_hd_cameras The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) does not perform proper validation on user-supplied input and is vulnerable to cross-site scripting attacks. If proper authorization was implemented, this vulnerability could be leveraged to perform actions on behalf of another user or the administrator. 2018-10-19 not yet calculated CVE-2018-12672
MISC
sv3c -- l-series_hd_cameras SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow remote authenticated users to reset arbitrary accounts via a request to web/cgi-bin/hi3510/param.cgi. 2018-10-19 not yet calculated CVE-2018-12669
MISC
sv3c -- l-series_hd_cameras
 
SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices have a Hard-coded Password. 2018-10-19 not yet calculated CVE-2018-12668
MISC
sv3c -- l-series_hd_cameras SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices improperly identifies users only by the authentication level sent in the cookies, which allow remote attackers to bypass authentication and gain administrator access by setting the authLevel cookie to 255. 2018-10-19 not yet calculated CVE-2018-12666
MISC
symantec -- web_isolation Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker can target end users protected by WI with social engineering attacks using crafted URLs for legitimate web sites. A successful attack allows injecting malicious JavaScript code into the website's rendered copy running inside the end user's web browser. It does not allow injecting code into the real (isolated) copy of the website running on the WI Threat Isolation Engine. 2018-10-22 not yet calculated CVE-2018-12246
BID
CONFIRM
systemd -- systemd A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239. 2018-10-26 not yet calculated CVE-2018-15686
MISC
systemd -- systemd A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239. 2018-10-26 not yet calculated CVE-2018-15687
MISC
systemd -- systemd A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239. 2018-10-26 not yet calculated CVE-2018-15688
MISC
teakki -- teakki TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL. 2018-10-20 not yet calculated CVE-2018-18540
MISC
teeworlds -- teeworlds In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets. 2018-10-20 not yet calculated CVE-2018-18541
MISC
MISC
MISC
telecrane -- f25_series_radio_controls All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state. 2018-10-24 not yet calculated CVE-2018-17935
BID
MISC
telligent -- community Telligent Community 6.x, 7.x, 8.x, 9.x, and 10.x up to 10.1.10.11792 has XSS via the Feed RSS widget. 2018-10-23 not yet calculated CVE-2018-16235
CONFIRM
thinkphp -- thinkphp ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI. 2018-10-19 not yet calculated CVE-2018-18530
MISC
thinkphp -- thinkphp ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI. 2018-10-19 not yet calculated CVE-2018-18529
MISC
thinkphp-- thinkphp ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable. 2018-10-20 not yet calculated CVE-2018-18546
MISC
MISC
tp-link -- tl-sc3130_devices TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream access, as demonstrated by a /jpg/image.jpg URI. 2018-10-19 not yet calculated CVE-2018-18428
MISC
EXPLOIT-DB
MISC
transportes_intermodais_do_porto -- anda_application The server API in the Anda app relies on hardcoded credentials. 2018-10-24 not yet calculated CVE-2018-13342
MISC
trend_micro -- antivirus_for_mac A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F6A offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2018-10-23 not yet calculated CVE-2018-18328
CONFIRM
CONFIRM
MISC
trend_micro -- antivirus_for_mac A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F4E offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2018-10-23 not yet calculated CVE-2018-18329
CONFIRM
CONFIRM
MISC
trend_micro -- antivirus_for_mac A ctl_set KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2018-10-23 not yet calculated CVE-2018-15367
CONFIRM
CONFIRM
MISC
trend_micro -- antivirus_for_mac A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6eDC offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2018-10-23 not yet calculated CVE-2018-18327
CONFIRM
CONFIRM
MISC
trend_micro -- antivirus_for_mac A UrlfWTPPagePtr KERedirect Use-After-Free Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2018-10-23 not yet calculated CVE-2018-15366
CONFIRM
CONFIRM
MISC
veritas -- netbackup_appliance A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input. 2018-10-25 not yet calculated CVE-2018-18652
BID
CONFIRM
vestacp -- vestacp Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filename to the list/directory/ URI. 2018-10-24 not yet calculated CVE-2018-18547
MISC
waimai -- super_cms An issue was discovered in Waimai Super Cms 20150505. There is XSS via the index.php?m=public&a=doregister username parameter. 2018-10-23 not yet calculated CVE-2018-18622
MISC
wifiranger -- devices An incorrect access control vulnerability in the FTP configuration of WiFiRanger devices with firmware version 7.0.8rc3 and earlier allows an attacker with adjacent network access to read the SSH Private Key and log in to the root account. 2018-10-23 not yet calculated CVE-2018-17873
MISC
x.org -- x_server A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges. 2018-10-25 not yet calculated CVE-2018-14665
SECTRACK
CONFIRM
CONFIRM
MLIST
DEBIAN
xfce -- thunar
 
Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses this input method. 2018-10-19 not yet calculated CVE-2018-18398
MISC
xpdf -- xpdf An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory. 2018-10-25 not yet calculated CVE-2018-18650
MISC
xpdf -- xpdf An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file. 2018-10-25 not yet calculated CVE-2018-18651
MISC
zenario -- zenario Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI. 2018-10-19 not yet calculated CVE-2018-18420
MISC
zoho -- manageengine_opmanager
 
Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload. 2018-10-23 not yet calculated CVE-2018-18475
MISC
FULLDISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System https://ift.tt/2zcTfmc

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.