[영어학습용 로봇시스템 개발 현황]

 

 

 

 

*** 출처: [IITP] 인공지능형 로봇 언어학습시스템 개발 동향과 과제 - 김인석 국제언어교육연구원 이사장

*** 문서:

file6879094473931718999-186801.pdf

 

 

 

 

II. 인공지능형 로봇 언어학습시스템 개발 현황과 기술 동향

 

 

1. 인공지능형 로봇 언어학습시스템 개발 현황

 

- 언어학습용 로봇은 개인 서비스용 컴패니언 로봇으로서 학습자들이 언어를 학습할 때 원어민처럼 옆에 두고 수시로 도움을 받을 수 있는 휴머노이드형 로봇으로 정의할 수 있다.

 

 

 

 

 

 

2. 인공지능형 로봇 영어학습시스템의 개발 사례

 

- ALICE ChatBot

 

 

 

 

 

 

- MINDs English

 

 

 

 

 

 

- 인공지능형 영어회화 프로그램 GenieTutor

 

 

 

 

 

 

 

Posted by manga0713

 

[영상, 음성, 생체의 복합적 신호 시스템]

 

 

 

 

*** 출처 : [IITP] 감정 인식 기술 동향 - 인하대학교 송병철, 김대하, 최동윤, 이민규

*** 문서:

file2141513302977931472-186802.pdf

 

 

 

 

 

 

 

- 센싱 기술과 딥러닝 기술, 그리고 데이터베이스 기술이 융합되어 최근 인간의 감정 인식 기술이 발전하는 추세에 있다.

 

- 인간의 표면적인 감정은 얼굴 표정이나 행동 그리고 음성으로 인식이 가능하다. 하지만, 내면적인 감정 인식을 쉽지 않은데, 생체 신호를 이용하면 인식이 가능할 수 있다.

 

- 따라서 단일 신호에만 의존하지 않고, 영상, 음성, 생체 신호 등 멀티모달 신호를 사용하는 것은 감정 인식의 정확도를 향상시키는데 기여할 수 있다.

 

- 그러므로 멀티모달 신호를 이용한 딥러닝 알고리즘을 효과적으로 설계하고 학습시킬 수 있다면 소셜 로봇 같은 기계와 인간의 상호작용이 좀 더 원활해질 수 있을 것이다.

 

 

 

II. 감정 인식 기술 개요

 

 

1. 동영상 기반 감정 인식 기술 동향

 

- 갈수록 판단하기 힘든 상황에서의 인물 감정 인식쪽으로 연구가 확장되고 있다. 예를 들면, AFEW 데이터셋은 점차 리얼리티 쇼나 시트콤과 같이 좀 더 즉각적인 감정의 분석에 초점을 두고 있다.

 

- 영상 내 얼굴의 이차원적인 특징을 추출하고 분석하기 위해 CNN과 같은 팁 네트워크가 널리 사용되고 있다.

 

- 동영상 내 프레임들의 시간적 연속성을 추출/분석하기 위한 LSTM이라는 기법도 자주 사용되고 있다.

 

- 사람의 감정을 단순히 화남, 역겨움, 두려움, 행복함, 중립, 슬픔, 놀라움 등 7가지로 분류하는데서 벗어나 좀 더 세밀한 감정 분석을 위해 연속적인 Arousal-Valence(AV) 영역에서의 감정 인식 연구도 활발해지고 있다.

 

- 이는 사람의 감정을 특정한 라벨로 분류하는 것보다 흥분 정도와 positive/negative 정도를 파악하여 그 수리로 사람의 감정을 연속적으로 분류하는 것이 더 효율적일 수 있기 때문이다.

 

- AV 영역에서의 감정 인식 분석을 위한 AffectNet 데이터셋이 만들어져 관련 연구가 활발히 진행되고 있다.

 

 

2. 음성 기반 감정 인식 기술 동향

 

- 음성만으로 감정 인식을 하는 응용 사례는 실제로 많지 않다. 이는 동영상 속에서 음성 정보는 산발적으로 존재하기 때문이다.

 

- 최근에는 딥러닝을 이용한 기술들이 주를 이루고 있다.

 

 

3. 생체신호 기반 감정 인식 기술 동향

 

- Haag, Andreas, et al. “Emotion recognition using bio-sensors: First steps towards an automatic
system,” Tutorial and research workshop on affective dialogue systems. Springer, Berlin, Heidelberg,
2004.

 

- Jenke, Robert, Angelika Peer, and Martin Buss. “Feature extraction and selection for emotion
recognition from EEG,” IEEE Transactions on Affective Computing 5.3(2014): 327-339.

 

- 송병호 외, “사용자 생체신호 인식 기반 감성 소셜 로봇 시스템 설계”, 제어로봇시스템학회 하계학술대회,
2018.

 

- 이현수 외, “생체 신호를 이용한 사용자 감정 기반의 음악 추천 시스템 제안”, 대한전자공학회 하계종합학술대회, 2017.

 

 

 

IV. 멀티모달 딥러닝 기반 감정 인식

 

 

2. 멀티모달 딥러닝

 

- 멀티모달 딥러닝은 성질이 다른 복수의 입력을 처리하는 딥러닝 알고리즘으로 각각의 신호 모달리티에서 부족한 정보를 상호 보완하여 인식 성능을 향상하고자 하는데 목적이 있다.

 

- 서로 다른 모달리티의 정보를 융합하는 과정이 핵심이다.

 

 

 

 

[멀티모달 딥러닝 융합 방식 예시]

 

 

 

- 멀티모달 딥러닝 기법은 EmotiW에서도 대부분의 팀들에 의해 활용되고 있다. EmotiW에서 제공하는 데이터셋은 인물의 표정과 음성이 존재하는 비디오와 오디오의 멀티모달 정보를 제공한다.

 

- 최근 EmotiW에서 발표되는 기술은 영상정보를 처리하는 네트워크와 음성정보를 처리하는 네트워크를 별도로 설계하여 처리하고 감정에 대한 출력 확률 정보를 융합하는 늦은 융합 과정이 주를 이루고 있다

Posted by manga0713

 

 

 

 

*** 출처: [US-CERT: Bulletin(SB18-288)] 2018년 10월 8일까지 발표된 보안 취약점

 

 

 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no medium vulnerabilities recorded this week.
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-12860
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-12841
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-12842
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-12836
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-12873
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-12835
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-12876
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-12874
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-12875
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-12859
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-12855
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-12856
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-12857
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-12858
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-12844
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-12843
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-12832
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-12833
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-12834
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-12872
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-12831
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-12878
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-12862
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-12869
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-12866
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-12865
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-12769
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-12861
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-12759
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-12837
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-15934
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-12867
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-12879
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-12871
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-12880
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-12881
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-12877
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-12863
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-12868
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-12853
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-12864
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-12870
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-15936
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-12839
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-15926
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-15925
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-15922
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-15927
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-15940
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-15952
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-15953
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-15941
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-15937
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-15928
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a stack overflow vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-12838
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-15938
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-15935
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-15933
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-15939
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-15932
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-15930
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-15931
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-12852
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-15951
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-15924
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-15923
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-15946
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-15954
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-15942
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-15947
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-15948
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-15920
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-12847
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-12851
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-15929
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-15945
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-12845
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-15968
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-15955
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-15956
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-15943
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation. 2018-10-12 not yet calculated CVE-2018-15966
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-15944
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-15949
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-10-12 not yet calculated CVE-2018-15950
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-10-12 not yet calculated CVE-2018-12846
BID
SECTRACK
CONFIRM
apache -- activemq An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter. 2018-10-10 not yet calculated CVE-2018-8006
CONFIRM
BID
apache -- pdfbox In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. 2018-10-05 not yet calculated CVE-2018-11797
MLIST
MLIST
apache -- tika In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. Apache Tika versions from 0.1 to 1.19 are therefore still vulnerable to entity expansions which can lead to a denial of service attack. Users should upgrade to 1.19.1 or later. 2018-10-09 not yet calculated CVE-2018-11796
CONFIRM
auto-maskin -- dcu_210e The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password only authentication not cryptographic keys, however the firmware image contains an RSA host-key for the server. An attacker can exploit this vulnerability to gain root access to the Angstrom Linux operating system and modify any binaries or configuration files in the firmware. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7. 2018-10-08 not yet calculated CVE-2018-5399
CERT-VN
auto-maskin -- multiple_products The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and upload executable code via file upload for firmware updates. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and the Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7. 2018-10-08 not yet calculated CVE-2018-5402
CERT-VN
auto-maskin -- multiple_products The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, "Hello World" over UDP ports 44444-44446 to the broadcast address for the LAN. Without verification devices respond to any of these broadcast messages on the LAN with a plaintext reply over UDP containing the device model and firmware version. Following this exchange the devices allow Modbus transmissions between the two devices on the standard Modbus port 502 TCP. Impact: An attacker can exploit this vulnerability to send arbitrary messages to any DCU or RP device through spoofing or replay attacks as long as they have access to the network. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7. 2018-10-08 not yet calculated CVE-2018-5400
CERT-VN
auto-maskin -- multiple_products The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus communications. Impact: An attacker can exploit this vulnerability to observe information about configurations, settings, what sensors are present and in use, and other information to aid in crafting spoofed messages. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7. 2018-10-08 not yet calculated CVE-2018-5401
CERT-VN
bagesoft -- bagecms An issue was discovered in BageCMS 3.1.3. An attacker can delete any files and folders on the web server via an index.php?r=admini/template/batch&command=deleteFile&fileName= or index.php?r=admini/template/batch&command=deleteFolder&folderName=../ directory traversal URI. 2018-10-11 not yet calculated CVE-2018-18257
MISC
bagesoft -- bagecms An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI. 2018-10-11 not yet calculated CVE-2018-18258
MISC
blackberry -- unified_endpoint_manager An information disclosure vulnerability in the Management Console of BlackBerry UEM 12.8.0 and 12.8.1 could allow an attacker to take over a UEM user's session and perform administrative actions in the context of the user. 2018-10-12 not yet calculated CVE-2018-8890
CONFIRM
blueimp -- blueimp Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0 2018-10-11 not yet calculated CVE-2018-9206
MISC
bytom -- bytom In the client in Bytom before 1.0.6, checkTopicRegister in p2p/discover/net.go does not prevent negative idx values, leading to a crash. 2018-10-10 not yet calculated CVE-2018-18206
MISC
cairo -- cairo cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function). 2018-10-08 not yet calculated CVE-2018-18064
MISC
cisco -- asa_software_and_firepower_threat_defense_software A vulnerability in the implementation of Traffic Flow Confidentiality (TFC) over IPsec functionality in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to an error that may occur if the affected software renegotiates the encryption key for an IPsec tunnel when certain TFC traffic is in flight. An attacker could exploit this vulnerability by sending a malicious stream of TFC traffic through an established IPsec tunnel on an affected device. A successful exploit could allow the attacker to cause a daemon process on the affected device to crash, which could cause the device to crash and result in a DoS condition. 2018-10-05 not yet calculated CVE-2018-15397
SECTRACK
CISCO
cisco -- asa_software_and_firepower_threat_defense_software A vulnerability in the cryptographic hardware accelerator driver of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the affected devices have a limited amount of Direct Memory Access (DMA) memory and the affected software improperly handles resources in low-memory conditions. An attacker could exploit this vulnerability by sending a sustained, high rate of malicious traffic to an affected device to exhaust memory on the device. A successful exploit could allow the attacker to exhaust DMA memory on the affected device, which could cause the device to reload and result in a temporary DoS condition. 2018-10-05 not yet calculated CVE-2018-15383
SECTRACK
CISCO
cisco -- asa_software_and_firepower_threat_defense_software A vulnerability in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control list (ACL) that is configured for an interface of an affected device. The vulnerability is due to errors that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit this vulnerability by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to access resources that are behind the affected device and would typically be protected by the interface ACL. 2018-10-05 not yet calculated CVE-2018-15398
BID
SECTRACK
CISCO
cisco -- asa_software_and_firepower_threat_defense_software A vulnerability in the TCP syslog module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust the 1550-byte buffers on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing boundary check in an internal function. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between an affected device and its configured TCP syslog server and then maliciously modifying the TCP header in segments that are sent from the syslog server to the affected device. A successful exploit could allow the attacker to exhaust buffer on the affected device and cause all TCP-based features to stop functioning, resulting in a DoS condition. The affected TCP-based features include AnyConnect SSL VPN, clientless SSL VPN, and management connections such as Secure Shell (SSH), Telnet, and HTTPS. 2018-10-05 not yet calculated CVE-2018-15399
SECTRACK
CISCO
cisco -- catalyst_6800_series_switches A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a hidden command in the affected software. An attacker could exploit this vulnerability by connecting to an affected device via the console, forcing the device into ROMMON mode, and writing a malicious pattern to a specific memory address on the device. A successful exploit could allow the attacker to bypass signature validation checks by Cisco Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco. 2018-10-05 not yet calculated CVE-2018-15370
BID
CISCO
cisco -- cloud_services_platform_2100 A vulnerability in the web-based management interface of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to perform command injection. The vulnerability is due to insufficient input validation of command input. An attacker could exploit this vulnerability by sending customized commands to the web-based management interface. 2018-10-05 not yet calculated CVE-2018-0454
SECTRACK
CISCO
cisco -- data_center_network_manager A vulnerability in the web interface of Cisco Data Center Network Manager could allow an authenticated application administrator to execute commands on the underlying operating system with root-level privileges. The vulnerability is due to incomplete input validation of user input within an HTTP request. An attacker could exploit this vulnerability by authenticating to the application and then sending a crafted HTTP request to the targeted application. A successful exploit could allow the authenticated attacker to issue commands on the underlying operating system as the root user. 2018-10-05 not yet calculated CVE-2018-0440
SECTRACK
CISCO
cisco -- data_center_network_manager A vulnerability in the user management functionality of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a denial of service (DoS) attack against an affected system. The vulnerability is due to insufficient validation of user-provided input. An attacker could exploit this vulnerability by logging in with a highly privileged user account and performing a sequence of specific user management operations that interfere with the underlying operating system. A successful exploit could allow the attacker to permanently degrade the functionality of the affected system. 2018-10-05 not yet calculated CVE-2018-0462
BID
CISCO
cisco -- data_center_network_manager A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the management interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. 2018-10-05 not yet calculated CVE-2018-0450
BID
CISCO

cisco -- digital_network_architecture_center
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files. 2018-10-05 not yet calculated CVE-2018-15386
BID
CISCO
cisco -- digital_network_architecture_center A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient security restrictions for critical management functions. An attacker could exploit this vulnerability by sending a valid identity management request to the affected system. An exploit could allow the attacker to view and make unauthorized modifications to existing system users as well as create new users. 2018-10-05 not yet calculated CVE-2018-0448
BID
CISCO
cisco -- email_security_appliance A vulnerability in the anti-spam protection mechanisms of Cisco AsyncOS Software for the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass certain content filters on an affected device. The vulnerability is due to incomplete input and validation checking mechanisms for certain Sender Policy Framework (SPF) messages that are sent to an affected device. An attacker could exploit this vulnerability by sending a customized SPF packet to an affected device. If successful, an exploit could allow the attacker to bypass the URL filters that are configured for the affected device, which could allow malicious URLs to pass through the device. 2018-10-05 not yet calculated CVE-2018-0447
BID
SECTRACK
CISCO
cisco -- enterprise_nfv_intrastructure_software A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this vulnerability by sending a malicious API request with the authentication credentials of a low-privileged user. A successful exploit could allow the attacker to read any file on the affected system. 2018-10-05 not yet calculated CVE-2018-0460
BID
CISCO
cisco -- enterprise_nfv_intrastructure_software A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to cause an affected system to reboot or shut down. The vulnerability is due to insufficient server-side authorization checks. An attacker who is logged in to the web-based management interface as a low-privileged user could exploit this vulnerability by sending a crafted HTTP request. A successful exploit could allow the attacker to use the low-privileged user account to reboot or shut down the affected system. 2018-10-05 not yet calculated CVE-2018-0459
BID
CISCO
cisco -- expressway_series_and_telepresense_video_communication_server A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An attacker could exploit this vulnerability by uploading a malicious archive to the Upgrade page of the administrative web interface. A successful exploit could allow the attacker to execute code with user-level privileges on the underlying operating system. 2018-10-05 not yet calculated CVE-2018-15430
SECTRACK
CISCO
cisco -- firepower_threat_defense_software A vulnerability in the FTP inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to release spinlocks when a device is running low on system memory, if the software is configured to apply FTP inspection and an access control rule to transit traffic, and the access control rule is associated with an FTP file policy. An attacker could exploit this vulnerability by sending a high rate of transit traffic through an affected device to cause a low-memory condition on the device. A successful exploit could allow the attacker to cause a software panic on the affected device, which could cause the device to reload and result in a temporary DoS condition. 2018-10-05 not yet calculated CVE-2018-15390
BID
CISCO
cisco -- hyperflex_software A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid, signed session tokens. The vulnerability is due to a static signing key that is present in all Cisco HyperFlex systems. An attacker could exploit this vulnerability by accessing the static signing key from one HyperFlex system and using it to generate valid, signed session tokens for another HyperFlex system. A successful exploit could allow the attacker to access the HyperFlex Web UI of a system for which they are not authorized. 2018-10-05 not yet calculated CVE-2018-15382
BID
CISCO
cisco -- identity_services_engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server. 2018-10-05 not yet calculated CVE-2018-15425
SECTRACK
CISCO
cisco -- identity_services_engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server. 2018-10-05 not yet calculated CVE-2018-15424
SECTRACK
CISCO
cisco -- integrated_management_controller A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device. 2018-10-05 not yet calculated CVE-2018-0431
SECTRACK
CISCO
cisco -- integrated_management_controller A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device. 2018-10-05 not yet calculated CVE-2018-0430
SECTRACK
CISCO
cisco -- integrated_management_controller_supervisor_and_ucs_director A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to an authorization check that does not properly include the access level of the web interface user. An attacker who has valid application credentials could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional reconnaissance attacks. 2018-10-05 not yet calculated CVE-2018-15405
SECTRACK
CISCO
cisco -- ios A vulnerability in the IPsec driver code of multiple Cisco IOS XE Software platforms and the Cisco ASA 5500-X Series Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to improper processing of malformed IPsec Authentication Header (AH) or Encapsulating Security Payload (ESP) packets. An attacker could exploit this vulnerability by sending malformed IPsec packets to be processed by an affected device. An exploit could allow the attacker to cause a reload of the affected device. 2018-10-05 not yet calculated CVE-2018-0472
BID
SECTRACK
SECTRACK
CISCO
cisco -- ios_and_ios_xe A vulnerability in the TACACS+ client subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of crafted TACACS+ response packets by the affected software. An attacker could exploit this vulnerability by injecting a crafted TACACS+ packet into an existing TACACS+ session between an affected device and a TACACS+ server or by impersonating a known, valid TACACS+ server and sending a crafted TACACS+ packet to an affected device when establishing a connection to the device. To exploit this vulnerability by using either method, the attacker must know the shared TACACS+ secret and the crafted packet must be sent in response to a TACACS+ request from a TACACS+ client. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. 2018-10-05 not yet calculated CVE-2018-15369
BID
CISCO
cisco -- ios_and_ios_xe A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to a logic error in how the affected software handles a subset of VTP packets. An attacker could exploit this vulnerability by sending VTP packets in a sequence that triggers a timeout in the VTP message processing code of the affected software. A successful exploit could allow the attacker to impact the ability to create, modify, or delete VLANs and cause a DoS condition. There are workarounds that address this vulnerability. 2018-10-05 not yet calculated CVE-2018-0197
BID
CISCO
cisco -- ios_and_ios_xe A vulnerability in the implementation of Cisco Discovery Protocol functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper memory handling by the affected software when the software processes high rates of Cisco Discovery Protocol packets that are sent to a device. An attacker could exploit this vulnerability by sending a high rate of Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to exhaust memory on the affected device, resulting in a DoS condition. 2018-10-05 not yet calculated CVE-2018-15373
BID
CISCO
cisco -- ios_and_ios_xe A vulnerability in the Precision Time Protocol (PTP) subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Precision Time Protocol. The vulnerability is due to insufficient processing of PTP packets. An attacker could exploit this vulnerability by sending a custom PTP packet to, or through, an affected device. A successful exploit could allow the attacker to cause a DoS condition for the PTP subsystem, resulting in time synchronization issues across the network. 2018-10-05 not yet calculated CVE-2018-0473
BID
SECTRACK
CISCO
cisco -- ios_and_ios_xe A vulnerability in the Open Shortest Path First version 3 (OSPFv3) implementation in Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. The vulnerability is due to incorrect handling of specific OSPFv3 packets. An attacker could exploit this vulnerability by sending crafted OSPFv3 Link-State Advertisements (LSA) to an affected device. An exploit could allow the attacker to cause an affected device to reload, leading to a denial of service (DoS) condition. 2018-10-05 not yet calculated CVE-2018-0466
BID
SECTRACK
CISCO
cisco -- ios_and_ios_xe A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system. The vulnerability is due to improper validation of user requests within the management interface. An attacker could exploit this vulnerability by sending malicious requests containing directory traversal character sequences within the management interface. An exploit could allow the attacker to view or create arbitrary files on the targeted system. 2018-10-05 not yet calculated CVE-2018-0464
BID
SECTRACK
CISCO
MISC
cisco -- ios_xe A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device. 2018-10-05 not yet calculated CVE-2018-0481
SECTRACK
CISCO
cisco -- ios_xe A vulnerability in the IPv6 processing code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handling of specific IPv6 hop-by-hop options. An attacker could exploit this vulnerability by sending a malicious IPv6 packet to or through the affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device. 2018-10-05 not yet calculated CVE-2018-0467
SECTRACK
CISCO
cisco -- ios_xe A vulnerability in the web framework of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the affected software improperly parsing malformed HTTP packets that are destined to a device. An attacker could exploit this vulnerability by sending a malformed HTTP packet to an affected device for processing. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected device, resulting in a DoS condition. 2018-10-05 not yet calculated CVE-2018-0470
BID
SECTRACK
CISCO
cisco -- ios_xe A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. The vulnerability is due to the affected software improperly verifying digital signatures for software images and files that are uploaded to a device. An attacker could exploit this vulnerability by uploading a malicious software image or file to an affected device. A successful exploit could allow the attacker to bypass digital signature verification checks for software images and files and install a malicious software image or file on the affected device. 2018-10-05 not yet calculated CVE-2018-15374
BID
CISCO
cisco -- ios_xe A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device. 2018-10-05 not yet calculated CVE-2018-0477
SECTRACK
CISCO
cisco -- ios_xe A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of SIP packets in transit while NAT is performed on an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted SIP packets via UDP port 5060 through an affected device that is performing NAT for SIP packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition. 2018-10-05 not yet calculated CVE-2018-0476
BID
SECTRACK
SECTRACK
CISCO
cisco -- ios_xe A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation when handling Cluster Management Protocol (CMP) messages. An attacker could exploit this vulnerability by sending a malicious CMP message to an affected device. A successful exploit could allow the attacker to cause the switch to crash and reload or to hang, resulting in a DoS condition. If the switch hangs it will not reboot automatically, and it will need to be power cycled manually to recover. 2018-10-05 not yet calculated CVE-2018-0475
BID
SECTRACK
CISCO
cisco -- ios_xe A vulnerability in the MACsec Key Agreement (MKA) using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic through a Layer 3 interface of an affected device. The vulnerability is due to a logic error in the affected software. An attacker could exploit this vulnerability by connecting to and passing traffic through a Layer 3 interface of an affected device, if the interface is configured for MACsec MKA using EAP-TLS and is running in access-session closed mode. A successful exploit could allow the attacker to bypass 802.1x network access controls and gain access to the network. 2018-10-05 not yet calculated CVE-2018-15372
BID
CISCO
cisco -- ios_xe A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-memory handling by the affected software when specific HTTP requests are processed. An attacker could exploit this vulnerability by sending specific HTTP requests to the web user interface of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker must have access to the management interface of the affected software, which is typically connected to a restricted management network. 2018-10-05 not yet calculated CVE-2018-0469
BID
SECTRACK
CISCO
cisco -- ios_xe A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition. The vulnerability is due to a race condition that occurs when the VLAN and port enter an errdisabled state, resulting in an incorrect state in the software. An attacker could exploit this vulnerability by sending frames that trigger the errdisable condition. A successful exploit could allow the attacker to cause the affected device to crash, leading to a DoS condition. 2018-10-05 not yet calculated CVE-2018-0480
BID
SECTRACK
CISCO
cisco -- ios_xe_and_asa_5500-x_series A vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco IOS XE Software Releases 16.6.1 and 16.6.2 could allow an unauthenticated, adjacent attacker to cause a memory leak that may lead to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain CDP packets. An attacker could exploit this vulnerability by sending certain CDP packets to an affected device. A successful exploit could cause an affected device to continuously consume memory and eventually result in a memory allocation failure that leads to a crash, triggering a reload of the affected device. 2018-10-05 not yet calculated CVE-2018-0471
BID
SECTRACK
CISCO
cisco -- ios_xr A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP update messages. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer. 2018-10-05 not yet calculated CVE-2018-15428
SECTRACK
CISCO
cisco -- isr_g2_and_isr4451-x_routers A vulnerability in the SM-1T3/E3 firmware on Cisco Second Generation Integrated Services Routers (ISR G2) and the Cisco 4451-X Integrated Services Router (ISR4451-X) could allow an unauthenticated, remote attacker to cause the ISR G2 Router or the SM-1T3/E3 module on the ISR4451-X to reload, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of user input. An attacker could exploit this vulnerability by first connecting to the SM-1T3/E3 module console and entering a string sequence. A successful exploit could allow the attacker to cause the ISR G2 Router or the SM-1T3/E3 module on the ISR4451-X to reload, resulting in a DoS condition on an affected device. 2018-10-05 not yet calculated CVE-2018-0485
BID
SECTRACK
SECTRACK
CISCO
cisco -- meeting_server A vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user. 2018-10-05 not yet calculated CVE-2018-0439
BID
SECTRACK
CISCO
cisco -- multiple_products A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input to scripts by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the root user. 2018-10-05 not yet calculated CVE-2018-0424
SECTRACK
CISCO
cisco -- multiple_products A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a denial of service condition or to execute arbitrary code. The vulnerability is due to improper boundary restrictions on user-supplied input in the Guest user feature of the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device, triggering a buffer overflow condition. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a denial of service condition, or could allow the attacker to execute arbitrary code. 2018-10-05 not yet calculated CVE-2018-0423
BID
SECTRACK
CISCO
cisco -- multiple_products A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to gain access to sensitive configuration information, including user authentication credentials. 2018-10-05 not yet calculated CVE-2018-0425
SECTRACK
CISCO
cisco -- multiple_products A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted device. A successful exploit could allow the attacker to gain access to arbitrary files on the affected device, resulting in the disclosure of sensitive information. 2018-10-05 not yet calculated CVE-2018-0426
SECTRACK
CISCO
cisco -- multiple_products A vulnerability in the web-based management interface of Cisco Webex Events Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2018-10-05 not yet calculated CVE-2018-15436
BID
SECTRACK
SECTRACK
CISCO
cisco -- multiple_products A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that causes the web interface to redirect a request to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites. 2018-10-05 not yet calculated CVE-2018-15403
SECTRACK
SECTRACK
CISCO
cisco -- prime_access_registrar A vulnerability in TCP connection management in Cisco Prime Access Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the application unexpectedly restarts. The vulnerability is due to incorrect handling of incoming TCP SYN packets to specific listening ports. The improper handling of the TCP SYN packets could cause a system file description to be allocated and not freed. An attacker could exploit this vulnerability by sending a crafted stream of TCP SYN packets to the application. A successful exploit could allow the attacker to cause the application to eventually restart if a file description cannot be obtained. 2018-10-05 not yet calculated CVE-2018-0421
BID
SECTRACK
CISCO
cisco -- prime_collaboration_assurance A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. 2018-10-05 not yet calculated CVE-2018-0458
BID
SECTRACK
CISCO
cisco -- prime_infrastructure A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of the user prime. This user does not have administrative or root privileges. The vulnerability is due to an incorrect permission setting for important system directories. An attacker could exploit this vulnerability by uploading a malicious file by using TFTP, which can be accessed via the web-interface GUI. A successful exploit could allow the attacker to run commands on the targeted application without authentication. 2018-10-05 not yet calculated CVE-2018-15379
BID
SECTRACK
CISCO
EXPLOIT-DB
cisco -- sd-wan_solution A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges. 2018-10-05 not yet calculated CVE-2018-0433
BID
CISCO
cisco -- sd-wan_solution A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the error reporting application configuration. An attacker could exploit this vulnerability by sending a crafted command to the error reporting feature. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. 2018-10-05 not yet calculated CVE-2018-0432
BID
CISCO
cisco -- sd-wan_solution A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software. 2018-10-05 not yet calculated CVE-2018-0434
BID
CISCO
cisco -- sd-wan_solution A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass certificate validation on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by supplying a system image signed with a crafted certificate to an affected device, bypassing the certificate validation. An exploit could allow an attacker to deploy a crafted system image. 2018-10-05 not yet calculated CVE-2018-15387
BID
CISCO
cisco -- secure_access_control_server A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file. 2018-10-05 not yet calculated CVE-2018-0414
BID
SECTRACK
CISCO
cisco -- tetration_analytics A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user. 2018-10-05 not yet calculated CVE-2018-0451
BID
CISCO
cisco -- tetration_analytics A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. 2018-10-05 not yet calculated CVE-2018-0452
BID
CISCO
cisco -- ucs_director A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. 2018-10-05 not yet calculated CVE-2018-15406
SECTRACK
CISCO
cisco -- umbrella A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges. 2018-10-05 not yet calculated CVE-2018-0437
BID
CISCO
EXPLOIT-DB
cisco -- umbrella A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges. 2018-10-05 not yet calculated CVE-2018-0438
BID
CISCO
EXPLOIT-DB
cisco -- umbrella A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could exploit this vulnerability to view and potentially modify data for their organization or other organizations. A successful exploit could allow the attacker to read or modify data across multiple organizations. 2018-10-05 not yet calculated CVE-2018-0435
BID
CISCO
cisco -- unified_ip_phone_7900_series A vulnerability in the web-based management interface of Cisco Unified IP Phone 7900 Series could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.