Vulnerability Summary for the Week of September 3, 2018
Released
Sep 10, 2018
Document ID
SB18-253
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no high vulnerabilities recorded this week. | ||||
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no medium vulnerabilities recorded this week. | ||||
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no low vulnerabilities recorded this week. | ||||
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| absolute_software -- ctes_windows_agent | An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security permissions on the %ProgramData%\CTES folder and sub-folders may allow write access to low-privileged user accounts. This allows unauthorized replacement of service program executable (EXE) or dynamically loadable library (DLL) files, causing elevated (SYSTEM) user access. Configuration control files or data files under this folder could also be similarly modified to affect service process behavior. | 2018-09-08 | not yet calculated | CVE-2018-16715 CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a Cross-site Scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2018-09-06 | not yet calculated | CVE-2018-5005 BID SECTRACK CONFIRM |
| adrenaline -- hrms | A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4.0 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the flexiportal/GeneralInfo.aspx strAction parameter. | 2018-09-06 | not yet calculated | CVE-2018-12234 MISC |
| amcrest -- networked_devices | Amcrest networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation, as demonstrated by Amcrest_IPC-HX1X3X-LEXUS_Eng_N_AMCREST_V2.420.AC01.3.R.20180206. | 2018-09-05 | not yet calculated | CVE-2018-16546 MISC |
| antenna_house -- dmc_htmlfilter | An exploitable heap corruption vulnerability exists in the Txo functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS file to trigger this vulnerability. | 2018-09-07 | not yet calculated | CVE-2017-2795 MISC |
| antenna_house -- dmc_htmlfilter | An exploitable heap corruption vulnerability exists in the iBldDirInfo functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can provide a malicious xls file to trigger this vulnerability. | 2018-09-07 | not yet calculated | CVE-2017-2792 MISC |
| artifex -- ghostscript | In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. | 2018-09-05 | not yet calculated | CVE-2018-16541 MISC MISC MISC DEBIAN |
| artifex -- ghostscript | In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. | 2018-09-05 | not yet calculated | CVE-2018-16542 MISC MISC MISC DEBIAN |
| artifex -- ghostscript | An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. | 2018-09-06 | not yet calculated | CVE-2018-16585 MISC MISC MISC DEBIAN |
| artifex -- ghostscript | In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact. | 2018-09-05 | not yet calculated | CVE-2018-16513 MISC MISC MISC DEBIAN |
| artifex -- ghostscript | In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact. | 2018-09-05 | not yet calculated | CVE-2018-16540 MISC MISC MISC DEBIAN |
| artifex -- ghostscript | In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable. | 2018-09-05 | not yet calculated | CVE-2018-16539 MISC MISC MISC DEBIAN |
| artifex -- ghostscript | An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. | 2018-09-05 | not yet calculated | CVE-2018-16511 MISC MISC MISC MISC DEBIAN |
| artifex -- ghostscript | In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an unspecified impact. | 2018-09-05 | not yet calculated | CVE-2018-16543 MISC MISC DEBIAN |
| artifex -- ghostscript | An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact. | 2018-09-05 | not yet calculated | CVE-2018-16510 MISC MISC MISC |
| artifex -- ghostscript | An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. | 2018-09-05 | not yet calculated | CVE-2018-16509 MISC MISC MISC CONFIRM MISC MISC MISC |
| artifex -- mupdf | In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow. | 2018-09-06 | not yet calculated | CVE-2018-16648 MISC |
| artifex -- mupdf | In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file. | 2018-09-06 | not yet calculated | CVE-2018-16647 MISC |
| asus -- wl-330nul_firmware | Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 2018-09-07 | not yet calculated | CVE-2018-0647 JVN MISC |
| auracms -- auracms | An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic. | 2018-09-02 | not yet calculated | CVE-2018-16338 MISC |
| baigo -- cms | An issue was discovered in baigo CMS v2.1.1. There is an index.php?m=article&c=request CSRF that can cause publication of any article. | 2018-09-04 | not yet calculated | CVE-2018-16458 MISC |
| baijiacms -- baijiacms | An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request. | 2018-09-08 | not yet calculated | CVE-2018-16724 MISC |
| baijiacms -- biajiacms | An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClipboard.swf id parameter, aka "Non-standard use of the flash component." | 2018-09-08 | not yet calculated | CVE-2018-16725 MISC |
| bit_part -- mtappjquery | MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors. | 2018-09-07 | not yet calculated | CVE-2018-0645 JVN CONFIRM CONFIRM |
| bluecms -- bluecms | BlueCMS 1.6 allows SQL Injection via the user_name parameter to uploads/user.php?act=index_login. | 2018-09-03 | not yet calculated | CVE-2018-16432 MISC |
| btiteam -- xbtit | An issue was discovered in BTITeam XBTIT 2.5.4. The "act" parameter in the sign-up page available at /index.php?page=signup is vulnerable to reflected cross-site scripting. | 2018-09-05 | not yet calculated | CVE-2018-15678 CONFIRM MISC |
| btiteam -- xbtit | An issue was discovered in BTITeam XBTIT. PHP error logs are stored in an open directory (/include/logs) using predictable file names, which can lead to full path disclosure and leakage of sensitive data. | 2018-09-05 | not yet calculated | CVE-2018-15684 MISC |
| btiteam -- xbtit | An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS via the id parameter. | 2018-09-05 | not yet calculated | CVE-2018-16361 CONFIRM MISC |
| btiteam -- xbtit | An issue was discovered in BTITeam XBTIT 2.5.4. The "keywords" parameter in the search function available at /index.php?page=forums&action=search is vulnerable to reflected cross-site scripting. | 2018-09-05 | not yet calculated | CVE-2018-15679 CONFIRM MISC |
| btiteam -- xbtit | An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtit_users table are stored as unsalted MD5 hashes, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. | 2018-09-05 | not yet calculated | CVE-2018-15680 MISC |
| btiteam -- xbtit | An issue was discovered in BTITeam XBTIT. By using String.replace and eval, it is possible to bypass the includes/crk_protection.php anti-XSS mechanism that looks for a number of dangerous fingerprints. | 2018-09-05 | not yet calculated | CVE-2018-15676 MISC |
| btiteam -- xbtit | An issue was discovered in BTITeam XBTIT. The "returnto" parameter of the login page is vulnerable to an open redirect due to a lack of validation. If a user is already logged in when accessing the page, they will be instantly redirected. | 2018-09-05 | not yet calculated | CVE-2018-15683 MISC |
| btiteam -- xbtit | An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site request forgery protection, it is possible to automate the action of sending private messages to users by luring an authenticated user to a web page that automatically submits a form on their behalf. | 2018-09-05 | not yet calculated | CVE-2018-15682 MISC |
| btiteam -- xbtit | The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF. | 2018-09-05 | not yet calculated | CVE-2018-15677 CONFIRM MISC |
| btiteam -- xbtit | An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the "pass" cookie, which is not flagged as HTTPOnly. Due to the weak and predictable salt that is in place, an attacker who successfully steals this cookie can efficiently brute-force it to retrieve the user's cleartext password. | 2018-09-05 | not yet calculated | CVE-2018-15681 MISC |
| canon_it_solutions -- multiple_products | Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-09-07 | not yet calculated | CVE-2018-0649 JVN CONFIRM |
| chatwork -- desktop_app_for_windows | Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-09-07 | not yet calculated | CVE-2018-0648 JVN MISC |
| chemcms -- chem_cms | ChemCMS 1.0.6 has XSS via the "setting -> website information" field. | 2018-09-02 | not yet calculated | CVE-2018-16346 MISC |
| contiki_ng -- contiki_ng | An issue was discovered in Contiki-NG through 4.1. There is a buffer over-read in lookup in os/storage/antelope/lvm.c while parsing AQL (lvm_register_variable, lvm_set_variable_value, create_intersection, create_union). | 2018-09-07 | not yet calculated | CVE-2018-16667 MISC |
| contiki_ng -- contiki_ng | An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow while parsing AQL in lvm_shift_for_operator in os/storage/antelope/lvm.c. | 2018-09-07 | not yet calculated | CVE-2018-16665 MISC |
| contiki_ng -- contiki_ng | An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in next_string in os/storage/antelope/aql-lexer.c while parsing AQL (parsing next string). | 2018-09-07 | not yet calculated | CVE-2018-16666 MISC |
| contiki_ng -- contiki_ng | An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow in lvm_set_type in os/storage/antelope/lvm.c while parsing AQL (lvm_set_op, lvm_set_relation, lvm_set_operand). | 2018-09-07 | not yet calculated | CVE-2018-16664 MISC |
| contiki_ng -- contiki_ng | An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in parse_relations in os/storage/antelope/aql-parser.c while parsing AQL (storage of relations). | 2018-09-07 | not yet calculated | CVE-2018-16663 MISC |
| contronics -- homeputer_cl_studio_fur_homematic | Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack. | 2018-09-07 | not yet calculated | CVE-2017-17691 MISC |
| craftedweb -- craftedweb | CraftedWeb through 2013-09-24 has reflected XSS via the p parameter. | 2018-09-04 | not yet calculated | CVE-2018-16450 MISC |
| creme -- crm | An XSS issue was discovered in CremeCRM 1.6.12. It is affected by 10 stored Cross-Site Scripting (XSS) vulnerabilities in the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters in the contact creation and modification page. The payload is stored within the application database and allows the execution of JavaScript code each time a client visit an infected page. | 2018-09-07 | not yet calculated | CVE-2018-9283 MISC |
| creme -- crm | An issue was discovered in Creme CRM 1.6.12. The value of the cancel button uses the content of the HTTP Referer header, and could be used to trick a user into visiting a fake login page in order to steal credentials. | 2018-09-07 | not yet calculated | CVE-2018-14398 MISC |
| creme -- crm | An issue was discovered in Creme CRM 1.6.12. The salesman creation page is affected by 10 stored cross-site scripting vulnerabilities involving the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters. | 2018-09-07 | not yet calculated | CVE-2018-14396 MISC |
| creme -- crm | An issue was discovered in Creme CRM 1.6.12. The organization creation page is affected by 9 stored cross-site scripting vulnerabilities involving the name, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters. | 2018-09-07 | not yet calculated | CVE-2018-14397 MISC |
| cscms -- cscms | \upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save. | 2018-09-08 | not yet calculated | CVE-2018-16732 MISC MISC |
| cscms -- cscms | \upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name. | 2018-09-08 | not yet calculated | CVE-2018-16730 MISC MISC |
| cscms -- cscms | Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save. | 2018-09-04 | not yet calculated | CVE-2018-16448 MISC |
| cscms -- cscms | CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data. | 2018-09-08 | not yet calculated | CVE-2018-16731 MISC MISC |
| cscms -- cscms | An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save. | 2018-09-02 | not yet calculated | CVE-2018-16337 MISC |
| curl -- curl | curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.) | 2018-09-05 | not yet calculated | CVE-2018-14618 SECTRACK CONFIRM CONFIRM DEBIAN |
| d_link -- dir-846_devices | D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access. | 2018-09-03 | not yet calculated | CVE-2018-16408 MISC |
| docker -- docker_for_windows | HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges. | 2018-08-31 | not yet calculated | CVE-2018-15514 BID MISC MISC MISC |
| dojo -- dojotoolkit | Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. This vulnerability appears to have been fixed in 1.14. | 2018-09-06 | not yet calculated | CVE-2018-1000665 CONFIRM CONFIRM |
| doracms -- doracms | Multiple cross-site scripting (XSS) vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) discription or (2) comments field, related to users/userAddContent. | 2018-09-06 | not yet calculated | CVE-2018-16622 MISC |
| dotclear -- dotclear | A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml. | 2018-09-02 | not yet calculated | CVE-2018-16358 MISC |
| e107 -- e107 | e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter. | 2018-09-05 | not yet calculated | CVE-2018-16381 MISC |
| easycms -- easycms | An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent. | 2018-09-02 | not yet calculated | CVE-2018-16345 MISC |
| elefant -- cms | An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF vulnerability that can add an account via user/add. | 2018-09-02 | not yet calculated | CVE-2018-16387 MISC |
| elfutils -- elfutils | libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash. | 2018-09-03 | not yet calculated | CVE-2018-16403 MISC MISC |
| elfutils -- elfutils | libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. | 2018-09-03 | not yet calculated | CVE-2018-16402 MISC |
| empirecms -- empirecms | An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser. | 2018-09-02 | not yet calculated | CVE-2018-16339 MISC |
| endress+hauser -- wirelesshart_fieldgate_swg70_devices | Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter. | 2018-09-07 | not yet calculated | CVE-2018-16059 EXPLOIT-DB |
| ethereum -- go_ethereum | In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block. | 2018-09-08 | not yet calculated | CVE-2018-16733 MISC |
| exceljs -- exceljs | An unescaped payload in exceljs <v1.6 allows a possible XSS via cell value when worksheet is displayed in browser. | 2018-09-06 | not yet calculated | CVE-2018-16459 MISC |
| fhcrm -- fhcrm | An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the index.php/User/read limit parameter. | 2018-09-02 | not yet calculated | CVE-2018-16354 MISC |
| fhcrm -- fhcrm | An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the /index.php/Customer/read limit parameter. | 2018-09-02 | not yet calculated | CVE-2018-16353 MISC |
| flask-admin -- flask-admin | helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL. | 2018-09-05 | not yet calculated | CVE-2018-16516 MISC |
| foliovision -- fb_flowplayer_video_player | Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2018-09-07 | not yet calculated | CVE-2018-0642 JVN CONFIRM |
| fortinet -- fortimanager | An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom. | 2018-09-05 | not yet calculated | CVE-2018-1353 CONFIRM |
| fortinet -- fortios | A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under VIP SSL feature when CPx being used. | 2018-09-05 | not yet calculated | CVE-2018-9194 CONFIRM MISC CERT-VN |
| fortinet -- fortios | A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx being used. | 2018-09-05 | not yet calculated | CVE-2018-9192 CONFIRM MISC CERT-VN |
| freebsd -- freebsd | In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. This issue can allow a remote attacker who is able to send an arbitrary ip fragments to cause the machine to consume excessive resources. | 2018-09-04 | not yet calculated | CVE-2018-6923 SECTRACK FREEBSD |
| frog -- cms | Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings. | 2018-09-02 | not yet calculated | CVE-2018-16374 MISC |
| frog -- cms | Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF. | 2018-09-04 | not yet calculated | CVE-2018-16447 MISC |
| frog -- cms | Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save. | 2018-09-02 | not yet calculated | CVE-2018-16373 MISC |
| fspro_labs -- event_log_explorer | FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection. | 2018-09-05 | not yet calculated | CVE-2018-16252 MISC MISC EXPLOIT-DB |
| fuel -- cms | Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password. | 2018-09-03 | not yet calculated | CVE-2018-16416 MISC MISC |
| fuji_xerox -- docucentre_and_apeosport | Fuji Xerox DocuCentre-V 3065, ApeosPort-VI C3371, ApeosPort-V C4475, ApeosPort-V C3375, DocuCentre-VI C2271, ApeosPort-V C5576, DocuCentre-IV C2263, DocuCentre-V C2263, and ApeosPort-V 5070 devices allow remote attackers to read or write to files via crafted PJL commands. | 2018-09-07 | not yet calculated | CVE-2018-16709 EXPLOIT-DB |
| furuno -- felcom_devices | FURUNO FELCOM 250 and 500 devices use only client-side JavaScript for authentication. | 2018-09-06 | not yet calculated | CVE-2018-16590 MISC |
| gig_technology -- jumpscale_portal | GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in method: notifySpaceModification; that can result in Improper validation of parameters results in command execution. This attack appear to be exploitable via Network connectivity, required minimal auth privileges (everyone can register an account). This vulnerability appears to have been fixed in After commit 15443122ed2b1cbfd7bdefc048bf106f075becdb. | 2018-09-06 | not yet calculated | CVE-2018-1000666 MISC MISC CONFIRM MISC |
| gleez -- cms | An issue was discovered in Gleez CMS v1.2.0. There is XSS via media/imagecache/resize. | 2018-09-02 | not yet calculated | CVE-2018-16347 MISC |
| gleez -- cms | A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker to perform multiple user enumerations, which can further help an attacker to perform login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side access control and login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Portal login page. An exploit could allow the attacker to identify existing users and perform brute-force password attacks on the Portal, as demonstrated by navigating to the user/4 URI. | 2018-09-07 | not yet calculated | CVE-2018-16703 MISC |
| gleez -- cms | An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers (logged in users) to view profile page of other users, as demonstrated by navigating to user/3 on demo.gleezcms.org. | 2018-09-07 | not yet calculated | CVE-2018-16704 MISC |
| gmo_payment_gateway -- ec-cube_and_gmo-pg_payment_modules | Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier allows an attacker with administrative rights to execute arbitrary PHP code on the server via unspecified vectors. | 2018-09-07 | not yet calculated | CVE-2018-0658 JVN |
| gmo_payment_gateway -- ec-cube_and_gmo-pg_payment_modules | Cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE (EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, and GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier) allow an attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors. | 2018-09-07 | not yet calculated | CVE-2018-0657 JVN |
| gnome -- glib | In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference. | 2018-09-03 | not yet calculated | CVE-2018-16428 BID MISC MISC |
| gnome -- glib | GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). | 2018-09-03 | not yet calculated | CVE-2018-16429 MISC MISC |
| gnu -- libextractor | GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c. | 2018-09-03 | not yet calculated | CVE-2018-16430 BID MISC MISC |
| gogs -- gogs | In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF. | 2018-09-03 | not yet calculated | CVE-2018-16409 MISC |
| google -- android | A vulnerability in NoMachine App for Android 5.0.63 and earlier allows attackers to alter environment variables via unspecified vectors. | 2018-09-04 | not yet calculated | CVE-2018-0664 JVN CONFIRM |
| google -- android | The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2018-09-07 | not yet calculated | CVE-2018-0650 JVN CONFIRM MISC |
| google -- android | In Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel while trying to find out total number of partition via a non zero check, there could be possibility where the 'TotalPart' could cross 'GptHeader->MaxPtCnt' and which could result in OOB write in patching GPT. | 2018-09-04 | not yet calculated | CVE-2018-11262 CONFIRM CONFIRM |
| google -- android | In all Android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, radio_id is received from the FW and is used to access the buffer to copy the radio stats received for each radio from FW. If the radio_id received from the FW is greater than or equal to maximum, an OOB write will occur. On supported Google Pixel and Nexus devices, this has been addressed in security patch level 2018-08-05. | 2018-09-06 | not yet calculated | CVE-2018-11263 CONFIRM CONFIRM CONFIRM |
| google -- gvisor | Google gVisor before 2018-08-23, within the seccomp sandbox, permits access to the renameat system call, which allows attackers to rename files on the host OS. | 2018-09-02 | not yet calculated | CVE-2018-16359 MISC MISC |
| gxlcms -- gxlcms | Gxlcms 2.0 has Directory Traversal exploitable by an administrator. | 2018-09-05 | not yet calculated | CVE-2018-16437 MISC |
| gxlcms -- gxlcms | Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php. | 2018-09-07 | not yet calculated | CVE-2018-16655 MISC MISC |
| gxlcms -- gxlcms | Gxlcms 2.0 has SQL Injection exploitable by an administrator. | 2018-09-05 | not yet calculated | CVE-2018-16436 MISC |
| hdf -- hdf5 | An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c. | 2018-09-03 | not yet calculated | CVE-2018-16438 MISC |
| hibara -- attachecase | Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create arbitrary files via specially crafted ATC file. | 2018-09-07 | not yet calculated | CVE-2018-0660 JVN CONFIRM |
| hibara -- attachecase | Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create or overwrite existing files via specially crafted ATC file. | 2018-09-07 | not yet calculated | CVE-2018-0659 JVN CONFIRM |
| hibara -- attachecase | AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script execution via unspecified vectors. | 2018-09-04 | not yet calculated | CVE-2018-0675 JVN CONFIRM |
| hibara -- attachecase | AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script execution via unspecified vectors. | 2018-09-04 | not yet calculated | CVE-2018-0674 JVN CONFIRM |
| hscripts -- php_file_browser | HScripts PHP File Browser Script v1.0 allows Directory Traversal via the index.php path parameter. | 2018-09-05 | not yet calculated | CVE-2018-16549 MISC |
| huawei -- hirouter-cd20-10 | In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into installing it. Successful exploit could allow the attacker to obtain the root permission of the device and take full control over the device. | 2018-09-04 | not yet calculated | CVE-2018-7937 CONFIRM |
| huawei -- mate_10_pro_smartphones | Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can connect the phone with PC and send special instructions to install third party desktop and disable the boot wizard. As a result, the FRP function is bypassed. | 2018-09-04 | not yet calculated | CVE-2018-7936 CONFIRM |
| huawei -- mate_10_pro_smartphones | Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. During the mobile phone reseting process, an attacker could bypass "Find My Phone" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP. | 2018-09-04 | not yet calculated | CVE-2018-7990 CONFIRM |
| huawei -- p10_smartphones | P10 Huawei smartphones with the versions before Victoria-AL00AC00B217 have an information leak vulnerability due to the lack of permission validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can read some hardware serial number, which may cause sensitive information leak. | 2018-09-04 | not yet calculated | CVE-2018-7938 CONFIRM |
| i-o_data_device -- ts-wrlp_firmware | Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector. | 2018-09-07 | not yet calculated | CVE-2018-0663 JVN CONFIRM |
| i-o_data_device -- ts-wrlp_firmware | Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to bypass access restriction to add files on a specific directory that may result in executing arbitrary OS commands/code or information including credentials leakage or alteration. | 2018-09-07 | not yet calculated | CVE-2018-0661 JVN CONFIRM |
| i-o_data_device -- ts-wrlp_firmware | Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to add malicious files on the device and execute arbitrary code. | 2018-09-07 | not yet calculated | CVE-2018-0662 JVN CONFIRM |
| ibm -- api_connect | IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939. | 2018-09-07 | not yet calculated | CVE-2018-1789 XF CONFIRM |
| ibm -- campaign | IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 121153. | 2018-09-07 | not yet calculated | CVE-2017-1115 XF CONFIRM |
| ibm -- campaign | IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121152. | 2018-09-07 | not yet calculated | CVE-2017-1114 XF CONFIRM |
| ibm -- security_identity_governance_and_intelligence | IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to obtain sensitive information due to missing authentication in IGI for the survey application. IBM X-Force ID: 148601. | 2018-09-07 | not yet calculated | CVE-2018-1757 CONFIRM XF |
| ibm -- security_identity_governance_and_intelligence | IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM X-Force ID: 148599. | 2018-09-07 | not yet calculated | CVE-2018-1756 CONFIRM XF |
| ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 145769. | 2018-09-06 | not yet calculated | CVE-2018-1695 XF CONFIRM |
| ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024. | 2018-09-07 | not yet calculated | CVE-2018-1567 XF CONFIRM |
| ice_qube -- thermal_management_center | In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allow an attacker to gain access to sensitive information. | 2018-09-06 | not yet calculated | CVE-2017-14026 MISC |
| ice_qube -- thermal_management_center | In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication. | 2018-09-06 | not yet calculated | CVE-2017-16714 MISC |
| ideacms -- ideacms | The issue was discovered in IdeaCMS through 2016-04-30. There is reflected XSS via the index.php?c=content&a=search kw parameter. NOTE: this product is discontinued. | 2018-09-02 | not yet calculated | CVE-2018-16372 MISC |
| idreamsoft -- icms | An issue discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF. | 2018-09-02 | not yet calculated | CVE-2018-16365 MISC |
| idreamsoft -- icms | An issue discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF. | 2018-09-02 | not yet calculated | CVE-2018-16366 MISC |
| imagemagick -- imagemagick | ImageMagick 7.0.8-6 has a memory leak vulnerability in the TIFFWritePhotoshopLayers function in coders/tiff.c. | 2018-09-06 | not yet calculated | CVE-2018-16641 MISC MISC |
| imagemagick -- imagemagick | ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c. | 2018-09-06 | not yet calculated | CVE-2018-16640 MISC MISC |
| imagemagick -- imagemagick | The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc function, which allows remote attackers to cause a denial of service via a crafted image file. | 2018-09-06 | not yet calculated | CVE-2018-16643 MISC MISC |
| imagemagick -- imagemagick | There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image. | 2018-09-06 | not yet calculated | CVE-2018-16644 MISC MISC MISC |
| imagemagick -- imagemagick | The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write. | 2018-09-06 | not yet calculated | CVE-2018-16642 MISC MISC |
| imagemagick -- imagemagick | ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function. | 2018-09-03 | not yet calculated | CVE-2018-16412 BID MISC |
| imagemagick -- imagemagick | There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file. | 2018-09-06 | not yet calculated | CVE-2018-16645 MISC MISC |
| imagemagick -- imagemagick | ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function. | 2018-09-03 | not yet calculated | CVE-2018-16413 BID MISC MISC |
| information_builders -- webfocus_business_intelligence_portal | An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal 8.1 . A specially crafted web parameter can cause a command injection. An authenticated attacker can send a crafted web request to trigger this vulnerability. | 2018-09-07 | not yet calculated | CVE-2016-9044 MISC |
| jorani -- jorani | An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) allows a user of the application without permissions to read and modify sensitive information from the database used by the application via the startdate or enddate parameter to leaves/validate. | 2018-09-05 | not yet calculated | CVE-2018-15918 MISC MISC EXPLOIT-DB |
| jorani -- jorani | Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language. | 2018-09-05 | not yet calculated | CVE-2018-15917 MISC MISC EXPLOIT-DB |
| joyent -- smartos | An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32 bit model. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploit this will result in memory exhaustion, resulting in a full system denial of service. | 2018-09-07 | not yet calculated | CVE-2016-9040 MISC |
| jsish -- jsish | jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in Jsi_LogMsg (jsiUtils.c:196) that can result in Crash due to segmentation fault. This attack appear to be exploitable via the victim executing specially crafted javascript code. This vulnerability appears to have been fixed in 2.4.69. | 2018-09-06 | not yet calculated | CVE-2018-1000661 CONFIRM |
| jsish -- jsish | jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds Read vulnerability in function jsi_ObjArrayLookup (jsiObj.c:274) that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code. This vulnerability appears to have been fixed in 2.4.71. | 2018-09-06 | not yet calculated | CVE-2018-1000668 CONFIRM |
| jsish -- jsish | jsish version 2.4.70 2.047 contains a Buffer Overflow vulnerability in function _jsi_evalcode from jsiEval.c that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code. | 2018-09-06 | not yet calculated | CVE-2018-1000663 CONFIRM |
| kaizen -- asset_manager_and_training_manager | Kaizen Asset Manager (Enterprise Edition) and Training Manager (Enterprise Edition) allow a remote attacker to achieve arbitrary code execution via file impersonation. For example, a malicious dynamic-link library (dll) assumed the identity of a temporary (tmp) file (isxdl.dll) and an executable file assumed the identity of a temporary file (996E.temp). | 2018-09-05 | not yet calculated | CVE-2018-16545 MISC |
| kamailio -- kamailio | In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash for To tags. (An additional error is present in the check_via_address core function: this function also misses input validation.) This could result in denial of service and potentially the execution of arbitrary code. | 2018-09-07 | not yet calculated | CVE-2018-16657 MISC |
| koha -- library_system | KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments as paid for certain users on behalf of Administrators. This attack appear to be exploitable via The victim must be socially engineered into clicking a link, usually via email. This vulnerability appears to have been fixed in 17.11. | 2018-09-06 | not yet calculated | CVE-2018-1000669 CONFIRM |
| koha -- library_system | KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Scripting (XSS) vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number] , /cgi-bin/koha/serials/subscription-add.pl that can result in Privilege escalation by taking control of higher privileged users browser sessions. This attack appear to be exploitable via Victims must be socially engineered to visit a vulnerable webpage containing malicious payload. This vulnerability appears to have been fixed in 17.11. | 2018-09-06 | not yet calculated | CVE-2018-1000670 CONFIRM |
| kone -- group_controller | An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03. | 2018-09-07 | not yet calculated | CVE-2018-15485 MISC CONFIRM |
| kone -- group_controller | An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01. | 2018-09-07 | not yet calculated | CVE-2018-15484 MISC CONFIRM |
| kone -- group_controller | An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02. | 2018-09-07 | not yet calculated | CVE-2018-15486 MISC CONFIRM |
| kone -- group_controller | An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Denial of Service can occur through the open HTTP interface, aka KONE-04. | 2018-09-07 | not yet calculated | CVE-2018-15483 MISC CONFIRM |
| lavalite -- cms | LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit. | 2018-09-05 | not yet calculated | CVE-2018-16551 MISC |
| limesurvey -- limesurvey | In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file, | 2018-09-03 | not yet calculated | CVE-2018-16397 MISC |
| limesurvey -- limesurvey | LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious php files that can be called under certain circumstances. This vulnerability appears to have been fixed in after commit 91d143230eb357260a19c8424b3005deb49a47f7 / version 3.14.4. | 2018-09-06 | not yet calculated | CVE-2018-1000658 CONFIRM CONFIRM |
| limesurvey -- limesurvey | LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An authenticated user can upload a specially crafted zip file to get remote code execution. This vulnerability appears to have been fixed in after commit 72a02ebaaf95a80e26127ee7ee2b123cccce05a7 / version 3.14.4. | 2018-09-06 | not yet calculated | CVE-2018-1000659 CONFIRM |
| linux -- linux_kernel | Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket. | 2018-09-04 | not yet calculated | CVE-2018-6554 MLIST MLIST |
| linux -- linux_kernel | The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket. | 2018-09-04 | not yet calculated | CVE-2018-6555 MLIST MLIST |
| linux -- linux_kernel | The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. | 2018-09-06 | not yet calculated | CVE-2018-5391 CONFIRM BID SECTRACK MISC MLIST UBUNTU UBUNTU UBUNTU UBUNTU UBUNTU UBUNTU DEBIAN CERT-VN |
| linux -- linux_kernel | An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940. | 2018-09-07 | not yet calculated | CVE-2018-16658 MISC MISC MISC |
| little_color_management_system -- little_color_management_system | Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. | 2018-09-03 | not yet calculated | CVE-2018-16435 MISC MISC MLIST DEBIAN |
| mantisbt -- mantisbt | An issue was discovered in the Source Integration plugin before 1.5.9 and 2.x before 2.1.5 for MantisBT. A cross-site scripting (XSS) vulnerability in the Manage Repository and Changesets List pages allows execution of arbitrary code (if CSP settings permit it) via repo_manage_page.php or list.php. | 2018-09-02 | not yet calculated | CVE-2018-16362 CONFIRM CONFIRM CONFIRM |
| mayan -- edms | An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS. | 2018-09-03 | not yet calculated | CVE-2018-16405 MISC MISC MISC |
| mayan -- edms | An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app has XSS via a crafted cabinet label. | 2018-09-03 | not yet calculated | CVE-2018-16406 MISC MISC MISC |
| mayan -- edms | An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled. | 2018-09-03 | not yet calculated | CVE-2018-16407 MISC MISC MISC |
| micropyramid -- django-crm | MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/edit/, and /accounts/##/delete/ URIs. | 2018-09-05 | not yet calculated | CVE-2018-16552 MISC |
| multiple_vendors -- multiple_products | The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network. | 2018-09-06 | not yet calculated | CVE-2018-5389 MISC MISC CERT-VN MISC |
| netwide_assembler -- netwide_assembler | NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appear to be exploitable via a specially crafted asm file.. | 2018-09-06 | not yet calculated | CVE-2018-1000667 MISC MISC |
| netwide_assembler -- netwide_assembler | asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file. | 2018-09-06 | not yet calculated | CVE-2018-16517 MISC MISC |
| netwide_assembler -- netwide_assembler | Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c. | 2018-09-02 | not yet calculated | CVE-2018-16382 MISC |
| nibbleblog -- nibbleblog | An issue was discovered in Nibbleblog v4.0.5. With an admin's username and password, an attacker can execute arbitrary PHP code by changing the username because the username is surrounded by double quotes (e.g., "${phpinfo()}"). | 2018-09-06 | not yet calculated | CVE-2018-16604 MISC |
| nordvpn -- nordvpn | An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges. | 2018-09-07 | not yet calculated | CVE-2018-3952 MISC |
| ogma_cms -- ogma_cms | Ogma CMS 0.4 Beta has XSS via the "Footer Text footer" field on the "Theme/Theme Options" screen. | 2018-09-02 | not yet calculated | CVE-2018-16379 MISC |
| ogma_cms -- ogma_cms | An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF vulnerability in users.php?action=createnew that can add an admin account. | 2018-09-02 | not yet calculated | CVE-2018-16380 MISC |
| okular -- okular | okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1 | 2018-09-06 | not yet calculated | CVE-2018-1000801 CONFIRM CONFIRM |
| onethink -- onethink | OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html. | 2018-09-04 | not yet calculated | CVE-2018-16449 MISC |
| onlinejudge -- onlinejudge | In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file anywhere. A user can write a directory listing to /tmp, and can leak file data with a #include. | 2018-09-02 | not yet calculated | CVE-2018-16367 MISC |
| openjpeg -- openjpeg | An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow. | 2018-09-02 | not yet calculated | CVE-2018-16375 BID MISC |
| openjpeg -- openjpeg | An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. | 2018-09-02 | not yet calculated | CVE-2018-16376 BID MISC |
| openmrs -- reference_application | An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0. | 2018-09-05 | not yet calculated | CVE-2018-16521 MISC MISC |
| opensc -- opensc | A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | 2018-09-03 | not yet calculated | CVE-2018-16425 MISC MISC MISC |
| opensc -- opensc | Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | 2018-09-03 | not yet calculated | CVE-2018-16421 MISC MISC MISC |
| opensc -- opensc | Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs. | 2018-09-03 | not yet calculated | CVE-2018-16427 MISC MISC MISC |
| opensc -- opensc | A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | 2018-09-03 | not yet calculated | CVE-2018-16424 MISC MISC MISC |
| opensc -- opensc | A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | 2018-09-03 | not yet calculated | CVE-2018-16423 MISC MISC MISC |
| opensc -- opensc | Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs. | 2018-09-03 | not yet calculated | CVE-2018-16426 MISC MISC MISC |
| opensc-- opensc | Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | 2018-09-03 | not yet calculated | CVE-2018-16392 MISC MISC MISC |
| opensc-- opensc | Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | 2018-09-03 | not yet calculated | CVE-2018-16391 MISC MISC MISC |
| opensc-- opensc | A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | 2018-09-03 | not yet calculated | CVE-2018-16418 MISC MISC MISC |
| opensc-- opensc | A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | 2018-09-03 | not yet calculated | CVE-2018-16422 MISC MISC MISC |
| opensc-- opensc | Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | 2018-09-03 | not yet calculated | CVE-2018-16393 MISC MISC MISC |
| opensc-- opensc | Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | 2018-09-03 | not yet calculated | CVE-2018-16419 MISC MISC MISC |
| opensc-- opensc | Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | 2018-09-03 | not yet calculated | CVE-2018-16420 MISC MISC MISC |
| openshift -- container_platform | An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management. | 2018-09-06 | not yet calculated | CVE-2018-14632 CONFIRM CONFIRM |
| opsview -- monitor | The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting. | 2018-09-05 | not yet calculated | CVE-2018-16147 CONFIRM CONFIRM FULLDISC MISC |
| opsview -- monitor | The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting. | 2018-09-05 | not yet calculated | CVE-2018-16148 CONFIRM CONFIRM FULLDISC MISC |
| opsview -- monitor | The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection with the privileges of the nagios user account. | 2018-09-05 | not yet calculated | CVE-2018-16146 CONFIRM FULLDISC MISC |
| opsview -- monitor | The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancid_password parameter. | 2018-09-05 | not yet calculated | CVE-2018-16144 CONFIRM CONFIRM FULLDISC MISC |
| opsview -- monitor | The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of the appliance. | 2018-09-05 | not yet calculated | CVE-2018-16145 CONFIRM CONFIRM FULLDISC MISC |
| owasp -- modsecurity_core_rule_set | A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed. | 2018-09-02 | not yet calculated | CVE-2018-16384 MISC |
| pescms-team -- pescms-team | In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team&m=Setting&a=upgrade by placing a .php file in a ZIP archive. | 2018-09-02 | not yet calculated | CVE-2018-16370 MISC |
| pescms-team -- pescms-team | PESCMS Team 2.2.1 has multiple reflected XSS via the keyword parameter: g=Team&m=User&a=index&keyword=, g=Team&m=User_group&a=index&keyword=, g=Team&m=Department&a=index&keyword=, and g=Team&m=Bulletin&a=index&keyword=. | 2018-09-02 | not yet calculated | CVE-2018-16371 MISC |
| phpmyfaq -- phpmyfaq | phpMyFAQ before 2.9.11 allows CSRF. | 2018-09-07 | not yet calculated | CVE-2018-16650 CONFIRM |
| phpmyfaq -- phpmyfaq | The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports. | 2018-09-07 | not yet calculated | CVE-2018-16651 CONFIRM |
| phpscriptsmall.com -- olx_clone_script | PHP Scripts Mall Olx Clone 3.4.2 has XSS. | 2018-09-07 | not yet calculated | CVE-2018-16454 MISC |
| pidgin -- pidgin | Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0. | 2018-09-05 | not yet calculated | CVE-2016-1000030 CONFIRM CONFIRM CONFIRM GENTOO CONFIRM |
| pon_software -- explzh | Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors. | 2018-09-04 | not yet calculated | CVE-2018-0646 JVN CONFIRM |
| poppler -- poppler | In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. | 2018-09-06 | not yet calculated | CVE-2018-16646 MISC |
| prim'x -- zed! | A directory traversal vulnerability with remote code execution in Prim'X Zed! FREE through 1.0 build 186 and Zed! Limited Edition through 6.1 build 2208 allows creation of arbitrary files on a user's workstation using crafted ZED! containers because the watermark loading function can place an executable file into a Startup folder. | 2018-09-05 | not yet calculated | CVE-2018-16518 MISC |
| proconf -- proconf | In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Position) by changing the value of Paper ID (the pid parameter). | 2018-09-06 | not yet calculated | CVE-2018-16606 MISC |
| protonvpn -- protonvpn | An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the system's privileges. | 2018-09-07 | not yet calculated | CVE-2018-4010 MISC |
| pulse_secure -- connect_secure_and_policy_secure | download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability. | 2018-09-06 | not yet calculated | CVE-2018-14366 CONFIRM |
| pulse_secure -- connect_secure_and_policy_secure | A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation. | 2018-09-06 | not yet calculated | CVE-2018-6320 CONFIRM |
pulse_secure -- pulse_desktop_client | The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability. | 2018-09-06 | not yet calculated | CVE-2018-15726 CONFIRM |
| pulse_secure -- pulse_desktop_client | In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust. | 2018-09-06 | not yet calculated | CVE-2018-16261 CONFIRM |
pulse_secure -- pulse_desktop_client | The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability. | 2018-09-06 | not yet calculated | CVE-2018-15749 CONFIRM |
pulse_secure -- pulse_desktop_client | The Pulse Secure Desktop (macOS) has a Privilege Escalation Vulnerability. | 2018-09-06 | not yet calculated | CVE-2018-15865 CONFIRM |
| red_hat -- enterprise_linux_server_and_gluster_storage_server | A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value. | 2018-09-04 | not yet calculated | CVE-2018-10911 REDHAT REDHAT CONFIRM CONFIRM |
| red_hat -- enterprise_linux_server_and_gluster_storage_server | An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file. | 2018-09-04 | not yet calculated | CVE-2018-10913 REDHAT REDHAT CONFIRM CONFIRM |
| red_hat -- enterprise_linux_server_and_gluster_storage_server | A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes. | 2018-09-04 | not yet calculated | CVE-2018-10929 REDHAT REDHAT CONFIRM |
| red_hat -- enterprise_linux_server_and_gluster_storage_server | It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume. | 2018-09-04 | not yet calculated | CVE-2018-10904 REDHAT REDHAT CONFIRM CONFIRM |
| red_hat -- enterprise_linux_server_and_gluster_storage_server | It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node. | 2018-09-04 | not yet calculated | CVE-2018-10923 REDHAT REDHAT CONFIRM |
| red_hat -- enterprise_linux_server_and_gluster_storage_server | It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes. | 2018-09-04 | not yet calculated | CVE-2018-10914 REDHAT REDHAT CONFIRM |
| red_hat -- enterprise_linux_server_and_gluster_storage_server | It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution. | 2018-09-04 | not yet calculated | CVE-2018-10907 REDHAT REDHAT CONFIRM CONFIRM |
| red_hat -- enterprise_linux_server_and_gluster_storage_server | A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node. | 2018-09-04 | not yet calculated | CVE-2018-10926 REDHAT REDHAT CONFIRM |
| red_hat -- enterprise_linux_server_and_gluster_storage_server | A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process. | 2018-09-04 | not yet calculated | CVE-2018-10927 REDHAT REDHAT CONFIRM |
| red_hat -- enterprise_linux_server_and_gluster_storage_server | It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of the host machine. | 2018-09-04 | not yet calculated | CVE-2018-10924 CONFIRM CONFIRM |
| red_hat -- enterprise_linux_server_and_gluster_storage_server | A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes. | 2018-09-04 | not yet calculated | CVE-2018-10928 REDHAT REDHAT CONFIRM |
| red_hat -- enterprise_linux_server_and_gluster_storage_server | A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume. | 2018-09-04 | not yet calculated | CVE-2018-10930 REDHAT REDHAT CONFIRM CONFIRM |
| redhat -- 389-ds-base | A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash. | 2018-09-06 | not yet calculated | CVE-2018-14624 CONFIRM MISC |
| rejucms -- rejucms | rejucms 2.1 has XSS via the ucenter/cms_user_add.php u_name parameter. | 2018-09-07 | not yet calculated | CVE-2018-16653 MISC |
| seacms -- seacms | An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter. | 2018-09-04 | not yet calculated | CVE-2018-16444 MISC |
| seacms -- seacms | SeaCMS V6.61 has XSS via the admin_video.php v_content parameter, related to the site name. | 2018-09-02 | not yet calculated | CVE-2018-16348 MISC |
| seacms -- seacms | An issue was discovered in SeaCMS through 6.61. adm1n/admin_database.php allows remote attackers to delete arbitrary files via directory traversal sequences in the bakfiles parameter. This can allow the product to be reinstalled by deleting install_lock.txt. | 2018-09-04 | not yet calculated | CVE-2018-16446 MISC |
| seacms -- seacms | An issue was discovered in SeaCMS through 6.61. SQL injection exists via the tid parameter in an adm1n/admin_topic_vod.php request. | 2018-09-04 | not yet calculated | CVE-2018-16445 MISC |
| seacms --seacms | SeaCMS 6.61 allows remote attackers to execute arbitrary code because parseIf() in include/main.class.php does not block use of $GLOBALS. | 2018-09-02 | not yet calculated | CVE-2018-16343 MISC MISC |
| showdoc -- showdoc | ShowDoc v1.8.0 has XSS via a new page. | 2018-09-02 | not yet calculated | CVE-2018-16342 MISC |
| six_apart -- movable_type | Cross-site scripting vulnerability in Movable Type versions prior to Ver. 6.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2018-09-04 | not yet calculated | CVE-2018-0672 JVN |
| solarwinds -- dameware_mini_remote_control | SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow. | 2018-09-07 | not yet calculated | CVE-2018-12897 MISC |
| sony -- digital_paper_app | Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2018-09-04 | not yet calculated | CVE-2018-0656 JVN CONFIRM |
| subsonic -- subsonic | daneren2005 DSub for Subsonic (Android client) version 5.4.1 contains a CWE-295: Improper Certificate Validation vulnerability in HTTPS Client that can result in Any non-CA signed server certificate, including self signed and expired, are accepted by the client. This attack appear to be exploitable via The victim connects to a server that's MITM/Proxied by an attacker. | 2018-09-06 | not yet calculated | CVE-2018-1000664 CONFIRM |
| sympa -- sympa | sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available. | 2018-09-06 | not yet calculated | CVE-2018-1000671 MISC |
| team_viewer -- team_viewer | TeamViewer 10.x through 13.x allows remote attackers to bypass the brute-force authentication protection mechanism by skipping the "Cancel" step, which makes it easier to determine the correct value of the default 4-digit PIN. | 2018-09-05 | not yet calculated | CVE-2018-16550 MISC |
| technicolor -- technicolor_tg558v | Technicolor TG588V V2 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-15907. | 2018-09-06 | not yet calculated | CVE-2018-16310 MISC |
| theethereumlottery -- theethereumlottery | The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable "maxTickets" (which is private, yet predictable and readable by the eth.getStorageAt function). Therefore, it allows attackers to always win and get rewards. | 2018-09-07 | not yet calculated | CVE-2018-15552 MISC |
| thinkphp -- thinkphp | ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string. | 2018-09-02 | not yet calculated | CVE-2018-16385 MISC |
| tock -- tock | TOCK version prior to commit 42f7f36e74088036068d62253e1d8fb26605feed. For example dfde28196cd12071fcf6669f7654be7df482b85d contains a Insecure Permissions vulnerability in Function get_package_name in the file kernel/src/tbfheader.rs, variable "pub package_name: &'static str," in the file process.rs that can result in A tock capsule (untrusted driver) could access arbitrary memory by using only safe code. This vulnerability appears to have been fixed in commit 42f7f36e74088036068d62253e1d8fb26605feed. | 2018-09-06 | not yet calculated | CVE-2018-1000660 CONFIRM |
| tough-cookie -- tough-cookie | NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0. | 2018-09-05 | not yet calculated | CVE-2016-1000232 REDHAT REDHAT CONFIRM CONFIRM CONFIRM CONFIRM MISC |
| twistlock -- authz_broker | In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=\/start to bypass a policy in which "docker start" is allowed but "docker pause" is not allowed. | 2018-09-03 | not yet calculated | CVE-2018-16398 MISC MISC |
| ubiquiti_networks -- multiple_products | The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2. | 2018-09-05 | not yet calculated | CVE-2015-9266 MISC CONFIRM CONFIRM MISC EXPLOIT-DB EXPLOIT-DB MISC |
| ubuntu -- orca | Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u5jma1 and earlier allows authenticated attackers to cause denial-of-service (DoS) condition via unspecified vectors. | 2018-09-07 | not yet calculated | CVE-2018-0644 JVN CONFIRM |
| ubuntu -- orca | Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-server) 1:1.4.9+p41-u4jma1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | 2018-09-07 | not yet calculated | CVE-2018-0643 JVN CONFIRM |
| umbraengineering -- ps | A command Injection in ps package versions <1.0.0 for Node.js allowed arbitrary commands to be executed when attacker controls the PID. | 2018-09-07 | not yet calculated | CVE-2018-16460 MISC |
| vanilla -- vanilla | Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php. | 2018-09-03 | not yet calculated | CVE-2018-16410 MISC MISC |
| vivotek -- fd8177_devices | VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via eventscript.cgi. | 2018-09-05 | not yet calculated | CVE-2018-14771 CONFIRM MISC |
| vivotek -- fd8177_devices | VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF. | 2018-09-05 | not yet calculated | CVE-2018-14769 CONFIRM MISC |
| vivotek -- fd8177_devices | VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface, (/onvif/device_service). | 2018-09-05 | not yet calculated | CVE-2018-14770 CONFIRM MISC |
| weaselcms -- weaselcms | There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used. | 2018-09-02 | not yet calculated | CVE-2018-16352 MISC |
| weseek -- growi | Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the modal for creating Wiki page. | 2018-09-07 | not yet calculated | CVE-2018-0654 JVN CONFIRM |
| weseek -- growi | Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via Wiki page view. | 2018-09-07 | not yet calculated | CVE-2018-0653 JVN CONFIRM |
| weseek -- growi | Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page. | 2018-09-07 | not yet calculated | CVE-2018-0652 JVN CONFIRM |
| weseek -- growi | Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the app settings section of admin page. | 2018-09-07 | not yet calculated | CVE-2018-0655 JVN CONFIRM |
| wildfly -- wildfly | The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: <transport-config confidentiality="required" trust-in-target="supported"/> | 2018-09-04 | not yet calculated | CVE-2018-14627 CONFIRM CONFIRM |
| wordpress -- wordpress | The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request because set_transient is used in file_folder_manager.php and there is an echo of lang in lib\wpfilemanager.php. | 2018-09-07 | not yet calculated | CVE-2018-16363 MISC MISC CONFIRM |
| wordpress -- wordpress | WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time. | 2018-09-06 | not yet calculated | CVE-2018-1000773 MISC MISC |
| wordpress -- wordpress | WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time. This issue appears to have been partially, but not completely fixed in WordPress 4.9 | 2018-09-06 | not yet calculated | CVE-2017-1000600 MISC MISC |
| wordpress -- wordpress | The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php. | 2018-09-06 | not yet calculated | CVE-2018-16285 MISC MISC |
| wuzhi -- cms | WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter. | 2018-09-02 | not yet calculated | CVE-2018-16350 MISC |
wuzhi -- cms | WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter. | 2018-09-02 | not yet calculated | CVE-2018-16349 MISC |
| xiaomi -- miwifi_xiaomi_55dd_devices | An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name (containing a random string) is used in the HTTP Host header, the application performs an HTTP request to the specified domain. The response from that request is then included in the application's own response. | 2018-09-05 | not yet calculated | CVE-2018-16307 MISC |
| xpdf -- xpdf | SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. | 2018-09-02 | not yet calculated | CVE-2018-16368 MISC |
| xpdf -- xpdf | XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453. | 2018-09-02 | not yet calculated | CVE-2018-16369 MISC |
| yayoi -- multiple_products | Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver. 20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of msjet49.dll loaded by the vulnerable products. | 2018-09-07 | not yet calculated | CVE-2018-0623 JVN |
| yayoi -- multiple_products | Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of ykkapi.dll loaded by the vulnerable products. | 2018-09-07 | not yet calculated | CVE-2018-0624 JVN |
| yfcmf -- yfcmf | admin/admin/adminsave.html in YFCMF v3.0 allows CSRF to add an administrator account. | 2018-09-03 | not yet calculated | CVE-2018-16431 MISC |
| zephyr -- zephyr_rtos | zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). This attack appear to be exploitable via a malicious application call the vulnerable kernel APIs (system sys_ring_buf_get() and sys_ring_buf_put). | 2018-09-06 | not yet calculated | CVE-2018-1000800 CONFIRM |
| zsh -- zsh | An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one. | 2018-09-05 | not yet calculated | CVE-2018-13259 MISC MISC MISC |
| zsh -- zsh | An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line. | 2018-09-05 | not yet calculated | CVE-2018-0502 MISC MISC MISC |
| zurmo -- zurmo | Zurmo 3.2.4 Stable allows XSS via app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1. | 2018-09-07 | not yet calculated | CVE-2018-16654 MISC |
| zzcms -- zzcms | An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock. | 2018-09-02 | not yet calculated | CVE-2018-16344 MISC |
| zziplib -- zziplib | An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack. | 2018-09-05 | not yet calculated | CVE-2018-16548 MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.