Vulnerability Summary for the Week of December 24, 2018
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
orange -- arv7519rw22_livebox_2.1_firmware | Orange Livebox 00.96.320S devices allow remote attackers to discover Wi-Fi credentials via /get_getnetworkconf.cgi on port 8080, leading to full control if the admin password equals the Wi-Fi password or has the default admin value. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. | 2018-12-23 | 10.0 | CVE-2018-20377 MISC MISC MISC MISC |
s-cms -- s-cms | An issue was discovered in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php P_no field. | 2018-12-25 | 7.5 | CVE-2018-20477 MISC |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
audiocoding -- freeware_advanced_audio_decoder_2 | A NULL pointer dereference was discovered in sbr_process_channel of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash. | 2018-12-22 | 4.3 | CVE-2018-20357 MISC |
audiocoding -- freeware_advanced_audio_decoder_2 | An invalid memory address dereference was discovered in the lt_prediction function of libfaad/lt_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | 2018-12-22 | 4.3 | CVE-2018-20358 MISC |
audiocoding -- freeware_advanced_audio_decoder_2 | An invalid memory address dereference was discovered in the sbrDecodeSingleFramePS function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | 2018-12-22 | 4.3 | CVE-2018-20359 MISC |
audiocoding -- freeware_advanced_audio_decoder_2 | An invalid memory address dereference was discovered in the sbr_process_channel function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | 2018-12-22 | 4.3 | CVE-2018-20360 MISC |
audiocoding -- freeware_advanced_audio_decoder_2 | An invalid memory address dereference was discovered in the hf_assembly function of libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | 2018-12-22 | 4.3 | CVE-2018-20361 MISC |
audiocoding -- freeware_advanced_audio_decoder_2 | A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash because adding to windowed output is mishandled in the EIGHT_SHORT_SEQUENCE case. | 2018-12-22 | 4.3 | CVE-2018-20362 MISC |
s-cms -- s-cms | An issue was discovered in S-CMS 3.0. It allows XSS via the admin/demo.php T_id parameter. | 2018-12-25 | 4.3 | CVE-2018-20476 MISC |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
frogcms_project -- frogcms | Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI. | 2018-12-25 | 3.5 | CVE-2018-20448 MISC |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
74cms -- 74cms | An issue was discovered in 74cms v4.2.111. It allows remote authenticated users to read or modify arbitrary resumes by changing a job-search intention, as demonstrated by the index.php?c=Personal&a=ajax_save_basic pid parameter. | 2018-12-27 | not yet calculated | CVE-2018-20519 MISC |
74cms -- 74cms | An issue was discovered in 74cms v4.2.111. upload/index.php?c=resume&a=resume_list has XSS via the key parameter. | 2018-12-25 | not yet calculated | CVE-2018-20454 MISC |
advisto -- peel_shopping | Peel shopping peel-shopping_9_1_0 version contains a Cross Site Scripting (XSS) vulnerability that can result in an authenticated user injecting java script code in the "Site Name EN" parameter. This attack appears to be exploitable if the malicious user has access to the administration account. | 2018-12-28 | not yet calculated | CVE-2018-1000887 MISC |
amalen -- mxq_tv_box_android_device | The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m201_N/m201_N:4.4.2/KOT49H/20160106:user/test-keys contains the Android framework with a package name of android (versionCode=19, versionName=4.4.2-20170213) that contains an exported broadcast receiver application component that, when called, will make the device inoperable. The vulnerable component named com.android.server.SystemRestoreReceiver will write a value of --restore_system\n--locale=<localeto the /cache/recovery/command file and boot into recovery mode. During this process, it appears that when booting into recovery mode, the system partition gets formatted or modified and will be unable to boot properly thereafter. After the device wouldn't boot properly, a factory reset of the device in recovery mode does not regain properly functionality of the device. The com.android.server.SystemRestoreReceiver broadcast receiver app component is accessible to any app co-located on the device and does not require any permission to access. The user can most likely recover the device by flashing clean firmware images placed on an SD card. | 2018-12-28 | not yet calculated | CVE-2018-14988 MISC MISC |
amalen -- mxq_tv_box_android_device | The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m201_N/m201_N:4.4.2/KOT49H/20160106:user/test-keys contains the Android framework with a package name of android (versionCode=19, versionName=4.4.2-20170213) that dynamically registers a broadcast receiver app component named com.android.server.MasterClearReceiver instead of statically registering it in the AndroidManifest.xml file of the core Android package, as done in Android Open Source Project (AOSP) code for Android 4.4.2. The dynamic-registration of the MasterClearReceiver broadcast receiver app component is not protected with the android.permission.MASTER_CLEAR permission during registration, so any app co-located on the device, even those without any permissions, can programmatically initiate a factory reset of the device. A factory reset will remove all user data and apps from the device. This will result in the loss of any data that have not been backed up or synced externally. The capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves with the exception of enabled Mobile Device Management (MDM) apps), although this capability can be obtained by leveraging an unprotected app component of core Android process. | 2018-12-28 | not yet calculated | CVE-2018-14987 MISC MISC |
ambit -- multiple_devices | Ambit DDW2600 5.100.1009, DDW2602 5.105.1003, T60C926 4.64.1012, and U10C019 5.66.1026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 2018-12-23 | not yet calculated | CVE-2018-20380 MISC MISC |
apache -- tika | A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika. | 2018-12-24 | not yet calculated | CVE-2018-17197 BID MISC |
arris -- multiple_devices | ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 2018-12-23 | not yet calculated | CVE-2018-20383 MISC MISC |
arris -- multiple_devices | ARRIS SBG6580-2 D30GW-SEAEAGLE-1.5.2.5-GA-00-NOSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 2018-12-23 | not yet calculated | CVE-2018-20386 MISC MISC |
asus -- aura_sync | The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code. | 2018-12-26 | not yet calculated | CVE-2018-18535 MISC FULLDISC BID MISC |
asus -- aura_sync | The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes a path to write an arbitrary DWORD to an arbitrary address. | 2018-12-26 | not yet calculated | CVE-2018-18537 MISC FULLDISC BID MISC |
asus -- aura_sync | The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges. | 2018-12-26 | not yet calculated | CVE-2018-18536 MISC FULLDISC BID MISC |
asus -- zenfone_3_max_android_device | The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed app with a package name of com.asus.loguploader (versionCode=1570000275, versionName=7.0.0.55_170515). This app contains an exported service app component named com.asus.loguploader.LogUploaderService that, when accessed with a particular action string, will write a bugreport (kernel log, logcat log, and the state of system services including the text of active notifications), Wi-Fi Passwords, and other system data to external storage (sdcard). Any app with the READ_EXTERNAL_STORAGE permission on this device can read this data from the sdcard after it has been dumped there by the com.asus.loguploader. Third-party apps are not allowed to directly create a bugreport or access the user's stored wireless network credentials. | 2018-12-28 | not yet calculated | CVE-2018-14979 MISC MISC |
asus -- zenfone_3_max_android_device | The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed platform app with a package name of com.asus.dm (versionCode=1510500200, versionName=1.5.0.40_171122) has an exposed interface in an exported service named com.asus.dm.installer.DMInstallerService that allows any app co-located on the device to use its capabilities to download an arbitrary app over the internet and install it. Any app on the device can send an intent with specific embedded data that will cause the com.asus.dm app to programmatically download and install the app. For the app to be downloaded and installed, certain data needs to be provided: download URL, package name, version name from the app's AndroidManifest.xml file, and the MD5 hash of the app. Moreover, any app that is installed using this method can also be programmatically uninstalled using the same unprotected component named com.asus.dm.installer.DMInstallerService. | 2018-12-28 | not yet calculated | CVE-2018-14992 MISC MISC |
battelle -- v2i_hub | Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array using PHP's strcmp() function. By adding "[]" to the end of "key" in the URL when accessing API functions, an attacker could exploit this vulnerability to execute API functions. | 2018-12-28 | not yet calculated | CVE-2018-1000628 MISC |
battelle -- v2i_hub | Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the tmx/TmxCtl/src/lib/PluginStatus.cpp and TmxControl::user_info() function, which could allow the attacker to view, add, modify or delete information in the back-end database. | 2018-12-28 | not yet calculated | CVE-2018-1000631 MISC |
battelle -- v2i_hub | Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by the failure to restrict access to a sensitive functionality. By visiting http://V2I_HUB/UI/powerdown.php, a remote attacker could exploit this vulnerability to shut down the system. | 2018-12-28 | not yet calculated | CVE-2018-1000624 MISC |
battelle -- v2i_hub | Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key. An attacker could exploit this vulnerability using all available API functions containing an unchanged API key to gain unauthorized access to the system. | 2018-12-28 | not yet calculated | CVE-2018-1000626 MISC |
battelle -- v2i_hub | Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An attacker could exploit this vulnerability to log in as an admin on any installation and gain unauthorized access to the system. | 2018-12-28 | not yet calculated | CVE-2018-1000625 MISC |
battelle -- v2i_hub | Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. A remote attacker could exploit this vulnerability using the parameterName or _login_username parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | 2018-12-28 | not yet calculated | CVE-2018-1000629 MISC |
battelle -- v2i_hub | Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system. | 2018-12-28 | not yet calculated | CVE-2018-1000627 MISC |
battelle -- v2i_hub | Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to /api/PluginStatusActions.php and /status/pluginStatus.php using the jtSorting or id parameter, which could allow the attacker to view, add, modify or delete information in the back-end database. | 2018-12-28 | not yet calculated | CVE-2018-1000630 MISC |
bento4 -- bento4 | An issue was discovered in Bento4 1.5.1-627. There is an attempt at excessive memory allocation in the AP4_DataBuffer class when called from AP4_HvccAtom::Create in Core/Ap4HvccAtom.cpp. | 2018-12-26 | not yet calculated | CVE-2018-20502 MISC |
bento4 -- bento4 | An issue was discovered in Bento4 1.5.1-627. There is a heap-based buffer over-read in AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp, as demonstrated by mp42hls. | 2018-12-23 | not yet calculated | CVE-2018-20409 MISC |
bento4 -- bento4 | An issue was discovered in Bento4 1.5.1-627. There is a memory leak in AP4_StdcFileByteStream::Create in System/StdC/Ap4StdCFileByteStream.cpp, as demonstrated by mp42hls. | 2018-12-23 | not yet calculated | CVE-2018-20408 MISC |
bento4 -- bento4 | An issue was discovered in Bento4 1.5.1-627. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp, as demonstrated by mp42hls. | 2018-12-23 | not yet calculated | CVE-2018-20407 MISC |
bigtree -- bigtree | BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. | 2018-12-23 | not yet calculated | CVE-2018-20405 MISC |
bnmux -- multiple_devices | Bnmux BCW700J 5.20.7, BCW710J 5.30.6a, and BCW710J2 5.30.16 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 2018-12-23 | not yet calculated | CVE-2018-20387 MISC MISC |
c3p0 -- c3p0 | c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization. | 2018-12-24 | not yet calculated | CVE-2018-20433 MISC MLIST |
carl_burch -- logisim_evolution | Logisim Evolution version 2.14.3 and earlier contains an XML External Entity (XXE) vulnerability in Circuit file loading functionality (loadXmlFrom in src/com/cburch/logisim/file/XmlReader.java) that can result in information leak, possible RCE depending on system configuration. This attack appears to be exploitable via the victim opening a specially crafted circuit file. This vulnerability appears to have been fixed in 2.14.4. | 2018-12-28 | not yet calculated | CVE-2018-1000889 MISC MISC |
castlenet -- multiple_devices | CastleNet CBV38Z4EC 125.553mp1.39219mp1.899.007, CBV38Z4ECNIT 125.553mp1.39219mp1.899.005ITT, CBW383G4J 37.556mp5.008, and CBW38G4J 37.553mp1.008 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 2018-12-23 | not yet calculated | CVE-2018-20385 MISC MISC |
cisco -- adaptive_security_appliance_software | A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of user privileges when using the web management interface. An attacker could exploit this vulnerability by sending specific HTTP requests via HTTPS to an affected device as an unprivileged user. An exploit could allow the attacker to retrieve files (including the running configuration) from the device or to upload and replace software images on the device. | 2018-12-24 | not yet calculated | CVE-2018-15465 BID CISCO MISC |
cms_made_simple -- cms_made_simple | There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulnerability is triggered upon an attempt to modify a user's mailbox with the wrong format. The response contains the user's previously entered email address. | 2018-12-25 | not yet calculated | CVE-2018-20464 MISC |
comtrend -- multiple_devices | Comtrend CM-6200un 123.447.007 and CM-6300n 123.553mp1.005 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 2018-12-23 | not yet calculated | CVE-2018-20388 MISC MISC |
contiki-ng -- contiki-ng | Contiki-NG before 4.2 has a stack-based buffer overflow in the push function in os/lib/json/jsonparse.c that allows an out-of-bounds write of an '{' or '[' character. | 2018-12-28 | not yet calculated | CVE-2018-20579 MISC |
coolpad -- canvas_device | The Coolpad Canvas device with a build fingerprint of Coolpad/cp3636a/cp3636a:7.0/NRD90M/093031423:user/release-keys contains a platform app with a package name of com.qualcomm.qti.modemtestmode (versionCode=24, versionName=7.0) that contains an exported service app component named com.qualcomm.qti.modemtestmode.MbnTestService that allows any app on the device to set certain system properties as the com.android.phone user. When an app sets the persist.service.logr.enable system property to a value of 1, an app with a package name of com.yulong.logredirect (versionCode=20160622, versionName=5.25_20160622_01) will start writing the system-wide logcat log, kernel log, and a tcpdump network traffic capture to external storage. Furthermore, on the Coolpad Canvas device, the com.android.phone app writes the destination phone number and body of the text message for outgoing text messages. A notification when logging can be avoided if the log is enabled after device startup and disabled prior to device shutdown by setting the system properties using the exported interface of the com.qualcomm.qti.modemtestmode app. Any app with the READ_EXTERNAL_STORAGE permission can access the log files. | 2018-12-28 | not yet calculated | CVE-2018-15004 MISC MISC |
craft_cms -- craft_cms | Craft CMS through 3.0.34 allows remote authenticated administrators to read sensitive information via server-side template injection, as demonstrated by a {% string for craft.app.config.DB.user and craft.app.config.DB.password in the URI Format of the Site Settings, which causes a cleartext username and password to be displayed in a URI field. | 2018-12-25 | not yet calculated | CVE-2018-20465 MISC MISC |
craft_cms -- craft_cms | index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab. | 2018-12-23 | not yet calculated | CVE-2018-20418 MISC MISC EXPLOIT-DB |
crashfix -- crashfix | CrashFix 1.0.4 has SQL Injection via the User[status] parameter. This is related to actionIndex in UserController.php, and the protected\models\User.php search() function. | 2018-12-27 | not yet calculated | CVE-2018-20508 MISC |
d-link -- dir-140l_and_dir-640l_devices | dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials. | 2018-12-21 | not yet calculated | CVE-2018-18009 FULLDISC BID |
d-link -- dsl-2770l_devices | atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials. | 2018-12-21 | not yet calculated | CVE-2018-18007 FULLDISC BID |
d-link -- dsl_and_dir_and_dwr_devices | spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials. | 2018-12-21 | not yet calculated | CVE-2018-18008 FULLDISC BID |
d-link -- multiple_devices | D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 2018-12-23 | not yet calculated | CVE-2018-20389 MISC MISC |
d-link -- multiple_devices | D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.32 and iso.3.6.1.4.1.4413.2.2.2.1.5.4.2.4.1.2.32 SNMP requests. | 2018-12-25 | not yet calculated | CVE-2018-20445 MISC |
damicms -- damicms | DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file. | 2018-12-28 | not yet calculated | CVE-2018-20571 MISC |
dextsolution -- dextuploadx5 | DEXTUploadX5 version Between 1.0.0.0 and 2.2.0.0 contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. this can be leveraged for code execution. | 2018-12-28 | not yet calculated | CVE-2018-5203 MISC |
discuz! -- discuzx | Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string. | 2018-12-23 | not yet calculated | CVE-2018-20423 MISC |
discuz! -- discuzx | Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to delete the common_member_wechatmp data structure via an ac=unbindmp request to plugin.php. | 2018-12-23 | not yet calculated | CVE-2018-20424 MISC |
discuz! -- discuzx | Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which account will be accessed). | 2018-12-23 | not yet calculated | CVE-2018-20422 MISC |
dolibarr -- erp_and_crm | Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS. | 2018-12-26 | not yet calculated | CVE-2018-19799 MISC MISC EXPLOIT-DB |
douco -- douphp_cms | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter. | 2018-12-28 | not yet calculated | CVE-2018-20561 MISC |
douco -- douphp_cms | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter. | 2018-12-28 | not yet calculated | CVE-2018-20562 MISC |
douco -- douphp_cms | DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account. | 2018-12-23 | not yet calculated | CVE-2018-20419 MISC |
douco -- douphp_cms | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter. | 2018-12-28 | not yet calculated | CVE-2018-20559 MISC |
douco -- douphp_cms | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name parameter. | 2018-12-28 | not yet calculated | CVE-2018-20564 MISC |
douco -- douphp_cms | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the show_name parameter. | 2018-12-28 | not yet calculated | CVE-2018-20560 MISC |
douco -- douphp_cms | An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page. | 2018-12-28 | not yet calculated | CVE-2018-20566 MISC |
douco -- douphp_cms | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter. | 2018-12-28 | not yet calculated | CVE-2018-20565 MISC |
douco -- douphp_cms | An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read. | 2018-12-28 | not yet calculated | CVE-2018-20567 MISC |
douco -- douphp_cms | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter. | 2018-12-28 | not yet calculated | CVE-2018-20563 MISC |
douco -- douphp_cms | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the page_name parameter. | 2018-12-28 | not yet calculated | CVE-2018-20557 MISC |
douco -- douphp_cms | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the site_name parameter. | 2018-12-28 | not yet calculated | CVE-2018-20558 MISC |
engelsystem -- engelsystem | Engelsystem before commit hash 2e28336 allows CSRF. | 2018-12-26 | not yet calculated | CVE-2018-19182 CONFIRM CONFIRM |
epson -- workforce_wf-2861_printers | The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI and a POST request to the /FIRMWAREUPDATE URI. | 2018-12-24 | not yet calculated | CVE-2018-19248 MISC |
epson -- workforce_wf-2861_printers | An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing an amplification attack. | 2018-12-24 | not yet calculated | CVE-2018-18960 MISC |
epson -- workforce_wf-2861_printers | An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. On the 'Air Print Setting' web page, if the data for 'Bonjour Service Location' at /PRESENTATION/BONJOUR is more than 251 bytes when sending data for Air Print Setting, then the device no longer functions until a reboot. | 2018-12-24 | not yet calculated | CVE-2018-18959 MISC |
epson -- workforce_wf-2861_printers | The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to cause a denial of service via a FIRMWAREUPDATE GET request, as demonstrated by the /DOWN/FIRMWAREUPDATE/ROM1 URI. | 2018-12-24 | not yet calculated | CVE-2018-19232 MISC |
ethereum -- go-ethereum | Go Ethereum (aka geth) 1.8.19 allows attackers to cause a denial of service (memory consumption) by rewriting the length of a dynamic array in memory, and then writing data to a single memory location with a large index number, as demonstrated by use of "assembly { mstore }" followed by a "c[0xC800000] = 0xFF" assignment. | 2018-12-23 | not yet calculated | CVE-2018-20421 MISC |
ethereum -- hashheroes_tiles | The determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum game, uses a certain blockhash value in an attempt to generate a random number for the case where NUM_TILES equals the number of people who purchased a tile, which allows an attacker to control the awarding of the prize by being the last person to purchase a tile. | 2018-12-26 | not yet calculated | CVE-2018-17987 MISC |
ethereum -- nexxustoken | The mintToken function of Nexxus (NXX) aka NexxusToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-12-28 | not yet calculated | CVE-2018-18665 MISC MISC MISC |
ethereum -- pylontoken | The mintToken function of Pylon (PYLNT) aka PylonToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value, a related issue to CVE-2018-11812. | 2018-12-28 | not yet calculated | CVE-2018-18667 MISC MISC MISC |
ethereum -- swftcoin_token | The mintToken function of SwftCoin (SWFTC) aka SwftCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-12-28 | not yet calculated | CVE-2018-18666 MISC MISC MISC |
evolution_cms -- evolution_cms | Evolution CMS 1.4.x allows XSS via the manager/ search parameter. | 2018-12-28 | not yet calculated | CVE-2018-16638 MISC |
evolution_cms -- evolution_cms | Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI. | 2018-12-28 | not yet calculated | CVE-2018-16637 MISC |
f5 -- big-ip | On versions 11.2.1. and greater, unrestricted Snapshot File Access allows BIG-IP system's user with any role, including Guest Role, to have access and download previously generated and available snapshot files on the BIG-IP configuration utility such as QKView and TCPDumps. | 2018-12-28 | not yet calculated | CVE-2018-15333 CONFIRM |
f5 -- big-ip_apm | When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM becomes a client application to an external OAuth authorization server. In certain cases when communication between the BIG-IP APM and the OAuth authorization server is lost, APM may not display the intended message in the failure response | 2018-12-28 | not yet calculated | CVE-2018-15335 CONFIRM |
f5 -- big-ip_apm | A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication. | 2018-12-28 | not yet calculated | CVE-2018-15334 CONFIRM |
f5 -- ip_infusion_zebos_and_ocnos | The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and all OcNOS versions to 1.3.3.145 allow remote attackers to cause a denial of service attack via an autonomous system (AS) path containing 8 or more autonomous system number (ASN) elements. | 2018-12-28 | not yet calculated | CVE-2018-17539 CONFIRM |
foxit -- quick_pdf_library | In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref entries using the DAOpenFile or DAOpenFileReadOnly functions may result in an access violation caused by out of bounds memory access. | 2018-12-24 | not yet calculated | CVE-2018-20249 BID CONFIRM |
foxit -- quick_pdf_library | In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref table pointers or invalid xref table data using the LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile or DAOpenFileReadOnly functions may result in an access violation caused by out of bounds memory access. | 2018-12-24 | not yet calculated | CVE-2018-20248 BID CONFIRM |
foxit -- quick_pdf_library | In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing a recursive page tree structure using the LoadFromFile, LoadFromString or LoadFromStream functions results in a stack overflow. | 2018-12-24 | not yet calculated | CVE-2018-20247 BID CONFIRM |
frontaccounting_team -- frontaccounting | FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application. | 2018-12-28 | not yet calculated | CVE-2018-1000890 MISC EXPLOIT-DB |
gnu -- gnu_tar | GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root). | 2018-12-26 | not yet calculated | CVE-2018-20482 MISC MISC MISC MISC |
gnu -- gnu_wget | set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl. | 2018-12-26 | not yet calculated | CVE-2018-20483 MISC MISC |
gnu -- libextractor | GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c. | 2018-12-24 | not yet calculated | CVE-2018-20430 BID MISC MISC MISC MLIST DEBIAN |
gnu -- libextractor | GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c. | 2018-12-24 | not yet calculated | CVE-2018-20431 BID MISC MISC MISC MLIST DEBIAN |
google -- chrome | The Chat Anywhere extension 2.4.0 for Chrome allows XSS via crafted use of <<a> in a message, because a danmuWrapper DIV element in chatbox-only\danmu.js is outside the scope of a Content Security Policy (CSP). | 2018-12-27 | not yet calculated | CVE-2018-20524 MISC |
imagemagick -- imagemagick | In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. | 2018-12-25 | not yet calculated | CVE-2018-20467 BID MISC MISC |
inovo -- broadband_devices | iNovo Broadband IB-8120-W21 139.4410mp1.004200.002 and IB-8120-W21E1 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 2018-12-23 | not yet calculated | CVE-2018-20384 MISC MISC |
ivan_cordoba -- generic_cms | user/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. | 2018-12-28 | not yet calculated | CVE-2018-20569 MISC |
ivan_cordoba -- generic_cms | Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. | 2018-12-28 | not yet calculated | CVE-2018-20568 MISC |
jasper -- jasper | jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read. | 2018-12-28 | not yet calculated | CVE-2018-20570 MISC |
jeecms -- jeecms | JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter. | 2018-12-28 | not yet calculated | CVE-2018-20528 MISC |
jiuzhou -- bcm93383wrg_devices | Jiuzhou BCM93383WRG 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 2018-12-23 | not yet calculated | CVE-2018-20382 MISC MISC |
kaonmedia -- cg2001_devices | Kaonmedia CG2001-AN22A 1.2.1, CG2001-UDBNA 3.0.8, and CG2001-UN2NA 3.0.8 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 2018-12-23 | not yet calculated | CVE-2018-20390 MISC MISC |
kirby_cms -- kirby_cms | Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file. | 2018-12-28 | not yet calculated | CVE-2018-16630 MISC |
leagoo -- p1_android_device | The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a hidden root privilege escalation capability to achieve command execution as the root user. They have made modifications that allow a user with physical access to the device to obtain a root shell via ADB by modifying read-only system properties at runtime. Specifically, modifying the ro.debuggable and the ro.secure system properties to a certain value and then restarting the ADB daemon allows for a root shell to be obtained via ADB. | 2018-12-28 | not yet calculated | CVE-2018-14998 MISC MISC |
leagoo -- z5c_android_device | The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed app with a package name of com.android.messaging (versionCode=1000110, versionName=1.0.001, (android.20170630.092853-0)) containing an exported content provider named com.android.messaging.datamodel.MessagingContentProvider. Any app co-located on the device can read the most recent text message from each conversation. That is, for each phone number where the user has either sent or received a text message from, a zero-permission third-party app can obtain the body of the text message, phone number, name of the contact (if it exists), and a timestamp for the most recent text message of each conversation. As the querying of the vulnerable content provider app component can be performed silently in the background, a malicious app can continuously monitor the content provider to see if the current message in each conversation has changed to obtain new text messages. | 2018-12-28 | not yet calculated | CVE-2018-14986 MISC MISC |
leagoo -- z5c_android_device | The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of com.android.settings (versionCode=23, versionName=6.0-android.20170630.092853) that contains an exported broadcast receiver that allows any app co-located on the device to programmatically initiate a factory reset. In addition, the app initiating the factory reset does not require any permissions. A factory reset will remove all user data and apps from the device. This will result in the loss of any data that have not been backed up or synced externally. The capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves with the exception of enabled Mobile Device Management (MDM) apps), although this capability can be obtained by leveraging an unprotected app component of a pre-installed platform app. | 2018-12-28 | not yet calculated | CVE-2018-14985 MISC MISC |
leagoo -- z5c_android_device | The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed app with a package name of com.android.messaging (versionCode=1000110, versionName=1.0.001, (android.20170630.092853-0)) with an exported broadcast receiver app component named com.android.messaging.trackersender.TrackerSender. Any app co-located on the device, even one with no permissions, can send a broadcast intent with certain embedded data to the exported broadcast receiver application component that will result in the programmatic sending of a text message where the phone number and body of the text message is controlled by the attacker. | 2018-12-28 | not yet calculated | CVE-2018-14984 MISC MISC |
libcaca -- libcaca | There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data. | 2018-12-28 | not yet calculated | CVE-2018-20547 MISC |
libcaca -- libcaca | There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19. | 2018-12-28 | not yet calculated | CVE-2018-20549 MISC |
libcaca -- libcaca | There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data. | 2018-12-28 | not yet calculated | CVE-2018-20545 MISC |
libcaca -- libcaca | There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data. | 2018-12-28 | not yet calculated | CVE-2018-20548 MISC |
libcaca -- libcaca | There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case. | 2018-12-28 | not yet calculated | CVE-2018-20546 MISC |
libcaca -- libcaca | There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19. | 2018-12-28 | not yet calculated | CVE-2018-20544 MISC |
libdoc -- libdoc | The getlong function in numutils.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service (application crash) via a crafted file. | 2018-12-25 | not yet calculated | CVE-2018-20453 MISC |
libdoc -- libdoc | The process_file function in reader.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service (application crash) via a crafted file. | 2018-12-25 | not yet calculated | CVE-2018-20451 MISC |
liblas -- liblas | There is a Segmentation fault triggered by illegal address access at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service. | 2018-12-28 | not yet calculated | CVE-2018-20539 MISC |
liblas -- liblas | There is memory leak at liblas::Open (liblas/liblas.hpp) in libLAS 1.8.1. | 2018-12-28 | not yet calculated | CVE-2018-20540 MISC |
liblas -- liblas | There is a NULL pointer dereference at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service. | 2018-12-28 | not yet calculated | CVE-2018-20537 MISC |
liblas -- liblas | There is a heap-based buffer over-read at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service. | 2018-12-28 | not yet calculated | CVE-2018-20536 MISC |
libming -- libming | libming 0.4.8 has a NULL pointer dereference in the strlenext function of the decompile.c file, a different vulnerability than CVE-2018-7874. | 2018-12-24 | not yet calculated | CVE-2018-20428 MISC |
libming -- libming | libming 0.4.8 has a NULL pointer dereference in the getName function of the decompile.c file, a different vulnerability than CVE-2018-7872 and CVE-2018-9165. | 2018-12-24 | not yet calculated | CVE-2018-20429 MISC |
libming -- libming | libming 0.4.8 has a NULL pointer dereference in the newVar3 function of the decompile.c file, a different vulnerability than CVE-2018-7866. | 2018-12-24 | not yet calculated | CVE-2018-20426 MISC |
libming -- libming | libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file, a different vulnerability than CVE-2018-9132. | 2018-12-24 | not yet calculated | CVE-2018-20427 MISC |
libming -- libming | libming 0.4.8 has a NULL pointer dereference in the pushdup function of the decompile.c file. | 2018-12-24 | not yet calculated | CVE-2018-20425 MISC |
libraw -- libraw | LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. | 2018-12-22 | not yet calculated | CVE-2018-20364 BID MISC |
libraw -- libraw | LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow. | 2018-12-22 | not yet calculated | CVE-2018-20365 BID MISC |
libraw -- libraw | LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. | 2018-12-22 | not yet calculated | CVE-2018-20363 BID MISC |
libsolv -- libsolv | There is an illegal address access at src/pool.h (function pool_whatprovides) in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. | 2018-12-28 | not yet calculated | CVE-2018-20534 MISC MISC |
libsolv -- libsolv | There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. | 2018-12-28 | not yet calculated | CVE-2018-20533 MISC MISC |
libsolv -- libsolv | There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. | 2018-12-28 | not yet calculated | CVE-2018-20532 MISC MISC |
libxls -- libxls | The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid free that allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, because of inconsistent memory management (new versus free) in ole2_read_header in ole.c. | 2018-12-25 | not yet calculated | CVE-2018-20452 MISC |
libxls -- libxls | The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2017-2897. | 2018-12-25 | not yet calculated | CVE-2018-20450 MISC |
libxsmm -- libxsmm | There is a heap-based buffer-overflow at generator_spgemm_csc_reader.c (function libxsmm_sparse_csc_reader) in LIBXSMM 1.10, a different vulnerability than CVE-2018-20541 (which is in a different part of the source code and is seen at a different address). | 2018-12-28 | not yet calculated | CVE-2018-20542 MISC MISC MISC MISC |
libxsmm -- libxsmm | There is an attempted excessive memory allocation at libxsmm_sparse_csc_reader in generator_spgemm_csc_reader.c in LIBXSMM 1.10 that will cause a denial of service. | 2018-12-28 | not yet calculated | CVE-2018-20543 MISC |
libxsmm -- libxsmm | There is a heap-based buffer overflow in libxsmm_sparse_csc_reader at generator_spgemm_csc_reader.c in LIBXSMM 1.10, a different vulnerability than CVE-2018-20542 (which is in a different part of the source code and is seen at different addresses). | 2018-12-28 | not yet calculated | CVE-2018-20541 MISC MISC MISC |
linux -- linux_kernel | An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call. | 2018-12-27 | not yet calculated | CVE-2018-20511 MISC BID MISC MISC MISC |
metinfo -- metinfo | MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php url_array[] parameter. | 2018-12-26 | not yet calculated | CVE-2018-20486 MISC MISC |
mezzanine_cms -- mezzanine_cms | Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?_to_field=id&_popup=1 title parameter at admin/blog/blogpost/add/. | 2018-12-28 | not yet calculated | CVE-2018-16632 MISC |
microstrategy -- microstrategy_web | main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF. | 2018-12-28 | not yet calculated | CVE-2018-18696 MISC BUGTRAQ |
minicms -- minicms | MiniCMS V1.10 has XSS via the mc-admin/post-edit.php query string, a related issue to CVE-2018-10296 and CVE-2018-16233. | 2018-12-27 | not yet calculated | CVE-2018-20520 MISC |
mit -- kerberos | A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request. | 2018-12-26 | not yet calculated | CVE-2018-20217 CONFIRM CONFIRM FEDORA |
ml_report -- ml_report_enterprise | ML Report version Between 2.00.000.0000 and 2.18.628.5980 contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. this can be leveraged for code execution. | 2018-12-28 | not yet calculated | CVE-2018-5204 MISC |
motorola_multiple_devices | Motorola SBG901 SBG901-2.10.1.1-GA-00-581-NOSH, SBG941 SBG941-2.11.0.0-GA-07-624-NOSH, and SVG1202 SVG1202-2.1.0.0-GA-14-LTSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 2018-12-23 | not yet calculated | CVE-2018-20399 BID MISC MISC |
mplus -- cbc383z_devices | mplus CBC383Z CBC383Z_mplus_MDr026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 2018-12-23 | not yet calculated | CVE-2018-20397 MISC MISC |
nec_corporation_of_america -- nec_univerge_sv9100_webpro | NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI. | 2018-12-26 | not yet calculated | CVE-2018-11742 MISC MISC FULLDISC EXPLOIT-DB |
nec_corporation_of_america -- nec_univerge_sv9100_webpro | NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Information Disclosure via Home.htm?sessionId=#####&GOTO(8) URIs. | 2018-12-26 | not yet calculated | CVE-2018-11741 MISC MISC FULLDISC EXPLOIT-DB |
net&sys -- multiple_devices | NET&SYS MNG2120J 5.76.1006c and MNG6300 5.83.6305jrc2 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 2018-12-23 | not yet calculated | CVE-2018-20396 MISC MISC |
netwave -- mng6200_devices | NETWAVE MNG6200 C4835805jrc12FU121413.cpr devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 2018-12-23 | not yet calculated | CVE-2018-20395 MISC MISC |
netwide_assembler -- netwide_assembler | There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during a line-number increment attempt. | 2018-12-28 | not yet calculated | CVE-2018-20535 MISC |
netwide_assembler -- netwide_assembler | There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests. | 2018-12-28 | not yet calculated | CVE-2018-20538 MISC |
nuttx -- nuttx | An issue was discovered in NuttX before 7.27. The function netlib_parsehttpurl() in apps/netutils/netlib/netlib_parsehttpurl.c mishandles URLs longer than hostlen bytes (in the webclient, this is set by default to 40), leading to an Infinite Loop. The attack vector is the Location header of an HTTP 3xx response. | 2018-12-28 | not yet calculated | CVE-2018-20578 MISC MISC |
orange -- livebox | Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. | 2018-12-28 | not yet calculated | CVE-2018-20577 MISC |
orange -- livebox | Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. | 2018-12-28 | not yet calculated | CVE-2018-20576 MISC MISC |
orange -- livebox | Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. | 2018-12-28 | not yet calculated | CVE-2018-20575 MISC |
php_group -- pear | PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called without a specific prefix path, we can trigger unserialization by crafting a tar file with `phar://[path_to_malicious_phar_file]` as path. Object injection can be used to trigger destruct in the loaded PHP classes, e.g. the Archive_Tar class itself. With Archive_Tar object injection, arbitrary file deletion can occur because `@unlink($this->_temp_tarname)` is called. If another class with useful gadget is loaded, it may possible to cause remote code execution that can result in files being deleted or possibly modified. This vulnerability appears to have been fixed in 1.4.4. | 2018-12-28 | not yet calculated | CVE-2018-1000888 MISC MISC CONFIRM CONFIRM |
phpscriptsmall.com -- website_seller_script | PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896. | 2018-12-28 | not yet calculated | CVE-2018-20530 MISC |
poppler -- poppler | A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c. | 2018-12-28 | not yet calculated | CVE-2018-20551 MISC MISC |
poppler -- poppler | XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc. | 2018-12-25 | not yet calculated | CVE-2018-20481 BID MISC MISC |
pulse_secure -- secure_access_sa_series_ssl_vpn_products | Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (build 7631). This occurs because appropriate controls are not performed. Specifically, it is possible for a readonly user to change the administrator user password by making a local copy of the /dana-admin/user/update.cgi page, changing the "user" value, and saving the changes. | 2018-12-21 | not yet calculated | CVE-2018-20193 FULLDISC BID |
python -- python | Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. | 2018-12-23 | not yet calculated | CVE-2018-20406 MISC MISC |
q'center -- virtual_appliance | Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0723. | 2018-12-26 | not yet calculated | CVE-2018-0724 CONFIRM |
q'center -- virtual_appliance | Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0724. | 2018-12-26 | not yet calculated | CVE-2018-0723 CONFIRM |
radare2 -- radare2 | In radare2 prior to 3.1.1, r_bin_dyldcache_extract in libr/bin/format/mach0/dyldcache.c may allow attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting an input file. | 2018-12-25 | not yet calculated | CVE-2018-20458 MISC MISC |
radare2 -- radare2 | In radare2 through 3.1.3, the armass_assemble function in libr/asm/arch/arm/armass.c allows attackers to cause a denial-of-service (application crash by out-of-bounds read) by crafting an arm assembly input because a loop uses an incorrect index in armass.c and certain length validation is missing in armass64.c, a related issue to CVE-2018-20457. | 2018-12-25 | not yet calculated | CVE-2018-20459 MISC MISC |
radare2 -- radare2 | In radare2 prior to 3.1.1, core_anal_bytes in libr/core/cmd_anal.c allows attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting a binary file. | 2018-12-25 | not yet calculated | CVE-2018-20461 MISC MISC |
radare2 -- radare2 | In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash in libr/util/strbuf.c via a stack-based buffer over-read) by crafting an input file, a related issue to CVE-2018-20455. | 2018-12-25 | not yet calculated | CVE-2018-20456 MISC MISC |
radare2 -- radare2 | In radare2 through 3.1.3, the assemble function inside libr/asm/p/asm_arm_cs.c allows attackers to cause a denial-of-service (application crash via an r_num_calc out-of-bounds read) by crafting an arm assembly input because a loop uses an incorrect index in armass.c and certain length validation is missing in armass64.c, a related issue to CVE-2018-20459. | 2018-12-25 | not yet calculated | CVE-2018-20457 MISC MISC |
radare2 -- radare2 | In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attackers to cause a denial-of-service (application crash caused by stack-based buffer overflow) by crafting an input file. | 2018-12-25 | not yet calculated | CVE-2018-20460 MISC MISC |
radare2 -- radare2 | In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash via a stack-based buffer overflow) by crafting an input file, a related issue to CVE-2018-20456. | 2018-12-25 | not yet calculated | CVE-2018-20455 MISC MISC |
rockwell_automation_allen-bradley -- powermonitor_1000 | An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. An unauthenticated user can add/edit/remove administrators because access control is implemented on the client side via a disabled attribute for a BUTTON element. | 2018-12-26 | not yet calculated | CVE-2018-19616 MISC EXPLOIT-DB |
rockwell_automation_allen-bradley -- powermonitor_1000 | An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. /Security/Security.shtm has stored XSS via a /Security/cgi-bin/security URI. | 2018-12-26 | not yet calculated | CVE-2018-19615 MISC EXPLOIT-DB |
s-cms -- s-cms | An issue was discovered in S-CMS 1.0. It allows SQL Injection via the wap_index.php?type=newsinfo S_id parameter. | 2018-12-25 | not yet calculated | CVE-2018-20479 MISC |
s-cms -- s-cms | An issue was discovered in S-CMS 1.0. It allows SQL Injection via the js/pic.php P_id parameter. | 2018-12-25 | not yet calculated | CVE-2018-20480 MISC |
s-cms -- s-cms | An issue was discovered in S-CMS 1.0. It allows reading certain files, such as PHP source code, via the admin/download.php DownName parameter with a mixed-case extension, as demonstrated by a DownName=download.Php value. | 2018-12-25 | not yet calculated | CVE-2018-20478 MISC |
safe_software -- fme_server | Safe Software FME Server through 2018.1 creates and enables three additional accounts in addition to the initial administrator account. The passwords to the three accounts are the same as the usernames, which are guest, user, and author. Logging in with these accounts will grant any user the default privilege roles that were also created for each of the accounts. | 2018-12-23 | not yet calculated | CVE-2018-20402 MISC |
schneider_electric -- evlink_parking | A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable access with maximum privileges when a remote code execution is performed. | 2018-12-24 | not yet calculated | CVE-2018-7801 CONFIRM |
schneider_electric -- evlink_parking | A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device. | 2018-12-24 | not yet calculated | CVE-2018-7800 CONFIRM |
schneider_electric -- evlink_parking | A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give access to the web interface with full privileges. | 2018-12-24 | not yet calculated | CVE-2018-7802 CONFIRM |
schneider_electric -- foxview_hmi_scada
| A Credential Management vulnerability exists in FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.) which could cause unauthorized disclosure, modification, or disruption in service when the password is modified without permission. | 2018-12-24 | not yet calculated | CVE-2018-7793 CONFIRM |
schneider_electric -- gp-pro_ex | An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched. | 2018-12-24 | not yet calculated | CVE-2018-7832 CONFIRM |
schneider_electric -- iiot_monitor | An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user. | 2018-12-24 | not yet calculated | CVE-2018-7835 CONFIRM |
schneider_electric -- iiot_monitor | An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow upload and execution of malicious files. | 2018-12-24 | not yet calculated | CVE-2018-7836 CONFIRM |
schneider_electric -- iiot_monitor | An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information. | 2018-12-24 | not yet calculated | CVE-2018-7837 CONFIRM |
schneider_electric -- powersuite2 | A Buffer Error vulnerability exists in PowerSuite 2, all released versions (VW3A8104 & Patches), which could cause an overflow in the memcpy function, leading to corruption of data and program instability. | 2018-12-24 | not yet calculated | CVE-2018-7796 CONFIRM |
scientific_atlanta_webstar -- dpc2100_devices | S-A WebSTAR DPC2100 v2.0.2r1256-060303 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 2018-12-23 | not yet calculated | CVE-2018-20392 MISC MISC |
sky_elite -- 6.0l+_android_device | The Sky Elite 6.0L+ Android device with a build fingerprint of SKY/x6069_trx_l601_sky/x6069_trx_l601_sky:6.0/MRA58K/1482897127:user/release-keys contains a pre-installed platform app with a package name of com.fw.upgrade.sysoper (versionCode=238, versionName=2.3.8) that contains an exported broadcast receiver app component named com.adups.fota.sysoper.WriteCommandReceiver that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. The com.fw.upgrade.sysoper app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, obtain the user's text messages, and more. | 2018-12-28 | not yet calculated | CVE-2018-15007 MISC MISC |
skyworth -- multiple_cm5100_devices | Skyworth CM5100 V1.1.0, CM5100-440 V1.2.1, CM5100-511 4.1.0.14, CM5100-GHD00 V1.2.2, and CM5100.g2 4.1.0.17 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 2018-12-23 | not yet calculated | CVE-2018-20398 MISC MISC |
sqlite -- sqlite | SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan. | 2018-12-21 | not yet calculated | CVE-2018-20346 BID MISC MISC MISC MISC MISC MISC MISC MISC MLIST MISC MISC MISC MISC MISC MISC CONFIRM |
suse -- repository_mirroring_tool | The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database. | 2018-12-26 | not yet calculated | CVE-2018-17957 CONFIRM CONFIRM |
synology -- diskstation_manager | Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter. | 2018-12-24 | not yet calculated | CVE-2018-8917 CONFIRM |
synology -- diskstation_manager | Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors. | 2018-12-24 | not yet calculated | CVE-2018-8919 CONFIRM |
synology -- diskstation_manager | Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format. | 2018-12-24 | not yet calculated | CVE-2018-8920 CONFIRM |
synology -- router_manager | Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter. | 2018-12-24 | not yet calculated | CVE-2018-8918 CONFIRM |
tcpreplay -- tcpreplay | Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len in common/get.c. | 2018-12-28 | not yet calculated | CVE-2018-20553 MISC MISC |
tcpreplay -- tcpreplay | Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c. | 2018-12-28 | not yet calculated | CVE-2018-20552 MISC MISC |
technicolor -- multiple_devices | Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU, CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC, DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a, TC7110.AR STD3.38.03, TC7110.B STC8.62.02, TC7110.D STDB.79.02, TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT, and TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 2018-12-23 | not yet calculated | CVE-2018-20393 MISC MISC |
technicolor -- multiple_devices | Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. | 2018-12-25 | not yet calculated | CVE-2018-20439 MISC |
technicolor -- multiple_devices | Technicolor DPC2320 dpc2300r2-v202r1244101-150420a-v6 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 2018-12-23 | not yet calculated | CVE-2018-20381 MISC MISC |
technicolor -- multiple_devices | Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a devices allow XSS via a Cross Protocol Injection attack with setSSID of 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.1.1.3.10001. | 2018-12-23 | not yet calculated | CVE-2018-20379 MISC |
technicolor -- multiple_devices | Technicolor TC7110.AR STD3.38.03 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests. | 2018-12-25 | not yet calculated | CVE-2018-20438 MISC |
technicolor -- multiple_devices | Technicolor CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. | 2018-12-25 | not yet calculated | CVE-2018-20440 MISC |
technicolor -- multiple_devices | Technicolor TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests. | 2018-12-25 | not yet calculated | CVE-2018-20441 MISC |
technicolor -- multiple_devices | Technicolor TC7110.B STC8.62.02 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests. | 2018-12-25 | not yet calculated | CVE-2018-20442 MISC |
technicolor -- multiple_devices | Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. | 2018-12-25 | not yet calculated | CVE-2018-20443 MISC |
technicolor -- multiple_devices | Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. | 2018-12-25 | not yet calculated | CVE-2018-20444 MISC |
teknotel -- cbw700n_devices | TEKNOTEL CBW700N 81.447.392110.729.024 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 2018-12-23 | not yet calculated | CVE-2018-20391 MISC MISC |
telegram -- telegram | The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. There are also GET requests to other URLs on the same web server. This also affects one or more other Telegram products, such as Telegram Web-version 0.7.0. In addition, it can be interpreted as an SSRF issue. | 2018-12-24 | not yet calculated | CVE-2018-20436 MISC MISC |
the_qt_company -- qt | An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. | 2018-12-26 | not yet calculated | CVE-2018-19873 SUSE CONFIRM CONFIRM |
the_qt_company -- qt | QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. | 2018-12-26 | not yet calculated | CVE-2018-15518 SUSE CONFIRM CONFIRM |
the_qt_company -- qt | An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. | 2018-12-26 | not yet calculated | CVE-2018-19871 CONFIRM CONFIRM |
the_qt_company -- qt | An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. | 2018-12-26 | not yet calculated | CVE-2018-19870 CONFIRM CONFIRM |
the_qt_company -- qt | An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. | 2018-12-26 | not yet calculated | CVE-2018-19869 CONFIRM CONFIRM |
thomson -- multiple_devices | Thomson DWG849 STC0.01.16, DWG850-4 ST9C.05.25, DWG855 ST80.20.26, and TWG870 STB2.01.36 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 2018-12-23 | not yet calculated | CVE-2018-20394 MISC MISC |
tiny_c_compiler -- tiny_c_compiler | An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the sym_pop function in tccgen.c. | 2018-12-23 | not yet calculated | CVE-2018-20375 MISC |
tiny_c_compiler -- tiny_c_compiler | An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the asm_parse_directive function in tccasm.c. | 2018-12-23 | not yet calculated | CVE-2018-20376 MISC |
tiny_c_compiler -- tiny_c_compiler | An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the use_section1 function in tccasm.c. | 2018-12-23 | not yet calculated | CVE-2018-20374 MISC |
ubee -- multiple_devices | Ubee DVW2108 6.28.1017 and DVW2110 6.28.2012 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 2018-12-23 | not yet calculated | CVE-2018-20400 MISC MISC |
via_technologies -- epia-e900_system_board | ETK_E900.sys, a SmartETK driver for VIA Technologies EPIA-E900 system board, is vulnerable to denial of service attack via IOCTL 0x9C402048, which calls memmove and constantly fails on an arbitrary (uncontrollable) address, resulting in an eternal hang or a BSoD. | 2018-12-26 | not yet calculated | CVE-2018-20404 MISC |
vivo -- v7_android_device | The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.bsptest (versionCode=1, versionName=1.0) containing an exported activity app component named com.vivo.bsptest.BSPTestActivity that allows any app co-located on the device to initiate the writing of the logcat log, bluetooth log, and kernel log to external storage. When logging is enabled, there is a notification in the status bar, so it is not completely transparent to the user. The user can cancel the logging, but it can be re-enabled since the app with a package name of com.vivo.bsptest cannot be disabled. The writing of these logs can be initiated by an app co-located on the device, although the READ_EXTERNAL_STORAGE permission is necessary to for an app to access the log files. | 2018-12-28 | not yet calculated | CVE-2018-15001 MISC MISC |
vivo -- v7_android_device | The Vivo V7 device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys allows any app co-located on the device to set system properties as the com.android.phone user. The com.qualcomm.qti.modemtestmode app (versionCode=25, versionName=7.1.2) that contains an exported service named com.qualcomm.qti.modemtestmode.MbnTestService that allows any app co-located on the device to provide key-value pairs to set certain system properties. Notably, system properties with the persist.* prefix can be set which will survive a reboot. On the Vivo V7 device, when the persist.sys.input.log property is set to have a value of yes, the user's screen touches be written to the logcat log by the InputDispatcher for all apps. The system-wide logcat log can be obtained from external storage via a different known vulnerability on the device. The READ_EXTERNAL_STORAGE permission is necessary to access the log files containing the user's touch coordinates. With some effort, the user's touch coordinates can be mapped to key presses on a keyboard. | 2018-12-28 | not yet calculated | CVE-2018-15002 MISC MISC |
weberp -- weberp | In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwrite of an existing .sql file on the target web site by creating a template and then using ../ directory traversal in the TemplateName parameter. | 2018-12-23 | not yet calculated | CVE-2018-20420 MISC |
wellintech -- kingscada | WellinTech KingSCADA before 3.7.0.0.1 contains a stack-based buffer overflow. The vulnerability is triggered when sending a specially crafted packet to the AlarmServer (AEserver.exe) service listening on TCP port 12401. | 2018-12-23 | not yet calculated | CVE-2018-20410 MISC MISC |
wordpress -- wordpress | An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. There is an arbitrary file read vulnerability via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. This can also be used for SSRF. | 2018-12-25 | not yet calculated | CVE-2018-20463 MISC |
wordpress -- wordpress | An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter. | 2018-12-25 | not yet calculated | CVE-2018-20462 MISC |
wuzhi_cms -- wuzhi_cms | WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893. | 2018-12-28 | not yet calculated | CVE-2018-20572 MISC |
xiaomi -- mi_a1_devices | An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. They store cleartext Wi-Fi passwords in logcat during the process of setting up the phone as a hotspot. | 2018-12-24 | not yet calculated | CVE-2018-18698 MISC |
xmplay -- xmplay | XMPlay 3.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted http:// URL in a .m3u file. | 2018-12-24 | not yet calculated | CVE-2018-19357 EXPLOIT-DB |
yaml-cpp -- yaml-cpp | The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. | 2018-12-28 | not yet calculated | CVE-2018-20574 MISC |
yaml-cpp -- yaml-cpp | The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. | 2018-12-28 | not yet calculated | CVE-2018-20573 MISC |
zoho -- manageengine_adselfservice_plus | Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature. | 2018-12-26 | not yet calculated | CVE-2018-20485 MISC |
zoho -- manageengine_adselfservice_plus | Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation. | 2018-12-26 | not yet calculated | CVE-2018-20484 MISC |
zoho -- manageengine_opmanager | Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section. | 2018-12-21 | not yet calculated | CVE-2018-20338 BID MISC |
zoho -- manageengine_opmanager | Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section. | 2018-12-21 | not yet calculated | CVE-2018-20339 BID MISC |
zoom -- 5352_devices | Zoom 5352 v5.5.8.6Y devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 2018-12-23 | not yet calculated | CVE-2018-20401 MISC MISC |
zte -- blade_vantage_android_device | The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z839/sweet:7.1.1/NMF26V/20180120.095344:user/release-keys, the ZTE Blade Spark Android device with a build fingerprint of ZTE/Z971/peony:7.1.1/NMF26V/20171129.143111:user/release-keys, the ZTE ZMAX Pro Android device with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contain a pre-installed platform app with a package name of com.android.modem.service (versionCode=25, versionName=7.1.1; versionCode=23, versionName=6.0.1) that exports an interface to any app on co-located on the device. Using the exported interface of the com.android.modem.service app, any app can enable and obtain certain log files (modem and logcat) without the appropriate corresponding access permissions. The modem logs contain the phone number and full text body of incoming and outgoing text messages in binary format. In addition, the modem log contains the phone numbers for both incoming and outgoing phone calls. The system-wide logcat logs (those obtained via the logcat binary) tend to contain sensitive user data. Third-party apps are prevented from directly reading the system-wide logcat logs. The capability to read from the system-wide logcat logs is only available to pre-installed system apps and platform apps. The modem log and/or logcat log, once activated, get written to external storage (SD card). An app aware of this vulnerability can enable the logs, parse them for relevant data, and exfiltrate them from the device. The modem log and logcat log are inactive by default, but a third-party app with no permissions can activate them, although the app will need to be granted the READ_EXTERNAL_STORAGE permission to access them. | 2018-12-28 | not yet calculated | CVE-2018-14995 MISC MISC |
zte -- zmax_champ_android_device | The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.android.zte.hiddenmenu (versionCode=23, versionName=6.0.1) that contains an exported broadcast receiver app component named com.android.zte.hiddenmenu.CommandReceiver that is accessible to any app co-located on the device. This app component, when it receives a broadcast intent with a certain action string, will write a non-standard (i.e., not defined in Android Open Source Project (AOSP) code) command to the /cache/recovery/command file to be executed in recovery mode. Once the device boots into recovery mode, it will crash, boot into recovery mode, and crash again. This crash loop will keep repeating, which makes the device unusable. There is no way to boot into an alternate mode once the crash loop starts. | 2018-12-28 | not yet calculated | CVE-2018-15006 MISC MISC |
zte -- zmax_champ_android_device | The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.zte.zdm.sdm (versionCode=31, versionName=V5.0.3) that contains an exported broadcast receiver app component named com.zte.zdm.VdmcBroadcastReceiver that allows any app co-located on the device to programmatically initiate a factory reset. In addition, the app initiating the factory reset does not require any permissions. A factory reset will remove all user data and apps from the device. This will result in the loss of any data that have not been backed up or synced externally. The capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves with the exception of enabled Mobile Device Management (MDM) apps), although this capability can be obtained by leveraging an unprotected app component of a pre-installed platform app. | 2018-12-28 | not yet calculated | CVE-2018-15005 MISC MISC |
zte -- zxv10_b860av2.1_chinamobile | ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, the BESTV versions up to V1.2.2, the WASU versions up to V1.1.7 and the MGTV versions up to V1.4.6 have an authentication bypass vulnerability, which may allows an unauthorized user to perform unauthorized operations. | 2018-12-28 | not yet calculated | CVE-2018-7366 CONFIRM |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.