Vulnerability Summary for the Week of May 21, 2018
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no high vulnerabilities recorded this week. |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no medium vulnerabilities recorded this week. |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no low vulnerabilities recorded this week. |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
abb -- srea-01 | In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP request which refers to files using ../../ relative paths. Once the internal password file is retrieved, the password hash can be identified using a brute force attack. There is also an exploit allowing running of commands after authorization. | 2018-05-24 | not yet calculated | CVE-2017-9664 BID MISC |
accellion -- kitewords | Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token. | 2018-05-24 | not yet calculated | CVE-2017-9421 MISC |
adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | 2018-05-19 | not yet calculated | CVE-2018-4918 BID SECTRACK MISC |
adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | 2018-05-19 | not yet calculated | CVE-2018-4917 BID SECTRACK MISC |
adobe -- coldfusion | Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure. | 2018-05-19 | not yet calculated | CVE-2018-4941 BID MISC |
adobe -- coldfusion | Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading vulnerability. Successful exploitation could lead to local privilege escalation. | 2018-05-19 | not yet calculated | CVE-2018-4938 BID MISC |
adobe -- coldfusion | Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Successful exploitation could lead to information disclosure. | 2018-05-19 | not yet calculated | CVE-2018-4942 BID MISC |
adobe -- coldfusion | Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure. | 2018-05-19 | not yet calculated | CVE-2018-4940 BID MISC |
adobe -- coldfusion | Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution. | 2018-05-19 | not yet calculated | CVE-2018-4939 BID MISC |
adobe -- connect | Adobe Connect versions 9.7 and earlier have an exploitable OS Command Injection. Successful exploitation could lead to arbitrary file deletion. | 2018-05-19 | not yet calculated | CVE-2018-4923 BID SECTRACK MISC |
adobe -- connect | Adobe Connect versions 9.7.5 and earlier have an exploitable Authentication Bypass vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2018-05-19 | not yet calculated | CVE-2018-4994 BID SECTRACK MISC |
adobe -- connect | Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload vulnerability. Successful exploitation could lead to information disclosure. | 2018-05-19 | not yet calculated | CVE-2018-4921 BID SECTRACK MISC |
adobe -- creative_cloud_desktop_application | Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Unquoted Search Path vulnerability. Successful exploitation could lead to local privilege escalation. | 2018-05-19 | not yet calculated | CVE-2018-4873 BID SECTRACK MISC |
adobe -- creative_cloud_desktop_application | Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper certificate validation vulnerability. Successful exploitation could lead to a security bypass. | 2018-05-19 | not yet calculated | CVE-2018-4991 BID SECTRACK MISC |
adobe -- creative_cloud_desktop_application | Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper input validation vulnerability. Successful exploitation could lead to local privilege escalation. | 2018-05-19 | not yet calculated | CVE-2018-4992 BID SECTRACK MISC |
adobe -- digital_editions | Adobe Digital Editions versions 4.5.7 and below have an exploitable Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-05-19 | not yet calculated | CVE-2018-4925 BID MISC |
adobe -- digital_editions | Adobe Digital Editions versions 4.5.7 and below have an exploitable Stack Overflow vulnerability. Successful exploitation could lead to information disclosure. | 2018-05-19 | not yet calculated | CVE-2018-4926 BID MISC |
adobe -- dreamweaver_cc | Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | 2018-05-19 | not yet calculated | CVE-2018-4924 BID SECTRACK MISC |
adobe -- experience_manager | Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2018-05-19 | not yet calculated | CVE-2018-4930 BID MISC |
adobe -- experience_manager | Adobe Experience Manager versions 6.1 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2018-05-19 | not yet calculated | CVE-2018-4931 BID MISC |
adobe -- experience_manager | Adobe Experience Manager versions 6.2 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2018-05-19 | not yet calculated | CVE-2018-4929 BID MISC |
adobe -- flash_player | Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Successful exploitation could lead to information disclosure. | 2018-05-19 | not yet calculated | CVE-2018-4936 BID SECTRACK REDHAT MISC EXPLOIT-DB |
adobe -- flash_player | Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | 2018-05-19 | not yet calculated | CVE-2018-4920 BID SECTRACK REDHAT MISC |
adobe -- flash_player | Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-05-19 | not yet calculated | CVE-2018-4933 BID SECTRACK REDHAT MISC |
adobe -- flash_player | Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2018-05-19 | not yet calculated | CVE-2018-4934 BID SECTRACK REDHAT MISC EXPLOIT-DB |
adobe -- flash_player | Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | 2018-05-19 | not yet calculated | CVE-2018-4919 BID SECTRACK REDHAT MISC |
adobe -- flash_player | Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | 2018-05-19 | not yet calculated | CVE-2018-4937 BID SECTRACK REDHAT MISC EXPLOIT-DB |
adobe -- flash_player | Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | 2018-05-19 | not yet calculated | CVE-2018-4944 BID SECTRACK REDHAT MISC |
adobe -- flash_player | Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | 2018-05-19 | not yet calculated | CVE-2018-4932 BID SECTRACK REDHAT MISC |
adobe -- flash_player | Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | 2018-05-19 | not yet calculated | CVE-2018-4935 BID SECTRACK REDHAT MISC EXPLOIT-DB |
adobe -- indesign | Adobe InDesign versions 13.0 and below have an exploitable Untrusted Search Path vulnerability. Successful exploitation could lead to local privilege escalation. | 2018-05-19 | not yet calculated | CVE-2018-4927 BID MISC |
adobe -- indesign | Adobe InDesign versions 13.0 and below have an exploitable Memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | 2018-05-19 | not yet calculated | CVE-2018-4928 BID MISC |
adobe -- phonegap_push_plugin | Adobe PhoneGap Push Plugin versions 1.8.0 and earlier have an exploitable Same-Origin Method Execution vulnerability. Successful exploitation could lead to JavaScript code execution in the context of the PhoneGap app. | 2018-05-19 | not yet calculated | CVE-2018-4943 BID MISC |
apache -- batik | In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization. | 2018-05-24 | not yet calculated | CVE-2018-8013 BID MLIST MLIST CONFIRM |
apache -- nifi | Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution. The fix to disable external general entity parsing and disallow doctype declarations was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release. | 2018-05-23 | not yet calculated | CVE-2018-1309 CONFIRM |
apache -- nifi | Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. See ActiveMQ CVE-2015-5254 announcement for more information. The fix to upgrade the activemq-client library to 5.15.3 was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release. | 2018-05-23 | not yet calculated | CVE-2018-1310 CONFIRM |
apache -- orc | In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the stack. | 2018-05-18 | not yet calculated | CVE-2018-8015 BID CONFIRM |
apache -- solr | This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. Users are advised to upgrade to either Solr 6.6.4 or Solr 7.3.1 releases both of which address the vulnerability. Once upgrade is complete, no other steps are required. Those releases only allow external entities and Xincludes that refer to local files / zookeeper resources below the Solr instance directory (using Solr's ResourceLoader); usage of absolute URLs is denied. Keep in mind, that external entities and XInclude are explicitly supported to better structure config files in large installations. Before Solr 6 this was no problem, as config files were not accessible through the APIs. | 2018-05-21 | not yet calculated | CVE-2018-8010 BID MISC |
apache -- zookeeper | No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader. | 2018-05-21 | not yet calculated | CVE-2018-8012 BID SECTRACK MISC |
appnitro_software -- machform | An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection. | 2018-05-26 | not yet calculated | CVE-2018-6411 MISC MISC |
appnitro_software -- machform | An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter. | 2018-05-26 | not yet calculated | CVE-2018-6410 MISC MISC |
appnitro_software -- machform | An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter. | 2018-05-26 | not yet calculated | CVE-2018-6409 MISC MISC |
asustor -- as6202t_adm | An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed. | 2018-05-21 | not yet calculated | CVE-2018-11340 MISC |
asustor -- as6202t_adm | An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter. | 2018-05-21 | not yet calculated | CVE-2018-11346 MISC |
asustor -- as6202t_adm | A persistent cross site scripting vulnerability in playlistmanger.cgi in the ASUSTOR SoundsGood application allows attackers to store cross site scripting payloads via the 'playlist' POST parameter. | 2018-05-21 | not yet calculated | CVE-2018-11343 MISC |
asustor -- as6202t_adm | An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. This can be used to place attacker controlled code on the file system that can then be executed. Further, the filename parameter is vulnerable to path traversal and allows the attacker to place the file anywhere on the system. | 2018-05-21 | not yet calculated | CVE-2018-11345 MISC |
asustor -- as6202t_adm | Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter. | 2018-05-21 | not yet calculated | CVE-2018-11341 MISC |
asustor -- as6202t_adm | A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the dest_folder parameter. | 2018-05-21 | not yet calculated | CVE-2018-11342 MISC |
asustor -- as6202t_adm | A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter. | 2018-05-21 | not yet calculated | CVE-2018-11344 MISC |
ati_systems -- emergency_mass_notification_systems | In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms. | 2018-05-25 | not yet calculated | CVE-2018-8862 BID MISC |
ati_systems -- emergency_mass_notification_systems | In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms. | 2018-05-25 | not yet calculated | CVE-2018-8864 BID MISC |
beaconmedaes -- scroll_medical_air_systems | In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access information in the application without authenticating. | 2018-05-24 | not yet calculated | CVE-2018-7526 MISC |
beaconmedaes -- scroll_medical_air_systems | In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, an attacker with network access to the integrated web server could retrieve default or user defined credentials stored and transmitted in an insecure manner. | 2018-05-24 | not yet calculated | CVE-2018-7518 MISC |
bearadmin -- bearadmin | An issue was discovered in BearAdmin 0.5. Remote attackers can download arbitrary files via /admin/databack/download.html?name= directory traversal sequences, as demonstrated by name=../application/database.php to read the MySQL credentials in the configuration. | 2018-05-24 | not yet calculated | CVE-2018-11413 MISC |
bearadmin -- bearadmin | An issue was discovered in BearAdmin 0.5. There is admin/admin_log/index.html?user_id= SQL injection because admin\controller\AdminLog.php constructs a MySQL query improperly. | 2018-05-24 | not yet calculated | CVE-2018-11414 MISC |
becton_dickinson_and_company -- bd_kiestra_inoquia_systems | A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption. | 2018-05-24 | not yet calculated | CVE-2018-10593 MISC CONFIRM |
becton_dickinson_and_company -- bd_kiestra_systems | A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data. | 2018-05-24 | not yet calculated | CVE-2018-10595 MISC CONFIRM |
bitdroid -- werewolf_online_app_android | The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output. | 2018-05-26 | not yet calculated | CVE-2018-11505 MISC |
citrix -- xenmobile_server | There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | 2018-05-23 | not yet calculated | CVE-2018-10653 CONFIRM |
citrix -- xenmobile_server | There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3. | 2018-05-23 | not yet calculated | CVE-2018-10652 CONFIRM |
citrix -- xenmobile_server | There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | 2018-05-23 | not yet calculated | CVE-2018-10654 CONFIRM |
citrix -- xenmobile_server | There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | 2018-05-23 | not yet calculated | CVE-2018-10648 CONFIRM |
citrix -- xenmobile_server | There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | 2018-05-23 | not yet calculated | CVE-2018-10650 CONFIRM |
citrix -- xenmobile_server | There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3. | 2018-05-23 | not yet calculated | CVE-2018-10649 CONFIRM |
citrix -- xenmobile_server | There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | 2018-05-23 | not yet calculated | CVE-2018-10651 CONFIRM |
ckeditor_5 -- ckeditor_5 | Cross-site scripting (XSS) vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link (A) element. | 2018-05-22 | not yet calculated | CVE-2018-11093 CONFIRM CONFIRM |
clippercms -- clippercms | Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file. | 2018-05-24 | not yet calculated | CVE-2018-11332 MISC |
cloudera -- hue | Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter. | 2018-05-22 | not yet calculated | CVE-2015-8094 CONFIRM CONFIRM CONFIRM MISC |
cloudfoundry -- cloudfoundry | Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections. | 2018-05-23 | not yet calculated | CVE-2018-1193 CONFIRM |
cockpit_project -- cockpit | Cockpit 0.5.5 has XSS via a collection, form, or region. | 2018-05-25 | not yet calculated | CVE-2018-11471 MISC |
codecanyon.net -- easyservice_billing | A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role. | 2018-05-25 | not yet calculated | CVE-2018-11445 MISC |
codecanyon.net -- easyservice_billing | A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0. | 2018-05-25 | not yet calculated | CVE-2018-11444 MISC |
codecanyon.net -- easyservice_billing
| A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation. | 2018-05-25 | not yet calculated | CVE-2018-11442 MISC |
codecanyon.net -- easyservice_billing | The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0. | 2018-05-25 | not yet calculated | CVE-2018-11443 MISC |
codecanyon.net -- horse_market_sell_and_rent_portal_script
| Horse Market Sell & Rent Portal Script 1.5.7 has a CSRF vulnerability through which an attacker can change all of the target's account information remotely. | 2018-05-21 | not yet calculated | CVE-2018-11096 EXPLOIT-DB |
cppcms -- cppcms | An issue was discovered in CppCMS before 1.2.1. There is a denial of service in the JSON parser module. | 2018-05-22 | not yet calculated | CVE-2018-11367 MISC |
curl -- curl | curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0. | 2018-05-24 | not yet calculated | CVE-2018-1000301 BID SECTRACK CONFIRM MLIST UBUNTU UBUNTU DEBIAN |
curl -- curl | curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0. | 2018-05-24 | not yet calculated | CVE-2018-1000300 BID SECTRACK CONFIRM UBUNTU |
d-link -- dsl-3782_router | A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated attackers to perform arbitrary modification (read, write) to passwords and configurations meanwhile an administrator is logged into the web panel. | 2018-05-23 | not yet calculated | CVE-2018-8898 MISC EXPLOIT-DB |
dahua_technology-- ip_devices | Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device. | 2018-05-23 | not yet calculated | CVE-2017-9317 CONFIRM |
delta_electronics -- industrial_automation_tpeditor | In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution. | 2018-05-25 | not yet calculated | CVE-2018-8871 MISC |
discount -- discount | The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html. | 2018-05-25 | not yet calculated | CVE-2018-11468 MISC |
discount -- discount | The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html. | 2018-05-26 | not yet calculated | CVE-2018-11503 MISC |
discount -- discount | The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html. | 2018-05-26 | not yet calculated | CVE-2018-11504 MISC |
dolibarr -- dolibarr | The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads. | 2018-05-22 | not yet calculated | CVE-2018-10092 MLIST CONFIRM CONFIRM MISC |
dolibarr -- dolibarr | SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes. | 2018-05-22 | not yet calculated | CVE-2018-10094 MLIST CONFIRM CONFIRM MISC |
dolibarr -- dolibarr | SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php. | 2018-05-22 | not yet calculated | CVE-2018-9019 CONFIRM CONFIRM |
dolibarr -- dolibarr | Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php. | 2018-05-22 | not yet calculated | CVE-2018-10095 MLIST CONFIRM CONFIRM MISC |
domainmod -- domainmod | DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter. | 2018-05-24 | not yet calculated | CVE-2018-11404 MISC |
domainmod -- domainmod | DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter. | 2018-05-24 | not yet calculated | CVE-2018-11403 MISC |
ethereum -- dimoncoin_token | The transferFrom function of a smart contract implementation for DimonCoin (FUD), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect. | 2018-05-24 | not yet calculated | CVE-2018-11411 MISC |
ethereum -- ether_cartel | The DrugDealer function of a smart contract implementation for Ether Cartel, an Ethereum game, allows attackers to take over the contract's ownership, aka ceoAnyone. After that, all the digital assets (including Ether balance and tokens) might be manipulated by the attackers, as exploited in the wild in May 2018. | 2018-05-22 | not yet calculated | CVE-2018-11329 MISC |
fortinet -- fortios | A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command. | 2018-05-24 | not yet calculated | CVE-2017-14187 SECTRACK CONFIRM |
fortinet -- fortios | An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal. | 2018-05-25 | not yet calculated | CVE-2017-14185 CONFIRM |
foxit -- foxit_reader | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process, a different vulnerability than CVE-2018-5677 and CVE-2018-5680. | 2018-05-24 | not yet calculated | CVE-2018-5679 MISC CONFIRM |
foxit -- foxit_reader | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process, a different vulnerability than CVE-2018-5674 and CVE-2018-5678. | 2018-05-24 | not yet calculated | CVE-2018-5676 MISC CONFIRM |
foxit -- foxit_reader | An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the u3d images inside of a pdf. The issue results from the lack of proper validation of user-supplied data, which can result in an array indexing issue. An attacker can leverage this to execute code in the context of the current process. | 2018-05-24 | not yet calculated | CVE-2018-7406 MISC CONFIRM |
foxit -- foxit_reader | An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when rendering U3D images inside of pdf files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. | 2018-05-24 | not yet calculated | CVE-2018-7407 MISC CONFIRM |
foxit -- foxit_reader | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process, a different vulnerability than CVE-2018-5676 and CVE-2018-5678. | 2018-05-24 | not yet calculated | CVE-2018-5674 MISC CONFIRM |
foxit -- foxit_reader | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process, a different vulnerability than CVE-2018-5677 and CVE-2018-5679. | 2018-05-24 | not yet calculated | CVE-2018-5680 MISC CONFIRM |
foxit -- foxit_reader | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process, a different vulnerability than CVE-2018-5679 and CVE-2018-5680. | 2018-05-24 | not yet calculated | CVE-2018-5677 MISC CONFIRM |
foxit -- foxit_reader | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an out-of-bounds write on a buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. | 2018-05-24 | not yet calculated | CVE-2018-5675 MISC CONFIRM |
foxit -- foxit_reader | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process, a different vulnerability than CVE-2018-5674 and CVE-2018-5676. | 2018-05-24 | not yet calculated | CVE-2018-5678 MISC CONFIRM |
frappe_technologies -- erpnext | An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment. | 2018-05-21 | not yet calculated | CVE-2018-11339 MISC MISC EXPLOIT-DB |
ge_automation -- pacssystems | In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable. | 2018-05-18 | not yet calculated | CVE-2018-8867 BID MISC |
giflib -- giflib | The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact. | 2018-05-26 | not yet calculated | CVE-2018-11489 MISC |
giflib -- giflib | The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact. | 2018-05-26 | not yet calculated | CVE-2018-11490 MISC |
gnome_project -- gnome_web | ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call. | 2018-05-23 | not yet calculated | CVE-2018-11396 CONFIRM |
gnu -- gnu_c_library | An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper. | 2018-05-18 | not yet calculated | CVE-2018-11237 BID MISC EXPLOIT-DB |
gnu -- gnu_c_library | stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. | 2018-05-18 | not yet calculated | CVE-2018-11236 BID MISC MISC |
haproxy -- haproxy | Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function. | 2018-05-25 | not yet calculated | CVE-2018-11469 CONFIRM |
hawtio -- hawtio | hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed. | 2018-05-22 | not yet calculated | CVE-2017-2617 BID REDHAT CONFIRM |
hp -- network_operations_management_ultimate | SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection. | 2018-05-22 | not yet calculated | CVE-2018-6493 BID SECTRACK CONFIRM |
hp -- network_operations_management_ultimate | Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent cross-site scripting, and non-persistent HTML Injection. | 2018-05-22 | not yet calculated | CVE-2018-6492 BID SECTRACK CONFIRM |
hp -- service_manager_software_web_tier | Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data. | 2018-05-22 | not yet calculated | CVE-2018-6494 BID SECTRACK CONFIRM |
huawei -- 1288h_and_288H | Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system. | 2018-05-24 | not yet calculated | CVE-2018-7902 CONFIRM |
huawei -- 1288h_and_288H | Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system. | 2018-05-24 | not yet calculated | CVE-2018-7903 CONFIRM |
huawei -- 1288h_and_288H | Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system. | 2018-05-24 | not yet calculated | CVE-2018-7904 CONFIRM |
huawei -- ibmc | The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak. | 2018-05-24 | not yet calculated | CVE-2018-7942 CONFIRM |
huawei -- smart_phones | Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user's smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure. | 2018-05-24 | not yet calculated | CVE-2017-17158 CONFIRM |
huwaei -- multiple_products | Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have a numeric errors vulnerability. An unauthenticated, remote attacker may send specially crafted SCCP messages to the affected products. Due to the improper validation of the messages, it will cause numeric errors when handling the messages. Successful exploit will cause some services abnormal. | 2018-05-24 | not yet calculated | CVE-2017-17315 CONFIRM |
ibm -- db2 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140047. | 2018-05-25 | not yet calculated | CVE-2018-1452 CONFIRM XF |
ibm -- db2 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 142648. | 2018-05-25 | not yet calculated | CVE-2018-1544 CONFIRM SECTRACK XF |
ibm -- db2 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 140973. | 2018-05-25 | not yet calculated | CVE-2018-1488 CONFIRM SECTRACK XF |
ibm -- db2 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 143022. | 2018-05-25 | not yet calculated | CVE-2018-1565 CONFIRM SECTRACK XF |
ibm -- db2 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140046. | 2018-05-25 | not yet calculated | CVE-2018-1451 CONFIRM XF |
ibm -- db2 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140044. | 2018-05-25 | not yet calculated | CVE-2018-1449 CONFIRM XF |
ibm -- db2 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: 140210. | 2018-05-25 | not yet calculated | CVE-2018-1459 CONFIRM XF |
ibm -- db2 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 141624. | 2018-05-25 | not yet calculated | CVE-2018-1515 CONFIRM SECTRACK XF |
ibm -- db2 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-ForceID: 140045. | 2018-05-25 | not yet calculated | CVE-2018-1450 CONFIRM XF |
ibm -- storediq | IBM StoredIQ 7.6 could allow an authenticated attacker to bypass certain security restrictions. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to access and manipulate documents on StoredIQ managed data sources. IBM X-Force ID: 143331. | 2018-05-22 | not yet calculated | CVE-2018-1583 CONFIRM XF |
ibm -- storwize_v7000 | The IBM Storwize V7000 Unified management Web interface 1.6 exposes internal cluster details to unauthenticated users. IBM X-Force ID: 140398. | 2018-05-25 | not yet calculated | CVE-2018-1467 CONFIRM XF |
ibm -- tivoli_application_dependency_discovery_manager | IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361. | 2018-05-24 | not yet calculated | CVE-2013-3023 CONFIRM XF |
ibm -- tivoli_application_dependency_discovery_manager | The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354. | 2018-05-24 | not yet calculated | CVE-2013-3018 CONFIRM XF |
ibm -- urbancode_deploy | IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547. | 2018-05-25 | not yet calculated | CVE-2017-1752 CONFIRM XF |
ibm -- websphere_application_server | IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362. | 2018-05-24 | not yet calculated | CVE-2013-3024 CONFIRM XF |
ilias -- ilias | ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting. | 2018-05-23 | not yet calculated | CVE-2018-10428 MISC BUGTRAQ CONFIRM CONFIRM CONFIRM MISC |
imagemagick -- imagemagick | In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call. | 2018-05-18 | not yet calculated | CVE-2017-18273 CONFIRM MLIST |
imagemagick -- imagemagick | In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file. | 2018-05-18 | not yet calculated | CVE-2018-11251 CONFIRM MLIST |
imagemagick -- imagemagick | In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file. | 2018-05-18 | not yet calculated | CVE-2017-18271 CONFIRM MLIST |
iscripts -- eswap | iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter. | 2018-05-22 | not yet calculated | CVE-2018-11372 MISC |
iscripts -- eswap | iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter. | 2018-05-22 | not yet calculated | CVE-2018-11373 MISC |
iscripts -- eswap | iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel. | 2018-05-25 | not yet calculated | CVE-2018-11470 MISC |
jboss -- jboss_jbossas | Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation. | 2018-05-22 | not yet calculated | CVE-2016-8656 REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT BID REDHAT REDHAT REDHAT REDHAT CONFIRM |
jboss -- undertow_web_server | In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value. | 2018-05-21 | not yet calculated | CVE-2018-1067 REDHAT REDHAT REDHAT REDHAT CONFIRM |
jenkins -- jenkins | Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304). | 2018-05-23 | not yet calculated | CVE-2017-2598 BID CONFIRM CONFIRM CONFIRM |
jenkins -- jenkins | jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to. | 2018-05-22 | not yet calculated | CVE-2017-2609 BID CONFIRM CONFIRM |
jenkins -- jenkins | jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting vulnerability in console notes (SECURITY-382). Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content while the build is running. Malicious Jenkins users, or users with SCM access, could configure jobs or modify build scripts such that they print serialized console notes that perform cross-site scripting attacks on Jenkins users viewing the build logs. | 2018-05-21 | not yet calculated | CVE-2017-2607 BID CONFIRM |
jerryscript -- jerryscript | An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_utf8 function via a RegExp("[\\u0020") payload, related to re_parse_char_class in parser/regexp/re-parser.c. | 2018-05-24 | not yet calculated | CVE-2018-11418 MISC |
jerryscript -- jerryscript | An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function via a RegExp("[\\u0") payload, related to re_parse_char_class in parser/regexp/re-parser.c. | 2018-05-24 | not yet calculated | CVE-2018-11419 MISC |
joomla! -- joomla! | In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager. | 2018-05-22 | not yet calculated | CVE-2018-6378 BID SECTRACK MISC |
joomla! -- joomla! | An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. | 2018-05-22 | not yet calculated | CVE-2018-11321 BID SECTRACK MISC |
joomla! -- joomla! | An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions. | 2018-05-22 | not yet calculated | CVE-2018-11323 BID SECTRACK MISC |
joomla! -- joomla! | An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver. | 2018-05-22 | not yet calculated | CVE-2018-11322 BID SECTRACK MISC |
joomla! -- joomla! | An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission. | 2018-05-22 | not yet calculated | CVE-2018-11327 BID SECTRACK MISC |
joomla! -- joomla! | An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen. | 2018-05-22 | not yet calculated | CVE-2018-11325 BID SECTRACK MISC |
joomla! -- joomla! | An issue was discovered in Joomla! Core before 3.8.8. Inadequate input filtering leads to a multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a XSS attack. | 2018-05-22 | not yet calculated | CVE-2018-11326 BID SECTRACK MISC |
joomla! -- joomla! | An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability. | 2018-05-22 | not yet calculated | CVE-2018-11328 BID SECTRACK MISC |
joomla! -- joomla! | An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated. | 2018-05-22 | not yet calculated | CVE-2018-11324 BID SECTRACK MISC |
jpegoptim -- jpegoptim | jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of realloc() and free(), which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | 2018-05-24 | not yet calculated | CVE-2018-11416 MISC MISC |
k2 -- smartforms | Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL. | 2018-05-24 | not yet calculated | CVE-2018-9920 BUGTRAQ |
kemp_technologies -- loadmaster_operating_system_long_term_support | A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an unauthenticated, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, etc., thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible. | 2018-05-25 | not yet calculated | CVE-2018-9091 CONFIRM |
kliqqi -- kliqqi | Kliqqi 2.0.2 has CSRF in admin/admin_users.php. | 2018-05-24 | not yet calculated | CVE-2018-11405 MISC |
kubernetes-incubator/cri-o -- kubernetes-incubator/cri-o
| Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via container execution. This vulnerability appears to have been fixed in 1.9. | 2018-05-18 | not yet calculated | CVE-2018-1000400 BID MISC |
liblouis -- liblouis | An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | 2018-05-24 | not yet calculated | CVE-2018-11410 MISC MISC |
liblouis -- liblouis | Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c. | 2018-05-25 | not yet calculated | CVE-2018-11440 MISC |
libsass -- libsass | A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact. | 2018-05-26 | not yet calculated | CVE-2018-11499 MISC |
linux -- linux_kernel | kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated. | 2018-05-21 | not yet calculated | CVE-2018-1108 BID CONFIRM DEBIAN |
linux -- linux_kernel | In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode. | 2018-05-24 | not yet calculated | CVE-2018-11412 MISC MISC |
linux -- linux_kernel | The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f. | 2018-05-24 | not yet calculated | CVE-2018-1000199 SECTRACK REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT MLIST MLIST UBUNTU DEBIAN DEBIAN |
linux -- linux_kernel | In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service. | 2018-05-18 | not yet calculated | CVE-2017-18270 CONFIRM BID CONFIRM CONFIRM |
lizard -- lizard | In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an unchecked buffer size during a memcpy in the Lizard_decompress_LIZv1 function (lib/lizard_decompress_liz.h). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted input file, as well as achieve remote code execution. | 2018-05-26 | not yet calculated | CVE-2018-11498 MISC |
long_range_zip -- long_range_zip | In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation. | 2018-05-26 | not yet calculated | CVE-2018-11496 MISC |
magnicomp -- sysinfo | MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic Automation and other products, contains an information exposure vulnerability in which a local unprivileged user is able to read any root (uid 0) owned file on the system, regardless of the file permissions. Confidential information such as password hashes (/etc/shadow) or other secrets (such as log files or private keys) can be leaked to the attacker. The vulnerability has a confidentiality impact, but has no direct impact on system integrity or availability. | 2018-05-21 | not yet calculated | CVE-2018-7268 MISC BUGTRAQ MISC |
makemytrip.com -- makemytrip_app_android | An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files. | 2018-05-20 | not yet calculated | CVE-2018-11242 MISC EXPLOIT-DB |
mcafee -- data_loss_prevention_endpoint | Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility. | 2018-05-25 | not yet calculated | CVE-2018-6664 SECTRACK CONFIRM |
mcafee -- network_security_management | Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes. | 2018-05-25 | not yet calculated | CVE-2017-3961 CONFIRM |
mcafee -- virusscan_enterprise | Privilege Escalation vulnerability in Microsoft Windows client in McAfee VirusScan Enterprise (VSE) 8.8 allows local users to view configuration information in plain text format via the GUI or GUI terminal commands. | 2018-05-25 | not yet calculated | CVE-2018-6674 BID SECTRACK CONFIRM |
micro_focus -- client_for_oes | The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys. | 2018-05-21 | not yet calculated | CVE-2018-7687 MISC MISC |
micro_focus -- multiple_products | Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). | 2018-05-23 | not yet calculated | CVE-2018-6495 SECTRACK CONFIRM |
microsoft -- office | A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office. | 2018-05-23 | not yet calculated | CVE-2018-8176 BID SECTRACK CONFIRM |
microsoft -- windows | A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1035. | 2018-05-21 | not yet calculated | CVE-2018-8142 BID CONFIRM |
monstra -- monstra_cms | Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php). | 2018-05-25 | not yet calculated | CVE-2018-11472 MISC MISC |
monstra -- monstra_cms | Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser. | 2018-05-25 | not yet calculated | CVE-2018-11475 MISC |
monstra -- monstra_cms | Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser. | 2018-05-25 | not yet calculated | CVE-2018-11474 MISC |
monstra -- monstra_cms | Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration). | 2018-05-25 | not yet calculated | CVE-2018-11473 MISC MISC |
moodle -- moodle | An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection. | 2018-05-25 | not yet calculated | CVE-2018-1133 CONFIRM |
moodle -- moodle | An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL. | 2018-05-25 | not yet calculated | CVE-2018-1134 CONFIRM |
moodle -- moodle | An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users. | 2018-05-25 | not yet calculated | CVE-2018-1136 CONFIRM |
moodle -- moodle | An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack. | 2018-05-25 | not yet calculated | CVE-2018-1137 CONFIRM |
moodle -- moodle | An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL. | 2018-05-25 | not yet calculated | CVE-2018-1135 CONFIRM |
multiple_vendors -- multiple_products | Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. | 2018-05-22 | not yet calculated | CVE-2018-3639 CONFIRM BID SECTRACK CONFIRM REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT MISC CONFIRM CONFIRM CONFIRM CONFIRM CISCO UBUNTU UBUNTU UBUNTU UBUNTU UBUNTU UBUNTU UBUNTU DEBIAN EXPLOIT-DB CONFIRM CERT-VN CONFIRM CERT |
multiple_vendors -- multiple_products | Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a. | 2018-05-22 | not yet calculated | CVE-2018-3640 CONFIRM BID SECTRACK CONFIRM CONFIRM CONFIRM CISCO CONFIRM CERT-VN CONFIRM CERT |
mupdf -- mupdf | In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file. | 2018-05-24 | not yet calculated | CVE-2018-1000040 CONFIRM MISC MISC MISC MISC MISC |
mupdf -- mupdf | In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file. | 2018-05-24 | not yet calculated | CVE-2018-1000039 CONFIRM CONFIRM CONFIRM MISC MISC MISC MISC |
mupdf -- mupdf | In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file. | 2018-05-24 | not yet calculated | CVE-2018-1000038 CONFIRM CONFIRM MISC |
mupdf -- mupdf | In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file. | 2018-05-24 | not yet calculated | CVE-2018-1000036 MISC |
mupdf -- mupdf | In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file. | 2018-05-24 | not yet calculated | CVE-2018-1000037 CONFIRM CONFIRM CONFIRM MISC MISC MISC MISC MISC |
mybb -- mybb | An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action. | 2018-05-21 | not yet calculated | CVE-2018-11092 CONFIRM CONFIRM EXPLOIT-DB |
myscada -- mypro | A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials. | 2018-05-20 | not yet calculated | CVE-2018-11311 MISC MISC EXPLOIT-DB |
netapp -- oncommand_unified_manager | NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution. | 2018-05-24 | not yet calculated | CVE-2018-5487 CONFIRM |
netapp -- oncommand_unified_manager | NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3 are susceptible to a vulnerability which could lead to a privilege escalation attack. | 2018-05-24 | not yet calculated | CVE-2018-5485 CONFIRM |
octopus -- deploy | In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs. | 2018-05-21 | not yet calculated | CVE-2018-11320 CONFIRM |
opencart -- opencart | In the Divido plugin for OpenCart, there is SQL injection. Attackers can use SQL injection to get some confidential information. | 2018-05-23 | not yet calculated | CVE-2018-11231 MISC |
opencart -- opencart | OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. For example, an attacker can download ../../config.php. | 2018-05-26 | not yet calculated | CVE-2018-11495 MISC |
opencart -- opencart | The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containing 10 random digits) via a directory traversal attack involving language_info['code']. | 2018-05-26 | not yet calculated | CVE-2018-11494 MISC |
openflow -- openflow | OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network Instability. This attack appear to be exploitable via Network connectivity: the attacker must first establish a transport connection with the OpenFlow controller and then initiate the OpenFlow handshake. | 2018-05-24 | not yet calculated | CVE-2018-1000155 MISC |
osisoft -- pi_coresight | PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to the PI system. OSIsoft recommends that users upgrade to PI Vision 2017 or greater to mitigate this vulnerability. | 2018-05-25 | not yet calculated | CVE-2017-9641 BID MISC CONFIRM |
pbootcms -- pbootcms | An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection that can get important information from the database via the \apps\home\controller\ParserController.php scode parameter. | 2018-05-22 | not yet calculated | CVE-2018-11369 MISC |
pdfgen -- pdfgen | jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a heap-based buffer over-read. | 2018-05-22 | not yet calculated | CVE-2018-11363 MISC MISC |
phpmywind -- phpmywind | PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php. | 2018-05-26 | not yet calculated | CVE-2018-11487 MISC |
phpscriptsmall.com -- website_seller_script | PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2. | 2018-05-26 | not yet calculated | CVE-2018-11501 MISC |
pluck -- pluck | An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted. | 2018-05-21 | not yet calculated | CVE-2018-11330 MISC MISC |
pluck -- pluck | An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess. | 2018-05-21 | not yet calculated | CVE-2018-11331 MISC MISC |
procps-ng/procps -- procps-ng/procps | procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124. | 2018-05-23 | not yet calculated | CVE-2018-1126 MLIST BID REDHAT CONFIRM UBUNTU DEBIAN MISC |
procps-ng/procps -- procps-ng/procps | procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash. | 2018-05-23 | not yet calculated | CVE-2018-1125 MLIST BID CONFIRM UBUNTU DEBIAN MISC |
procps-ng/procps -- procps-ng/procps | procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service). | 2018-05-23 | not yet calculated | CVE-2018-1123 MLIST BID CONFIRM UBUNTU DEBIAN MISC |
procps-ng/procps -- procps-ng/procps | procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function. | 2018-05-23 | not yet calculated | CVE-2018-1122 MLIST BID CONFIRM UBUNTU DEBIAN MISC |
procps-ng/procps -- procps-ng/procps | procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users. | 2018-05-23 | not yet calculated | CVE-2018-1124 MLIST BID REDHAT CONFIRM UBUNTU DEBIAN MISC |
publiccms -- publiccms | An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account. | 2018-05-26 | not yet calculated | CVE-2018-11500 MISC |
radare -- radare2 | The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file. | 2018-05-22 | not yet calculated | CVE-2018-11384 MISC MISC |
radare -- radare2 | The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. | 2018-05-22 | not yet calculated | CVE-2018-11377 MISC MISC MISC |
radare -- radare2 | The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file. | 2018-05-22 | not yet calculated | CVE-2018-11378 MISC MISC |
radare -- radare2 | The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file. | 2018-05-22 | not yet calculated | CVE-2018-11376 MISC MISC |
radare -- radare2 | The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. | 2018-05-22 | not yet calculated | CVE-2018-11375 MISC MISC |
radare -- radare2 | The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted Mach-O file. | 2018-05-22 | not yet calculated | CVE-2018-11380 MISC MISC |
radare -- radare2 | The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c. | 2018-05-22 | not yet calculated | CVE-2018-11383 MISC MISC |
radare -- radare2 | The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. | 2018-05-22 | not yet calculated | CVE-2018-11381 MISC MISC |
radare -- radare2 | The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. | 2018-05-22 | not yet calculated | CVE-2018-11382 MISC MISC |
radare -- radare2 | The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file. | 2018-05-22 | not yet calculated | CVE-2018-11379 MISC MISC |
radio_thermostat -- ct50_and_ct80 | The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat t_heat request that accesses a device purchased in the Spring of 2018, and sets a home's target temperature to 95 degrees Fahrenheit. This vulnerability might be described as an addendum to CVE-2013-4860. | 2018-05-20 | not yet calculated | CVE-2018-11315 MISC |
readstat -- readstat | sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 0.1.1 has an infinite loop. | 2018-05-22 | not yet calculated | CVE-2018-11365 MISC |
readstat -- readstat | sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in libreadstat.a in ReadStat 0.1.1 has a memory leak related to an iconv_open call. | 2018-05-22 | not yet calculated | CVE-2018-11364 MISC |
sap -- internet_transaction_server | SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product. | 2018-05-24 | not yet calculated | CVE-2018-11415 MISC EXPLOIT-DB |
simplisafe -- simplisafe_original | In SimpliSafe Original, the Base Station fails to detect tamper attempts: it does not send a notification if a physically proximate attacker removes the battery and external power. | 2018-05-24 | not yet calculated | CVE-2018-11400 MISC |
simplisafe -- simplisafe_original | SimpliSafe Original has Unencrypted Sensor Transmissions, which allows physically proximate attackers to obtain potentially sensitive information about the specific times when alarm-system events occur. | 2018-05-24 | not yet calculated | CVE-2018-11399 MISC |
simplisafe -- simplisafe_original | SimpliSafe Original has Unencrypted Keypad Transmissions, which allows physically proximate attackers to discover the PIN. | 2018-05-24 | not yet calculated | CVE-2018-11402 MISC |
simplisafe -- simplisafe_original | In SimpliSafe Original, RF Interference (e.g., an extremely strong 433.92 MHz signal) by a physically proximate attacker does not cause a notification. | 2018-05-24 | not yet calculated | CVE-2018-11401 MISC |
skycaiji -- skycaiji | SkyCaiji 1.2 allows CSRF to add an Administrator user. | 2018-05-22 | not yet calculated | CVE-2018-11371 MISC |
square_enix -- final_fantasy_xiv | ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on Windows is affected by Improper Enforcement of Message Integrity During Transmission in a Communication Channel, allowing a man-in-the-middle attacker to steal user credentials because a session retrieves global.js via http before proceeding to use https. This is fixed in Patch 4.3. | 2018-05-23 | not yet calculated | CVE-2018-7295 MISC |
trend_micro -- email_encryption_gateway | A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formConfiguration class. Authentication is required to exploit this vulnerability. | 2018-05-23 | not yet calculated | CVE-2018-10352 CONFIRM MISC |
trend_micro -- email_encryption_gateway | An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to recover user passwords on vulnerable installations due to a flaw in the DBCrypto class. An attacker must first obtain access to the user database on the target system in order to exploit this vulnerability. | 2018-05-23 | not yet calculated | CVE-2018-10355 CONFIRM MISC |
trend_micro -- email_encryption_gateway | A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the LauncherServer. Authentication is required to exploit this vulnerability. | 2018-05-23 | not yet calculated | CVE-2018-10354 CONFIRM MISC |
trend_micro -- email_encryption_gateway | A SQL injection information disclosure vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to disclose sensitive information on vulnerable installations due to a flaw in the formChangePass class. Authentication is required to exploit this vulnerability. | 2018-05-23 | not yet calculated | CVE-2018-10353 CONFIRM MISC |
trend_micro -- email_encryption_gateway | A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Authentication is required to exploit this vulnerability. | 2018-05-23 | not yet calculated | CVE-2018-10351 CONFIRM MISC |
trend_micro -- email_encryption_gateway | A SQL injection remote code execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRequestDomains class. Authentication is required to exploit this vulnerability. | 2018-05-23 | not yet calculated | CVE-2018-10356 CONFIRM MISC |
trend_micro -- endpoint_application_control | A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. Authentication is required to exploit this vulnerability. | 2018-05-23 | not yet calculated | CVE-2018-10357 CONFIRM MISC |
trend_micro -- maximum_security | An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2018-05-25 | not yet calculated | CVE-2018-6235 CONFIRM MISC |
trend_micro -- maximum_security | A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222813 by the tmusa driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2018-05-25 | not yet calculated | CVE-2018-6236 CONFIRM MISC |
trend_micro -- maximum_security | A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222060 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2018-05-25 | not yet calculated | CVE-2018-6233 CONFIRM MISC |
trend_micro -- maximum_security | A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x22205C by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2018-05-25 | not yet calculated | CVE-2018-6232 CONFIRM MISC |
trend_micro -- maximum_security | An Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2018-05-25 | not yet calculated | CVE-2018-6234 CONFIRM MISC |
trend_micro -- smart_protection_server | A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation. | 2018-05-25 | not yet calculated | CVE-2018-6237 CONFIRM MISC |
trend_micro -- smart_protection_server | A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\_bwlists\_handler.php. Authentication is required in order to exploit this vulnerability. | 2018-05-25 | not yet calculated | CVE-2018-10350 CONFIRM MISC |
vim-syntastic/syntastic -- vim-syntastic/syntastic
| Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a directory that is a parent of the base directory of the project being checked. NOTE: exploitation is more difficult after 3.8.0 because filename prediction may be needed. | 2018-05-20 | not yet calculated | CVE-2018-11319 MISC MISC MISC |
vmware -- fusion | VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation. | 2018-05-22 | not yet calculated | CVE-2018-6962 BID SECTRACK CONFIRM |
vmware -- workstation | VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine. | 2018-05-22 | not yet calculated | CVE-2018-6963 BID SECTRACK CONFIRM |
windscribe -- windscribe | The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \\.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processes (like taskkill, etc.). There is no validation of the program name before constructing the lpCommandLine argument for a CreateProcess call. An attacker can run any malicious process with SYSTEM privileges through this named pipe. | 2018-05-25 | not yet calculated | CVE-2018-11479 MISC |
windscribe -- windscribe | Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \\.\pipe\WindscribeService. | 2018-05-23 | not yet calculated | CVE-2018-11334 MISC |
wireshark -- wireshark | In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup. | 2018-05-22 | not yet calculated | CVE-2018-11358 CONFIRM CONFIRM CONFIRM |
wireshark -- wireshark | In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record. | 2018-05-22 | not yet calculated | CVE-2018-11356 CONFIRM CONFIRM CONFIRM |
wireshark -- wireshark | In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths. | 2018-05-22 | not yet calculated | CVE-2018-11357 CONFIRM CONFIRM CONFIRM |
wireshark -- wireshark | In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks. | 2018-05-22 | not yet calculated | CVE-2018-11355 CONFIRM CONFIRM CONFIRM |
wireshark -- wireshark | In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character. | 2018-05-22 | not yet calculated | CVE-2018-11362 CONFIRM CONFIRM CONFIRM |
wireshark -- wireshark | In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow. | 2018-05-22 | not yet calculated | CVE-2018-11360 CONFIRM CONFIRM CONFIRM |
wireshark -- wireshark | In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference. | 2018-05-22 | not yet calculated | CVE-2018-11359 CONFIRM CONFIRM CONFIRM |
wireshark -- wireshark | In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey. | 2018-05-22 | not yet calculated | CVE-2018-11361 CONFIRM CONFIRM CONFIRM |
wireshark -- wireshark | In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling. | 2018-05-22 | not yet calculated | CVE-2018-11354 CONFIRM CONFIRM CONFIRM |
wordpress -- wordpress | init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting (XSS) because logging is mishandled. This is fixed in 1.4.0. | 2018-05-22 | not yet calculated | CVE-2018-11366 MISC MISC MISC MISC |
wuzhi_cms -- wuzhi_cms | An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add. | 2018-05-26 | not yet calculated | CVE-2018-11493 MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.