SB18-253: Vulnerability Summary for the Week of September 3, 2018

Original release date: September 10, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no medium vulnerabilities recorded this week.

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
absolute_software — ctes_windows_agent
 
An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security permissions on the %ProgramData%CTES folder and sub-folders may allow write access to low-privileged user accounts. This allows unauthorized replacement of service program executable (EXE) or dynamically loadable library (DLL) files, causing elevated (SYSTEM) user access. Configuration control files or data files under this folder could also be similarly modified to affect service process behavior. 2018-09-08 not yet calculated CVE-2018-16715
CONFIRM
adobe — experience_manager
 
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a Cross-site Scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2018-09-06 not yet calculated CVE-2018-5005
BID
SECTRACK
CONFIRM
adrenaline — hrms
 
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4.0 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the flexiportal/GeneralInfo.aspx strAction parameter. 2018-09-06 not yet calculated CVE-2018-12234
MISC
amcrest — networked_devices
 
Amcrest networked devices use the same hardcoded SSL private key across different customers’ installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation, as demonstrated by Amcrest_IPC-HX1X3X-LEXUS_Eng_N_AMCREST_V2.420.AC01.3.R.20180206. 2018-09-05 not yet calculated CVE-2018-16546
MISC
antenna_house — dmc_htmlfilter
 
An exploitable heap corruption vulnerability exists in the Txo functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS file to trigger this vulnerability. 2018-09-07 not yet calculated CVE-2017-2795
MISC
antenna_house — dmc_htmlfilter
 
An exploitable heap corruption vulnerability exists in the iBldDirInfo functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can provide a malicious xls file to trigger this vulnerability. 2018-09-07 not yet calculated CVE-2017-2792
MISC
artifex — ghostscript
 
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. 2018-09-05 not yet calculated CVE-2018-16541
MISC
MISC
MISC
DEBIAN
artifex — ghostscript
 
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. 2018-09-05 not yet calculated CVE-2018-16542
MISC
MISC
MISC
DEBIAN
artifex — ghostscript
 
An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. 2018-09-06 not yet calculated CVE-2018-16585
MISC
MISC
MISC
DEBIAN
artifex — ghostscript
 
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact. 2018-09-05 not yet calculated CVE-2018-16513
MISC
MISC
MISC
DEBIAN
artifex — ghostscript
 
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact. 2018-09-05 not yet calculated CVE-2018-16540
MISC
MISC
MISC
DEBIAN
artifex — ghostscript
 
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable. 2018-09-05 not yet calculated CVE-2018-16539
MISC
MISC
MISC
DEBIAN
artifex — ghostscript
 
An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in “ztype” could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. 2018-09-05 not yet calculated CVE-2018-16511
MISC
MISC
MISC
MISC
DEBIAN
artifex — ghostscript
 
In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an unspecified impact. 2018-09-05 not yet calculated CVE-2018-16543
MISC
MISC
DEBIAN
artifex — ghostscript
 
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the “CS” and “SC” PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact. 2018-09-05 not yet calculated CVE-2018-16510
MISC
MISC
MISC
artifex — ghostscript
 
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect “restoration of privilege” checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the “pipe” instruction. 2018-09-05 not yet calculated CVE-2018-16509
MISC
MISC
MISC
CONFIRM
MISC
MISC
MISC
artifex — mupdf In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow. 2018-09-06 not yet calculated CVE-2018-16648
MISC
artifex — mupdf
 
In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file. 2018-09-06 not yet calculated CVE-2018-16647
MISC
asus — wl-330nul_firmware Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2018-09-07 not yet calculated CVE-2018-0647
JVN
MISC
auracms — auracms
 
An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator’s password via admin.php?mod=users and subsequently add a page or menu, or submit a topic. 2018-09-02 not yet calculated CVE-2018-16338
MISC
baigo — cms
 
An issue was discovered in baigo CMS v2.1.1. There is an index.php?m=article&c=request CSRF that can cause publication of any article. 2018-09-04 not yet calculated CVE-2018-16458
MISC
baijiacms — baijiacms
 
An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request. 2018-09-08 not yet calculated CVE-2018-16724
MISC
baijiacms — biajiacms
 
An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClipboard.swf id parameter, aka “Non-standard use of the flash component.” 2018-09-08 not yet calculated CVE-2018-16725
MISC
bit_part — mtappjquery
 
MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors. 2018-09-07 not yet calculated CVE-2018-0645
JVN
CONFIRM
CONFIRM
bluecms — bluecms
 
BlueCMS 1.6 allows SQL Injection via the user_name parameter to uploads/user.php?act=index_login. 2018-09-03 not yet calculated CVE-2018-16432
MISC
btiteam — xbtit An issue was discovered in BTITeam XBTIT 2.5.4. The “act” parameter in the sign-up page available at /index.php?page=signup is vulnerable to reflected cross-site scripting. 2018-09-05 not yet calculated CVE-2018-15678
CONFIRM
MISC
btiteam — xbtit
 
An issue was discovered in BTITeam XBTIT. PHP error logs are stored in an open directory (/include/logs) using predictable file names, which can lead to full path disclosure and leakage of sensitive data. 2018-09-05 not yet calculated CVE-2018-15684
MISC
btiteam — xbtit
 
An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS via the id parameter. 2018-09-05 not yet calculated CVE-2018-16361
CONFIRM
MISC
btiteam — xbtit
 
An issue was discovered in BTITeam XBTIT 2.5.4. The “keywords” parameter in the search function available at /index.php?page=forums&action=search is vulnerable to reflected cross-site scripting. 2018-09-05 not yet calculated CVE-2018-15679
CONFIRM
MISC
btiteam — xbtit
 
An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtit_users table are stored as unsalted MD5 hashes, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. 2018-09-05 not yet calculated CVE-2018-15680
MISC
btiteam — xbtit
 
An issue was discovered in BTITeam XBTIT. By using String.replace and eval, it is possible to bypass the includes/crk_protection.php anti-XSS mechanism that looks for a number of dangerous fingerprints. 2018-09-05 not yet calculated CVE-2018-15676
MISC
btiteam — xbtit
 
An issue was discovered in BTITeam XBTIT. The “returnto” parameter of the login page is vulnerable to an open redirect due to a lack of validation. If a user is already logged in when accessing the page, they will be instantly redirected. 2018-09-05 not yet calculated CVE-2018-15683
MISC
btiteam — xbtit
 
An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site request forgery protection, it is possible to automate the action of sending private messages to users by luring an authenticated user to a web page that automatically submits a form on their behalf. 2018-09-05 not yet calculated CVE-2018-15682
MISC
btiteam — xbtit
 
The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF. 2018-09-05 not yet calculated CVE-2018-15677
CONFIRM
MISC
btiteam — xbtit
 
An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the “pass” cookie, which is not flagged as HTTPOnly. Due to the weak and predictable salt that is in place, an attacker who successfully steals this cookie can efficiently brute-force it to retrieve the user’s cleartext password. 2018-09-05 not yet calculated CVE-2018-15681
MISC
canon_it_solutions — multiple_products Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2018-09-07 not yet calculated CVE-2018-0649
JVN
CONFIRM
chatwork — desktop_app_for_windows
 
Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2018-09-07 not yet calculated CVE-2018-0648
JVN
MISC
chemcms — chem_cms
 
ChemCMS 1.0.6 has XSS via the “setting -> website information” field. 2018-09-02 not yet calculated CVE-2018-16346
MISC
contiki_ng — contiki_ng
 
An issue was discovered in Contiki-NG through 4.1. There is a buffer over-read in lookup in os/storage/antelope/lvm.c while parsing AQL (lvm_register_variable, lvm_set_variable_value, create_intersection, create_union). 2018-09-07 not yet calculated CVE-2018-16667
MISC
contiki_ng — contiki_ng
 
An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow while parsing AQL in lvm_shift_for_operator in os/storage/antelope/lvm.c. 2018-09-07 not yet calculated CVE-2018-16665
MISC
contiki_ng — contiki_ng
 
An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in next_string in os/storage/antelope/aql-lexer.c while parsing AQL (parsing next string). 2018-09-07 not yet calculated CVE-2018-16666
MISC
contiki_ng — contiki_ng
 
An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow in lvm_set_type in os/storage/antelope/lvm.c while parsing AQL (lvm_set_op, lvm_set_relation, lvm_set_operand). 2018-09-07 not yet calculated CVE-2018-16664
MISC
contiki_ng — contiki_ng
 
An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in parse_relations in os/storage/antelope/aql-parser.c while parsing AQL (storage of relations). 2018-09-07 not yet calculated CVE-2018-16663
MISC
contronics — homeputer_cl_studio_fur_homematic Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack. 2018-09-07 not yet calculated CVE-2017-17691
MISC
craftedweb — craftedweb CraftedWeb through 2013-09-24 has reflected XSS via the p parameter. 2018-09-04 not yet calculated CVE-2018-16450
MISC
creme — crm An XSS issue was discovered in CremeCRM 1.6.12. It is affected by 10 stored Cross-Site Scripting (XSS) vulnerabilities in the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters in the contact creation and modification page. The payload is stored within the application database and allows the execution of JavaScript code each time a client visit an infected page. 2018-09-07 not yet calculated CVE-2018-9283
MISC
creme — crm
 
An issue was discovered in Creme CRM 1.6.12. The value of the cancel button uses the content of the HTTP Referer header, and could be used to trick a user into visiting a fake login page in order to steal credentials. 2018-09-07 not yet calculated CVE-2018-14398
MISC
creme — crm
 
An issue was discovered in Creme CRM 1.6.12. The salesman creation page is affected by 10 stored cross-site scripting vulnerabilities involving the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters. 2018-09-07 not yet calculated CVE-2018-14396
MISC
creme — crm
 
An issue was discovered in Creme CRM 1.6.12. The organization creation page is affected by 9 stored cross-site scripting vulnerabilities involving the name, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters. 2018-09-07 not yet calculated CVE-2018-14397
MISC
cscms — cscms uploadpluginssysadminSetting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save. 2018-09-08 not yet calculated CVE-2018-16732
MISC
MISC
cscms — cscms
 
uploadpluginssysInstall.php in CScms 4.1 has XSS via the site name. 2018-09-08 not yet calculated CVE-2018-16730
MISC
MISC
cscms — cscms
 
Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save. 2018-09-04 not yet calculated CVE-2018-16448
MISC
cscms — cscms
 
CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data. 2018-09-08 not yet calculated CVE-2018-16731
MISC
MISC
cscms — cscms
 
An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website’s basic configuration via upload/admin.php/setting/save. 2018-09-02 not yet calculated CVE-2018-16337
MISC
curl — curl
 
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.) 2018-09-05 not yet calculated CVE-2018-14618
SECTRACK
CONFIRM
CONFIRM
DEBIAN
d_link — dir-846_devices
 
D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access. 2018-09-03 not yet calculated CVE-2018-16408
MISC
docker — docker_for_windows
 
HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \.pipedockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the “docker-users” group (who may not otherwise have administrator access) to escalate to administrator privileges. 2018-08-31 not yet calculated CVE-2018-15514
BID
MISC
MISC
MISC
dojo — dojotoolkit
 
Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser – deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker’s control; the XSS vulnerability on the target domain is silently exploited without the victim’s knowledge. This vulnerability appears to have been fixed in 1.14. 2018-09-06 not yet calculated CVE-2018-1000665
CONFIRM
CONFIRM
doracms — doracms
 
Multiple cross-site scripting (XSS) vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) discription or (2) comments field, related to users/userAddContent. 2018-09-06 not yet calculated CVE-2018-16622
MISC
dotclear — dotclear
 
A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml. 2018-09-02 not yet calculated CVE-2018-16358
MISC
e107 — e107
 
e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter. 2018-09-05 not yet calculated CVE-2018-16381
MISC
easycms — easycms An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent. 2018-09-02 not yet calculated CVE-2018-16345
MISC
elefant — cms
 
An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF vulnerability that can add an account via user/add. 2018-09-02 not yet calculated CVE-2018-16387
MISC
elfutils — elfutils libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash. 2018-09-03 not yet calculated CVE-2018-16403
MISC
MISC
elfutils — elfutils
 
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. 2018-09-03 not yet calculated CVE-2018-16402
MISC
empirecms — empirecms
 
An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser. 2018-09-02 not yet calculated CVE-2018-16339
MISC
endress+hauser — wirelesshart_fieldgate_swg70_devices
 
Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter. 2018-09-07 not yet calculated CVE-2018-16059
EXPLOIT-DB
ethereum — go_ethereum
 
In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block. 2018-09-08 not yet calculated CVE-2018-16733
MISC
exceljs — exceljs
 
An unescaped payload in exceljs 2018-09-06 not yet calculated CVE-2018-16459
MISC
fhcrm — fhcrm An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the index.php/User/read limit parameter. 2018-09-02 not yet calculated CVE-2018-16354
MISC
fhcrm — fhcrm
 
An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the /index.php/Customer/read limit parameter. 2018-09-02 not yet calculated CVE-2018-16353
MISC
flask-admin — flask-admin
 
helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL. 2018-09-05 not yet calculated CVE-2018-16516
MISC
foliovision — fb_flowplayer_video_player
 
Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2018-09-07 not yet calculated CVE-2018-0642
JVN
CONFIRM
fortinet — fortimanager
 
An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom. 2018-09-05 not yet calculated CVE-2018-1353
CONFIRM
fortinet — fortios
 
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server’s private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under VIP SSL feature when CPx being used. 2018-09-05 not yet calculated CVE-2018-9194
CONFIRM
MISC
CERT-VN
fortinet — fortios
 
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server’s private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx being used. 2018-09-05 not yet calculated CVE-2018-9192
CONFIRM
MISC
CERT-VN
freebsd — freebsd
 
In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. This issue can allow a remote attacker who is able to send an arbitrary ip fragments to cause the machine to consume excessive resources. 2018-09-04 not yet calculated CVE-2018-6923
SECTRACK
FREEBSD
frog — cms Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings. 2018-09-02 not yet calculated CVE-2018-16374
MISC
frog — cms Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF. 2018-09-04 not yet calculated CVE-2018-16447
MISC
frog — cms
 
Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save. 2018-09-02 not yet calculated CVE-2018-16373
MISC
fspro_labs — event_log_explorer
 
FsPro Labs Event Log Explorer 4.6.1.2115 has “.elx” FileType XML External Entity Injection. 2018-09-05 not yet calculated CVE-2018-16252
MISC
MISC
EXPLOIT-DB
fuel — cms
 
Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator’s password. 2018-09-03 not yet calculated CVE-2018-16416
MISC
MISC
fuji_xerox — docucentre_and_apeosport
 
Fuji Xerox DocuCentre-V 3065, ApeosPort-VI C3371, ApeosPort-V C4475, ApeosPort-V C3375, DocuCentre-VI C2271, ApeosPort-V C5576, DocuCentre-IV C2263, DocuCentre-V C2263, and ApeosPort-V 5070 devices allow remote attackers to read or write to files via crafted PJL commands. 2018-09-07 not yet calculated CVE-2018-16709
EXPLOIT-DB
furuno — felcom_devices
 
FURUNO FELCOM 250 and 500 devices use only client-side JavaScript for authentication. 2018-09-06 not yet calculated CVE-2018-16590
MISC
gig_technology — jumpscale_portal
 
GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in method: notifySpaceModification; that can result in Improper validation of parameters results in command execution. This attack appear to be exploitable via Network connectivity, required minimal auth privileges (everyone can register an account). This vulnerability appears to have been fixed in After commit 15443122ed2b1cbfd7bdefc048bf106f075becdb. 2018-09-06 not yet calculated CVE-2018-1000666
MISC
MISC
CONFIRM
MISC
gleez — cms An issue was discovered in Gleez CMS v1.2.0. There is XSS via media/imagecache/resize. 2018-09-02 not yet calculated CVE-2018-16347
MISC
gleez — cms A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker to perform multiple user enumerations, which can further help an attacker to perform login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side access control and login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Portal login page. An exploit could allow the attacker to identify existing users and perform brute-force password attacks on the Portal, as demonstrated by navigating to the user/4 URI. 2018-09-07 not yet calculated CVE-2018-16703
MISC
gleez — cms
 
An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers (logged in users) to view profile page of other users, as demonstrated by navigating to user/3 on demo.gleezcms.org. 2018-09-07 not yet calculated CVE-2018-16704
MISC
gmo_payment_gateway — ec-cube_and_gmo-pg_payment_modules Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier allows an attacker with administrative rights to execute arbitrary PHP code on the server via unspecified vectors. 2018-09-07 not yet calculated CVE-2018-0658
JVN
gmo_payment_gateway — ec-cube_and_gmo-pg_payment_modules
 
Cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE (EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, and GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier) allow an attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors. 2018-09-07 not yet calculated CVE-2018-0657
JVN
gnome — glib
 
In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference. 2018-09-03 not yet calculated CVE-2018-16428
BID
MISC
MISC
gnome — glib
 
GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). 2018-09-03 not yet calculated CVE-2018-16429
MISC
MISC
gnu — libextractor
 
GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c. 2018-09-03 not yet calculated CVE-2018-16430
BID
MISC
MISC
gogs — gogs
 
In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF. 2018-09-03 not yet calculated CVE-2018-16409
MISC
google — android A vulnerability in NoMachine App for Android 5.0.63 and earlier allows attackers to alter environment variables via unspecified vectors. 2018-09-04 not yet calculated CVE-2018-0664
JVN
CONFIRM
google — android The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2018-09-07 not yet calculated CVE-2018-0650
JVN
CONFIRM
MISC
google — android
 
In Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel while trying to find out total number of partition via a non zero check, there could be possibility where the ‘TotalPart’ could cross ‘GptHeader->MaxPtCnt’ and which could result in OOB write in patching GPT. 2018-09-04 not yet calculated CVE-2018-11262
CONFIRM
CONFIRM
google — android
 
In all Android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, radio_id is received from the FW and is used to access the buffer to copy the radio stats received for each radio from FW. If the radio_id received from the FW is greater than or equal to maximum, an OOB write will occur. On supported Google Pixel and Nexus devices, this has been addressed in security patch level 2018-08-05. 2018-09-06 not yet calculated CVE-2018-11263
CONFIRM
CONFIRM
CONFIRM
google — gvisor Google gVisor before 2018-08-23, within the seccomp sandbox, permits access to the renameat system call, which allows attackers to rename files on the host OS. 2018-09-02 not yet calculated CVE-2018-16359
MISC
MISC
gxlcms — gxlcms
 
Gxlcms 2.0 has Directory Traversal exploitable by an administrator. 2018-09-05 not yet calculated CVE-2018-16437
MISC
gxlcms — gxlcms
 
Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php. 2018-09-07 not yet calculated CVE-2018-16655
MISC
MISC
gxlcms — gxlcms
 
Gxlcms 2.0 has SQL Injection exploitable by an administrator. 2018-09-05 not yet calculated CVE-2018-16436
MISC
hdf — hdf5
 
An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c. 2018-09-03 not yet calculated CVE-2018-16438
MISC
hibara — attachecase Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create arbitrary files via specially crafted ATC file. 2018-09-07 not yet calculated CVE-2018-0660
JVN
CONFIRM
hibara — attachecase Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create or overwrite existing files via specially crafted ATC file. 2018-09-07 not yet calculated CVE-2018-0659
JVN
CONFIRM
hibara — attachecase
 
AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script execution via unspecified vectors. 2018-09-04 not yet calculated CVE-2018-0675
JVN
CONFIRM
hibara — attachecase
 
AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script execution via unspecified vectors. 2018-09-04 not yet calculated CVE-2018-0674
JVN
CONFIRM
hscripts — php_file_browser
 
HScripts PHP File Browser Script v1.0 allows Directory Traversal via the index.php path parameter. 2018-09-05 not yet calculated CVE-2018-16549
MISC
huawei — hirouter-cd20-10
 
In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into installing it. Successful exploit could allow the attacker to obtain the root permission of the device and take full control over the device. 2018-09-04 not yet calculated CVE-2018-7937
CONFIRM
huawei — mate_10_pro_smartphones
 
Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can connect the phone with PC and send special instructions to install third party desktop and disable the boot wizard. As a result, the FRP function is bypassed. 2018-09-04 not yet calculated CVE-2018-7936
CONFIRM
huawei — mate_10_pro_smartphones
 
Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. During the mobile phone reseting process, an attacker could bypass “Find My Phone” protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP. 2018-09-04 not yet calculated CVE-2018-7990
CONFIRM
huawei — p10_smartphones
 
P10 Huawei smartphones with the versions before Victoria-AL00AC00B217 have an information leak vulnerability due to the lack of permission validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can read some hardware serial number, which may cause sensitive information leak. 2018-09-04 not yet calculated CVE-2018-7938
CONFIRM
i-o_data_device — ts-wrlp_firmware Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector. 2018-09-07 not yet calculated CVE-2018-0663
JVN
CONFIRM
i-o_data_device — ts-wrlp_firmware Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to bypass access restriction to add files on a specific directory that may result in executing arbitrary OS commands/code or information including credentials leakage or alteration. 2018-09-07 not yet calculated CVE-2018-0661
JVN
CONFIRM
i-o_data_device — ts-wrlp_firmware
 
Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to add malicious files on the device and execute arbitrary code. 2018-09-07 not yet calculated CVE-2018-0662
JVN
CONFIRM
ibm — api_connect
 
IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939. 2018-09-07 not yet calculated CVE-2018-1789
XF
CONFIRM
ibm — campaign IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site. IBM X-Force ID: 121153. 2018-09-07 not yet calculated CVE-2017-1115
XF
CONFIRM
ibm — campaign
 
IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121152. 2018-09-07 not yet calculated CVE-2017-1114
XF
CONFIRM
ibm — security_identity_governance_and_intelligence
 
IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to obtain sensitive information due to missing authentication in IGI for the survey application. IBM X-Force ID: 148601. 2018-09-07 not yet calculated CVE-2018-1757
CONFIRM
XF
ibm — security_identity_governance_and_intelligence
 
IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM X-Force ID: 148599. 2018-09-07 not yet calculated CVE-2018-1756
CONFIRM
XF
ibm — websphere_application_server
 
IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 145769. 2018-09-06 not yet calculated CVE-2018-1695
XF
CONFIRM
ibm — websphere_application_server
 
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024. 2018-09-07 not yet calculated CVE-2018-1567
XF
CONFIRM
ice_qube — thermal_management_center In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allow an attacker to gain access to sensitive information. 2018-09-06 not yet calculated CVE-2017-14026
MISC
ice_qube — thermal_management_center In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication. 2018-09-06 not yet calculated CVE-2017-16714
MISC
ideacms — ideacms
 
The issue was discovered in IdeaCMS through 2016-04-30. There is reflected XSS via the index.php?c=content&a=search kw parameter. NOTE: this product is discontinued. 2018-09-02 not yet calculated CVE-2018-16372
MISC
idreamsoft — icms
 
An issue discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF. 2018-09-02 not yet calculated CVE-2018-16365
MISC
idreamsoft — icms
 
An issue discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF. 2018-09-02 not yet calculated CVE-2018-16366
MISC
imagemagick — imagemagick ImageMagick 7.0.8-6 has a memory leak vulnerability in the TIFFWritePhotoshopLayers function in coders/tiff.c. 2018-09-06 not yet calculated CVE-2018-16641
MISC
MISC
imagemagick — imagemagick ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c. 2018-09-06 not yet calculated CVE-2018-16640
MISC
MISC
imagemagick — imagemagick The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc function, which allows remote attackers to cause a denial of service via a crafted image file. 2018-09-06 not yet calculated CVE-2018-16643
MISC
MISC
imagemagick — imagemagick There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image. 2018-09-06 not yet calculated CVE-2018-16644
MISC
MISC
MISC
imagemagick — imagemagick The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write. 2018-09-06 not yet calculated CVE-2018-16642
MISC
MISC
imagemagick — imagemagick
 
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function. 2018-09-03 not yet calculated CVE-2018-16412
BID
MISC
imagemagick — imagemagick
 
There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file. 2018-09-06 not yet calculated CVE-2018-16645
MISC
MISC
imagemagick — imagemagick
 
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function. 2018-09-03 not yet calculated CVE-2018-16413
BID
MISC
MISC
information_builders — webfocus_business_intelligence_portal
 
An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal 8.1 . A specially crafted web parameter can cause a command injection. An authenticated attacker can send a crafted web request to trigger this vulnerability. 2018-09-07 not yet calculated CVE-2016-9044
MISC
jorani — jorani An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) allows a user of the application without permissions to read and modify sensitive information from the database used by the application via the startdate or enddate parameter to leaves/validate. 2018-09-05 not yet calculated CVE-2018-15918
MISC
MISC
EXPLOIT-DB
jorani — jorani
 
Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language. 2018-09-05 not yet calculated CVE-2018-15917
MISC
MISC
EXPLOIT-DB
joyent — smartos
 
An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32 bit model. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploit this will result in memory exhaustion, resulting in a full system denial of service. 2018-09-07 not yet calculated CVE-2016-9040
MISC
jsish — jsish
 
jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in Jsi_LogMsg (jsiUtils.c:196) that can result in Crash due to segmentation fault. This attack appear to be exploitable via the victim executing specially crafted javascript code. This vulnerability appears to have been fixed in 2.4.69. 2018-09-06 not yet calculated CVE-2018-1000661
CONFIRM
jsish — jsish
 
jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds Read vulnerability in function jsi_ObjArrayLookup (jsiObj.c:274) that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code. This vulnerability appears to have been fixed in 2.4.71. 2018-09-06 not yet calculated CVE-2018-1000668
CONFIRM
jsish — jsish
 
jsish version 2.4.70 2.047 contains a Buffer Overflow vulnerability in function _jsi_evalcode from jsiEval.c that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code. 2018-09-06 not yet calculated CVE-2018-1000663
CONFIRM
kaizen — asset_manager_and_training_manager
 
Kaizen Asset Manager (Enterprise Edition) and Training Manager (Enterprise Edition) allow a remote attacker to achieve arbitrary code execution via file impersonation. For example, a malicious dynamic-link library (dll) assumed the identity of a temporary (tmp) file (isxdl.dll) and an executable file assumed the identity of a temporary file (996E.temp). 2018-09-05 not yet calculated CVE-2018-16545
MISC
kamailio — kamailio
 
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash for To tags. (An additional error is present in the check_via_address core function: this function also misses input validation.) This could result in denial of service and potentially the execution of arbitrary code. 2018-09-07 not yet calculated CVE-2018-16657
MISC
koha — library_system
 
KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments as paid for certain users on behalf of Administrators. This attack appear to be exploitable via The victim must be socially engineered into clicking a link, usually via email. This vulnerability appears to have been fixed in 17.11. 2018-09-06 not yet calculated CVE-2018-1000669
CONFIRM
koha — library_system
 
KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Scripting (XSS) vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number] , /cgi-bin/koha/serials/subscription-add.pl that can result in Privilege escalation by taking control of higher privileged users browser sessions. This attack appear to be exploitable via Victims must be socially engineered to visit a vulnerable webpage containing malicious payload. This vulnerability appears to have been fixed in 17.11. 2018-09-06 not yet calculated CVE-2018-1000670
CONFIRM
kone — group_controller
 
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03. 2018-09-07 not yet calculated CVE-2018-15485
MISC
CONFIRM
kone — group_controller
 
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01. 2018-09-07 not yet calculated CVE-2018-15484
MISC
CONFIRM
kone — group_controller
 
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02. 2018-09-07 not yet calculated CVE-2018-15486
MISC
CONFIRM
kone — group_controller
 
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Denial of Service can occur through the open HTTP interface, aka KONE-04. 2018-09-07 not yet calculated CVE-2018-15483
MISC
CONFIRM
lavalite — cms
 
LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit. 2018-09-05 not yet calculated CVE-2018-16551
MISC
limesurvey — limesurvey
 
In LimeSurvey before 3.14.7, an admin user can leverage a “file upload” question to read an arbitrary file, 2018-09-03 not yet calculated CVE-2018-16397
MISC
limesurvey — limesurvey
 
LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious php files that can be called under certain circumstances. This vulnerability appears to have been fixed in after commit 91d143230eb357260a19c8424b3005deb49a47f7 / version 3.14.4. 2018-09-06 not yet calculated CVE-2018-1000658
CONFIRM
CONFIRM
limesurvey — limesurvey
 
LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An authenticated user can upload a specially crafted zip file to get remote code execution. This vulnerability appears to have been fixed in after commit 72a02ebaaf95a80e26127ee7ee2b123cccce05a7 / version 3.14.4. 2018-09-06 not yet calculated CVE-2018-1000659
CONFIRM
linux — linux_kernel Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket. 2018-09-04 not yet calculated CVE-2018-6554
MLIST
MLIST
linux — linux_kernel The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket. 2018-09-04 not yet calculated CVE-2018-6555
MLIST
MLIST
linux — linux_kernel The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. 2018-09-06 not yet calculated CVE-2018-5391
CONFIRM
BID
SECTRACK
MISC
MLIST
UBUNTU
UBUNTU
UBUNTU
UBUNTU
UBUNTU
UBUNTU
DEBIAN
CERT-VN
linux — linux_kernel
 
An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940. 2018-09-07 not yet calculated CVE-2018-16658
MISC
MISC
MISC
little_color_management_system — little_color_management_system
 
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. 2018-09-03 not yet calculated CVE-2018-16435
MISC
MISC
MLIST
DEBIAN
mantisbt — mantisbt
 
An issue was discovered in the Source Integration plugin before 1.5.9 and 2.x before 2.1.5 for MantisBT. A cross-site scripting (XSS) vulnerability in the Manage Repository and Changesets List pages allows execution of arbitrary code (if CSP settings permit it) via repo_manage_page.php or list.php. 2018-09-02 not yet calculated CVE-2018-16362
CONFIRM
CONFIRM
CONFIRM
mayan — edms
 
An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS. 2018-09-03 not yet calculated CVE-2018-16405
MISC
MISC
MISC
mayan — edms
 
An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app has XSS via a crafted cabinet label. 2018-09-03 not yet calculated CVE-2018-16406
MISC
MISC
MISC
mayan — edms
 
An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled. 2018-09-03 not yet calculated CVE-2018-16407
MISC
MISC
MISC
micropyramid — django-crm
 
MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/edit/, and /accounts/##/delete/ URIs. 2018-09-05 not yet calculated CVE-2018-16552
MISC
multiple_vendors — multiple_products
 
The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network. 2018-09-06 not yet calculated CVE-2018-5389
MISC
MISC
CERT-VN
MISC
netwide_assembler — netwide_assembler NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appear to be exploitable via a specially crafted asm file.. 2018-09-06 not yet calculated CVE-2018-1000667
MISC
MISC
netwide_assembler — netwide_assembler asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file. 2018-09-06 not yet calculated CVE-2018-16517
MISC
MISC
netwide_assembler — netwide_assembler Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c. 2018-09-02 not yet calculated CVE-2018-16382
MISC
nibbleblog — nibbleblog
 
An issue was discovered in Nibbleblog v4.0.5. With an admin’s username and password, an attacker can execute arbitrary PHP code by changing the username because the username is surrounded by double quotes (e.g., “${phpinfo()}”). 2018-09-06 not yet calculated CVE-2018-16604
MISC
nordvpn — nordvpn
 
An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges. 2018-09-07 not yet calculated CVE-2018-3952
MISC
ogma_cms — ogma_cms Ogma CMS 0.4 Beta has XSS via the “Footer Text footer” field on the “Theme/Theme Options” screen. 2018-09-02 not yet calculated CVE-2018-16379
MISC
ogma_cms — ogma_cms An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF vulnerability in users.php?action=createnew that can add an admin account. 2018-09-02 not yet calculated CVE-2018-16380
MISC
okular — okular
 
okular version 18.08 and earlier contains a Directory Traversal vulnerability in function “unpackDocumentArchive(…)” in “core/document.cpp” that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1 2018-09-06 not yet calculated CVE-2018-1000801
CONFIRM
CONFIRM
onethink — onethink
 
OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html. 2018-09-04 not yet calculated CVE-2018-16449
MISC
onlinejudge — onlinejudge
 
In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file anywhere. A user can write a directory listing to /tmp, and can leak file data with a #include. 2018-09-02 not yet calculated CVE-2018-16367
MISC
openjpeg — openjpeg An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow. 2018-09-02 not yet calculated CVE-2018-16375
BID
MISC
openjpeg — openjpeg
 
An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. 2018-09-02 not yet calculated CVE-2018-16376
BID
MISC
openmrs — reference_application
 
An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0. 2018-09-05 not yet calculated CVE-2018-16521
MISC
MISC
opensc — opensc
 
A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-09-03 not yet calculated CVE-2018-16425
MISC
MISC
MISC
opensc — opensc
 
Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-09-03 not yet calculated CVE-2018-16421
MISC
MISC
MISC
opensc — opensc
 
Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs. 2018-09-03 not yet calculated CVE-2018-16427
MISC
MISC
MISC
opensc — opensc
 
A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-09-03 not yet calculated CVE-2018-16424
MISC
MISC
MISC
opensc — opensc
 
A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-09-03 not yet calculated CVE-2018-16423
MISC
MISC
MISC
opensc — opensc
 
Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs. 2018-09-03 not yet calculated CVE-2018-16426
MISC
MISC
MISC
opensc– opensc Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-09-03 not yet calculated CVE-2018-16392
MISC
MISC
MISC
opensc– opensc Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-09-03 not yet calculated CVE-2018-16391
MISC
MISC
MISC
opensc– opensc A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-09-03 not yet calculated CVE-2018-16418
MISC
MISC
MISC
opensc– opensc A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-09-03 not yet calculated CVE-2018-16422
MISC
MISC
MISC
opensc– opensc Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-09-03 not yet calculated CVE-2018-16393
MISC
MISC
MISC
opensc– opensc Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-09-03 not yet calculated CVE-2018-16419
MISC
MISC
MISC
opensc– opensc
 
Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-09-03 not yet calculated CVE-2018-16420
MISC
MISC
MISC
openshift — container_platform
 
An out of bound write can occur when patching an Openshift object using the ‘oc patch’ functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management. 2018-09-06 not yet calculated CVE-2018-14632
CONFIRM
CONFIRM
opsview — monitor The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting. 2018-09-05 not yet calculated CVE-2018-16147
CONFIRM
CONFIRM
FULLDISC
MISC
opsview — monitor The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting. 2018-09-05 not yet calculated CVE-2018-16148
CONFIRM
CONFIRM
FULLDISC
MISC
opsview — monitor The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection with the privileges of the nagios user account. 2018-09-05 not yet calculated CVE-2018-16146
CONFIRM
FULLDISC
MISC
opsview — monitor The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancid_password parameter. 2018-09-05 not yet calculated CVE-2018-16144
CONFIRM
CONFIRM
FULLDISC
MISC
opsview — monitor The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of the appliance. 2018-09-05 not yet calculated CVE-2018-16145
CONFIRM
CONFIRM
FULLDISC
MISC
owasp — modsecurity_core_rule_set
 
A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as “if”) and b is the SQL statement to be executed. 2018-09-02 not yet calculated CVE-2018-16384
MISC
pescms-team — pescms-team In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team&m=Setting&a=upgrade by placing a .php file in a ZIP archive. 2018-09-02 not yet calculated CVE-2018-16370
MISC
pescms-team — pescms-team
 
PESCMS Team 2.2.1 has multiple reflected XSS via the keyword parameter: g=Team&m=User&a=index&keyword=, g=Team&m=User_group&a=index&keyword=, g=Team&m=Department&a=index&keyword=, and g=Team&m=Bulletin&a=index&keyword=. 2018-09-02 not yet calculated CVE-2018-16371
MISC
phpmyfaq — phpmyfaq phpMyFAQ before 2.9.11 allows CSRF. 2018-09-07 not yet calculated CVE-2018-16650
CONFIRM
phpmyfaq — phpmyfaq
 
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports. 2018-09-07 not yet calculated CVE-2018-16651
CONFIRM
phpscriptsmall.com — olx_clone_script PHP Scripts Mall Olx Clone 3.4.2 has XSS. 2018-09-07 not yet calculated CVE-2018-16454
MISC
pidgin — pidgin
 
Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0. 2018-09-05 not yet calculated CVE-2016-1000030
CONFIRM
CONFIRM
CONFIRM
GENTOO
CONFIRM
pon_software — explzh Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors. 2018-09-04 not yet calculated CVE-2018-0646
JVN
CONFIRM
poppler — poppler
 
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. 2018-09-06 not yet calculated CVE-2018-16646
MISC
prim’x — zed! A directory traversal vulnerability with remote code execution in Prim’X Zed! FREE through 1.0 build 186 and Zed! Limited Edition through 6.1 build 2208 allows creation of arbitrary files on a user’s workstation using crafted ZED! containers because the watermark loading function can place an executable file into a Startup folder. 2018-09-05 not yet calculated CVE-2018-16518
MISC
proconf — proconf
 
In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors’ personal information (Name, Email, Organization, and Position) by changing the value of Paper ID (the pid parameter). 2018-09-06 not yet calculated CVE-2018-16606
MISC
protonvpn — protonvpn
 
An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the system’s privileges. 2018-09-07 not yet calculated CVE-2018-4010
MISC
pulse_secure — connect_secure_and_policy_secure download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability. 2018-09-06 not yet calculated CVE-2018-14366
CONFIRM
pulse_secure — connect_secure_and_policy_secure
 
A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation. 2018-09-06 not yet calculated CVE-2018-6320
CONFIRM

pulse_secure — pulse_desktop_client
 

The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability. 2018-09-06 not yet calculated CVE-2018-15726
CONFIRM
pulse_secure — pulse_desktop_client
 
In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust. 2018-09-06 not yet calculated CVE-2018-16261
CONFIRM

pulse_secure — pulse_desktop_client
 

The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability. 2018-09-06 not yet calculated CVE-2018-15749
CONFIRM

pulse_secure — pulse_desktop_client
 

The Pulse Secure Desktop (macOS) has a Privilege Escalation Vulnerability. 2018-09-06 not yet calculated CVE-2018-15865
CONFIRM
red_hat — enterprise_linux_server_and_gluster_storage_server A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value. 2018-09-04 not yet calculated CVE-2018-10911
REDHAT
REDHAT
CONFIRM
CONFIRM
red_hat — enterprise_linux_server_and_gluster_storage_server An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file. 2018-09-04 not yet calculated CVE-2018-10913
REDHAT
REDHAT
CONFIRM
CONFIRM
red_hat — enterprise_linux_server_and_gluster_storage_server A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes. 2018-09-04 not yet calculated CVE-2018-10929
REDHAT
REDHAT
CONFIRM
red_hat — enterprise_linux_server_and_gluster_storage_server It was found that glusterfs server does not properly sanitize file paths in the “trusted.io-stats-dump” extended attribute which is used by the “debug/io-stats” translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume. 2018-09-04 not yet calculated CVE-2018-10904
REDHAT
REDHAT
CONFIRM
CONFIRM
red_hat — enterprise_linux_server_and_gluster_storage_server It was found that the “mknod” call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node. 2018-09-04 not yet calculated CVE-2018-10923
REDHAT
REDHAT
CONFIRM
red_hat — enterprise_linux_server_and_gluster_storage_server It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes. 2018-09-04 not yet calculated CVE-2018-10914
REDHAT
REDHAT
CONFIRM
red_hat — enterprise_linux_server_and_gluster_storage_server It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using ‘alloca(3)’. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution. 2018-09-04 not yet calculated CVE-2018-10907
REDHAT
REDHAT
CONFIRM
CONFIRM
red_hat — enterprise_linux_server_and_gluster_storage_server A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node. 2018-09-04 not yet calculated CVE-2018-10926
REDHAT
REDHAT
CONFIRM
red_hat — enterprise_linux_server_and_gluster_storage_server A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process. 2018-09-04 not yet calculated CVE-2018-10927
REDHAT
REDHAT
CONFIRM
red_hat — enterprise_linux_server_and_gluster_storage_server It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of the host machine. 2018-09-04 not yet calculated CVE-2018-10924
CONFIRM
CONFIRM
red_hat — enterprise_linux_server_and_gluster_storage_server A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes. 2018-09-04 not yet calculated CVE-2018-10928
REDHAT
REDHAT
CONFIRM
red_hat — enterprise_linux_server_and_gluster_storage_server A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume. 2018-09-04 not yet calculated CVE-2018-10930
REDHAT
REDHAT
CONFIRM
CONFIRM
redhat — 389-ds-base
 
A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash. 2018-09-06 not yet calculated CVE-2018-14624
CONFIRM
MISC
rejucms — rejucms
 
rejucms 2.1 has XSS via the ucenter/cms_user_add.php u_name parameter. 2018-09-07 not yet calculated CVE-2018-16653
MISC
seacms — seacms An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter. 2018-09-04 not yet calculated CVE-2018-16444
MISC
seacms — seacms SeaCMS V6.61 has XSS via the admin_video.php v_content parameter, related to the site name. 2018-09-02 not yet calculated CVE-2018-16348
MISC
seacms — seacms An issue was discovered in SeaCMS through 6.61. adm1n/admin_database.php allows remote attackers to delete arbitrary files via directory traversal sequences in the bakfiles parameter. This can allow the product to be reinstalled by deleting install_lock.txt. 2018-09-04 not yet calculated CVE-2018-16446
MISC
seacms — seacms
 
An issue was discovered in SeaCMS through 6.61. SQL injection exists via the tid parameter in an adm1n/admin_topic_vod.php request. 2018-09-04 not yet calculated CVE-2018-16445
MISC
seacms –seacms
 
SeaCMS 6.61 allows remote attackers to execute arbitrary code because parseIf() in include/main.class.php does not block use of $GLOBALS. 2018-09-02 not yet calculated CVE-2018-16343
MISC
MISC
showdoc — showdoc
 
ShowDoc v1.8.0 has XSS via a new page. 2018-09-02 not yet calculated CVE-2018-16342
MISC
six_apart — movable_type
 
Cross-site scripting vulnerability in Movable Type versions prior to Ver. 6.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2018-09-04 not yet calculated CVE-2018-0672
JVN
solarwinds — dameware_mini_remote_control
 
SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow. 2018-09-07 not yet calculated CVE-2018-12897
MISC
sony — digital_paper_app
 
Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2018-09-04 not yet calculated CVE-2018-0656
JVN
CONFIRM
subsonic — subsonic
 
daneren2005 DSub for Subsonic (Android client) version 5.4.1 contains a CWE-295: Improper Certificate Validation vulnerability in HTTPS Client that can result in Any non-CA signed server certificate, including self signed and expired, are accepted by the client. This attack appear to be exploitable via The victim connects to a server that’s MITM/Proxied by an attacker. 2018-09-06 not yet calculated CVE-2018-1000664
CONFIRM
sympa — sympa
 
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in The “referer” parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim’s browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available. 2018-09-06 not yet calculated CVE-2018-1000671
MISC
team_viewer — team_viewer
 
TeamViewer 10.x through 13.x allows remote attackers to bypass the brute-force authentication protection mechanism by skipping the “Cancel” step, which makes it easier to determine the correct value of the default 4-digit PIN. 2018-09-05 not yet calculated CVE-2018-16550
MISC
technicolor — technicolor_tg558v
 
Technicolor TG588V V2 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-15907. 2018-09-06 not yet calculated CVE-2018-16310
MISC
theethereumlottery — theethereumlottery
 
The “PayWinner” function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable “maxTickets” (which is private, yet predictable and readable by the eth.getStorageAt function). Therefore, it allows attackers to always win and get rewards. 2018-09-07 not yet calculated CVE-2018-15552
MISC
thinkphp — thinkphp
 
ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string. 2018-09-02 not yet calculated CVE-2018-16385
MISC
tock — tock
 
TOCK version prior to commit 42f7f36e74088036068d62253e1d8fb26605feed. For example dfde28196cd12071fcf6669f7654be7df482b85d contains a Insecure Permissions vulnerability in Function get_package_name in the file kernel/src/tbfheader.rs, variable “pub package_name: &’static str,” in the file process.rs that can result in A tock capsule (untrusted driver) could access arbitrary memory by using only safe code. This vulnerability appears to have been fixed in commit 42f7f36e74088036068d62253e1d8fb26605feed. 2018-09-06 not yet calculated CVE-2018-1000660
CONFIRM
tough-cookie — tough-cookie NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0. 2018-09-05 not yet calculated CVE-2016-1000232
REDHAT
REDHAT
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
twistlock — authz_broker
 
In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=/start to bypass a policy in which “docker start” is allowed but “docker pause” is not allowed. 2018-09-03 not yet calculated CVE-2018-16398
MISC
MISC
ubiquiti_networks — multiple_products
 
The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2. 2018-09-05 not yet calculated CVE-2015-9266
MISC
CONFIRM
CONFIRM
MISC
EXPLOIT-DB
EXPLOIT-DB
MISC
ubuntu — orca
 
Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u5jma1 and earlier allows authenticated attackers to cause denial-of-service (DoS) condition via unspecified vectors. 2018-09-07 not yet calculated CVE-2018-0644
JVN
CONFIRM
ubuntu — orca
 
Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-server) 1:1.4.9+p41-u4jma1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. 2018-09-07 not yet calculated CVE-2018-0643
JVN
CONFIRM
umbraengineering — ps A command Injection in ps package versions <1.0.0 for Node.js allowed arbitrary commands to be executed when attacker controls the PID. 2018-09-07 not yet calculated CVE-2018-16460
MISC
vanilla — vanilla
 
Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php. 2018-09-03 not yet calculated CVE-2018-16410
MISC
MISC
vivotek — fd8177_devices
 
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via eventscript.cgi. 2018-09-05 not yet calculated CVE-2018-14771
CONFIRM
MISC
vivotek — fd8177_devices
 
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF. 2018-09-05 not yet calculated CVE-2018-14769
CONFIRM
MISC
vivotek — fd8177_devices
 
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface, (/onvif/device_service). 2018-09-05 not yet calculated CVE-2018-14770
CONFIRM
MISC
weaselcms — weaselcms There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used. 2018-09-02 not yet calculated CVE-2018-16352
MISC
weseek — growi Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the modal for creating Wiki page. 2018-09-07 not yet calculated CVE-2018-0654
JVN
CONFIRM
weseek — growi Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via Wiki page view. 2018-09-07 not yet calculated CVE-2018-0653
JVN
CONFIRM
weseek — growi Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page. 2018-09-07 not yet calculated CVE-2018-0652
JVN
CONFIRM
weseek — growi Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the app settings section of admin page. 2018-09-07 not yet calculated CVE-2018-0655
JVN
CONFIRM
wildfly — wildfly
 
The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: 2018-09-04 not yet calculated CVE-2018-14627
CONFIRM
CONFIRM
wordpress — wordpress
 
The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request because set_transient is used in file_folder_manager.php and there is an echo of lang in libwpfilemanager.php. 2018-09-07 not yet calculated CVE-2018-16363
MISC
MISC
CONFIRM
wordpress — wordpress
 
WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time. 2018-09-06 not yet calculated CVE-2018-1000773
MISC
MISC
wordpress — wordpress
 
WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time. This issue appears to have been partially, but not completely fixed in WordPress 4.9 2018-09-06 not yet calculated CVE-2017-1000600
MISC
MISC
wordpress — wordpress
 
The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php. 2018-09-06 not yet calculated CVE-2018-16285
MISC
MISC
wuzhi — cms WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter. 2018-09-02 not yet calculated CVE-2018-16350
MISC

wuzhi — cms

WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter. 2018-09-02 not yet calculated CVE-2018-16349
MISC
xiaomi — miwifi_xiaomi_55dd_devices
 
An “Out-of-band resource load” issue was discovered on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name (containing a random string) is used in the HTTP Host header, the application performs an HTTP request to the specified domain. The response from that request is then included in the application’s own response. 2018-09-05 not yet calculated CVE-2018-16307
MISC
xpdf — xpdf
 
SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. 2018-09-02 not yet calculated CVE-2018-16368
MISC
xpdf — xpdf
 
XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453. 2018-09-02 not yet calculated CVE-2018-16369
MISC
yayoi — multiple_products Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver. 20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of msjet49.dll loaded by the vulnerable products. 2018-09-07 not yet calculated CVE-2018-0623
JVN
yayoi — multiple_products
 
Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of ykkapi.dll loaded by the vulnerable products. 2018-09-07 not yet calculated CVE-2018-0624
JVN
yfcmf — yfcmf
 
admin/admin/adminsave.html in YFCMF v3.0 allows CSRF to add an administrator account. 2018-09-03 not yet calculated CVE-2018-16431
MISC
zephyr — zephyr_rtos
 
zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). This attack appear to be exploitable via a malicious application call the vulnerable kernel APIs (system sys_ring_buf_get() and sys_ring_buf_put). 2018-09-06 not yet calculated CVE-2018-1000800
CONFIRM
zsh — zsh
 
An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one. 2018-09-05 not yet calculated CVE-2018-13259
MISC
MISC
MISC
zsh — zsh
 
An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line. 2018-09-05 not yet calculated CVE-2018-0502
MISC
MISC
MISC
zurmo — zurmo
 
Zurmo 3.2.4 Stable allows XSS via app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1. 2018-09-07 not yet calculated CVE-2018-16654
MISC
zzcms — zzcms
 
An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock. 2018-09-02 not yet calculated CVE-2018-16344
MISC
zziplib — zziplib
 
An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack. 2018-09-05 not yet calculated CVE-2018-16548
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.