Vulnerability Summary for the Week of May 28, 2018

Released
Jun 04, 2018
Document ID
SB18-155

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

Vulnerability Severity:

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
There were no medium vulnerabilities recorded this week.

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info

1000ch -- dwebp-bin

 

dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. dwebp-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10633
MISC

aerospike -- aerospike-client-nodejs

 

aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10558
MISC
air-sdk -- air-sdk
 		air-sdk is a NPM wrapper for the Adobe AIR SDK. air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10603
MISC
airbrake -- node-airbrake
 		The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending. This goes against common best practice, which is to use HTTPS.2018-05-31not yet calculatedCVE-2016-10530
MISC
MISC
alexyoung -- jadedown
 		jadedown is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in.2018-05-31not yet calculatedCVE-2016-10520
MISC
andzdroid -- paypal-ipn
 		paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would fool any application which does not explicitly check for test_ipn in production.2018-05-29not yet calculatedCVE-2014-10067
MISC
MISC
appgyver -- steroids
 		Steroids is PhoneGap on Steroids, providing native UI elements, multiple WebViews and enhancements for better developer productivity. steroids downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10581
MISC

appium -- appium-chromedriver

 

appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-31not yet calculatedCVE-2016-10557
MISC
apple -- safari
 		webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as distributed in Safari Technology Preview Release 57, mishandle an unset pageURL, leading to an application crash.2018-06-01not yet calculatedCVE-2018-11646
MISC
MISC
appnitro -- machform
 		An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.2018-05-26not yet calculatedCVE-2018-6409
MISC
EXPLOIT-DB
MISC
appnitro -- machform
 		An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.2018-05-26not yet calculatedCVE-2018-6410
MISC
EXPLOIT-DB
MISC
appnitro -- machform
 		An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.2018-05-26not yet calculatedCVE-2018-6411
MISC
EXPLOIT-DB
MISC

arian -- selenium-wrapper

 

selenium-wrapper is a selenium server wrapper, including installation and chrome webdriver. selenium-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10628
MISC

arrayfire -- arrayfire-js

 

arrayfire-js is a module for ArrayFire for the Node.js platform. arrayfire-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10598
MISC
artifex -- ghostscript
 		psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977.2018-06-01not yet calculatedCVE-2018-11645
MISC
MISC

artiomshapovalov -- tomita-parser

 

tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10666
MISC
arve0 -- node-geoip-country
 		geoip-lite-country is a stripped down version of geoip-lite, supporting only country lookup. geoip-lite-country before 1.1.4 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.2018-05-29not yet calculatedCVE-2016-10568
MISC
atob -- atob
 		atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below.2018-05-29not yet calculatedCVE-2018-3745
MISC
auth0 -- node-jsonwebtokenIn jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).2018-05-29not yet calculatedCVE-2015-9235
MISC
MISC
MISC
MISC

barretts -- node-iedriver

 

iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-31not yet calculatedCVE-2016-10562
MISC

bem-archive -- imageoptim

 

imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10596
MISC

bionode -- bionode-sra

 

bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10613
MISC
bitmain -- antminer_d3_and_l3+_and_s9_devices
 		Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Execution via the system restore function.2018-05-31not yet calculatedCVE-2018-11220
EXPLOIT-DB

bloodaxe -- npm-native-opencv

native-opencv is the OpenCV library installed via npm native-opencv downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10658
MISC

bluesmoon -- node-geoip

 

adamvr-geoip-lite is a light weight native JavaScript implementation of GeoIP API from MaxMind adamvr-geoip-lite downloads geoip resources over HTTP, which leaves it vulnerable to MITM attacks. This impacts the integrity and availability of this geoip data that may alter the decisions made by an application using this data.2018-05-29not yet calculatedCVE-2016-10680
MISC
bmw -- multiple_vehiclesThe Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network.2018-05-31not yet calculatedCVE-2018-9318
BID
MISC
MISC
bmw -- multiple_vehicles
 		The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware updates, and consequently obtain a root shell.2018-05-31not yet calculatedCVE-2018-9322
BID
MISC
MISC
bmw -- multiple_vehicles
 		The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a remote attack via Bluetooth when in pairing mode, leading to a Head Unit reboot.2018-05-31not yet calculatedCVE-2018-9313
BID
MISC
MISC
bmw -- multiple_vehicles
 		The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in.2018-05-31not yet calculatedCVE-2018-9320
BID
MISC
MISC
bmw -- multiple_vehicles
 		The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in.2018-05-31not yet calculatedCVE-2018-9312
BID
MISC
MISC
bmw -- multiple_vehicles
 		The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows an attack by an attacker who has direct physical access.2018-05-31not yet calculatedCVE-2018-9314
BID
MISC
MISC
bmw -- multiple_vehicles
 		The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network.2018-05-31not yet calculatedCVE-2018-9311
BID
MISC
MISC

broccoli -- broccoli

 

broccoli-closure is a Closure compiler plugin for Broccoli. broccoli-closure before 1.3.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10635
MISC
brother -- hl-l2340d_and_hl-l2380dw_series_printers
 		Cross-site scripting (XSS) vulnerability on Brother HL-L2340D and HL-L2380DW series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html.2018-06-01not yet calculatedCVE-2018-11581
MISC

bulain -- grunt-webdriver-qunit

 

grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in grunt grunt-webdriver-qunit downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10606
MISC

caspervonb -- bitty

 

Bitty is a development web server tool that functions similar to `python -m SimpleHTTPServer`. Version 0.2.10 has a directory traversal vulnerability that is exploitable via the URL path in GET requests.2018-05-31not yet calculatedCVE-2016-10561
MISC
clippercms -- clippercms
 		ClipperCMS 1.3.3 allows Session Fixation.2018-05-30not yet calculatedCVE-2018-11571
MISC
clippercms -- clippercms
 		ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -> Manage modules -> edit" action to the manager/ URI.2018-05-30not yet calculatedCVE-2018-11572
MISC
cloudcmd -- console-io
 		console-io is a module that allows users to implement a web console in their application. A malicious user could bypass the authentication and execute any command that the user who is running the console-io application 2.2.13 and earlier is able to run. This means that if console-io was running from root, the attacker would have full access to the system. This vulnerability exists because the console-io application does not configure socket.io to require authentication, which allows a malicious user to connect via a websocket to send commands and receive the response.2018-05-31not yet calculatedCVE-2016-10532
MISC
cmseasy -- cmseasy
 		An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin.2018-06-02not yet calculatedCVE-2018-11679
MISC
MISC
cmseasy -- cmseasy
 		An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate.2018-06-02not yet calculatedCVE-2018-11680
MISC
cnpm -- node-operadriver
 		operadriver is a Opera Driver for Selenium. operadriver versions below 0.2.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-31not yet calculatedCVE-2016-10565
MISC
cobalt-cli -- cobalt-cli
 		cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10597
MISC
codecanyon.net -- easyservice_billing
 		The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0.2018-05-25not yet calculatedCVE-2018-11443
MISC
EXPLOIT-DB
codecanyon.net -- easyservice_billing
 		A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role.2018-05-25not yet calculatedCVE-2018-11445
MISC
EXPLOIT-DB
codecanyon.net -- easyservice_billing
 		A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0.2018-05-25not yet calculatedCVE-2018-11444
MISC
EXPLOIT-DB
codecanyon.net -- easyservice_billing
 		A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation.2018-05-25not yet calculatedCVE-2018-11442
MISC
EXPLOIT-DB
coderaiser -- node-restafary
 		restafary is a REpresentful State Transfer API for Creating, Reading, Using, Deleting files on a server from the web. Restafary before 1.6.1 is able to set up a root path, which should only allow it to run inside of that root path it specified.2018-05-31not yet calculatedCVE-2016-10528
MISC

connected-web -- product-monitor

 

product-monitor is a HTML/JavaScript template for monitoring a product by encouraging product developers to gather all the information about the status of a product, including live monitoring, statistics, endpoints, and test results into one place. product-monitor versions below 2.2.5 download JavaScript resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10567
MISC
creatiwity -- witycms
 		Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general.2018-05-28not yet calculatedCVE-2018-11512
MISC
MISC
EXPLOIT-DB
cscms -- cscms
 		An issue was discovered in CScms v4.1. A Cross-site request forgery (CSRF) vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator's username and password via /admin.php/sys/editpass_save.2018-05-29not yet calculatedCVE-2018-11527
MISC

dalekjs -- dalek-browser-chrome

dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10604
MISC
dalekjs -- dalek-browser-chrome-canary
 		dalek-browser-chrome-canary provides Google Chrome bindings for DalekJS. dalek-browser-chrome-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10584
MISC
dalekjs -- dalek-browser-ie
 		dalek-browser-ie is Internet Explorer bindings for DalekJS. dalek-browser-ie downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10605
MISC

dalekjs -- dalek-browser-ie

 

dalek-browser-ie-canary is Internet Explorer bindings for DalekJS. dalek-browser-ie-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10612
MISC

danielcardoso -- html-pages

 

The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL.2018-05-29not yet calculatedCVE-2018-3744
MISC
MISC
danielfm -- jshamcrestjshamcrest is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in to the emailAddress validator.2018-05-31not yet calculatedCVE-2016-10521
MISC
dataiku -- dataiku_dss
 		The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pictures visibility.2018-05-28not yet calculatedCVE-2018-10732
MISC
MISC

davidmarkclements -- install-nw

 

install-nw is a module which quickly and robustly installs and caches NW.js. install-nw versions below 1.1.5 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10566
MISC
dchem -- node-ibapi
 		ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10593
MISC
dcodeio -- closurecompiler.js
 		closurecompiler is a Closure Compiler for node.js. closurecompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10582
MISC

ddopson -- node-sauce-connect

 

sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar program for establishing a secure tunnel for intranet testing. sauce-connect downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10599
MISC
dell_emc -- recoverpoint_and_recoverpoint_for_vms
 		Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. An authenticated malicious user with access to the RecoverPoint log files may obtain the exposed LDAP password to use it in further attacks.2018-05-29not yet calculatedCVE-2018-1241
FULLDISC
BID
dell_emc -- recoverpoint_and_recoverpoint_for_vms
 		Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to execute arbitrary commands on the affected system with root privilege.2018-05-29not yet calculatedCVE-2018-1235
FULLDISC
BID
dell_emc -- recoverpoint_and_recoverpoint_for_vms
 		Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files that require root permission cannot be read.2018-05-29not yet calculatedCVE-2018-1242
FULLDISC
BID
delta_electronics -- automation_tpeditor
 		In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution.2018-05-25not yet calculatedCVE-2018-8871
BID
MISC
dirtyhairy -- node-libxl
 		libxl provides Node bindings for the libxl library for reading and writing excel (XLS and XLSX) spreadsheets. libxl downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10585
MISC
domainmod -- domainmod
 		DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter.2018-05-30not yet calculatedCVE-2018-11559
MISC
domainmod -- domainmod
 		DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_first_name parameter.2018-05-30not yet calculatedCVE-2018-11558
MISC
dtao -- fancy-server
 		Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory.2018-05-31not yet calculatedCVE-2014-10066
MISC
dtsearch -- dtsearch
 		A stack exhaustion vulnerability in the search function of dtSearch 7.90.8538.1 and prior allows remote attackers to cause a denial of service condition by sending a specially crafted HTTP request.2018-05-29not yet calculatedCVE-2018-11488
MISC
MISC
MISC
dwyl -- hapi-auth-jwt2
 		When attempting to allow authentication mode `try` in hapi, hapi-auth-jwt2 version 5.1.1 introduced an issue whereby people could bypass authentication.2018-05-29not yet calculatedCVE-2016-10525
MISC
MISC
MISC
electron-userland -- electron-packager
 		electron-packager is a command line tool that packages Electron source code into `.app` and `.exe` packages. along with Electron. The `--strict-ssl` command line option in electron-packager >= 5.2.1 <= 6.0.0 || >=6.0.0 <= 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a man in the middle attack.2018-05-31not yet calculatedCVE-2016-10534
MISC
MISC
ems_software -- ems_master_calendar
 		Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS.2018-06-01not yet calculatedCVE-2018-11628
MISC
MISC

eosio -- eos

An issue was discovered in EOS.IO DAWN 4.2. plugins/net_plugin/net_plugin.cpp does not limit the number of P2P connections from the same source IP address.2018-05-29not yet calculatedCVE-2018-11548
MISC
espruino -- espruino
 		Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Information Disclosure with user crafted input files via a Buffer Overflow or Out-of-bounds Read during syntax parsing of certain for loops in jsparse.c.2018-05-31not yet calculatedCVE-2018-11598
MISC
MISC
MISC
MISC
MISC
espruino -- espruino
 		Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via an Out-of-bounds Read during syntax parsing in which certain height validation is missing in libs/graphics/jswrap_graphics.c.2018-05-31not yet calculatedCVE-2018-11592
MISC
MISC
MISC
espruino -- espruino
 		Espruino before 1.99 allows attackers to cause a denial of service (application crash) and potential Information Disclosure with a user crafted input file via a Buffer Overflow during syntax parsing because strncpy is misused in jslex.c.2018-05-31not yet calculatedCVE-2018-11593
MISC
MISC
MISC
espruino -- espruino
 		Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing of "VOID" tokens in jsparse.c.2018-05-31not yet calculatedCVE-2018-11594
MISC
MISC
MISC
espruino -- espruino
 		Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because a check for '\0' is made for the wrong array element in jsvar.c.2018-05-31not yet calculatedCVE-2018-11596
MISC
MISC
espruino -- espruino
 		Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because of a missing check for stack exhaustion with many '{' characters in jsparse.c.2018-05-31not yet calculatedCVE-2018-11597
MISC
MISC
espruino -- espruino
 		Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Escalation of Privileges with a user crafted input file via a Buffer Overflow during syntax parsing, because strncat is misused.2018-05-31not yet calculatedCVE-2018-11595
MISC
MISC
MISC
MISC
MISC
espruino -- espruino
 		Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via a NULL pointer dereference during syntax parsing. This was addressed by adding validation for a debug trace print statement in jsvar.c.2018-05-31not yet calculatedCVE-2018-11591
MISC
MISC
MISC
espruino -- espruino
 		Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via an integer overflow during syntax parsing. This was addressed by fixing stack size detection on Linux in jsutils.c.2018-05-31not yet calculatedCVE-2018-11590
MISC
MISC
MISC

eversport -- node-unicodetable

unicode loads unicode data downloaded from unicode.org into nodejs. Unicode before 9.0.0 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.2018-05-29not yet calculatedCVE-2016-10578
MISC
exiv2 -- exiv2
 		Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.2018-05-29not yet calculatedCVE-2018-11531
CONFIRM
f5 -- big-ip
 		A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxied traffic, or other potentially sensitive customer data.2018-06-01not yet calculatedCVE-2018-5525
SECTRACK
CONFIRM
f5 -- big-ip
 		Under certain conditions, on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.6.1 HF2-11.6.3.1, virtual servers configured with Client SSL or Server SSL profiles which make use of network hardware security module (HSM) functionality are exposed and impacted by this issue.2018-06-01not yet calculatedCVE-2018-5524
SECTRACK
CONFIRM
f5 -- big-ip
 		On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impacted by this issue.2018-06-01not yet calculatedCVE-2018-5513
SECTRACK
CONFIRM
f5 -- big-ip
 		Under certain conditions, on F5 BIG-IP ASM 13.1.0-13.1.0.5, Behavioral DOS (BADOS) protection may fail during an attack.2018-06-01not yet calculatedCVE-2018-5526
SECTRACK
CONFIRM
f5 -- big-ip
 		Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a "Zip Bomb" attack.2018-06-01not yet calculatedCVE-2017-6153
SECTRACK
CONFIRM
f5 -- big-ip
 		On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS.2018-06-01not yet calculatedCVE-2018-5521
SECTRACK
CONFIRM
f5 -- big-ip
 		On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.2018-06-01not yet calculatedCVE-2018-5523
SECTRACK
SECTRACK
CONFIRM
f5 -- big-ip
 		On F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, when processing DIAMETER transactions with carefully crafted attribute-value pairs, TMM may crash.2018-06-01not yet calculatedCVE-2018-5522
CONFIRM

felixrieseberg -- windows-build-tools

 

windows-build-tools is a module for installing C++ Build Tools for Windows using npm. windows-build-tools versions below 1.0.0 download resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2017-16003
MISC
MISC

fengmk2 -- node-curl

 

httpsync is a port of libcurl to node.js. httpsync downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10614
MISC
fibjs -- fibjs
 		fibjs is a runtime for javascript applictions built on google v8 JS. fibjs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10621
MISC
flif-hub -- flif
 		An issue was discovered in Free Lossless Image Format (FLIF) 0.3. An attacker can trigger a long loop in image_load_pnm in image/image-pnm.cpp.2018-05-28not yet calculatedCVE-2018-11507
MISC
florianholzapfel -- express-restify-mongoose
 		express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send a request for `GET /User?distinct=password` and get all the passwords for all the users in the database, despite the field being set to private. This can be used for other private data if the malicious user knew what was set as private for specific routes.2018-05-31not yet calculatedCVE-2016-10533
MISC
MISC
fortinet -- fortiauthenticator
 		A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator below 5.3.0 versions "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header.2018-05-31not yet calculatedCVE-2018-9186
CONFIRM
fortinet -- fortios
 		An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal.2018-05-25not yet calculatedCVE-2017-14185
BID
CONFIRM

fresc81 -- node-curses

 

curses is bindings for the native curses library, a full featured console IO library. curses downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10615
MISC
gaelb -- massif
 		massif is a Phantomjs fork massif downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10682
MISC
gaoxuyan -- gaoxuyangaoxuyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.2018-05-29not yet calculatedCVE-2017-16153
MISC
MISC

gergelyke -- apk-parser2

 

apk-parser2 is a module which extracts Android Manifest info from an APK file. apk-parser2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10632
MISC
giflib -- giflib
 		The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.2018-05-26not yet calculatedCVE-2018-11490
BID
MISC
giflib -- giflib
 		The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact.2018-05-26not yet calculatedCVE-2018-11489
BID
MISC

giggio -- node-chromedriver

 

Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver before 2.26.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10579
MISC
git -- git
 		In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.2018-05-30not yet calculatedCVE-2018-11233
BID
SECTRACK
MISC
git -- git
 		In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.2018-05-30not yet calculatedCVE-2018-11235
BID
SECTRACK
MISC
MISC
DEBIAN
EXPLOIT-DB
gitlab -- community_edition_and_enterprise_edition
 		An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability.2018-05-31not yet calculatedCVE-2018-10379
CONFIRM
google -- android
 		The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings.2018-05-29not yet calculatedCVE-2018-11544
MISC
google -- android
 		The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.2018-05-26not yet calculatedCVE-2018-11505
MISC
EXPLOIT-DB
graphviz -- graphviz
 		NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.2018-05-30not yet calculatedCVE-2018-10196
CONFIRM
MISC
FEDORA
FEDORA
graylog -- graylog
 		Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js.2018-06-01not yet calculatedCVE-2018-11650
MISC
MISC
graylog -- graylog
 		Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.jsx, components/dashboard/EditDashboardModal.jsx, and pages/ShowDashboardPage.jsx.2018-06-01not yet calculatedCVE-2018-11651
MISC
MISC
greencms -- greencms
 		An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin account via index.php?m=admin&c=access&a=adduserhandle.2018-06-01not yet calculatedCVE-2018-11671
MISC
greencms -- greencms
 		An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to execute arbitrary PHP code via the content parameter to index.php?m=admin&c=media&a=fileconnect.2018-06-01not yet calculatedCVE-2018-11670
MISC

groupon -- selenium-download

 

selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10559
MISC

hakatashi -- kindlegen

 

Kindlegen is a simple Node.js wrapper of the official kindlegen program. Kindlegen versions before 1.1.0 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10575
MISC
hapijs -- hapi
 		Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. Instead of sending a HTTP 500 error back to the sender, hapi node module before 11.1.3 will continue to hold the socket open until timed out (default node timeout is 2 minutes).2018-05-29not yet calculatedCVE-2015-9241
MISC
MISC
MISC
hapijs -- hapi
 		call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call versions 2.0.1-3.0.1 that does not validate empty parameters, which could result in invalid input bypassing the route validation rules.2018-05-31not yet calculatedCVE-2016-10543
MISC
MISC
hapijs -- hapi
 		Hapi versions less than 11.0.0 implement CORS incorrectly and allowed for configurations that at best returned inconsistent headers and at worst allowed cross-origin activities that were expected to be forbidden. If the connection has CORS enabled but one route has it off, and the route is not GET, the OPTIONS prefetch request will return the default CORS headers and then the actual request will go through and return no CORS headers. This defeats the purpose of turning CORS on the route.2018-05-31not yet calculatedCVE-2015-9236
MISC
MISC
MISC
hapijs -- hapi
 		When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have those restrictions overridden by less restrictive defaults (e.g. origin defaults to all origins `*`).2018-05-29not yet calculatedCVE-2015-9243
MISC
MISC

hapijs -- inert

The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when `showHidden` is false.2018-05-29not yet calculatedCVE-2014-10068
MISC
MISC
MISC
haproxy -- haproxy
 		Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.2018-05-25not yet calculatedCVE-2018-11469
BID
CONFIRM
UBUNTU
haxefoundation -- npm-haxe
 		haxe is a cross-platform toolkit haxe downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10602
MISC
hcl -- ivr_systems
 		A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller's physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller's earpiece).2018-05-30not yet calculatedCVE-2018-11518
MISC
MISC
MISC
MISC

headless-browser-lite -- headless-browser-lite

 

headless-browser-lite is a minimal npm installer for phantomjs and slimerjs with no external dependencies. headless-browser-lite downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10625
MISC
hekto -- hekto
 		Open redirect in hekto <=0.2.3 when target domain name is used as html filename on server.2018-06-01not yet calculatedCVE-2018-3743
MISC

hokaccha -- jwt-simple

 

Since "algorithm" isn't enforced in jwt.decode()in jwt-simple 0.3.0 and earlier, a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants.2018-05-31not yet calculatedCVE-2016-10555
MISC
MISC
MISC
MISC
huawei -- espace_desktop
 		There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the eSpace Desktop to hang up, and the function will restore to normal after restarting the eSpace Desktop.2018-06-01not yet calculatedCVE-2018-7976
CONFIRM
huawei -- multiple_smart_phones
 		Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processing of malicious parameters. An attacker may trick a target user into installing a malicious APK and launch attacks using a pre-installed app with specific permissions. Successful exploit could allow the app to send specific parameters to the smart phone driver, which will result in system restart.2018-06-01not yet calculatedCVE-2017-17171
CONFIRM
huawei -- servers
 		The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users.2018-06-01not yet calculatedCVE-2018-7949
CONFIRM
huawei -- servers
 		The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.2018-06-01not yet calculatedCVE-2018-7951
CONFIRM
huawei -- servers
 		The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.2018-06-01not yet calculatedCVE-2018-7950
CONFIRM
hue -- hue
 		Hue 3.12 has XSS via the /pig/save/ name and script parameters.2018-06-01not yet calculatedCVE-2018-11649
MISC
hyperledger -- iroha
 		Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block signature verification bypass in the transaction and block validator allowing a single node to sign a transaction and/or block multiple times, each with a random nonce, and have other validating nodes accept them as separate valid signatures.2018-06-01not yet calculatedCVE-2018-3756
CONFIRM

hypery2k -- galenframework-cli

 

galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-31not yet calculatedCVE-2016-10560
MISC

i18next -- i18next

 

i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but is not. This vulnerability affects i18next 2.0.0 and later.2018-05-29not yet calculatedCVE-2017-16010
MISC
MISC
ibm -- api_connect
 		IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 142430.2018-05-31not yet calculatedCVE-2018-1532
CONFIRM
XF
ibm -- content_navigator
 		IBM Content Navigator 2.0.3, 3.0.0, 3.0.1, 3.0.2, and 3.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141219.2018-05-31not yet calculatedCVE-2018-1496
CONFIRM
XF
ibm -- db2_for_linux_and_unix_and_windows
 		IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140045.2018-05-25not yet calculatedCVE-2018-1450
CONFIRM
XF
ibm -- flashsystem_v840_and_v900_products
 		IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148.2018-05-29not yet calculatedCVE-2018-1495
CONFIRM
CONFIRM
XF
ibm -- security_guardium_big_data_intelligence
 		IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 137767.2018-05-29not yet calculatedCVE-2018-1369
CONFIRM
XF
ibm -- security_guardium_big_data_intelligence
 		IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137777.2018-05-29not yet calculatedCVE-2018-1376
CONFIRM
XF
ibm -- security_guardium_big_data_intelligence
 		IBM Security Guardium Big Data Intelligence (SonarG) 3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 137769.2018-05-29not yet calculatedCVE-2018-1370
CONFIRM
XF
ibm -- security_guardium_big_data_intelligence
 		IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 137776.2018-05-29not yet calculatedCVE-2018-1375
CONFIRM
XF
ibm -- security_guardium_big_data_intelligence
 		IBM Security Guardium Big Data Intelligence (SonarG) 3.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 136471.2018-05-29not yet calculatedCVE-2017-1768
CONFIRM
XF
ibm -- storwize_v7000_unified_management_web_interface
 		The IBM Storwize V7000 Unified management Web interface 1.6 exposes internal cluster details to unauthenticated users. IBM X-Force ID: 140398.2018-05-25not yet calculatedCVE-2018-1467
CONFIRM
BID
XF
ibm -- urbancode_deployIBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547.2018-05-25not yet calculatedCVE-2017-1752
CONFIRM
BID
XF

ibmdb -- node-ibm_db

 

ibm_db is an asynchronous/synchronous interface for node.js to IBM DB2 and IBM Informix. ibm_db before 1.0.2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10577
MISC
MISC
igniteui -- igniteui
 		igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol.2018-05-31not yet calculatedCVE-2016-10552
MISC
imagemagick -- imagemagickIn ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.2018-06-01not yet calculatedCVE-2018-11656
CONFIRM
imagemagick -- imagemagick
 		In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file.2018-05-31not yet calculatedCVE-2018-11624
MISC
imagemagick -- imagemagick
 		In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file.2018-06-01not yet calculatedCVE-2018-11655
CONFIRM
imagemagick -- imagemagick
 		In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file.2018-05-31not yet calculatedCVE-2018-11625
MISC
imsobear -- node-browser
 		node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10618
MISC
install-g-test -- install-g-test
 		install-g-test downloads resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10630
MISC

ipfs -- npm-go-ipfs-dep

 

During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this module and could allow for further compromise.2018-05-31not yet calculatedCVE-2016-10563
MISC
MISC
isaacs -- csrf-lite
 		csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enables an attacker to guess the secret in no more than (16*18)288 guesses, instead of the 16^18 guesses required were the timing attack not present.2018-05-31not yet calculatedCVE-2016-10535
MISC
MISC
isaacs -- minimatch
 		Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter.2018-05-31not yet calculatedCVE-2016-10540
MISC
janpot -- mongodb-instance
 		mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instance downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-31not yet calculatedCVE-2016-10572
MISC
jashkenas -- backbone
 		backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the `Model#Escape` function of backbone 0.3.3 and earlier, if a user is able to supply input. This is due to the regex that's replacing things to miss the conversion of things such as `<` to `<`.2018-05-31not yet calculatedCVE-2016-10537
MISC
MISC

jefflembeck -- pngcrush-installer

 

pngcrush-installer is an installer for Pngcrush. pngcrush-installer versions below 1.8.10 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10570
MISC
jfhbrook -- node-ecstatic
 		Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header.2018-05-29not yet calculatedCVE-2015-9242
MISC
MISC
MISC
jigowatt -- php_login_&_user_management
 		An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt "PHP Login & User Management" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user to upload .php files to the web server via a profile avatar field. This results in arbitrary code execution by requesting the .php file.2018-05-29not yet calculatedCVE-2018-11392
MISC
BUGTRAQ
CONFIRM
jonschlinkert -- remarkable
 		Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content.2018-05-31not yet calculatedCVE-2014-10065
MISC
MISC

jser -- jser-stat

jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10592
MISC
MISC
jshttp -- negotiator
 		negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string.2018-05-31not yet calculatedCVE-2016-10539
MISC

jugglinmike -- selenium-chromedriver

 

selenium-chromedriver is a simple utility for downloading the Selenium Webdriver for Google Chrome selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10624
MISC
jvminstall -- jvminstall
 		jvminstall is a module for downloading and unpacking jvm to local system. jvminstall downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10631
MISC

k-kinzal -- scala-bin

 

scala-bin is a binary wrapper for Scala. scala-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10627
MISC

k-kinzal -- scalajs-standalone-bin

scala-standalone-bin is a Binary wrapper for ScalaJS. scala-standalone-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10634
MISC

karimsa -- pennyworth

 

pennyworth is a natural language templating engine. pennyworth downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10619
MISC
keystonejs -- keystone
 		Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. A correct password is still required to complete sign in.2018-05-29not yet calculatedCVE-2015-9240
MISC

killmag10 -- nodeschnaps

 

nodeschnaps is a NodeJS compatibility layer for Java (Rhino). nodeschnaps downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10622
MISC

koorchik -- node-mystem3

 

mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10626
MISC
kubernetes -- kubernetes
 		In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.2018-06-01not yet calculatedCVE-2018-1002100
CONFIRM
CONFIRM
MISC
legion_of_the_bouncy_castle -- bouncy_castle_jce_providerIn Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.2018-06-01not yet calculatedCVE-2016-1000338
CONFIRM
liblouis -- liblouis
 		Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c.2018-05-30not yet calculatedCVE-2018-11577
MISC
MISC
liblouis -- liblouis
 		Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.2018-05-25not yet calculatedCVE-2018-11440
BID
MISC
libmobi -- libmobi
 		The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file.2018-05-30not yet calculatedCVE-2018-11437
FULLDISC
libmobi -- libmobi
 		The buffer_addraw function in buffer.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.2018-05-30not yet calculatedCVE-2018-11436
FULLDISC
libmobi -- libmobi
 		The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allows remote attackers to cause remote code execution (heap-based buffer overflow) via a crafted mobi file.2018-05-30not yet calculatedCVE-2018-11438
FULLDISC
libmobi -- libmobi
 		The mobi_parse_mobiheader function in read.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.2018-05-30not yet calculatedCVE-2018-11432
FULLDISC
libmobi -- libmobi
 		The mobi_decompress_huffman_internal function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file.2018-05-30not yet calculatedCVE-2018-11435
FULLDISC
libmobi -- libmobi
 		The mobi_get_kf8boundary_seqnumber function in util.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.2018-05-30not yet calculatedCVE-2018-11433
FULLDISC
libmobi -- libmobi
 		The buffer_fill64 function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.2018-05-30not yet calculatedCVE-2018-11434
FULLDISC

liluo -- ipip

 

ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10594
MISC
linux -- linux_kernel
 		The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.2018-05-28not yet calculatedCVE-2018-11508
MISC
BID
MISC
MISC
MISC
linux -- linux_kernel
 		The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call.2018-05-28not yet calculatedCVE-2018-11506
MISC
MISC
MISC
little_cms -- little_cms
 		tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file.2018-05-30not yet calculatedCVE-2018-11556
MISC
MISC
little_cms -- little_cms
 		tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file.2018-05-30not yet calculatedCVE-2018-11555
MISC
MISC
ljharb -- qs
 		The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example, in a web application, other requests would not be processed while this blocking is occurring.2018-05-31not yet calculatedCVE-2014-10064
MISC
lutron_electronics -- multiple_products
 		Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y.2018-06-02not yet calculatedCVE-2018-11681
MISC
lutron_electronics -- multiple_products
 		Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y.2018-06-02not yet calculatedCVE-2018-11682
MISC
lutron_electronics -- multiple_products
 		Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y.2018-06-02not yet calculatedCVE-2018-11629
MISC

macacajs -- macaca-chromedriver

 

macaca-chromedriver-zxa is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver-zxa downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10623
MISC
macacajs -- macaca-chromedriver
 		macaca-chromedriver is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver before 1.0.29 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10586
MISC
mahara -- mahara
 		Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara credentials.2018-06-01not yet calculatedCVE-2018-11195
CONFIRM
CONFIRM
mahara -- mahara
 		Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning the usernames that are already taken by people registered in the system rather than masking that information.2018-05-30not yet calculatedCVE-2018-11565
CONFIRM
CONFIRM
mahara -- mahara
 		Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 can be used as medium to transmit viruses by placing infected files into a Leap2A archive and uploading that to Mahara. In contrast to other ZIP files that are uploaded, ClamAV (when activated) does not check Leap2A archives for viruses, allowing malicious files to be available for download. While files cannot be executed on Mahara itself, Mahara can be used to transfer such files to user computers.2018-06-01not yet calculatedCVE-2018-11196
CONFIRM
CONFIRM
markedjs -- marked
 		marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (`sanitize: true`) to inject a `javascript:` URL. This flaw exists because `&#xNNanything;` gets parsed to what it could and leaves the rest behind, resulting in just `anything;` being left.2018-05-31not yet calculatedCVE-2016-10531
MISC
MISC
MISC
mcafee -- data_loss_prevention_endpoint
 		Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility.2018-05-25not yet calculatedCVE-2018-6664
BID
SECTRACK
CONFIRM
md4c -- md4cmd_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based buffer over-read because md_is_link_label mishandles loop termination.2018-05-29not yet calculatedCVE-2018-11547
MISC
md4c -- md4c
 		md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one error.2018-05-29not yet calculatedCVE-2018-11546
MISC
md4c -- md4c
 		md4c before 0.2.5 has a heap-based buffer overflow because md_split_simple_pairing_mark mishandles splits.2018-05-29not yet calculatedCVE-2018-11536
MISC
md4c -- md4c
 		md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because md_is_link_label mishandles the case of a link label composed solely of backslash escapes.2018-05-29not yet calculatedCVE-2018-11545
MISC
miniupnp -- ngiflib
 		ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in DecodeGifImg.2018-05-30not yet calculatedCVE-2018-11575
MISC
MISC
miniupnp -- ngiflib
 		ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg and LoadGif.2018-06-01not yet calculatedCVE-2018-11657
MISC
miniupnp -- ngiflib
 		GifIndexToTrueColor in ngiflib.c in MiniUPnP ngiflib 0.4 has a Segmentation fault.2018-05-30not yet calculatedCVE-2018-11578
MISC
MISC
miniupnp -- ngiflib
 		ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor.2018-05-30not yet calculatedCVE-2018-11576
MISC
MISC
misp -- misp
 		An issue was discovered in MISP 2.4.91. A vulnerability in app/View/Elements/eventattribute.ctp allows reflected XSS if a user clicks on a malicious link for an event view and then clicks on the deleted attributes quick filter.2018-05-30not yet calculatedCVE-2018-11562
CONFIRM
modx -- revolution
 		MODX Revolution 2.6.3 has XSS.2018-06-01not yet calculatedCVE-2018-10382
CONFIRM
CONFIRM
moodle -- moodleAn issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.2018-05-25not yet calculatedCVE-2018-1133
BID
CONFIRM
moodle -- moodle
 		An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.2018-05-25not yet calculatedCVE-2018-1135
BID
CONFIRM
moodle -- moodle
 		An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL.2018-05-25not yet calculatedCVE-2018-1134
BID
CONFIRM
moodle -- moodle
 		An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users.2018-05-25not yet calculatedCVE-2018-1136
BID
CONFIRM
moodle -- moodle
 		An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.2018-05-25not yet calculatedCVE-2018-1137
BID
CONFIRM
moox -- reduce-css-calc
 		Arbitrary code execution is possible in reduce-css-calc node module <=1.2.4 through crafted css. This makes cross sites scripting (XSS) possible on the client and arbitrary code injection possible on the server and user input is passed to the `calc` function.2018-05-31not yet calculatedCVE-2016-10548
MISC
MISC
mozilla -- nunjucks
 		Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as `name[]=<script>alert(1)</script>`, it is possible to bypass autoescaping and inject content into the DOM.2018-05-31not yet calculatedCVE-2016-10547
MISC
MISC
MISC
mqttjs -- mqtt-packet
 		MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted MQTT packets to crash the application, making a DoS attack feasible with very little bandwidth.2018-05-31not yet calculatedCVE-2016-10523
MISC
MISC
MISC
mybb -- mybb
 		An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. The XSS is located in the mod notes textarea.2018-05-28not yet calculatedCVE-2018-11430
EXPLOIT-DB
mybb -- mybb
 		An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field.2018-05-29not yet calculatedCVE-2018-11532
MISC
EXPLOIT-DB
myscada -- mypro
 		mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010.2018-05-28not yet calculatedCVE-2018-11517
MISC
MISC
mysqljs -- mysqljs
 		mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.2018-05-29not yet calculatedCVE-2017-16047
MISC
mysqljs -- mysql
 		Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.2018-05-29not yet calculatedCVE-2015-9244
MISC
MISC
natus -- xltek_neuroworks_8An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.2018-06-01not yet calculatedCVE-2017-2858
MISC
natus -- xltek_neuroworks_8
 		An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.2018-06-01not yet calculatedCVE-2017-2852
MISC
natus -- xltek_neuroworks_8
 		An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.2018-06-01not yet calculatedCVE-2017-2860
MISC
nch_software -- axon_pbx
 		There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable application.2018-06-01not yet calculatedCVE-2018-11552
FULLDISC
nch_software -- axon_pbx
 		AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file is loaded by 'pbxsetup.exe' improperly.2018-06-01not yet calculatedCVE-2018-11551
FULLDISC
nikto -- nikto
 		CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.2018-06-01not yet calculatedCVE-2018-11652
MISC
node-js-libs -- cli
 		The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.2018-05-31not yet calculatedCVE-2016-10538
MISC
MISC
MISC
node-tkinter -- node-tkinter
 		node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.2018-05-29not yet calculatedCVE-2017-16062
MISC
nodeca -- embedza
 		embedza is a module to create HTML snippets/embeds from URLs using info from oEmbed, Open Graph, meta tags. embedza versions below 1.2.4 download JavaScript resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server.2018-05-31not yet calculatedCVE-2016-10569
MISC
ntfserver -- ntfserver
 		ntfserver is a Network Testing Framework Server. ntfserver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10650
MISC
nuuo -- nvrmini_2_devices
 		upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files.2018-05-29not yet calculatedCVE-2018-11523
MISC
EXPLOIT-DB

nwjs -- nw

 

nw is an installer for nw.js. nw downloads zipped resources over HTTP, It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10588
MISC
oliversalzburg -- i18n-node-angular
 		i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of Service or content injection.2018-05-31not yet calculatedCVE-2016-10524
MISC
MISC

omphalos -- crud-file-server

 

crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path.2018-05-29not yet calculatedCVE-2018-3733
MISC
MISC
openframeproject -- openframe-glslviewer
 		openframe-glsviewer is a Openframe extension which adds support for shaders via glslViewer. openframe-glsviewer downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10607
MISC
openframeproject -- openframe-image
 		openframe-image is an Openframe extension which adds support for images via fbi. openframe-image downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10616
MISC

openlayers -- closure-util

 

closure-utils is Utilities for Closure Library based projects. closure-utils downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10583
MISC
pdf-image -- pdf-image
 		Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter.2018-06-01not yet calculatedCVE-2018-3757
CONFIRM
MISC
pdfinfojs -- pdfinfojs
 		The pdfinfojs NPM module versions <= 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine.2018-06-01not yet calculatedCVE-2018-3746
MISC
phpscriptsmall.com -- naukri_clone_script
 		PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dangerous Type in edit_resume_det.php, as demonstrated by changing .docx to .php.2018-05-28not yet calculatedCVE-2018-11514
MISC
poco -- poco
 		poco - The POCO libraries, downloads source file resources used for compilation over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10659
MISC
pouchdb -- pouchdb
 		An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands.2018-05-31not yet calculatedCVE-2016-10546
MISC
probablycorey -- atom-node-module-installer
 		atom-node-module-installer installs node modules for atom-shell applications. atom-node-module-installer binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10620
MISC
pulpiks -- node-mystem
 		mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10698
MISC

putaoshu -- jdf-sass

 

jdf-sass is a fork from node-sass, jdf use only. jdf-sass downloads executable resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested file with an attacker controlled file if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10595
MISC
quest -- dr_series_disk_backupQuest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 29 of 46).2018-06-01not yet calculatedCVE-2018-11171
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 21 of 46).2018-06-01not yet calculatedCVE-2018-11163
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 23 of 46).2018-06-01not yet calculatedCVE-2018-11165
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 24 of 46).2018-06-01not yet calculatedCVE-2018-11166
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 25 of 46).2018-06-01not yet calculatedCVE-2018-11167
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 22 of 46).2018-06-01not yet calculatedCVE-2018-11164
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 20 of 46).2018-06-01not yet calculatedCVE-2018-11162
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 18 of 46).2018-06-01not yet calculatedCVE-2018-11160
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 19 of 46).2018-06-01not yet calculatedCVE-2018-11161
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 26 of 46).2018-06-01not yet calculatedCVE-2018-11168
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 27 of 46).2018-06-01not yet calculatedCVE-2018-11169
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 33 of 46).2018-06-01not yet calculatedCVE-2018-11175
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 34 of 46).2018-06-01not yet calculatedCVE-2018-11176
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 32 of 46).2018-06-01not yet calculatedCVE-2018-11174
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 31 of 46).2018-06-01not yet calculatedCVE-2018-11173
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 28 of 46).2018-06-01not yet calculatedCVE-2018-11170
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 30 of 46).2018-06-01not yet calculatedCVE-2018-11172
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 17 of 46).2018-06-01not yet calculatedCVE-2018-11159
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 16 of 46).2018-06-01not yet calculatedCVE-2018-11158
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 6 of 46).2018-06-01not yet calculatedCVE-2018-11148
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 7 of 46).2018-06-01not yet calculatedCVE-2018-11149
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 5 of 46).2018-06-01not yet calculatedCVE-2018-11147
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 4 of 46).2018-06-01not yet calculatedCVE-2018-11146
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 1 of 46).2018-06-01not yet calculatedCVE-2018-11143
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 3 of 46).2018-06-01not yet calculatedCVE-2018-11145
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 8 of 46).2018-06-01not yet calculatedCVE-2018-11150
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 9 of 46).2018-06-01not yet calculatedCVE-2018-11151
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 14 of 46).2018-06-01not yet calculatedCVE-2018-11156
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 15 of 46).2018-06-01not yet calculatedCVE-2018-11157
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 13 of 46).2018-06-01not yet calculatedCVE-2018-11155
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 12 of 46).2018-06-01not yet calculatedCVE-2018-11154
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 10 of 46).2018-06-01not yet calculatedCVE-2018-11152
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 11 of 46).2018-06-01not yet calculatedCVE-2018-11153
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 35 of 46).2018-06-01not yet calculatedCVE-2018-11177
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 2 of 46).2018-06-01not yet calculatedCVE-2018-11144
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 46 of 46).2018-06-01not yet calculatedCVE-2018-11188
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 45 of 46).2018-06-01not yet calculatedCVE-2018-11187
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 43 of 46).2018-06-01not yet calculatedCVE-2018-11185
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 42 of 46).2018-06-01not yet calculatedCVE-2018-11184
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of 6).2018-06-01not yet calculatedCVE-2018-11189
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6).2018-06-01not yet calculatedCVE-2018-11190
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6).2018-06-01not yet calculatedCVE-2018-11194
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6).2018-06-01not yet calculatedCVE-2018-11193
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6).2018-06-01not yet calculatedCVE-2018-11192
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6).2018-06-01not yet calculatedCVE-2018-11191
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 41 of 46).2018-06-01not yet calculatedCVE-2018-11183
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 44 of 46).2018-06-01not yet calculatedCVE-2018-11186
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 39 of 46).2018-06-01not yet calculatedCVE-2018-11181
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 37 of 46).2018-06-01not yet calculatedCVE-2018-11179
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 36 of 46).2018-06-01not yet calculatedCVE-2018-11178
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 40 of 46).2018-06-01not yet calculatedCVE-2018-11182
MISC
FULLDISC
MISC
quest -- dr_series_disk_backup
 		Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 38 of 46).2018-06-01not yet calculatedCVE-2018-11180
MISC
FULLDISC
MISC
quest -- kace_system_management_appliance
 		The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks.2018-05-31not yet calculatedCVE-2018-11135
MISC
quest -- kace_system_management_appliance
 		The 'reportID' parameter received by the '/common/run_report.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, an error-based type).2018-05-31not yet calculatedCVE-2018-11140
MISC
quest -- kace_system_management_appliance
 		The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. This script is vulnerable to command injection via the unsanitized user input 'TEST_SERVER' sent to the script via the POST method.2018-05-31not yet calculatedCVE-2018-11139
MISC
quest -- kace_system_management_appliance
 		The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.2018-05-31not yet calculatedCVE-2018-11138
MISC
quest -- kace_system_management_appliance
 		The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, a blind time-based type).2018-05-31not yet calculatedCVE-2018-11136
MISC
quest -- kace_system_management_appliance
 		The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script.2018-05-31not yet calculatedCVE-2018-11137
MISC
quest -- kace_system_management_appliance
 		In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue managed that runs with root privileges and only allows a set of commands. One of the available commands allows changing any user's password (including root). A low-privilege user could abuse this feature by changing the password of the 'kace_support' account, which comes disabled by default but has full sudo privileges.2018-05-31not yet calculatedCVE-2018-11134
MISC
quest -- kace_system_management_appliance
 		In order to perform actions that require higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue that runs daemonized with root privileges and only allows a set of commands to be executed. A command injection vulnerability exists within this message queue which allows low-privilege users to append arbitrary commands that will be run as root.2018-05-31not yet calculatedCVE-2018-11132
MISC
quest -- kace_system_management_appliance
 		The 'fmt' parameter of the '/common/run_cross_report.php' script in the the Quest KACE System Management Appliance 8.0.318 is vulnerable to cross-site scripting.2018-05-31not yet calculatedCVE-2018-11133
MISC
quest -- kace_system_management_appliance
 		The 'systemui/settings_network.php' and 'systemui/settings_patching.php' scripts in the Quest KACE System Management Appliance 8.0.318 are accessible only from localhost. This restriction can be bypassed by modifying the 'Host' and 'X_Forwarded_For' HTTP headers in a POST request. An anonymous user can abuse this vulnerability to execute critical functions without authorization.2018-05-31not yet calculatedCVE-2018-11142
MISC
quest -- kace_system_management_appliance
 		The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be at any location where the 'www' user has write permissions.2018-05-31not yet calculatedCVE-2018-11141
MISC
ralphbean -- ansi2html
 		ansi2html is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in.2018-05-31not yet calculatedCVE-2015-9239
MISC

redien -- limbus-buildgen

 

limbus-buildgen is a "build anywhere" build system. limbus-buildgen versions below 0.1.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10674
MISC
riot -- compiler
 		The riot-compiler version version 2.3.21 has an issue in a regex (Catastrophic Backtracking) thats make it unusable under certain conditions.2018-05-31not yet calculatedCVE-2016-10527
MISC
MISC

robot -- robot-js

robot-js is a module for native system automation for node.js. robot-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10608
MISC
robotwebtools -- groslibjs
 		roslib-socketio - The standard ROS Javascript Library fork for add support to socket.io roslib-socketio downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10681
MISC
rondaful -- m1_wristband_smart_band_1_devices
 		Rondaful M1 Wristband Smart Band 1 devices allow remote attackers to send an arbitrary number of call or SMS notifications via crafted Bluetooth Low Energy (BLE) traffic.2018-05-31not yet calculatedCVE-2018-11631
MISC

rse -- node-prince

 

Prince is a Node API for executing XML/HTML to PDF renderer PrinceXML via prince(1) CLI. prince downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10591
MISC

rubenv -- apk-parser

 

apk-parser is a tool to extract Android Manifest info from an APK file. apk-parser versions below 0.1.6 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-31not yet calculatedCVE-2016-10564
MISC
ruckus -- icx7450-48_devices
 		A reflected XSS vulnerability on Ruckus ICX7450-48 devices allows remote attackers to inject arbitrary web script or HTML.2018-05-29not yet calculatedCVE-2018-11027
BUGTRAQ
ruckus -- smartzone
 		Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3.5.1, 3.6.0, and 3.6.1 (Essentials and High Scale) on vSZ, SZ-100, SZ-300, and SCG-200 devices allows remote attackers to obtain sensitive information or modify data.2018-05-31not yet calculatedCVE-2018-11036
MISC
samsung -- s7_edge_device
 		A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463.2018-05-29not yet calculatedCVE-2018-10751
MISC
CONFIRM
EXPLOIT-DB
schedmd -- slurm
 		SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields).2018-05-30not yet calculatedCVE-2018-10995
MISC
MISC
seacms -- seacms
 		SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter.2018-05-30not yet calculatedCVE-2018-11583
MISC
searchblox -- searchblox
 		servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.2018-06-01not yet calculatedCVE-2018-11538
MISC
MISC
EXPLOIT-DB
sela -- sela
 		SELA (aka SimplE Lossless Audio) v0.1.2-alpha has a stack-based buffer overflow in the core/apev2.c init_apev2_keys function.2018-05-31not yet calculatedCVE-2018-11626
MISC

selenium-standalone-painful -- selenium-standalone-painful

selenium-standalone-painful installs a start-selenium command line to start a standalone selenium server with chrome-driver. selenium-standalone-painful downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10679
MISC
sequelize -- sequelize
 		sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier.2018-05-31not yet calculatedCVE-2016-10553
MISC
MISC
sequelize -- sequelize
 		sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escaping.2018-05-31not yet calculatedCVE-2016-10554
MISC
MISC
sequelize -- sequelize
 		sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the `limit` or `order` parameters, a malicious user can put in their own SQL statements. This affects sequelize 3.16.0 and earlier.2018-05-31not yet calculatedCVE-2016-10550
MISC
MISC
sequelize -- sequelize
 		sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This causes potential SQL injection in sequelize 3.19.3 and earlier, where a malicious user could put `["test", "'); DELETE TestTable WHERE Id = 1 --')"]` inside of ``` database.query('SELECT * FROM TestTable WHERE Name IN (:names)', { replacements: { names: directCopyOfUserInput } }); ``` and cause the SQL statement to become `SELECT Id FROM Table WHERE Name IN ('test', '\'); DELETE TestTable WHERE Id = 1 --')`. In Postgres, MSSQL, and SQLite, the backslash has no special meaning. This causes the the statement to delete whichever Id has a value of 1 in the TestTable table.2018-05-29not yet calculatedCVE-2016-10556
MISC
MISC
serve -- serve
 		Information exposure through directory listings in serve 6.5.3 allows directory listing and file access even when they have been set to be ignored.2018-06-01not yet calculatedCVE-2018-3809
MISC
sexstatic -- sexstatic
 		XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name.2018-06-01not yet calculatedCVE-2018-3755
MISC

shama -- nodewebkit

 

nodewebkit is an installer for node-webkit. nodewebkit downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10580
MISC
silverwind -- droppy
 		Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under his control and delete others.2018-05-31not yet calculatedCVE-2016-10529
MISC
sinatra -- sinatra
 		Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.2018-05-31not yet calculatedCVE-2018-11627
MISC
MISC
sitemakin -- site_login_and_access_control
 		An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. The parameter "my_item_search" in users.php is exploitable using SQL injection.2018-05-29not yet calculatedCVE-2018-11535
MISC
EXPLOIT-DB
socketio -- engine.io-client
 		engine.io-client is the client for engine.io, the implementation of a transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. The vulnerability is related to the way that node.js handles the `rejectUnauthorized` setting. If the value is something that evaluates to false, certificate verification will be disabled. This is problematic as engine.io-client 1.6.8 and earlier passes in an object for settings that includes the rejectUnauthorized property, whether it has been set or not. If the value has not been explicitly changed, it will be passed in as `null`, resulting in certificate verification being turned off.2018-05-31not yet calculatedCVE-2016-10536
MISC
MISC
MISC

spunjs -- selenium-binaries

 

selenium-binaries downloads Selenium related binaries for your OS. selenium-binaries downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10589
MISC
stattic -- stattic
 		stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path.2018-05-29not yet calculatedCVE-2018-3734
MISC
strider-cd -- strider-sauce
 		strider-sauce is Sauce Labs / Selenium support for Strider. strider-sauce downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10611
MISC
strongswan -- strongswan
 		In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.2018-05-31not yet calculatedCVE-2018-5388
CERT-VN
BID
CONFIRM
substack -- shell-quote
 		The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ">" and "<" operator used for redirection in shell. Applications that depend on shell-quote may also be vulnerable. A malicious user could perform code injection.2018-05-31not yet calculatedCVE-2016-10541
MISC
sudo -- sudo
 		sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.2018-05-29not yet calculatedCVE-2016-7076
REDHAT
BID
CONFIRM
CONFIRM

swangful -- chromedriver126

 

chromedriver126 is chromedriver version 1.26 for linux OS. chromedriver126 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10609
MISC
symantec -- advanced_secure_gateway_and_proxysg
 		Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles.2018-05-29not yet calculatedCVE-2018-5241
BID
SECTRACK
CONFIRM
synology -- drive
 		Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or folders via unspecified vectors.2018-06-01not yet calculatedCVE-2018-8922
CONFIRM
synology -- drive
 		Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.2018-06-01not yet calculatedCVE-2018-8921
CONFIRM
taglib -- taglib
 		The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.2018-05-30not yet calculatedCVE-2018-11439
FULLDISC

the_sails_company -- sails

 

Sails is an MVC style framework for building realtime web applications. Version 0.12.7 and lower have an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This would allow an attacker to make AJAX requests to vulnerable hosts through cross site scripting or a malicious HTML Document, effectively bypassing the Same Origin Policy. Note that this is only an issue when `allRoutes` is set to `true` and `origin` is set to `*` or left commented out in the sails CORS config file. The problem can be compounded when the cors `credentials` setting is not provided. At that point authenticated cross domain requests are possible.2018-05-31not yet calculatedCVE-2016-10549
MISC
MISC
MISC
the_sails_company -- waterline-sequel
 		waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's `like`, `contains`, `startsWith`, or `endsWith` will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in waterline-sequel 0.50 that will get executed and have full access to the database.2018-05-29not yet calculatedCVE-2016-10551
MISC
MISC
tkinter -- tkinter
 		tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.2018-05-29not yet calculatedCVE-2017-16061
MISC

tobli -- baryton-saxophone

 

baryton-saxophone is a module to install and launch Selenium Server for Mac, Linux and Windows. baryton-saxophone versions below 3.0.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10573
MISC

toni89 -- nw-with-arm

 

nw-with-arm is a NW Installer including ARM-Build. nw-with-arm downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10629
MISC
tp-link -- ipc_tl-ipc223(p)-6_and_tl-ipc323k-d_and_tl-ipc325(kp)-*_and_tl-ipc40a-4_devices
 		TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters.2018-05-30not yet calculatedCVE-2018-11481
MISC
tp-link -- ipc_tl-ipc223(p)-6_and_tl-ipc323k-d_and_tl-ipc325(kp)-*_and_tl-ipc40a-4_devices
 		/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password.2018-05-30not yet calculatedCVE-2018-11482
MISC
tschaub -- grunt-gh-pages
 		A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly available then the credentials should be considered compromised.2018-05-31not yet calculatedCVE-2016-10526
MISC
MISC
ubuntu -- ubuntu
 		Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc/<global pid>/ does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc/<global pid>/ does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, and 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17.2018-05-31not yet calculatedCVE-2018-6552
UBUNTU

unetworking -- uwebsockets

uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data will then inflate up to 256mb and crash the node process by exceeding V8's maximum string size. This affects uws >=0.10.0 <=0.10.8.2018-05-31not yet calculatedCVE-2016-10544
MISC
MISC
unisys -- stealth_solution
 		In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth Solution, an encryption key may be left in memory.2018-05-30not yet calculatedCVE-2018-7534
CONFIRM

uxebu -- webdrvr

 

webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver / IEDriver / IOSDriver / Ghostdriver. webdrvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10601
MISC
vadimdemedes -- secure-compare
 		secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, meaning the check passed for any two strings of the same length.2018-05-31not yet calculatedCVE-2015-9238
MISC
MISC
vgate -- icar_2_wifi_obd2_dongle_devices
 		An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The dongle opens an unprotected wireless LAN that cannot be configured with encryption or a password. This enables anyone within the range of the WLAN to connect to the network without authentication.2018-05-30not yet calculatedCVE-2018-11476
FULLDISC
MISC
vgate -- icar_2_wifi_obd2_dongle_devices
 		An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The OBD port is used to receive measurement data and debug information from the car. This on-board diagnostics feature can also be used to send commands to the car (different for every vendor / car product line / car). No authentication is needed, which allows attacks from the local Wi-Fi network.2018-05-30not yet calculatedCVE-2018-11478
FULLDISC
MISC
vgate -- icar_2_wifi_obd2_dongle_devices
 		An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The data packets that are sent between the iOS or Android application and the OBD dongle are not encrypted. The combination of this vulnerability with the lack of wireless network protection exposes all transferred car data to the public.2018-05-30not yet calculatedCVE-2018-11477
FULLDISC
MISC
videolan -- vlc_media_player
 		The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file.2018-05-28not yet calculatedCVE-2018-11516
MISC
BID

vmolsa -- webrtc-native

 

webrtc-native uses WebRTC from chromium project. webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10600
MISC
vmware -- horizon_client_for_linux
 		VMware Horizon Client for Linux (4.x before 4.8.0 and prior) contains a local privilege escalation vulnerability due to insecure usage of SUID binary. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on a Linux machine where Horizon Client is installed.2018-05-29not yet calculatedCVE-2018-6964
BID
SECTRACK
CONFIRM

vseryakov --- backendjs

 

bkjs-wand is imagemagick wand support for node.js and backendjs bkjs-wand versions lower than 0.3.2 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-31not yet calculatedCVE-2016-10571
MISC

wasdk -- wasdk

 

wasdk is a toolkit for creating WebAssembly modules. wasdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10587
MISC
websockets -- ws
 		A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but internally ws always transforms all data that we need to send to a Buffer instance and that is where the vulnerability existed. ws didn't do any checks for the type of data it was sending. With buffers in node when you allocate it when a number instead of a string it will allocate the amount of bytes.2018-05-31not yet calculatedCVE-2016-10518
MISC
MISC
MISC
websockets -- ws
 		ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.2018-05-31not yet calculatedCVE-2016-10542
MISC
MISC
webtorrent -- bittorrent-dht
 		A security issue was found in bittorrent-dht before 5.1.3 that allows someone to send a specific series of messages to a listening peer and get it to reveal internal memory.2018-05-31not yet calculatedCVE-2016-10519
MISC
MISC
wordpress -- wordpress
 		The wpForo plugin through 2018-02-05 for WordPress has SQL Injection via a search with the /forum/ wpfo parameter.2018-05-28not yet calculatedCVE-2018-11515
MISC
MISC
wordpress -- wordpress
 		class-woo-banner-management.php in the MULTIDOTS WooCommerce Category Banner Management plugin 1.1.0 for WordPress has an Unauthenticated Settings Change Vulnerability, related to certain wp_ajax_nopriv_ usage. Anyone can change the plugin's setting by simply sending a request with a wbm_save_shop_page_banner_data action.2018-05-30not yet calculatedCVE-2018-11579
MISC
MISC
wordpress -- wordpress
 		The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. It allows an attacker to inject malicious JavaScript code on the WooCommerce -> Orders admin page. The attack is possible by modifying the "referral_site" cookie to have an XSS payload, and placing an order.2018-06-01not yet calculatedCVE-2018-11485
MISC
wordpress -- wordpress
 		An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings. The function woo_checkout_settings_page in the file class-woo-checkout-for-digital-goods-admin.php doesn't do any check against wp-admin/admin-post.php Cross-site request forgery (CSRF) and user capabilities.2018-05-31not yet calculatedCVE-2018-11633
MISC
MISC
wordpress -- wordpress
 		Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for WordPress because of insufficient input sanitization, as demonstrated by the s parameter. In some (but not all) cases, the '<' and '>' characters have &lt; and &gt; representations.2018-05-30not yet calculatedCVE-2018-11568
MISC
wordpress -- wordpress
 		An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting (XSS) vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CSS textarea field, which will be loaded on every site page.2018-06-01not yet calculatedCVE-2018-11486
MISC
wordpress -- wordpress
 		An issue was discovered in mass-pages-posts-creator.php in the MULTIDOTS Mass Pages/Posts Creator plugin 1.2.2 for WordPress. Any logged in user can launch Mass Pages/Posts creation with custom content. There is no nonce or user capability check, so anyone can launch a DoS attack against a site and create hundreds of thousands of posts with custom content.2018-05-30not yet calculatedCVE-2018-11580
MISC
MISC
wordpress -- wordpress
 		Blind SQL injection in coupon_code in the MemberMouse plugin 2.2.8 and prior for WordPress allows an unauthenticated attacker to dump the WordPress MySQL database via an applyCoupon action in an admin-ajax.php request.2018-05-28not yet calculatedCVE-2018-11309
MISC
wordpress -- wordpress
 		An issue was discovered in the MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugin 1.0.8 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings via wp-admin/admin-post.php CSRF. There's no nonce or capability check in the whatsapp_share_setting_add_update() function.2018-05-31not yet calculatedCVE-2018-11632
MISC
MISC
wuzhi_cms -- wuzhi_cms
 		WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI.2018-05-29not yet calculatedCVE-2018-11528
MISC
wuzhi_cms -- wuzhi_cms
 		An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring.2018-05-29not yet calculatedCVE-2018-11549
MISC

yannicked -- node-cue-sdk

 

cue-sdk-node is a Corsair Cue SDK wrapper for node.js. cue-sdk-node downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10590
MISC
yiban – easy_class_education_platform
 		YIBAN Easy class education platform 2.0 has XSS via the articlelist.php k parameter.2018-05-30not yet calculatedCVE-2018-11557
MISC
yootheme -- pagekit_cms
 		Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/poc.svg" that will point to http://localhost/pagekit/storage/poc.svg. When a user comes along to click that link, it will trigger a XSS attack.2018-06-01not yet calculatedCVE-2018-11564
MISC
MISC
yosoro -- yosoro
 		Yosoro 1.0.4 has stored XSS.2018-06-01not yet calculatedCVE-2018-11522
MISC
CONFIRM
EXPLOIT-DB

zazukoians -- fuseki

 

Fuseki server wrapper and management API in fuseki before 1.0.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10576
MISC

zertz -- unicode-json

 

unicode-json is a unicode lookup table. unicode-json before 2.0.0 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10610
MISC

zhao0 -- node-apk-parser3

 

apk-parser3 is a module to extract Android Manifest info from an APK file. apk-parser3 versions before 0.1.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10574
MISC
zimbra -- zimbra_collaboration_suite
 		Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token.2018-05-30not yet calculatedCVE-2015-7610
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
zimbra -- zimbra_collaboration_suite
 		Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group.2018-05-30not yet calculatedCVE-2018-10939
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
zoho -- manageengine_adaudit_plusZoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection.2018-05-29not yet calculatedCVE-2018-10466
CONFIRM

zuker -- box2d-native

 

box2d-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10617
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.