*** 출처: [US-CERT: Bulletin(SB18-253)] 2018년 9월 3일까지 발표된 보안 취약점

 

 

 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no medium vulnerabilities recorded this week.
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
absolute_software -- ctes_windows_agent
 
An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security permissions on the %ProgramData%\CTES folder and sub-folders may allow write access to low-privileged user accounts. This allows unauthorized replacement of service program executable (EXE) or dynamically loadable library (DLL) files, causing elevated (SYSTEM) user access. Configuration control files or data files under this folder could also be similarly modified to affect service process behavior. 2018-09-08 not yet calculated CVE-2018-16715
CONFIRM(link is external)
adobe -- experience_manager
 
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a Cross-site Scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2018-09-06 not yet calculated CVE-2018-5005
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
adrenaline -- hrms
 
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4.0 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the flexiportal/GeneralInfo.aspx strAction parameter. 2018-09-06 not yet calculated CVE-2018-12234
MISC(link is external)
amcrest -- networked_devices
 
Amcrest networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation, as demonstrated by Amcrest_IPC-HX1X3X-LEXUS_Eng_N_AMCREST_V2.420.AC01.3.R.20180206. 2018-09-05 not yet calculated CVE-2018-16546
MISC
antenna_house -- dmc_htmlfilter
 
An exploitable heap corruption vulnerability exists in the Txo functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS file to trigger this vulnerability. 2018-09-07 not yet calculated CVE-2017-2795
MISC(link is external)
antenna_house -- dmc_htmlfilter
 
An exploitable heap corruption vulnerability exists in the iBldDirInfo functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can provide a malicious xls file to trigger this vulnerability. 2018-09-07 not yet calculated CVE-2017-2792
MISC(link is external)
artifex -- ghostscript
 
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. 2018-09-05 not yet calculated CVE-2018-16541
MISC(link is external)
MISC(link is external)
MISC(link is external)
DEBIAN
artifex -- ghostscript
 
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. 2018-09-05 not yet calculated CVE-2018-16542
MISC(link is external)
MISC
MISC(link is external)
DEBIAN
artifex -- ghostscript
 
An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. 2018-09-06 not yet calculated CVE-2018-16585
MISC(link is external)
MISC(link is external)
MISC
DEBIAN
artifex -- ghostscript
 
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact. 2018-09-05 not yet calculated CVE-2018-16513
MISC(link is external)
MISC(link is external)
MISC(link is external)
DEBIAN
artifex -- ghostscript
 
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact. 2018-09-05 not yet calculated CVE-2018-16540
MISC(link is external)
MISC(link is external)
MISC(link is external)
DEBIAN
artifex -- ghostscript
 
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable. 2018-09-05 not yet calculated CVE-2018-16539
MISC(link is external)
MISC(link is external)
MISC(link is external)
DEBIAN
artifex -- ghostscript
 
An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. 2018-09-05 not yet calculated CVE-2018-16511
MISC(link is external)
MISC
MISC(link is external)
MISC(link is external)
DEBIAN
artifex -- ghostscript
 
In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an unspecified impact. 2018-09-05 not yet calculated CVE-2018-16543
MISC(link is external)
MISC(link is external)
DEBIAN
artifex -- ghostscript
 
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact. 2018-09-05 not yet calculated CVE-2018-16510
MISC(link is external)
MISC(link is external)
MISC(link is external)
artifex -- ghostscript
 
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. 2018-09-05 not yet calculated CVE-2018-16509
MISC(link is external)
MISC(link is external)
MISC(link is external)
CONFIRM(link is external)
MISC
MISC(link is external)
MISC(link is external)
artifex -- mupdf In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow. 2018-09-06 not yet calculated CVE-2018-16648
MISC(link is external)
artifex -- mupdf
 
In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file. 2018-09-06 not yet calculated CVE-2018-16647
MISC(link is external)
asus -- wl-330nul_firmware Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2018-09-07 not yet calculated CVE-2018-0647
JVN(link is external)
MISC(link is external)
auracms -- auracms
 
An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic. 2018-09-02 not yet calculated CVE-2018-16338
MISC(link is external)
baigo -- cms
 
An issue was discovered in baigo CMS v2.1.1. There is an index.php?m=article&c=request CSRF that can cause publication of any article. 2018-09-04 not yet calculated CVE-2018-16458
MISC(link is external)
baijiacms -- baijiacms
 
An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request. 2018-09-08 not yet calculated CVE-2018-16724
MISC(link is external)
baijiacms -- biajiacms
 
An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClipboard.swf id parameter, aka "Non-standard use of the flash component." 2018-09-08 not yet calculated CVE-2018-16725
MISC(link is external)
bit_part -- mtappjquery
 
MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors. 2018-09-07 not yet calculated CVE-2018-0645
JVN(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
bluecms -- bluecms
 
BlueCMS 1.6 allows SQL Injection via the user_name parameter to uploads/user.php?act=index_login. 2018-09-03 not yet calculated CVE-2018-16432
MISC(link is external)
btiteam -- xbtit An issue was discovered in BTITeam XBTIT 2.5.4. The "act" parameter in the sign-up page available at /index.php?page=signup is vulnerable to reflected cross-site scripting. 2018-09-05 not yet calculated CVE-2018-15678
CONFIRM(link is external)
MISC(link is external)
btiteam -- xbtit
 
An issue was discovered in BTITeam XBTIT. PHP error logs are stored in an open directory (/include/logs) using predictable file names, which can lead to full path disclosure and leakage of sensitive data. 2018-09-05 not yet calculated CVE-2018-15684
MISC(link is external)
btiteam -- xbtit
 
An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS via the id parameter. 2018-09-05 not yet calculated CVE-2018-16361
CONFIRM(link is external)
MISC(link is external)
btiteam -- xbtit
 
An issue was discovered in BTITeam XBTIT 2.5.4. The "keywords" parameter in the search function available at /index.php?page=forums&action=search is vulnerable to reflected cross-site scripting. 2018-09-05 not yet calculated CVE-2018-15679
CONFIRM(link is external)
MISC(link is external)
btiteam -- xbtit
 
An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtit_users table are stored as unsalted MD5 hashes, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. 2018-09-05 not yet calculated CVE-2018-15680
MISC(link is external)
btiteam -- xbtit
 
An issue was discovered in BTITeam XBTIT. By using String.replace and eval, it is possible to bypass the includes/crk_protection.php anti-XSS mechanism that looks for a number of dangerous fingerprints. 2018-09-05 not yet calculated CVE-2018-15676
MISC(link is external)
btiteam -- xbtit
 
An issue was discovered in BTITeam XBTIT. The "returnto" parameter of the login page is vulnerable to an open redirect due to a lack of validation. If a user is already logged in when accessing the page, they will be instantly redirected. 2018-09-05 not yet calculated CVE-2018-15683
MISC(link is external)
btiteam -- xbtit
 
An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site request forgery protection, it is possible to automate the action of sending private messages to users by luring an authenticated user to a web page that automatically submits a form on their behalf. 2018-09-05 not yet calculated CVE-2018-15682
MISC(link is external)
btiteam -- xbtit
 
The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF. 2018-09-05 not yet calculated CVE-2018-15677
CONFIRM(link is external)
MISC(link is external)
btiteam -- xbtit
 
An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the "pass" cookie, which is not flagged as HTTPOnly. Due to the weak and predictable salt that is in place, an attacker who successfully steals this cookie can efficiently brute-force it to retrieve the user's cleartext password. 2018-09-05 not yet calculated CVE-2018-15681
MISC(link is external)
canon_it_solutions -- multiple_products Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2018-09-07 not yet calculated CVE-2018-0649
JVN(link is external)
CONFIRM(link is external)
chatwork -- desktop_app_for_windows
 
Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2018-09-07 not yet calculated CVE-2018-0648
JVN(link is external)
MISC(link is external)
chemcms -- chem_cms
 
ChemCMS 1.0.6 has XSS via the "setting -> website information" field. 2018-09-02 not yet calculated CVE-2018-16346
MISC(link is external)
contiki_ng -- contiki_ng
 
An issue was discovered in Contiki-NG through 4.1. There is a buffer over-read in lookup in os/storage/antelope/lvm.c while parsing AQL (lvm_register_variable, lvm_set_variable_value, create_intersection, create_union). 2018-09-07 not yet calculated CVE-2018-16667
MISC(link is external)
contiki_ng -- contiki_ng
 
An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow while parsing AQL in lvm_shift_for_operator in os/storage/antelope/lvm.c. 2018-09-07 not yet calculated CVE-2018-16665
MISC(link is external)
contiki_ng -- contiki_ng
 
An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in next_string in os/storage/antelope/aql-lexer.c while parsing AQL (parsing next string). 2018-09-07 not yet calculated CVE-2018-16666
MISC(link is external)
contiki_ng -- contiki_ng
 
An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow in lvm_set_type in os/storage/antelope/lvm.c while parsing AQL (lvm_set_op, lvm_set_relation, lvm_set_operand). 2018-09-07 not yet calculated CVE-2018-16664
MISC(link is external)
contiki_ng -- contiki_ng
 
An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in parse_relations in os/storage/antelope/aql-parser.c while parsing AQL (storage of relations). 2018-09-07 not yet calculated CVE-2018-16663
MISC(link is external)
contronics -- homeputer_cl_studio_fur_homematic Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack. 2018-09-07 not yet calculated CVE-2017-17691
MISC(link is external)
craftedweb -- craftedweb CraftedWeb through 2013-09-24 has reflected XSS via the p parameter. 2018-09-04 not yet calculated CVE-2018-16450
MISC(link is external)
creme -- crm An XSS issue was discovered in CremeCRM 1.6.12. It is affected by 10 stored Cross-Site Scripting (XSS) vulnerabilities in the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters in the contact creation and modification page. The payload is stored within the application database and allows the execution of JavaScript code each time a client visit an infected page. 2018-09-07 not yet calculated CVE-2018-9283
MISC(link is external)
creme -- crm
 
An issue was discovered in Creme CRM 1.6.12. The value of the cancel button uses the content of the HTTP Referer header, and could be used to trick a user into visiting a fake login page in order to steal credentials. 2018-09-07 not yet calculated CVE-2018-14398
MISC(link is external)
creme -- crm
 
An issue was discovered in Creme CRM 1.6.12. The salesman creation page is affected by 10 stored cross-site scripting vulnerabilities involving the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters. 2018-09-07 not yet calculated CVE-2018-14396
MISC(link is external)
creme -- crm
 
An issue was discovered in Creme CRM 1.6.12. The organization creation page is affected by 9 stored cross-site scripting vulnerabilities involving the name, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters. 2018-09-07 not yet calculated CVE-2018-14397
MISC(link is external)
cscms -- cscms \upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save. 2018-09-08 not yet calculated CVE-2018-16732
MISC(link is external)
MISC(link is external)
cscms -- cscms
 
\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name. 2018-09-08 not yet calculated CVE-2018-16730
MISC(link is external)
MISC(link is external)
cscms -- cscms
 
Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save. 2018-09-04 not yet calculated CVE-2018-16448
MISC(link is external)
cscms -- cscms
 
CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data. 2018-09-08 not yet calculated CVE-2018-16731
MISC(link is external)
MISC(link is external)
cscms -- cscms
 
An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save. 2018-09-02 not yet calculated CVE-2018-16337
MISC(link is external)
curl -- curl
 
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.) 2018-09-05 not yet calculated CVE-2018-14618
SECTRACK(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
DEBIAN
d_link -- dir-846_devices
 
D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access. 2018-09-03 not yet calculated CVE-2018-16408
MISC(link is external)
docker -- docker_for_windows
 
HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges. 2018-08-31 not yet calculated CVE-2018-15514
BID(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
dojo -- dojotoolkit
 
Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. This vulnerability appears to have been fixed in 1.14. 2018-09-06 not yet calculated CVE-2018-1000665
CONFIRM
CONFIRM(link is external)
doracms -- doracms
 
Multiple cross-site scripting (XSS) vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) discription or (2) comments field, related to users/userAddContent. 2018-09-06 not yet calculated CVE-2018-16622
MISC(link is external)
dotclear -- dotclear
 
A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml. 2018-09-02 not yet calculated CVE-2018-16358
MISC
e107 -- e107
 
e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter. 2018-09-05 not yet calculated CVE-2018-16381
MISC(link is external)
easycms -- easycms An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent. 2018-09-02 not yet calculated CVE-2018-16345
MISC(link is external)
elefant -- cms
 
An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF vulnerability that can add an account via user/add. 2018-09-02 not yet calculated CVE-2018-16387
MISC(link is external)
elfutils -- elfutils libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash. 2018-09-03 not yet calculated CVE-2018-16403
MISC
MISC
elfutils -- elfutils
 
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. 2018-09-03 not yet calculated CVE-2018-16402
MISC
empirecms -- empirecms
 
An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser. 2018-09-02 not yet calculated CVE-2018-16339
MISC(link is external)
endress+hauser -- wirelesshart_fieldgate_swg70_devices
 
Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter. 2018-09-07 not yet calculated CVE-2018-16059
EXPLOIT-DB(link is external)
ethereum -- go_ethereum
 
In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block. 2018-09-08 not yet calculated CVE-2018-16733
MISC(link is external)
exceljs -- exceljs
 
An unescaped payload in exceljs <v1.6 allows a possible XSS via cell value when worksheet is displayed in browser. 2018-09-06 not yet calculated CVE-2018-16459
MISC(link is external)
fhcrm -- fhcrm An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the index.php/User/read limit parameter. 2018-09-02 not yet calculated CVE-2018-16354
MISC(link is external)
fhcrm -- fhcrm
 
An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the /index.php/Customer/read limit parameter. 2018-09-02 not yet calculated CVE-2018-16353
MISC(link is external)
flask-admin -- flask-admin
 
helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL. 2018-09-05 not yet calculated CVE-2018-16516
MISC(link is external)
foliovision -- fb_flowplayer_video_player
 
Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2018-09-07 not yet calculated CVE-2018-0642
JVN(link is external)
CONFIRM
fortinet -- fortimanager
 
An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom. 2018-09-05 not yet calculated CVE-2018-1353
CONFIRM(link is external)
fortinet -- fortios
 
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under VIP SSL feature when CPx being used. 2018-09-05 not yet calculated CVE-2018-9194
CONFIRM(link is external)
MISC
CERT-VN
fortinet -- fortios
 
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx being used. 2018-09-05 not yet calculated CVE-2018-9192
CONFIRM(link is external)
MISC
CERT-VN
freebsd -- freebsd
 
In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. This issue can allow a remote attacker who is able to send an arbitrary ip fragments to cause the machine to consume excessive resources. 2018-09-04 not yet calculated CVE-2018-6923
SECTRACK(link is external)
FREEBSD
frog -- cms Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings. 2018-09-02 not yet calculated CVE-2018-16374
MISC(link is external)
frog -- cms Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF. 2018-09-04 not yet calculated CVE-2018-16447
MISC(link is external)
frog -- cms
 
Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save. 2018-09-02 not yet calculated CVE-2018-16373
MISC(link is external)
fspro_labs -- event_log_explorer
 
FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection. 2018-09-05 not yet calculated CVE-2018-16252
MISC
MISC(link is external)
EXPLOIT-DB(link is external)
fuel -- cms
 
Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password. 2018-09-03 not yet calculated CVE-2018-16416
MISC(link is external)
MISC(link is external)
fuji_xerox -- docucentre_and_apeosport
 
Fuji Xerox DocuCentre-V 3065, ApeosPort-VI C3371, ApeosPort-V C4475, ApeosPort-V C3375, DocuCentre-VI C2271, ApeosPort-V C5576, DocuCentre-IV C2263, DocuCentre-V C2263, and ApeosPort-V 5070 devices allow remote attackers to read or write to files via crafted PJL commands. 2018-09-07 not yet calculated CVE-2018-16709
EXPLOIT-DB(link is external)
furuno -- felcom_devices
 
FURUNO FELCOM 250 and 500 devices use only client-side JavaScript for authentication. 2018-09-06 not yet calculated CVE-2018-16590
MISC(link is external)
gig_technology -- jumpscale_portal
 
GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in method: notifySpaceModification; that can result in Improper validation of parameters results in command execution. This attack appear to be exploitable via Network connectivity, required minimal auth privileges (everyone can register an account). This vulnerability appears to have been fixed in After commit 15443122ed2b1cbfd7bdefc048bf106f075becdb. 2018-09-06 not yet calculated CVE-2018-1000666
MISC(link is external)
MISC(link is external)
CONFIRM(link is external)
MISC(link is external)
gleez -- cms An issue was discovered in Gleez CMS v1.2.0. There is XSS via media/imagecache/resize. 2018-09-02 not yet calculated CVE-2018-16347
MISC(link is external)
gleez -- cms A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker to perform multiple user enumerations, which can further help an attacker to perform login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side access control and login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Portal login page. An exploit could allow the attacker to identify existing users and perform brute-force password attacks on the Portal, as demonstrated by navigating to the user/4 URI. 2018-09-07 not yet calculated CVE-2018-16703
MISC(link is external)
gleez -- cms
 
An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers (logged in users) to view profile page of other users, as demonstrated by navigating to user/3 on demo.gleezcms.org. 2018-09-07 not yet calculated CVE-2018-16704
MISC(link is external)
gmo_payment_gateway -- ec-cube_and_gmo-pg_payment_modules Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier allows an attacker with administrative rights to execute arbitrary PHP code on the server via unspecified vectors. 2018-09-07 not yet calculated CVE-2018-0658
JVN(link is external)
gmo_payment_gateway -- ec-cube_and_gmo-pg_payment_modules
 
Cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE (EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, and GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier) allow an attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors. 2018-09-07 not yet calculated CVE-2018-0657
JVN(link is external)
gnome -- glib
 
In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference. 2018-09-03 not yet calculated CVE-2018-16428
BID(link is external)
MISC
MISC
gnome -- glib
 
GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). 2018-09-03 not yet calculated CVE-2018-16429
MISC
MISC
gnu -- libextractor
 
GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c. 2018-09-03 not yet calculated CVE-2018-16430
BID(link is external)
MISC
MISC
gogs -- gogs
 
In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF. 2018-09-03 not yet calculated CVE-2018-16409
MISC(link is external)
google -- android A vulnerability in NoMachine App for Android 5.0.63 and earlier allows attackers to alter environment variables via unspecified vectors. 2018-09-04 not yet calculated CVE-2018-0664
JVN(link is external)
CONFIRM(link is external)
google -- android The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2018-09-07 not yet calculated CVE-2018-0650
JVN(link is external)
CONFIRM(link is external)
MISC(link is external)
google -- android
 
In Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel while trying to find out total number of partition via a non zero check, there could be possibility where the 'TotalPart' could cross 'GptHeader->MaxPtCnt' and which could result in OOB write in patching GPT. 2018-09-04 not yet calculated CVE-2018-11262
CONFIRM
CONFIRM
google -- android
 
In all Android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, radio_id is received from the FW and is used to access the buffer to copy the radio stats received for each radio from FW. If the radio_id received from the FW is greater than or equal to maximum, an OOB write will occur. On supported Google Pixel and Nexus devices, this has been addressed in security patch level 2018-08-05. 2018-09-06 not yet calculated CVE-2018-11263
CONFIRM(link is external)
CONFIRM
CONFIRM
google -- gvisor Google gVisor before 2018-08-23, within the seccomp sandbox, permits access to the renameat system call, which allows attackers to rename files on the host OS. 2018-09-02 not yet calculated CVE-2018-16359
MISC
MISC(link is external)
gxlcms -- gxlcms
 
Gxlcms 2.0 has Directory Traversal exploitable by an administrator. 2018-09-05 not yet calculated CVE-2018-16437
MISC(link is external)
gxlcms -- gxlcms
 
Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php. 2018-09-07 not yet calculated CVE-2018-16655
MISC(link is external)
MISC(link is external)
gxlcms -- gxlcms
 
Gxlcms 2.0 has SQL Injection exploitable by an administrator. 2018-09-05 not yet calculated CVE-2018-16436
MISC(link is external)
hdf -- hdf5
 
An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c. 2018-09-03 not yet calculated CVE-2018-16438
MISC(link is external)
hibara -- attachecase Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create arbitrary files via specially crafted ATC file. 2018-09-07 not yet calculated CVE-2018-0660
JVN(link is external)
CONFIRM
hibara -- attachecase Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create or overwrite existing files via specially crafted ATC file. 2018-09-07 not yet calculated CVE-2018-0659
JVN(link is external)
CONFIRM
hibara -- attachecase
 
AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script execution via unspecified vectors. 2018-09-04 not yet calculated CVE-2018-0675
JVN(link is external)
CONFIRM
hibara -- attachecase
 
AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script execution via unspecified vectors. 2018-09-04 not yet calculated CVE-2018-0674
JVN(link is external)
CONFIRM
hscripts -- php_file_browser
 
HScripts PHP File Browser Script v1.0 allows Directory Traversal via the index.php path parameter. 2018-09-05 not yet calculated CVE-2018-16549
MISC(link is external)
huawei -- hirouter-cd20-10
 
In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into installing it. Successful exploit could allow the attacker to obtain the root permission of the device and take full control over the device. 2018-09-04 not yet calculated CVE-2018-7937
CONFIRM(link is external)
huawei -- mate_10_pro_smartphones
 
Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can connect the phone with PC and send special instructions to install third party desktop and disable the boot wizard. As a result, the FRP function is bypassed. 2018-09-04 not yet calculated CVE-2018-7936
CONFIRM(link is external)
huawei -- mate_10_pro_smartphones
 
Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. During the mobile phone reseting process, an attacker could bypass "Find My Phone" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP. 2018-09-04 not yet calculated CVE-2018-7990
CONFIRM(link is external)
huawei -- p10_smartphones
 
P10 Huawei smartphones with the versions before Victoria-AL00AC00B217 have an information leak vulnerability due to the lack of permission validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can read some hardware serial number, which may cause sensitive information leak. 2018-09-04 not yet calculated CVE-2018-7938
CONFIRM(link is external)
i-o_data_device -- ts-wrlp_firmware Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector. 2018-09-07 not yet calculated CVE-2018-0663
JVN(link is external)
CONFIRM(link is external)
i-o_data_device -- ts-wrlp_firmware Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to bypass access restriction to add files on a specific directory that may result in executing arbitrary OS commands/code or information including credentials leakage or alteration. 2018-09-07 not yet calculated CVE-2018-0661
JVN(link is external)
CONFIRM(link is external)
i-o_data_device -- ts-wrlp_firmware
 
Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to add malicious files on the device and execute arbitrary code. 2018-09-07 not yet calculated CVE-2018-0662
JVN(link is external)
CONFIRM(link is external)
ibm -- api_connect
 
IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939. 2018-09-07 not yet calculated CVE-2018-1789
XF(link is external)
CONFIRM(link is external)
ibm -- campaign IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 121153. 2018-09-07 not yet calculated CVE-2017-1115
XF(link is external)
CONFIRM(link is external)
ibm -- campaign
 
IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121152. 2018-09-07 not yet calculated CVE-2017-1114
XF(link is external)
CONFIRM(link is external)
ibm -- security_identity_governance_and_intelligence
 
IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to obtain sensitive information due to missing authentication in IGI for the survey application. IBM X-Force ID: 148601. 2018-09-07 not yet calculated CVE-2018-1757
CONFIRM(link is external)
XF(link is external)
ibm -- security_identity_governance_and_intelligence
 
IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM X-Force ID: 148599. 2018-09-07 not yet calculated CVE-2018-1756
CONFIRM(link is external)
XF(link is external)
ibm -- websphere_application_server
 
IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 145769. 2018-09-06 not yet calculated CVE-2018-1695
XF(link is external)
CONFIRM(link is external)
ibm -- websphere_application_server
 
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024. 2018-09-07 not yet calculated CVE-2018-1567
XF(link is external)
CONFIRM(link is external)
ice_qube -- thermal_management_center In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allow an attacker to gain access to sensitive information. 2018-09-06 not yet calculated CVE-2017-14026
MISC
ice_qube -- thermal_management_center In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication. 2018-09-06 not yet calculated CVE-2017-16714
MISC
ideacms -- ideacms
 
The issue was discovered in IdeaCMS through 2016-04-30. There is reflected XSS via the index.php?c=content&a=search kw parameter. NOTE: this product is discontinued. 2018-09-02 not yet calculated CVE-2018-16372
MISC(link is external)
idreamsoft -- icms
 
An issue discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF. 2018-09-02 not yet calculated CVE-2018-16365
MISC(link is external)
idreamsoft -- icms
 
An issue discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF. 2018-09-02 not yet calculated CVE-2018-16366
MISC(link is external)
imagemagick -- imagemagick ImageMagick 7.0.8-6 has a memory leak vulnerability in the TIFFWritePhotoshopLayers function in coders/tiff.c. 2018-09-06 not yet calculated CVE-2018-16641
MISC(link is external)
MISC(link is external)
imagemagick -- imagemagick ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c. 2018-09-06 not yet calculated CVE-2018-16640
MISC(link is external)
MISC(link is external)
imagemagick -- imagemagick The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc function, which allows remote attackers to cause a denial of service via a crafted image file. 2018-09-06 not yet calculated CVE-2018-16643
MISC(link is external)
MISC(link is external)
imagemagick -- imagemagick There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image. 2018-09-06 not yet calculated CVE-2018-16644
MISC(link is external)
MISC(link is external)
MISC(link is external)
imagemagick -- imagemagick The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write. 2018-09-06 not yet calculated CVE-2018-16642
MISC(link is external)
MISC(link is external)
imagemagick -- imagemagick
 
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function. 2018-09-03 not yet calculated CVE-2018-16412
BID(link is external)
MISC(link is external)
imagemagick -- imagemagick
 
There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file. 2018-09-06 not yet calculated CVE-2018-16645
MISC(link is external)
MISC(link is external)
imagemagick -- imagemagick
 
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function. 2018-09-03 not yet calculated CVE-2018-16413
BID(link is external)
MISC(link is external)
MISC(link is external)
information_builders -- webfocus_business_intelligence_portal
 
An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal 8.1 . A specially crafted web parameter can cause a command injection. An authenticated attacker can send a crafted web request to trigger this vulnerability. 2018-09-07 not yet calculated CVE-2016-9044
MISC(link is external)
jorani -- jorani An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) allows a user of the application without permissions to read and modify sensitive information from the database used by the application via the startdate or enddate parameter to leaves/validate. 2018-09-05 not yet calculated CVE-2018-15918
MISC(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
jorani -- jorani
 
Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language. 2018-09-05 not yet calculated CVE-2018-15917
MISC(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
joyent -- smartos
 
An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32 bit model. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploit this will result in memory exhaustion, resulting in a full system denial of service. 2018-09-07 not yet calculated CVE-2016-9040
MISC(link is external)
jsish -- jsish
 
jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in Jsi_LogMsg (jsiUtils.c:196) that can result in Crash due to segmentation fault. This attack appear to be exploitable via the victim executing specially crafted javascript code. This vulnerability appears to have been fixed in 2.4.69. 2018-09-06 not yet calculated CVE-2018-1000661
CONFIRM
jsish -- jsish
 
jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds Read vulnerability in function jsi_ObjArrayLookup (jsiObj.c:274) that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code. This vulnerability appears to have been fixed in 2.4.71. 2018-09-06 not yet calculated CVE-2018-1000668
CONFIRM
jsish -- jsish
 
jsish version 2.4.70 2.047 contains a Buffer Overflow vulnerability in function _jsi_evalcode from jsiEval.c that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code. 2018-09-06 not yet calculated CVE-2018-1000663
CONFIRM
kaizen -- asset_manager_and_training_manager
 
Kaizen Asset Manager (Enterprise Edition) and Training Manager (Enterprise Edition) allow a remote attacker to achieve arbitrary code execution via file impersonation. For example, a malicious dynamic-link library (dll) assumed the identity of a temporary (tmp) file (isxdl.dll) and an executable file assumed the identity of a temporary file (996E.temp). 2018-09-05 not yet calculated CVE-2018-16545
MISC(link is external)
kamailio -- kamailio
 
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash for To tags. (An additional error is present in the check_via_address core function: this function also misses input validation.) This could result in denial of service and potentially the execution of arbitrary code. 2018-09-07 not yet calculated CVE-2018-16657
MISC(link is external)
koha -- library_system
 
KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments as paid for certain users on behalf of Administrators. This attack appear to be exploitable via The victim must be socially engineered into clicking a link, usually via email. This vulnerability appears to have been fixed in 17.11. 2018-09-06 not yet calculated CVE-2018-1000669
CONFIRM
koha -- library_system
 
KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Scripting (XSS) vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number] , /cgi-bin/koha/serials/subscription-add.pl that can result in Privilege escalation by taking control of higher privileged users browser sessions. This attack appear to be exploitable via Victims must be socially engineered to visit a vulnerable webpage containing malicious payload. This vulnerability appears to have been fixed in 17.11. 2018-09-06 not yet calculated CVE-2018-1000670
CONFIRM
kone -- group_controller
 
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03. 2018-09-07 not yet calculated CVE-2018-15485
MISC(link is external)
CONFIRM(link is external)
kone -- group_controller
 
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01. 2018-09-07 not yet calculated CVE-2018-15484
MISC(link is external)
CONFIRM(link is external)
kone -- group_controller
 
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02. 2018-09-07 not yet calculated CVE-2018-15486
MISC(link is external)
CONFIRM(link is external)
kone -- group_controller
 
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Denial of Service can occur through the open HTTP interface, aka KONE-04. 2018-09-07 not yet calculated CVE-2018-15483
MISC(link is external)
CONFIRM(link is external)
lavalite -- cms
 
LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit. 2018-09-05 not yet calculated CVE-2018-16551
MISC(link is external)
limesurvey -- limesurvey
 
In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file, 2018-09-03 not yet calculated CVE-2018-16397
MISC(link is external)
limesurvey -- limesurvey
 
LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious php files that can be called under certain circumstances. This vulnerability appears to have been fixed in after commit 91d143230eb357260a19c8424b3005deb49a47f7 / version 3.14.4. 2018-09-06 not yet calculated CVE-2018-1000658
CONFIRM(link is external)
CONFIRM(link is external)
limesurvey -- limesurvey
 
LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An authenticated user can upload a specially crafted zip file to get remote code execution. This vulnerability appears to have been fixed in after commit 72a02ebaaf95a80e26127ee7ee2b123cccce05a7 / version 3.14.4. 2018-09-06 not yet calculated CVE-2018-1000659
CONFIRM(link is external)
linux -- linux_kernel Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket. 2018-09-04 not yet calculated CVE-2018-6554
MLIST(link is external)
MLIST(link is external)
linux -- linux_kernel The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket. 2018-09-04 not yet calculated CVE-2018-6555
MLIST(link is external)
MLIST(link is external)
linux -- linux_kernel The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. 2018-09-06 not yet calculated CVE-2018-5391
CONFIRM(link is external)
BID(link is external)
SECTRACK(link is external)
MISC
MLIST
UBUNTU(link is external)
UBUNTU(link is external)
UBUNTU(link is external)
UBUNTU(link is external)
UBUNTU(link is external)
UBUNTU(link is external)
DEBIAN
CERT-VN
linux -- linux_kernel
 
An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940. 2018-09-07 not yet calculated CVE-2018-16658
MISC
MISC
MISC(link is external)
little_color_management_system -- little_color_management_system
 
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. 2018-09-03 not yet calculated CVE-2018-16435
MISC(link is external)
MISC(link is external)
MLIST
DEBIAN
mantisbt -- mantisbt
 
An issue was discovered in the Source Integration plugin before 1.5.9 and 2.x before 2.1.5 for MantisBT. A cross-site scripting (XSS) vulnerability in the Manage Repository and Changesets List pages allows execution of arbitrary code (if CSP settings permit it) via repo_manage_page.php or list.php. 2018-09-02 not yet calculated CVE-2018-16362
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
mayan -- edms
 
An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS. 2018-09-03 not yet calculated CVE-2018-16405
MISC(link is external)
MISC(link is external)
MISC(link is external)
mayan -- edms
 
An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app has XSS via a crafted cabinet label. 2018-09-03 not yet calculated CVE-2018-16406
MISC(link is external)
MISC(link is external)
MISC(link is external)
mayan -- edms
 
An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled. 2018-09-03 not yet calculated CVE-2018-16407
MISC(link is external)
MISC(link is external)
MISC(link is external)
micropyramid -- django-crm
 
MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/edit/, and /accounts/##/delete/ URIs. 2018-09-05 not yet calculated CVE-2018-16552
MISC(link is external)
multiple_vendors -- multiple_products
 
The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network. 2018-09-06 not yet calculated CVE-2018-5389
MISC(link is external)
MISC(link is external)
CERT-VN
MISC
netwide_assembler -- netwide_assembler NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appear to be exploitable via a specially crafted asm file.. 2018-09-06 not yet calculated CVE-2018-1000667
MISC(link is external)
MISC(link is external)
netwide_assembler -- netwide_assembler asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file. 2018-09-06 not yet calculated CVE-2018-16517
MISC(link is external)
MISC(link is external)
netwide_assembler -- netwide_assembler Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c. 2018-09-02 not yet calculated CVE-2018-16382
MISC(link is external)
nibbleblog -- nibbleblog
 
An issue was discovered in Nibbleblog v4.0.5. With an admin's username and password, an attacker can execute arbitrary PHP code by changing the username because the username is surrounded by double quotes (e.g., "${phpinfo()}"). 2018-09-06 not yet calculated CVE-2018-16604
MISC(link is external)
nordvpn -- nordvpn
 
An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges. 2018-09-07 not yet calculated CVE-2018-3952
MISC(link is external)
ogma_cms -- ogma_cms Ogma CMS 0.4 Beta has XSS via the "Footer Text footer" field on the "Theme/Theme Options" screen. 2018-09-02 not yet calculated CVE-2018-16379
MISC(link is external)
ogma_cms -- ogma_cms An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF vulnerability in users.php?action=createnew that can add an admin account. 2018-09-02 not yet calculated CVE-2018-16380
MISC(link is external)
okular -- okular
 
okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1 2018-09-06 not yet calculated CVE-2018-1000801
CONFIRM
CONFIRM
onethink -- onethink
 
OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html. 2018-09-04 not yet calculated CVE-2018-16449
MISC(link is external)
onlinejudge -- onlinejudge
 
In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file anywhere. A user can write a directory listing to /tmp, and can leak file data with a #include. 2018-09-02 not yet calculated CVE-2018-16367
MISC(link is external)
openjpeg -- openjpeg An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow. 2018-09-02 not yet calculated CVE-2018-16375
BID(link is external)
MISC(link is external)
openjpeg -- openjpeg
 
An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. 2018-09-02 not yet calculated CVE-2018-16376
BID(link is external)
MISC(link is external)
openmrs -- reference_application
 
An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0. 2018-09-05 not yet calculated CVE-2018-16521
MISC(link is external)
MISC(link is external)
opensc -- opensc
 
A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-09-03 not yet calculated CVE-2018-16425
MISC(link is external)
MISC(link is external)
MISC(link is external)
opensc -- opensc
 
Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-09-03 not yet calculated CVE-2018-16421
MISC(link is external)
MISC(link is external)
MISC(link is external)
opensc -- opensc
 
Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs. 2018-09-03 not yet calculated