Monday, November 5, 2018

SB18-309: Vulnerability Summary for the Week of October 29, 2018

Original release date: November 05, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no medium vulnerabilities recorded this week.
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
vecna -- vgo_robot If an attacker has access to the firmware from the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to extract credentials. 2018-10-30 not yet calculated CVE-2018-8858
MISC
spray-json -- spray-json
 
Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of a field composed of many decimal digits. 2018-10-31 not yet calculated CVE-2018-18853
MISC
libiec61850 -- libiec61850
 
An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. 2018-10-30 not yet calculated CVE-2018-18834
MISC
MISC
doccms_2016 -- doccms_2016
 
upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file. 2018-10-30 not yet calculated CVE-2018-18835
MISC
semcms -- semcms
 
XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexmetatit parameter. 2018-10-30 not yet calculated CVE-2018-18840
MISC
semcms -- semcms XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexkey parameter. 2018-10-30 not yet calculated CVE-2018-18841
MISC
z-blogphp -- z-blogphp
 
CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code. 2018-10-30 not yet calculated CVE-2018-18842
MISC
MISC
acme_labs -- mini_httpd
 
ACME mini_httpd before 1.30 lets remote users read arbitrary files. 2018-10-29 not yet calculated CVE-2018-18778
MISC
octopus -- deploy
 
In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes could upload a maliciously crafted YAML configuration, potentially allowing for remote execution of arbitrary code, running in the same context as the Octopus Server (for self-hosted installations by default, SYSTEM). 2018-10-30 not yet calculated CVE-2018-18850
MISC
spray-json -- spray-json
 
Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of many JSON object fields (with keys that have the same hash code). 2018-10-31 not yet calculated CVE-2018-18854
MISC
mingsoft -- mcms
 
An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5. An attacker can write a .jsp file (in the position parameter) to an arbitrary directory via a ../ Directory Traversal in the url parameter. 2018-10-30 not yet calculated CVE-2018-18831
MISC
tecrail -- responsive_filemanager
 
An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495. 2018-10-31 not yet calculated CVE-2018-18867
MISC
no-cms -- no-cms
 
No-CMS 1.1.3 is prone to Persistent XSS via a contact_us name parameter, as demonstrated by the VG48Z5PqVWname parameter. 2018-10-31 not yet calculated CVE-2018-18868
MISC
empirecms -- empirecms
 
EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter. 2018-10-31 not yet calculated CVE-2018-18869
MISC
jasper -- jasper
 
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c. 2018-10-31 not yet calculated CVE-2018-18873
MISC
nc-cms -- nc-cms
 
nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=file_manager_upload URI. 2018-10-31 not yet calculated CVE-2018-18874
MISC
xen -- xen
 
An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is not properly restricted. 2018-10-31 not yet calculated CVE-2018-18883
SECTRACK
MISC
s-cms -- s-cms
 
S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field). 2018-10-31 not yet calculated CVE-2018-18887
MISC
dkcms -- dkcms
 
admin/check.asp in DKCMS 9.4 allows SQL Injection via an ASPSESSIONID cookie to admin/admin.asp. 2018-10-30 not yet calculated CVE-2018-18832
MISC
MISC
mcms -- mcms
 
An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercept the data packet. In the name parameter, change the suffix to jsp. In the response, the server returns the storage path of the file, which can be accessed to execute arbitrary JSP code. 2018-10-30 not yet calculated CVE-2018-18830
MISC
minicms -- minicms
 
MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename. 2018-10-31 not yet calculated CVE-2018-18890
MISC
MISC
zzcms -- zzcms
 
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.) 2018-10-29 not yet calculated CVE-2018-18790
MISC
grapixel -- new_media Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter. 2018-10-30 not yet calculated CVE-2018-18822
EXPLOIT-DB
leostream -- agent The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API. 2018-10-29 not yet calculated CVE-2018-18817
MISC
zzcms -- zzcms
 
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie. 2018-10-29 not yet calculated CVE-2018-18792
MISC
libav -- libav
 
There exists a heap-based buffer over-read in ff_vc1_pred_dc in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file. 2018-10-30 not yet calculated CVE-2018-18827
MISC
libav -- libav There exists a heap-based buffer overflow in vc1_decode_i_block_adv in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file. 2018-10-30 not yet calculated CVE-2018-18828
MISC
libav -- libav There exists a NULL pointer dereference in ff_vc1_parse_frame_header_adv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafted aac file. 2018-10-30 not yet calculated CVE-2018-18829
MISC
zzcms -- zzcms An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie. 2018-10-29 not yet calculated CVE-2018-18791
MISC
zzcms -- zzcms An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php. 2018-10-29 not yet calculated CVE-2018-18789
MISC
ibm -- robotic_process_automation_with_automation_anywhere
 
IBM Robotic Process Automation with Automation Anywhere 11 could disclose sensitive information in a web request that could aid in future attacks against the system. IBM X-Force ID: 151714. 2018-11-02 not yet calculated CVE-2018-1878
XF
CONFIRM
zzcms -- zzcms An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.) 2018-10-29 not yet calculated CVE-2018-18788
MISC
zzcms -- zzcms An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie. 2018-10-29 not yet calculated CVE-2018-18787
MISC
zzcms -- zzcms An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie. 2018-10-29 not yet calculated CVE-2018-18786
MISC
zzcms -- zzcms An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php. 2018-10-29 not yet calculated CVE-2018-18785
MISC
zzcms -- zzcms An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.) 2018-10-29 not yet calculated CVE-2018-18784
MISC
semcms -- semcms
 
XSS was discovered in SEMCMS V3.4 via the semcms_remail.php?type=ok umail parameter. 2018-10-29 not yet calculated CVE-2018-18783
MISC
dedecms -- dedecms
 
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter. 2018-10-29 not yet calculated CVE-2018-18782
MISC
dedecms -- dedecms DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter. 2018-10-29 not yet calculated CVE-2018-18781
MISC
laravelcms -- laravelcms 
 
An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed. 2018-10-31 not yet calculated CVE-2018-18888
MISC
minicms -- minicms
 
MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late. 2018-10-31 not yet calculated CVE-2018-18891
MISC
MISC
pagoda -- linux_panel
 
Pagoda Linux panel V6.0 has XSS via the verification code associated with an invalid account login. A crafted code is mishandled during rendering of the login log. 2018-10-30 not yet calculated CVE-2018-18825
MISC
webiness -- inventory
 
Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter. 2018-10-29 not yet calculated CVE-2018-18752
MISC
lulu -- cms
 
An issue was discovered in LuLu CMS through 2015-05-14. backend\modules\filemanager\controllers\DefaultController.php allows arbitrary file upload by entering a filename, directory name, and PHP code into the three text input fields. 2018-10-29 not yet calculated CVE-2018-18771
MISC
ibm -- robotic_process_automation_with_automation_anywhere IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. IBM X-Force ID: 151713. 2018-11-02 not yet calculated CVE-2018-1877
CONFIRM
XF
cesanta -- mongoose An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. 2018-10-29 not yet calculated CVE-2018-18765
MISC
cesanta -- mongoose An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in a parse_mqtt getu16 call. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. 2018-10-29 not yet calculated CVE-2018-18764
MISC
MISC
ibm -- robotic_process_automation_with_automation_anywhere IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control Room log file after installation. IBM X-Force ID: 151707. 2018-11-02 not yet calculated CVE-2018-1876
XF
CONFIRM
zyxel -- vmg3312-b10b_devices
 
ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file. 2018-10-29 not yet calculated CVE-2018-18754
MISC
typecho -- typecho
 
Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF. 2018-10-29 not yet calculated CVE-2018-18753
MISC
green_electronics -- rainmachine_mini-8
 
The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function. 2018-11-01 not yet calculated CVE-2018-6012
MISC
minicms -- minicms
 
MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php. 2018-10-31 not yet calculated CVE-2018-18892
MISC
MISC
linux -- kernel
 
The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace. 2018-10-26 not yet calculated CVE-2018-6559
BID
CONFIRM
CONFIRM
CONFIRM
green_electronics -- rainmachine_mini-8 A persistent Cross Site Scripting (XSS) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API. 2018-11-01 not yet calculated CVE-2018-6906
MISC
green_electronics -- rainmachine_mini-8 A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API. 2018-11-01 not yet calculated CVE-2018-6907
MISC
green_electronics -- rainmachine_mini-8 An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as demonstrated by retrieving credentials. 2018-11-01 not yet calculated CVE-2018-6908
MISC
green_electronics -- rainmachine_mini-8 A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request. 2018-11-01 not yet calculated CVE-2018-6909
MISC
zte -- zxr10_8905e
 
All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attackers to spoof connections. 2018-11-01 not yet calculated CVE-2018-7356
CONFIRM
schneider_electric -- modicon_m221
 
A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device. 2018-11-02 not yet calculated CVE-2018-7798
CONFIRM
schneider_electric -- schneider_electric_software_update A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file. 2018-11-02 not yet calculated CVE-2018-7799
MISC
CONFIRM
green_electronics -- rainmachine_mini-8 The time-based one-time-password (TOTP) function in the application logic of the Green Electronics RainMachine Mini-8 (2nd generation) uses the administrator's password hash to generate a 6-digit temporary passcode that can be used for remote and local access, aka a "Use of Password Hash Instead of Password for Authentication" issue. This is exploitable by an attacker who discovers a hash value in the rainmachine-settings.sqlite file. 2018-11-01 not yet calculated CVE-2018-6011
MISC
libsdl -- sdl_image
 
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. 2018-11-01 not yet calculated CVE-2018-3977
MISC
microstrategy -- web
 
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product. 2018-11-01 not yet calculated CVE-2018-18775
MISC
EXPLOIT-DB
yi -- home_camera_27us
 
An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return address from the password_dst field 2018-11-02 not yet calculated CVE-2018-3899
MISC
poppler -- poppler
 
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. 2018-11-02 not yet calculated CVE-2018-18897
MISC
vanilla -- vanilla
 
Vanilla 2.6.x before 2.6.4 allows remote code execution. 2018-11-03 not yet calculated CVE-2018-18903
MISC
MISC
xheditor -- xheditor
 
xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view. 2018-11-03 not yet calculated CVE-2018-18909
MISC
exiv2 -- exiv2
 
There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack. 2018-11-03 not yet calculated CVE-2018-18915
MISC
yi -- home_camera_27us An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw and command injection, resulting in code execution. An attacker can insert an SD card to trigger this vulnerability. 2018-11-02 not yet calculated CVE-2018-3890
MISC
yi -- home_camera_27us An exploitable firmware downgrade vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw, resulting in a firmware downgrade. An attacker can insert an SD card to trigger this vulnerability. 2018-11-02 not yet calculated CVE-2018-3891
MISC
yi -- home_camera_27us An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can intercept and alter network traffic to trigger this vulnerability. 2018-11-02 not yet calculated CVE-2018-3892
MISC
yi -- home_camera_27us An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return address from the ssid_dst field. 2018-11-02 not yet calculated CVE-2018-3898
MISC
microstrategy -- web Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product. 2018-11-01 not yet calculated CVE-2018-18777
MISC
EXPLOIT-DB
yi -- home_camera_27us An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D. An attacker can sniff network traffic to exploit this vulnerability. 2018-11-01 not yet calculated CVE-2018-3947
MISC
microstrategy -- web Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product. 2018-11-01 not yet calculated CVE-2018-18776
MISC
EXPLOIT-DB
yi -- home_camera_27us An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. An attacker can make the camera scan a QR code to trigger this vulnerability. Alternatively, a user could be convinced to display a QR code from the internet to their camera, which could exploit this vulnerability. 2018-11-01 not yet calculated CVE-2018-3900
MISC
yi -- home_camera_27us An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted SSID can cause a command injection, resulting in code execution. An attacker can cause a camera to connect to this SSID to trigger this vulnerability. Alternatively, an attacker can convince a user to connect their camera to this SSID. 2018-11-01 not yet calculated CVE-2018-3910
MISC
yi -- home_camera_27us An exploitable code execution vulnerability exists in the firmware update functionality of the Yi Home Camera 27US 1.8.7.0D. A specially crafted 7-Zip file can cause a CRC collision, resulting in a firmware update and code execution. An attacker can insert an SDcard to trigger this vulnerability. 2018-11-02 not yet calculated CVE-2018-3920
MISC
yi -- home_camera_27us An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability. 2018-11-01 not yet calculated CVE-2018-3928
MISC
yi -- home_camera_27us An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of packets to trigger this vulnerability. 2018-11-02 not yet calculated CVE-2018-3934
MISC
yi -- home_camera_27us An exploitable code execution vulnerability exists in the UDP network functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can allocate unlimited memory, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability. 2018-11-02 not yet calculated CVE-2018-3935
MISC
libav -- libav
 
There exists a heap-based buffer overflow in vc1_decode_p_mb_intfi in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file. 2018-10-30 not yet calculated CVE-2018-18826
MISC
advantech -- webaccess WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow condition that allows for arbitrary remote code execution. 2018-10-29 not yet calculated CVE-2018-17910
BID
SECTRACK
MISC
advantech -- webaccess WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API. 2018-10-31 not yet calculated CVE-2018-15706
MISC
advantech -- webaccess Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things. 2018-10-31 not yet calculated CVE-2018-15707
MISC
advantech -- webaccess
 
WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code. 2018-10-29 not yet calculated CVE-2018-17908
BID
SECTRACK
MISC
advantech -- webaccess
 
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code. 2018-10-31 not yet calculated CVE-2018-15705
MISC
apache -- web_server
 
The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical. 2018-10-31 not yet calculated CVE-2018-11759
MISC
apex-publish-static-files -- apex-publish-static-files A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument. 2018-10-30 not yet calculated CVE-2018-16462
MISC
artifex -- mupdf
 
There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool. 2018-10-26 not yet calculated CVE-2018-18662
BID
MISC
MISC
bitdefender -- gravityzone_vmware
 
Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified vectors. 2018-10-30 not yet calculated CVE-2017-8931
CONFIRM
catfish -- cms A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33. 2018-10-29 not yet calculated CVE-2018-18735
MISC
catfish -- cms An XSS issue was discovered in catfish blog 2.0.33, related to "write source code." 2018-10-29 not yet calculated CVE-2018-18736
MISC
catfish -- cms A CSRF issue was discovered in admin/Index/addmanageuser.html in Catfish CMS 4.8.30. 2018-10-29 not yet calculated CVE-2018-18734
MISC
catfish -- cms
 
An XSS issue was discovered in Catfish CMS 4.8.30, related to "write source code," a similar issue to CVE-2018-13999. 2018-10-29 not yet calculated CVE-2018-18733
MISC
circontrol -- circarlife Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication. 2018-11-02 not yet calculated CVE-2018-17922
MISC
circontrol -- circarlife
 
Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page. 2018-11-02 not yet calculated CVE-2018-17918
MISC
cisco -- adaptive_security_appliance_and_firepower_threat_defense_software A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of SIP traffic. An attacker could exploit this vulnerability by sending SIP requests designed to specifically trigger this issue at a high rate across an affected device. Software updates that address this vulnerability are not yet available. 2018-11-01 not yet calculated CVE-2018-15454
BID
CISCO
clarkgrubb -- data-tools
 
data-tools through 2017-07-26 has an Integer Overflow leading to an incorrect end value for the write_wchars function. 2018-10-29 not yet calculated CVE-2018-18749
MISC
curl -- curl A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct. 2018-10-31 not yet calculated CVE-2018-16840
SECTRACK
CONFIRM
MISC
CONFIRM
UBUNTU
curl -- curl Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. 2018-10-31 not yet calculated CVE-2018-16842
SECTRACK
CONFIRM
MISC
CONFIRM
UBUNTU
UBUNTU
DEBIAN
curl -- curl
 
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. 2018-10-31 not yet calculated CVE-2018-16839
SECTRACK
CONFIRM
MISC
CONFIRM
UBUNTU
DEBIAN
douchat -- douchat
 
An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php calls simplexml_load_string. This can also be used for SSRF. 2018-10-29 not yet calculated CVE-2018-18737
MISC
ee -- 4gee_hh70_router
 
An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 devices. Hardcoded root SSH credentials were discovered to be stored within the "core_app" binary utilised by the EE router for networking services. An attacker with knowledge of the default password (oelinux123) could login to the router via SSH as the root user, which could allow for the loss of confidentiality, integrity, and availability of the system. This would also allow for the bypass of the "AP Isolation" mode that is supported by the router, as well as the settings for multiple Wireless networks, which a user may use for guest clients. 2018-10-30 not yet calculated CVE-2018-10532
MISC
MISC
eleanor -- cms
 
An issue was discovered in Eleanor CMS through 2015-03-19. XSS exists via the ajax.php?direct=admin&file=autocomplete&query=[XSS] URI. 2018-10-29 not yet calculated CVE-2018-18717
MISC
f5 -- big-ip In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, iControl and TMSH usage by authenticated users may leak a small amount of memory when executing commands 2018-10-31 not yet calculated CVE-2018-15325
CONFIRM
f5 -- big-ip On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, undisclosed traffic patterns may lead to denial of service conditions for the BIG-IP system. The configuration which exposes this condition is the BIG-IP self IP address which is part of a VLAN group and has the Port Lockdown setting configured with anything other than "allow-all". 2018-10-31 not yet calculated CVE-2018-15320
CONFIRM
f5 -- big-ip On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, in certain circumstances, when processing traffic through a Virtual Server with an associated MQTT profile, the TMM process may produce a core file and take the configured HA action. 2018-10-31 not yet calculated CVE-2018-15323
CONFIRM
f5 -- big-ip_and_enterprise_manager In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. 2018-10-31 not yet calculated CVE-2018-15327
CONFIRM
f5 -- multiple_products When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place to limit TMSH commands. This is possible with an administrator or resource administrator roles when granted TMSH. Resource administrator roles must have TMSH access in order to perform this attack. 2018-10-31 not yet calculated CVE-2018-15321
CONFIRM
f5 -- multiple_products On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 a BIG-IP user granted with tmsh access may cause the BIG-IP system to experience denial-of-service (DoS) when the BIG-IP user uses the tmsh utility to run the edit cli preference command and proceeds to save the changes to another filename repeatedly. This action utilises storage space on the /var partition and when performed repeatedly causes the /var partition to be full. 2018-10-31 not yet calculated CVE-2018-15322
CONFIRM
f5 -- big-ip On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.6, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with the non-default "normalize URI" configuration options used in iRules and/or BIG-IP LTM policies. 2018-10-31 not yet calculated CVE-2018-15319
CONFIRM
f5 -- big-ip In BIG-IP 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, or 12.1.3.4-12.1.3.6, if an MPTCP connection receives a HUDCTL_ABORT while the initial flow is not the primary flow, the initial flow will remain after the MP_FASTCLOSE procedure is complete. TMM may restart and produce a core file as a result of this condition. 2018-10-31 not yet calculated CVE-2018-15318
CONFIRM
f5 -- big-ip_apm On BIG-IP APM 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, TMM may restart when processing a specially crafted request with APM portal access. 2018-10-31 not yet calculated CVE-2018-15324
CONFIRM
f5 -- big-ip_apm In some situations on BIG-IP APM 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.2, the CRLDP Auth access policy agent may treat revoked certificates as valid when the BIG-IP APM system fails to download a new Certificate Revocation List. 2018-10-31 not yet calculated CVE-2018-15326
CONFIRM
f5 -- big-ip
 
In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, an attacker sending specially crafted SSL records to a SSL Virtual Server will cause corruption in the SSL data structures leading to intermittent decrypt BAD_RECORD_MAC errors. Clients will be unable to access the application load balanced by a virtual server with an SSL profile until tmm is restarted. 2018-10-31 not yet calculated CVE-2018-15317
CONFIRM
foxit -- phantompdf
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF Phantom PDF 9.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within fxhtml2pdf. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6230. 2018-10-29 not yet calculated CVE-2018-17706
CONFIRM
MISC
foxit -- reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6353. 2018-10-29 not yet calculated CVE-2018-17620
CONFIRM
MISC
foxit -- reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Validate events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6352. 2018-10-29 not yet calculated CVE-2018-17619
CONFIRM
MISC
foxit -- reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of onBlur events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6334. 2018-10-29 not yet calculated CVE-2018-17616
CONFIRM
MISC
foxit -- reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Selection Change events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6336. 2018-10-29 not yet calculated CVE-2018-17618
CONFIRM
MISC
foxit -- reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Format events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6355. 2018-10-29 not yet calculated CVE-2018-17621
CONFIRM
MISC
foxit -- reader This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate events. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6354. 2018-10-29 not yet calculated CVE-2018-17622
CONFIRM
MISC
foxit -- reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Link objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6434. 2018-10-29 not yet calculated CVE-2018-17623
CONFIRM
MISC
foxit -- reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of onFocus events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6335. 2018-10-29 not yet calculated CVE-2018-17617
CONFIRM
MISC
foxit -- reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of OCG objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6435. 2018-10-29 not yet calculated CVE-2018-17624
CONFIRM
MISC
foxit -- reader
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Mouse Exit events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6333. 2018-10-29 not yet calculated CVE-2018-17615
CONFIRM
MISC
fr.sauter_ag -- case_suite
 
An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when processing parameter entities, which may allow remote file disclosure. 2018-11-02 not yet calculated CVE-2018-17912
MISC
gnu -- gettext
 
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt. 2018-10-29 not yet calculated CVE-2018-18751
MISC
MISC
gnu -- binutils An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm. 2018-10-29 not yet calculated CVE-2018-18701
MISC
gnu -- binutils An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm. 2018-10-29 not yet calculated CVE-2018-18700
MISC
qualcomm -- snapdragon ClientEnv exposes services 0-32 to HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016 2018-10-26 not yet calculated CVE-2017-18310
SECTRACK
CONFIRM
qualcomm -- snapdragon Modem segments are unlocked after authentication, leaving modem segments open to all in Snapdragon Mobile, Snapdragon Wear in version MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430 2018-10-26 not yet calculated CVE-2017-18308
SECTRACK
CONFIRM
qualcomm -- snapdragon A micro-core of QMP transportation may cause a macro-core to read from or write to arbitrary memory in Snapdragon Mobile in version SD 845, SD 850. 2018-10-26 not yet calculated CVE-2017-18309
SECTRACK
CONFIRM
qualcomm -- snapdragon A bool variable in Video function, which gets typecasted to int before being read could result in an out of bound read access in all Android releases from CAF using the linux kernel 2018-10-29 not yet calculated CVE-2017-18281
SECTRACK
CONFIRM
qualcomm -- snapdragon When a series of FDAL messages are sent to the modem, a Use After Free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20. 2018-10-26 not yet calculated CVE-2018-11305
SECTRACK
CONFIRM
gopro -- gpmf-parser
 
An issue was discovered in GoPro gpmf-parser 1.2.1. There is an out-of-bounds write in OpenMP4Source in GPMF_mp4reader.c.  2018-10-29 not yet calculated CVE-2018-18699
MISC
gthumb -- gthumb
 
An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_themes_from_dir method in dlg-contact-sheet.c because of two successive calls of g_free, each of which frees the same buffer. 2018-10-29 not yet calculated CVE-2018-18718
MISC
merge_package -- merge_package
 
The merge.recursive function in the merge package v <1.2 can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a denial of service attack. 2018-10-30 not yet calculated CVE-2018-16469
MISC
ibm -- daeja_viewone
 
IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150514. 2018-11-02 not yet calculated CVE-2018-1835
CONFIRM
XF
ibm -- infosphere_master_data_management_collaboration_server IBM InfoSphere Master Data Management Collaboration Server 11.4, 11.5, and 11.6 could allow an authenticated user with CA level access to change change their ca-id to another users and read sensitive information. IBM X-Force ID: 138077. 2018-10-29 not yet calculated CVE-2018-1380
XF
CONFIRM
ibm -- quality_manager
 
IBM Quality Manager (RQM) 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132929. 2018-11-02 not yet calculated CVE-2017-1609
CONFIRM
XF
ibm -- rational_engineering_lifecycle_manager
 
IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150945. 2018-11-02 not yet calculated CVE-2018-1846
CONFIRM
XF
ibm -- robotic_process_automation_with_automation_anywhere IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be uploaded to the control room. By uploading a malicious file and tricking a victim to run it, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 142889. 2018-11-02 not yet calculated CVE-2018-1552
CONFIRM
XF
ibm -- spectrum_protect_server
 
IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873. 2018-11-02 not yet calculated CVE-2018-1788
CONFIRM
XF
ibm -- team_concert
 
IBM Team Concert (RTC) 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148620. 2018-10-29 not yet calculated CVE-2018-1766
CONFIRM
XF
ibm -- websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Cachemonitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148621. 2018-10-29 not yet calculated CVE-2018-1767
SECTRACK
XF
CONFIRM
ibm -- websphere_application_server_liberty_openid_connect
 
IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit this vulnerability to execute arbitrary code. IBM X-Force ID: 150999. 2018-10-31 not yet calculated CVE-2018-1851
XF
CONFIRM
icms -- icms
 
spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion. 2018-10-29 not yet calculated CVE-2018-18702
MISC
indusoft -- web_studio InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. A remote attacker could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed. If InduSoft Web Studio remote communication security was not enabled, or a password was left blank, a remote user could send a carefully crafted packet to invoke an arbitrary process, with potential for code to be executed. The code would be executed under the privileges of the InduSoft Web Studio or InTouch Edge HMI runtime and could lead to a compromise of the InduSoft Web Studio or InTouch Edge HMI server machine. 2018-11-02 not yet calculated CVE-2018-17916
MISC
MISC
indusoft -- web_studio
 
InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as that of the InduSoft Web Studio or InTouch Edge HMI (formerly InTouch Machine Edition) runtime. 2018-11-02 not yet calculated CVE-2018-17914
MISC
MISC
interactive_advertising_bureau -- openrtb
 
The Interactive Advertising Bureau (IAB) OpenRTB 2.3 protocol implementation might allow remote attackers to conceal the status of ad transactions and potentially compromise bid integrity by leveraging failure to limit the time between bid responses and impression notifications, aka the Amnesia Bug. 2018-10-30 not yet calculated CVE-2015-7266
MISC
iobit -- malware_fighter
 
RegFilter.sys in IOBit Malware Fighter 6.2 and earlier is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E010. This can lead to denial of service (DoS) or code execution with root privileges. 2018-11-01 not yet calculated CVE-2018-18714
MISC
jboss -- bpm_suite
 
JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder (usually admins) to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of script code within the context of the affected user. 2018-10-31 not yet calculated CVE-2016-6343
REDHAT
BID
REDHAT
CONFIRM
libexif -- libexif
 
A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data). 2018-10-31 not yet calculated CVE-2016-6328
CONFIRM
libnmapp -- libnmapp
 
A command injection vulnerability in libnmapp package for versions <0.4.16 allows arbitrary commands to be executed via arguments to the range options. 2018-10-30 not yet calculated CVE-2018-16461
MISC
libtiff -- libtiff
 
An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c. 2018-10-26 not yet calculated CVE-2018-18661
MISC
BID
linux -- kernel An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658. 2018-10-29 not yet calculated CVE-2018-18710
MISC
MISC
linux -- kernel In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form. 2018-10-26 not yet calculated CVE-2018-18690
MISC
BID
MISC
MISC
MISC
linux -- kernel Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19. 2018-10-30 not yet calculated CVE-2018-18281
MISC
MLIST
BID
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
python-kdcproxy -- python-kdcproxy
 
python-kdcproxy before 0.3.2 allows remote attackers to cause a denial of service via a large POST request. 2018-10-30 not yet calculated CVE-2015-5159
CONFIRM
CONFIRM
systemd -- systemd
 
A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239. 2018-10-26 not yet calculated CVE-2018-15687
BID
MISC
GENTOO
EXPLOIT-DB
m2soft -- report_designer_viewer
 
M2SOFT Report Designer Viewer 5.0 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via a crafted MRD file. 2018-11-01 not yet calculated CVE-2018-18695
MISC
mantisbt -- mantisbt A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name. 2018-10-30 not yet calculated CVE-2018-17783
CONFIRM
CONFIRM
mantisbt -- mantisbt
 
A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name. 2018-10-30 not yet calculated CVE-2018-17782
CONFIRM
CONFIRM
monstra -- cms
 
admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote authenticated administrators to trigger stored XSS via JavaScript content in a file whose name lacks an extension. Such a file is interpreted as text/html in certain cases. 2018-10-29 not yet calculated CVE-2018-18694
MISC
netgain -- enterprise_manager NetGain Enterprise Manager (EM) is affected by OS Command Injection vulnerabilities in versions before 10.0.57. These vulnerabilities could allow remote authenticated attackers to inject arbitrary code, resulting in remote code execution. 2018-11-01 not yet calculated CVE-2018-10587
MISC
netgain -- enterprise_manager
 
NetGain Enterprise Manager (EM) is affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities in versions before 10.1.12. 2018-11-01 not yet calculated CVE-2018-10586
MISC
nextcloud -- server A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares. 2018-10-30 not yet calculated CVE-2018-16467
MISC
MISC
nextcloud -- server Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens. 2018-10-30 not yet calculated CVE-2018-16466
MISC
MISC
nextcloud -- server Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load. 2018-10-30 not yet calculated CVE-2018-16465
MISC
MISC
nextcloud -- server A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password. 2018-10-30 not yet calculated CVE-2018-16464
MISC
MISC
nextcloud -- server
 
A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares. 2018-10-30 not yet calculated CVE-2018-16463
MISC
MISC
openssl -- dsa
 
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a-dev (Affected 1.1.1). Fixed in OpenSSL 1.1.0j-dev (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q-dev (Affected 1.0.2-1.0.2p). 2018-10-30 not yet calculated CVE-2018-0734
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
openssl -- ecdsa
 
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j-dev (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a-dev (Affected 1.1.1). 2018-10-29 not yet calculated CVE-2018-0735
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
openstack-mistral -- openstack-mistral
 
A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh private_key_filename can take an absolute path, it can be used to assess whether or not a file exists on the executor's filesystem. 2018-11-02 not yet calculated CVE-2018-16849
CONFIRM
CONFIRM
phptpoint -- hospital_management_system
 
PhpTpoint hospital management system suffers from multiple SQL injection vulnerabilities via the index.php user parameter associated with LOGIN.php, or the rno parameter to ALIST.php, DUNDEL.php, PDEL.php, or PUNDEL.php. 2018-10-29 not yet calculated CVE-2018-18705
MISC
phptpoint -- mailing_server_using_file_handling
 
PhpTpoint Mailing Server Using File Handling 1.0 suffers from multiple Arbitrary File Read vulnerabilities in different sections that allow an attacker to read sensitive files on the system via directory traversal, bypassing the login page, as demonstrated by the Mailserver_filesystem/home.php coninb, consent, contrsh, condrft, or conspam parameter. 2018-10-29 not yet calculated CVE-2018-18703
MISC
phptpoint -- pharmacy_management_system
 
PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php username parameter. 2018-10-29 not yet calculated CVE-2018-18704
EXPLOIT-DB
phpyun -- phpyum
 
The function down_sql_action() in /admin/model/database.class.php in PHPYun 4.6 allows remote attackers to read arbitrary files via directory traversal in an m=database&c=down_sql&name=../ URI. 2018-10-29 not yet calculated CVE-2018-18713
MISC
MISC
pivotal -- operations_manager
 
Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client with administrator privileges for Opsman. 2018-11-02 not yet calculated CVE-2018-15762
CONFIRM
playsms -- playsms
 
playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse. 2018-10-29 not yet calculated CVE-2018-18387
MISC
powerdns -- authoritative_server
 
An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary. 2018-11-01 not yet calculated CVE-2016-2120
CONFIRM
DEBIAN
projectsend -- r582 ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php. 2018-10-29 not yet calculated CVE-2016-10734
MISC
projectsend -- r582 ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip-download.php query string. 2018-10-29 not yet calculated CVE-2016-10733
MISC
projectsend -- r582 ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=1, or process-zip-download.php, or add_user_form_* parameters to users-add.php. 2018-10-29 not yet calculated CVE-2016-10732
MISC
projectsend -- r582
 
ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selected_clients, clients.php with the request parameter status, process-zip-download.php with the request parameter file, or home-log.php with the request parameter action. 2018-10-29 not yet calculated CVE-2016-10731
MISC
qemu -- qemu
 
An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process. 2018-11-02 not yet calculated CVE-2018-16847
CONFIRM
MISC
MLIST
qualcomm -- snapdragon Incorrect bound check can lead to potential buffer overwrite in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. 2018-10-29 not yet calculated CVE-2018-11880
CONFIRM
qualcomm -- snapdragon Improper input validation leads to buffer overflow while processing network list offload command in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660 2018-10-29 not yet calculated CVE-2018-11884
CONFIRM
qualcomm -- snapdragon When the buffer length passed is very large, bounds check could be bypassed leading to potential buffer overwrite in Snapdragon Mobile in version SD 845 2018-10-29 not yet calculated CVE-2018-11879
CONFIRM
qualcomm -- snapdragon When the buffer length passed is very large in WLAN, bounds check could be bypassed leading to potential buffer overwrite in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. 2018-10-29 not yet calculated CVE-2018-11877
CONFIRM
qualcomm -- snapdragon Incorrect bound check can lead to potential buffer overwrite in WLAN controller in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. 2018-10-29 not yet calculated CVE-2018-11882
CONFIRM
qualcomm -- snapdragon Buffer overflow if the length of passphrase is more than 32 when setting up secure NDP connection in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. 2018-10-29 not yet calculated CVE-2018-11874
CONFIRM
qualcomm -- snapdragon Lack of input validation while copying to buffer in WLAN will lead to a buffer overflow in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. 2018-10-29 not yet calculated CVE-2018-11876
CONFIRM
qualcomm -- snapdragon Lack of check of buffer size before copying in a WLAN function can lead to a buffer overflow in Snapdragon Mobile in version SD 845, SD 850. 2018-10-29 not yet calculated CVE-2018-11875
CONFIRM
qualcomm -- snapdragon Improper input validation in WLAN encrypt/decrypt module can lead to a buffer copy in Snapdragon Mobile in version SD 835, SD 845, SD 850 2018-10-29 not yet calculated CVE-2018-11857
CONFIRM
qualcomm -- snapdragon When processing IE set command, buffer overwrite may occur due to lack of input validation of the IE length in Snapdragon Mobile in version SD 835, SD 845, SD 850. 2018-10-29 not yet calculated CVE-2018-11858
CONFIRM
qualcomm -- snapdragon Buffer overwrite can happen in WLAN due to lack of validation of the input length in Snapdragon Mobile in version SD 845, SD 850. 2018-10-29 not yet calculated CVE-2018-11859
CONFIRM
qualcomm -- snapdragon Buffer overflow can happen in WLAN function due to lack of validation of the input length in Snapdragon Mobile in version SD 845, SD 850, SDA660. 2018-10-29 not yet calculated CVE-2018-11861
CONFIRM
qualcomm -- snapdragon Buffer overflow can happen in WLAN module due to lack of validation of the input length in Snapdragon Mobile in version SD 845, SD 850, SDA660. 2018-10-29 not yet calculated CVE-2018-11862
CONFIRM
qualcomm -- snapdragon Integer overflow may happen when calculating an internal structure size due to lack of validation of the input length in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016. 2018-10-29 not yet calculated CVE-2018-11865
CONFIRM
qualcomm -- snapdragon Integer overflow may happen in WLAN when calculating an internal structure size due to lack of validation of the input length in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016. 2018-10-29 not yet calculated CVE-2018-11866
CONFIRM
qualcomm -- snapdragon Lack of buffer length check before copying in WLAN function while processing FIPS event, can lead to a buffer overflow in Snapdragon Mobile in version SD 845. 2018-10-29 not yet calculated CVE-2018-11867
CONFIRM
qualcomm -- snapdragon Buffer overwrite can occur when the legacy rates count received from the host is not checked against the maximum number of legacy rates in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20. 2018-10-29 not yet calculated CVE-2018-11870
CONFIRM
qualcomm -- snapdragon Buffer overwrite can happen in WLAN function while processing set pdev parameter command due to lack of input validation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016. 2018-10-29 not yet calculated CVE-2018-11871
CONFIRM
qualcomm -- snapdragon Improper input validation leads to buffer overwrite in the WLAN function that handles WMI commands in Snapdragon Mobile in version SD 845, SD 850, SDA660 2018-10-29 not yet calculated CVE-2018-11872
CONFIRM
qualcomm -- snapdragon Improper input validation leads to buffer overwrite in the WLAN function that handles WLAN roam buffer in Snapdragon Mobile in version SD 845. 2018-10-29 not yet calculated CVE-2018-11873
CONFIRM
qualcomm -- snapdragon Improper input validation leads to buffer overwrite in the WLAN function that handles WMI commands in Snapdragon Mobile in version SD 835, SD 845, SD 850.  2018-10-29 not yet calculated CVE-2018-11856
CONFIRM
redhat -- cloudforms_management_engine
 
A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as. 2018-10-31 not yet calculated CVE-2016-5402
REDHAT
BID
CONFIRM
redhat -- glusterfs The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server. 2018-10-31 not yet calculated CVE-2018-14654
REDHAT
REDHAT
CONFIRM
redhat -- glusterfs The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service. 2018-10-31 not yet calculated CVE-2018-14652
REDHAT
REDHAT
CONFIRM
redhat -- glusterfs The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact. 2018-10-31 not yet calculated CVE-2018-14653
REDHAT
REDHAT
CONFIRM
redhat -- glusterfs It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service. 2018-10-31 not yet calculated CVE-2018-14661
REDHAT
REDHAT
CONFIRM
redhat -- glusterfs The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory. 2018-10-31 not yet calculated CVE-2018-14659
REDHAT
REDHAT
CONFIRM
redhat -- glusterfs A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node. 2018-11-01 not yet calculated CVE-2018-14660
REDHAT
REDHAT
CONFIRM
redhat -- glusterfs
 
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths. 2018-10-31 not yet calculated CVE-2018-14651
REDHAT
REDHAT
CONFIRM
redhat -- openstack_platform
 
A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information. 2018-10-31 not yet calculated CVE-2016-2121
BID
REDHAT
CONFIRM
ruby -- loofah_gem
 
In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. 2018-10-30 not yet calculated CVE-2018-16468
MISC
samba -- samba It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. 2018-10-31 not yet calculated CVE-2016-2125
REDHAT
REDHAT
REDHAT
REDHAT
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
samba -- samba
 
A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation. 2018-11-01 not yet calculated CVE-2016-2123
BID
SECTRACK
CONFIRM
CONFIRM
sandboxie -- sandboxie
 
Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), within a .py file. 2018-10-29 not yet calculated CVE-2018-18748
MISC
asrock -- drivers The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges. 2018-10-30 not yet calculated CVE-2018-10710
EXPLOIT-DB
MISC
asrock -- drivers The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code. 2018-10-30 not yet calculated CVE-2018-10711
EXPLOIT-DB
MISC
asrock -- drivers The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges. 2018-10-30 not yet calculated CVE-2018-10712
EXPLOIT-DB
MISC
asrock -- drivers The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write CR register values. This could be leveraged in a number of ways to ultimately run code with elevated privileges. 2018-10-30 not yet calculated CVE-2018-10709
EXPLOIT-DB
MISC
dell_emc -- integrated_data_protection_appliance
 
Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files. 2018-11-02 not yet calculated CVE-2018-11062
BID
FULLDISC
semcms -- semcms An XSS issue was discovered in SEMCMS 3.4 via the first input field to the admin/SEMCMS_Link.php?lgid=1 URI. 2018-10-29 not yet calculated CVE-2018-18740
MISC
semcms -- semcms An XSS issue was discovered in SEMCMS 3.4 via the second text field to the admin/SEMCMS_Categories.php?pid=1&lgid=1 URI. 2018-10-29 not yet calculated CVE-2018-18743
MISC
semcms -- semcms An XSS issue was discovered in SEMCMS 3.4 via the fifth text box to the admin/SEMCMS_Main.php URI. 2018-10-29 not yet calculated CVE-2018-18744
MISC
semcms -- semcms An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Menu.php?lgid=1 during editing. 2018-10-29 not yet calculated CVE-2018-18745
MISC
semcms -- semcms A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI. 2018-10-29 not yet calculated CVE-2018-18742
MISC
semcms -- semcms An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Download.php?lgid=1 during editing. 2018-10-29 not yet calculated CVE-2018-18741
MISC
semcms -- semcms An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Products.php?lgid=1 Keywords field. 2018-10-29 not yet calculated CVE-2018-18739
MISC
semcms -- semcms
 
An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Categories.php?pid=1&lgid=1 category_key parameter. 2018-10-29 not yet calculated CVE-2018-18738
MISC
synology -- diskstation_manager
 
Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter. 2018-10-31 not yet calculated CVE-2018-13281
CONFIRM
synology -- photo_station
 
Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter. 2018-10-31 not yet calculated CVE-2018-13282
CONFIRM
systemd -- systemd
 
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239. 2018-10-26 not yet calculated CVE-2018-15688
BID
MISC
GENTOO
systemd -- systemd A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239. 2018-10-26 not yet calculated CVE-2018-15686
BID
MISC
GENTOO
EXPLOIT-DB
tenda -- multiple_products An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "firewallEn" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. 2018-10-29 not yet calculated CVE-2018-18709
MISC
tenda -- multiple_products An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromAddressNat" for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. 2018-10-29 not yet calculated CVE-2018-18708
MISC
tenda -- multiple_products An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "ssid" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. 2018-10-29 not yet calculated CVE-2018-18707
MISC
tenda -- multiple_products An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromDhcpListClient" for a request, it is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. 2018-10-29 not yet calculated CVE-2018-18706
MISC
tenda -- multiple_products An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the 'mac' parameter for a post request, the value is directly used in a strcpy to a variable placed on the heap, which can leak sensitive information or even hijack program control flow. 2018-10-29 not yet calculated CVE-2018-18729
MISC
tenda -- multiple_products An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters for a post request, each value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. 2018-10-29 not yet calculated CVE-2018-18730
MISC
tenda -- multiple_products An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. They allow remote code execution via shell metacharacters in the usbName field to the __fastcall function with a POST request. 2018-10-29 not yet calculated CVE-2018-18728
MISC
tenda -- multiple_products An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceMac' parameter for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. 2018-10-29 not yet calculated CVE-2018-18731
MISC
tenda -- multiple_products An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. 2018-10-29 not yet calculated CVE-2018-18732
MISC
tenda -- multiple_products
 
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceList' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. 2018-10-29 not yet calculated CVE-2018-18727
MISC
tenda -- multiple_products
 
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. 2018-10-30 not yet calculated CVE-2018-14558
MISC
vecna -- vgo_robot VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) connected to the VGo XAMPP. User accounts may be able to execute commands that are outside the scope of their privileges and within the scope of an admin account. If an attacker has access to VGo XAMPP Client credentials, they may be able to execute admin commands on the connected robot. 2018-10-30 not yet calculated CVE-2018-17933
MISC
vecna -- vgo_robot If an attacker has physical access to the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to alter scripts, which may allow code execution with root privileges. 2018-10-30 not yet calculated CVE-2018-17931
MISC
wuzhi -- cms An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's username via index.php?m=member&f=index&v=edit&uid=1. 2018-10-29 not yet calculated CVE-2018-18712
MISC
wuzhi -- cms
 
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's password via index.php?m=core&f=panel&v=edit_info. 2018-10-29 not yet calculated CVE-2018-18711
MISC
yunucms -- yunucms An XSS issue was discovered in index.php/admin/category/editcategory?id=73 in YUNUCMS 1.1.5. 2018-10-29 not yet calculated CVE-2018-18724
MISC
yunucms -- yunucms An XSS issue was discovered in index.php/admin/area/editarea/id/110000 in YUNUCMS 1.1.5. 2018-10-29 not yet calculated CVE-2018-18723
MISC
yunucms -- yunucms An XSS issue was discovered in admin/content/editcontent?id=29&gopage=1 in YUNUCMS 1.1.5. 2018-10-29 not yet calculated CVE-2018-18722
MISC
yunucms -- yunucms An XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1.5. 2018-10-29 not yet calculated CVE-2018-18721
MISC
yunucms -- yunucms An XSS issue was discovered in admin/sitelink/editsitelink?id=16 in YUNUCMS 1.1.5. 2018-10-29 not yet calculated CVE-2018-18726
MISC
yunucms -- yunucms An XSS issue was discovered in admin/banner/editbanner?id=20 in YUNUCMS 1.1.5. 2018-10-29 not yet calculated CVE-2018-18725
MISC
yunucms -- yunucms
 
An XSS issue was discovered in index.php/admin/system/basic in YUNUCMS 1.1.5. 2018-10-29 not yet calculated CVE-2018-18720
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System https://ift.tt/2qsunTr

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.