본문 바로가기
IT 와 Social 이야기

[US-CERT: Bulletin(SB18-176)] 2018년 6월 18일까지 발표된 보안 취약점

by manga0713 2018. 6. 27.

 

 

 

 

*** 출처: [US-CERT: Bulletin(SB18-176)] 2018년 6월 18일까지 발표된 보안 취약점

 

 

 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no medium vulnerabilities recorded this week.
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
1000_guess -- 1000_guess_game
 
The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block information and a private variable (which can be read with a getStorageAt call). Therefore, it allows attackers to always win and get rewards. 2018-06-17 not yet calculated CVE-2018-12454
MISC(link is external)
389-ds-base -- 389-ds-base
 
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. 2018-06-22 not yet calculated CVE-2017-2668
BID(link is external)
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
CONFIRM(link is external)

airbnb/knowledge-repo -- airbnb/knowledge-repo

Cross-site scripting (XSS) vulnerability in Airbnb Knowledge Repo 0.7.4 allows remote attackers to inject arbitrary web scripts or HTML via the post comments functionality, as demonstrated by the post/posts/new_report.kp URI. 2018-06-17 not yet calculated CVE-2018-12104
BID(link is external)
MISC(link is external)
akcms -- akcms
 
An issue was discovered in AKCMS 6.1. CSRF can delete an article via an admincp deleteitem action to index.php. 2018-06-19 not yet calculated CVE-2018-12583
MISC(link is external)
akcms -- akcms
 
An issue was discovered in AKCMS 6.1. CSRF can add an admin account via a /index.php?file=account&action=manageaccounts&job=newaccount URI. 2018-06-19 not yet calculated CVE-2018-12582
MISC(link is external)
apache -- qpid_broker-j
 
A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected. 2018-06-19 not yet calculated CVE-2018-8030
SECTRACK(link is external)
MLIST
apple -- webkit
 
WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object. 2018-06-19 not yet calculated CVE-2018-12294
MISC(link is external)
MLIST(link is external)
BUGTRAQ(link is external)
MISC
MISC
apple -- webkit
 
The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content. 2018-06-19 not yet calculated CVE-2018-12293
MISC(link is external)
MLIST(link is external)
BUGTRAQ(link is external)
MISC
MISC
UBUNTU(link is external)

auth0/angular-jwt -- auth0/angular-jwt

Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain. 2018-06-19 not yet calculated CVE-2018-11537
CONFIRM(link is external)
ca_technologies -- privileged_access_manager
 
An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file. 2018-06-18 not yet calculated CVE-2018-9024
BID(link is external)
CONFIRM(link is external)
ca_technologies -- privileged_access_manager
 
A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request. 2018-06-18 not yet calculated CVE-2018-9026
BID(link is external)
CONFIRM(link is external)
ca_technologies -- privileged_access_manager
 
An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input. 2018-06-18 not yet calculated CVE-2018-9025
BID(link is external)
CONFIRM(link is external)
ca_technologies -- privileged_access_manager
 
An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script. 2018-06-18 not yet calculated CVE-2018-9023
BID(link is external)
CONFIRM(link is external)
ca_technologies -- privileged_access_manager
 
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file. 2018-06-18 not yet calculated CVE-2018-9022
BID(link is external)
CONFIRM(link is external)
ca_technologies -- privileged_access_manager
 
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests. 2018-06-18 not yet calculated CVE-2018-9021
BID(link is external)
CONFIRM(link is external)
ca_technologies -- privileged_access_manager
 
An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks. 2018-06-18 not yet calculated CVE-2018-9029
BID(link is external)
CONFIRM(link is external)
ca_technologies -- privileged_access_manager
 
Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking. 2018-06-18 not yet calculated CVE-2018-9028
BID(link is external)
CONFIRM(link is external)
ca_technologies -- privileged_access_manager
 
A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link. 2018-06-18 not yet calculated CVE-2018-9027
BID(link is external)
CONFIRM(link is external)
ca_technologies -- privledged_access_manger
 
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands. 2018-06-18 not yet calculated CVE-2015-4664
MISC(link is external)
MISC(link is external)
CONFIRM(link is external)
EXPLOIT-DB(link is external)
cesanta -- mongoose
 
The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function. 2018-06-19 not yet calculated CVE-2018-10945
MISC(link is external)
checksec -- canopy
 
CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Disclaimer, allowing attacks by low-privileged users against higher-privileged users. 2018-06-20 not yet calculated CVE-2018-9036
FULLDISC
circontrol -- circarlife_scada
 
CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs. 2018-06-21 not yet calculated CVE-2018-12635
MISC
circontrol -- circarlife_scada
 
CirCarLife Scada v4.2.4 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. 2018-06-21 not yet calculated CVE-2018-12634
MISC
cisco -- 5000_series_enterprise_network_system_and_ucs_e-series_server
 
A vulnerability in BIOS authentication management of Cisco 5000 Series Enterprise Network Compute System and Cisco Unified Computing (UCS) E-Series Servers could allow an unauthenticated, local attacker to bypass the BIOS authentication and execute actions as an unprivileged user. The vulnerability is due to improper security restrictions that are imposed by the affected system. An attacker could exploit this vulnerability by submitting an empty password value to an affected device's BIOS authentication prompt. An exploit could allow the attacker to have access to a restricted set of user-level BIOS commands. Cisco Bug IDs: CSCvh83260. 2018-06-21 not yet calculated CVE-2018-0362
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- anyconnect_secure_mobility_client_for_windows_desktop
 
A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a malicious request to the application. A successful exploit could allow the attacker to cause a DoS condition on the affected system. Cisco Bug IDs: CSCvj47654. 2018-06-21 not yet calculated CVE-2018-0373
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- firepower_4100_series_ngfw_and_9300_security_appliance
 
A vulnerability in the process of uploading new application images to Cisco FXOS on the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker using path traversal techniques to create or overwrite arbitrary files on an affected device. The vulnerability is due to insufficient validation during the application image upload process. An attacker could exploit this vulnerability by creating an application image containing malicious code and installing the image on the affected device using the CLI or web-based user interface (web UI). These actions occur prior to signature verification and could allow the attacker to create and execute arbitrary code with root privileges. Note: A missing or invalid signature in the application image will cause the upload process to fail, but does not prevent the exploit. Cisco Bug IDs: CSCvc21901. 2018-06-21 not yet calculated CVE-2018-0300
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- firepower_management_center
 
A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on the targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvb19750. 2018-06-21 not yet calculated CVE-2018-0365
BID(link is external)
CONFIRM(link is external)
cisco -- meeting_server
 
A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier, aka Session Fixation. The vulnerability exists because the affected application does not assign a new session identifier to a user session when a user authenticates to the application. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the application through the web-based management interface. A successful exploit could allow the attacker to hijack an authenticated user's browser session. Cisco Bug IDs: CSCvi23787. 2018-06-21 not yet calculated CVE-2018-0359
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- meeting_server
 
A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the Web Admin Interface of an affected Cisco Meeting Server. A successful exploit could allow the attacker to restart the system, terminating all ongoing calls and resulting in a DoS condition on the affected product. This vulnerability affects the following releases of Cisco Meeting Server: Acano X-Series, Cisco Meeting Server 1000, Cisco Meeting Server 2000. Cisco Bug IDs: CSCvi48624. 2018-06-21 not yet calculated CVE-2018-0371
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- multiple_products A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packet headers when the software processes packet data. An attacker could exploit this vulnerability by sending a maliciously crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the device, which could allow the attacker to execute arbitrary code or cause a DoS condition on the device. This vulnerability affects the following if configured to use Cisco Fabric Services: Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69962, CSCve02808, CSCve02810, CSCve02812, CSCve02819, CSCve02822, CSCve02831, CSCve04859. 2018-06-20 not yet calculated CVE-2018-0312
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- multiple_products A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to incorrect input validation in the CLI parser subsystem. An attacker could exploit this vulnerability by exceeding the expected length of user input. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the affected system. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvb61099, CSCvb86743. 2018-06-21 not yet calculated CVE-2018-0302
CONFIRM(link is external)
cisco -- multiple_products
 
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packets when the software processes packet data. An attacker could exploit this vulnerability by sending a maliciously crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the device, which could cause process crashes and result in a DoS condition on the device. This vulnerability affects Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69960, CSCve02463, CSCve04859, CSCve41530, CSCve41537, CSCve41541, CSCve41557. 2018-06-21 not yet calculated CVE-2018-0311
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- multiple_products
 
A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric Interconnect Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to incorrect input validation in the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP or HTTPS packet directed to the physical management interface of an affected system. A successful exploit could allow the attacker to cause the process to crash and possibly reload the device, resulting in a denial of service (DoS) condition on the affected system. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvb61398, CSCvb86799. 2018-06-21 not yet calculated CVE-2018-0298
CONFIRM(link is external)
cisco -- multiple_products
 
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the management interface on an affected system, causing a buffer overflow. The vulnerability is due to incorrect input validation in the authentication module of the NX-API subsystem. An attacker could exploit this vulnerability by sending a crafted HTTP or HTTPS packet to the management interface of an affected system with the NX-API feature enabled. An exploit could allow the attacker to execute arbitrary code as root. Note: NX-API is disabled by default. This vulnerability affects: MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvd45804, CSCve02322, CSCve02412. 2018-06-20 not yet calculated CVE-2018-0301
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- multiple_products
 
A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on the affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2 adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. This vulnerability affects the following if configured to use Cisco Discovery Protocol: Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvc22202, CSCvc22205, CSCvc22208, CSCvc88078, CSCvc88150, CSCvc88159, CSCvc88162, CSCvc88167. 2018-06-21 not yet calculated CVE-2018-0303
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- multiple_products
 
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to read sensitive memory content, create a denial of service (DoS) condition, or execute arbitrary code as root. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow or buffer overread condition in the Cisco Fabric Services component, which could allow the attacker to read sensitive memory content, create a DoS condition, or execute arbitrary code as root. This vulnerability affects the following if configured to use Cisco Fabric Services: Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69951, CSCve02459, CSCve02461, CSCve02463, CSCve02474, CSCve04859. 2018-06-20 not yet calculated CVE-2018-0304
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- multiple_products
 
A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the device unexpectedly reloading. The vulnerability is due to incomplete input validation of the BGP update messages. An attacker could exploit this vulnerability by sending a crafted BGP update message to the targeted device. An exploit could allow the attacker to cause the switch to reload unexpectedly. The Cisco implementation of the BGP protocol only accepts incoming BGP traffic from explicitly defined peers. To exploit this vulnerability, an attacker must be able to send the malicious packets over a TCP connection that appears to come from a trusted BGP peer or inject malformed messages into the victim's BGP network. This would require obtaining information about the BGP peers in the affected system's trusted network. The vulnerability may be triggered when the router receives a malformed BGP message from a peer on an existing BGP session. At least one BGP neighbor session must be established for a router to be vulnerable. This vulnerability affects Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve79599, CSCve87784, CSCve91371, CSCve91387. 2018-06-20 not yet calculated CVE-2018-0295
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- multiple_products
 
A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to configure an unauthorized administrator account for an affected device. The vulnerability exists because the affected software does not properly delete sensitive files when certain CLI commands are used to clear the device configuration and reload a device. An attacker could exploit this vulnerability by logging into an affected device as an administrative user and configuring an unauthorized account for the device. The account would not require a password for authentication and would be accessible only via a Secure Shell (SSH) connection to the device. A successful exploit could allow the attacker to configure an unauthorized account that has administrative privileges, does not require a password for authentication, and does not appear in the running configuration or the audit logs for the affected device. This vulnerability affects Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Fabric Extenders, Nexus 3500 Platform Switches, Nexus 4000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd13993, CSCvd34845, CSCvd34857, CSCvd34862, CSCvd34879, CSCve35753. 2018-06-20 not yet calculated CVE-2018-0294
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- multiple_products
 
A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition. This vulnerability affects Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCuw99630, CSCvg71290, CSCvj67977. 2018-06-20 not yet calculated CVE-2018-0291
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- multiple_products
 
A vulnerability in the Internet Group Management Protocol (IGMP) Snooping feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the IGMP Snooping subsystem. An attacker could exploit this vulnerability by sending crafted IGMP packets to an affected system. An exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. This vulnerability affects Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode. Cisco Bug IDs: CSCuv79620, CSCvg71263. 2018-06-20 not yet calculated CVE-2018-0292
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- multiple_products
 
A vulnerability in role-based access control (RBAC) for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands that should be restricted for a nonadministrative user. The attacker would have to possess valid user credentials for the device. The vulnerability is due to incorrect RBAC privilege assignment for certain CLI commands. An attacker could exploit this vulnerability by authenticating to a device as a nonadministrative user and executing specific commands from the CLI. An exploit could allow the attacker to run commands that should be restricted to administrative users. These commands could modify the configuration or boot image on the device. This vulnerability affects MDS 9000 Series Multilayer Switches, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvd77904. 2018-06-20 not yet calculated CVE-2018-0293
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- multiple_products
 
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to force a NULL pointer dereference and cause a DoS condition. This vulnerability affects the following if configured to use Cisco Fabric Services: Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69966, CSCve02435, CSCve04859, CSCve41590, CSCve41593, CSCve41601. 2018-06-21 not yet calculated CVE-2018-0305
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- multiple_products
 
A vulnerability in the CLI parser of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device. Note: This vulnerability requires that any feature license is uploaded to the device. The vulnerability does not require that the license be used. This vulnerability affects MDS 9000 Series Multilayer Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve51693, CSCve91634, CSCve91659, CSCve91663. 2018-06-21 not yet calculated CVE-2018-0306
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- multiple_products
 
A vulnerability in the Cisco Fabric Services (CFS) component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packet headers when the software processes packet data. An attacker could exploit this vulnerability by sending a maliciously crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the device, which could allow the attacker to execute arbitrary code on the device. This vulnerability affects the following if configured to use Cisco Fabric Services: Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69943, CSCve02429, CSCve02433, CSCve02435, CSCve02445, CSCve04859. 2018-06-20 not yet calculated CVE-2018-0314
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- multiple_products
 
A vulnerability in the NX-API management application programming interface (API) in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerability is due to a failure to properly validate certain parameters included within an NX-API request. An attacker that can successfully authenticate to the NX-API could submit a request designed to bypass NX-OS role assignment. A successful exploit could allow the attacker to execute commands with elevated privileges. This vulnerability affects the following if configured to use the NX-API feature: MDS 9000 Series Multilayer Switches, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode. Cisco Bug IDs: CSCvc73177, CSCve40903, CSCve40911. 2018-06-20 not yet calculated CVE-2018-0330
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- multiple_products
 
A vulnerability in the Cisco Discovery Protocol (formerly known as CDP) subsystem of devices running, or based on, Cisco NX-OS Software contain a vulnerability that could allow an unauthenticated, adjacent attacker to create a denial of service (DoS) condition. The vulnerability is due to a failure to properly validate certain fields within a Cisco Discovery Protocol message prior to processing it. An attacker with the ability to submit a Cisco Discovery Protocol message designed to trigger the issue could cause a DoS condition on an affected device while the device restarts. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Director Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvc89242, CSCve40943, CSCve40953, CSCve40965, CSCve40970, CSCve40978, CSCve40992, CSCve41000, CSCve41007. 2018-06-21 not yet calculated CVE-2018-0331
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- multiple_products
 
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to send a malicious packet to the management interface on an affected system and execute a command-injection exploit. The vulnerability is due to incorrect input validation of user-supplied data to the NX-API subsystem. An attacker could exploit this vulnerability by sending a malicious HTTP or HTTPS packet to the management interface of an affected system that has the NX-API feature enabled. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. Note: NX-API is disabled by default. This vulnerability affects MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvd47415, CSCve03216, CSCve03224, CSCve03234. 2018-06-21 not yet calculated CVE-2018-0313
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- multiple_products
 
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to obtain sensitive information from memory or cause a denial of service (DoS) condition on the affected product. The vulnerability exists because the affected software insufficiently validates header values in Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overread condition, which could allow the attacker to obtain sensitive information from memory or cause a DoS condition on the affected product. This vulnerability affects Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69957, CSCve02435, CSCve04859, CSCve41536, CSCve41538, CSCve41559. 2018-06-21 not yet calculated CVE-2018-0310
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- multiple_products
 
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker, authenticated as a privileged user, to execute arbitrary commands with root privileges. Note: On products that support multiple virtual device contexts (VDC), this vulnerability could allow an attacker to access files from any VDC. This vulnerability affects Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve51704, CSCve91749, CSCve91768. 2018-06-20 not yet calculated CVE-2018-0307
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- multiple_products
 
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability exists because the affected software insufficiently validates header values in Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code or cause a DoS condition. This vulnerability affects the following if configured to use Cisco Fabric Services: Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69954, CSCve02463, CSCve02785, CSCve02787, CSCve02804, CSCve04859. 2018-06-20 not yet calculated CVE-2018-0308
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- nx-os_and_nexus_3000_and_9000_series_switches
 
A vulnerability in the implementation of a specific CLI command and the associated Simple Network Management Protocol (SNMP) MIB for Cisco NX-OS (in standalone NX-OS mode) on Cisco Nexus 3000 and 9000 Series Switches could allow an authenticated, remote attacker to exhaust system memory on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the incorrect implementation of the CLI command, resulting in a failure to free all allocated memory upon completion. An attacker could exploit this vulnerability by authenticating to the affected device and repeatedly issuing a specific CLI command or sending a specific SNMP poll request for a specific Object Identifier (OID). A successful exploit could allow the attacker to cause the IP routing process to restart or to cause a device reset, resulting in a DoS condition. Cisco Bug IDs: CSCvf23136. 2018-06-21 not yet calculated CVE-2018-0309
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- nx-os
 
A vulnerability in the role-based access-checking mechanisms of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected device. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issuing crafted commands in the CLI of an affected device. A successful exploit could allow the attacker to cause other users to execute unwanted, arbitrary commands on the affected device. Cisco Bug IDs: CSCvd06339, CSCvd15698, CSCvd36108, CSCvf52921, CSCvf52930, CSCvf52953, CSCvf52976. 2018-06-21 not yet calculated CVE-2018-0337
CONFIRM(link is external)
cisco -- nx-os
 
A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco NX-OS on the Cisco Nexus 4000 Series Switch could allow an authenticated, remote attacker to cause the device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete validation of an SNMP poll request for a specific MIB. An attacker could exploit this vulnerability by sending a specific SNMP poll request to the targeted device. An exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvg10442. 2018-06-21 not yet calculated CVE-2018-0299
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- telepresence_video_communication_server
 
A vulnerability in the file descriptor handling of Cisco TelePresence Video Communication Server (VCS) Expressway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to exhaustion of file descriptors while processing a high volume of traffic. An attacker could exploit this vulnerability by establishing a high number of concurrent TCP connections to the vulnerable system. An exploit could allow the attacker to cause a restart in a specific process, resulting in a temporary interruption of service. Cisco Bug IDs: CSCvh77056, CSCvh77058, CSCvh95264. 2018-06-21 not yet calculated CVE-2018-0358
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- unified_communications_domain_manager
 
A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvi44320. 2018-06-21 not yet calculated CVE-2018-0364
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- unified_communications_manager_im_and_presence_service
 
A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvi55878. 2018-06-21 not yet calculated CVE-2018-0363
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
civetweb -- civetweb
 
Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file. 2018-06-22 not yet calculated CVE-2018-12684
MISC(link is external)
MISC(link is external)
cloud_media -- popcorn
 
An issue was discovered in Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware. It is configured to provide TELNET remote access (without a password) that pops a shell as root. If an attacker can connect to port 23 on the device, he can completely compromise it. 2018-06-17 not yet calculated CVE-2018-12072
MISC(link is external)
codenx -- shopnx
 
An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file that contains a JavaScript payload to steal a user's credentials. 2018-06-19 not yet calculated CVE-2018-12519
MISC(link is external)
d-link -- dir-620_devices
 
In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account. 2018-06-20 not yet calculated CVE-2018-6213
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
d-link -- dir-620_devices
 
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf parameter to index.cgi. 2018-06-20 not yet calculated CVE-2018-6211
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
d-link -- dir-620_devices
 
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of the XMLHttpRequest object. 2018-06-20 not yet calculated CVE-2018-6212
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
d-link -- dir-620_devices
 
D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session. 2018-06-19 not yet calculated CVE-2018-6210
MISC(link is external)
delta_electronics -- delta_industrial_automation_dopsoft Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length heap buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application to crash. 2018-06-18 not yet calculated CVE-2018-10617
BID(link is external)
MISC
delta_electronics -- delta_industrial_automation_dopsoft
 
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length stack buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application to crash. 2018-06-18 not yet calculated CVE-2018-10621
BID(link is external)
MISC
delta_electronics -- delta_industrial_automation_dopsoft
 
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash. 2018-06-18 not yet calculated CVE-2018-10623
BID(link is external)
MISC
dovecot -- dovecot
 
Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields could result in excessive memory usage causing the process to crash (and restart), or excessive CPU usage causing all authentications to hang. 2018-06-21 not yet calculated CVE-2017-2669
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
MLIST
CONFIRM(link is external)
DEBIAN
dragonbyte_tech -- vbsecurity
 
library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session['user_agent'] in the "Login Sessions" feature. 2018-06-19 not yet calculated CVE-2018-12580
MISC(link is external)
eclipse -- jetty
 
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore. 2018-06-22 not yet calculated CVE-2018-12538
CONFIRM
ecos -- secure_boot_stick
 
Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows a local attacker to duplicate an authentication factor via cloning. 2018-06-17 not yet calculated CVE-2018-12329
MISC(link is external)
ecos -- secure_boot_stick
 
Incomplete Cleanup vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a compromised host PC after a reset. 2018-06-17 not yet calculated CVE-2018-12332
MISC(link is external)
ecos -- secure_boot_stick
 
Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a virtualization attack. 2018-06-17 not yet calculated CVE-2018-12334
MISC(link is external)
ecos -- secure_boot_stick
 
Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to manipulate security relevant configurations and execute malicious code. 2018-06-17 not yet calculated CVE-2018-12333
MISC(link is external)
ecos -- secure_boot_stick
 
Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows the vendor to extract confidential information via remote root SSH access. 2018-06-17 not yet calculated CVE-2018-12336
MISC(link is external)
ecos -- secure_boot_stick
 
Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via compromised firmware. 2018-06-17 not yet calculated CVE-2018-12330
MISC(link is external)
ecos -- secure_boot_stick
 
Reliance on Security Through Obscurity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to partially extract confidential configurations via user-space emulation. 2018-06-17 not yet calculated CVE-2018-12337
MISC(link is external)
ecos -- system_management_appliance Undocumented Factory Backdoor in ECOS System Management Appliance (aka SMA) 5.2.68 allows the vendor to extract confidential information and manipulate security relevant configurations via remote root SSH access. 2018-06-17 not yet calculated CVE-2018-12338
MISC(link is external)
ecos -- system_management_appliance
 
Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment. 2018-06-17 not yet calculated CVE-2018-12335
MISC(link is external)
ecos -- system_management_appliance
 
Authentication Bypass by Spoofing vulnerability in ECOS System Management Appliance (aka SMA) 5.2.68 allows a man-in-the-middle attacker to compromise authentication keys and configurations via IP spoofing during "Easy Enrollment." 2018-06-17 not yet calculated CVE-2018-12331
MISC(link is external)
ellislab -- codeigniter
 
A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled. 2018-06-17 not yet calculated CVE-2018-12071
CONFIRM(link is external)
eminent -- em4544_devices
 
An issue was discovered on Eminent EM4544 9.10 devices. The device does not require the user's current password to set a new one within the web interface. Therefore, it is possible to exploit this issue (e.g., in combination with a successful XSS, or at an unattended workstation) to change the admin password to an attacker-chosen value without knowing the current password. 2018-06-17 not yet calculated CVE-2018-12073
MISC(link is external)
etere -- etereweb
 
Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL injection in the POST parameters txUserName and txPassword. 2018-06-17 not yet calculated CVE-2018-10997
MISC(link is external)
exempi -- exempi
 
The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference. 2018-06-22 not yet calculated CVE-2018-12648
MISC
faststone -- image_viewer
 
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578dd8, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact. 2018-06-19 not yet calculated CVE-2018-11706
MISC(link is external)
faststone -- image_viewer
 
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d6a, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact. 2018-06-19 not yet calculated CVE-2018-11703
MISC(link is external)
faststone -- image_viewer
 
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x005cb509, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact. 2018-06-19 not yet calculated CVE-2018-11701
MISC(link is external)
faststone -- image_viewer
 
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cb3, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact. 2018-06-19 not yet calculated CVE-2018-11702
MISC(link is external)
faststone -- image_viewer
 
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d7d, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact. 2018-06-19 not yet calculated CVE-2018-11704
MISC(link is external)
faststone -- image_viewer
 
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cc4, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact. 2018-06-19 not yet calculated CVE-2018-11705
MISC(link is external)
faststone -- image_viewer
 
FastStone Image Viewer 6.2 has a User Mode Read and Execute AV at 0x0057898e, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact. 2018-06-19 not yet calculated CVE-2018-11707
MISC(link is external)
foreman -- foreman
 
A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the foreman log file would be able to view passwords for provisioned systems in the log file, allowing them to access those systems. 2018-06-21 not yet calculated CVE-2017-2672
BID(link is external)
REDHAT(link is external)
CONFIRM(link is external)
CONFIRM
froxlor -- froxlor
 
Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user. 2018-06-22 not yet calculated CVE-2018-12642
MISC(link is external)
gluster  -- glusterfs
 
glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes. 2018-06-20 not yet calculated CVE-2018-10841
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
CONFIRM
gnu -- bitutils
 
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump. 2018-06-23 not yet calculated CVE-2018-12697
MISC(link is external)
MISC
MISC
gnu -- bitutils
 
A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion. 2018-06-23 not yet calculated CVE-2018-12700
MISC(link is external)
MISC
MISC
gnu -- bitutils
 
finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump. 2018-06-23 not yet calculated CVE-2018-12699
MISC(link is external)
MISC
MISC
gnu -- bitutils
 
An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new. 2018-06-22 not yet calculated CVE-2018-12641
MISC(link is external)
MISC
MISC
gnu -- bitutils
 
demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump. 2018-06-23 not yet calculated CVE-2018-12698
MISC(link is external)
MISC
MISC
greencms -- greencms
 
GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request for Data/Log/year_month_day.log. 2018-06-20 not yet calculated CVE-2018-12604
MISC(link is external)
EXPLOIT-DB(link is external)
hp -- ucmbd_browser
 
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). 2018-06-15 not yet calculated CVE-2018-6497
SECTRACK(link is external)
CONFIRM(link is external)
hp -- ucmbd_browser
 
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). 2018-06-15 not yet calculated CVE-2018-6496
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
ibm -- aix
 
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748. 2018-06-22 not yet calculated CVE-2018-1655
CONFIRM(link is external)
SECTRACK(link is external)
XF(link is external)
ibm -- netezza_platform_software
 
IBM Netezza Platform Software (IBM PureData System for Analytics 1.0.0) could allow a local user to modify a world writable file, which could be used to execute commands as root. IBM X-Force ID: 140211. 2018-06-15 not yet calculated CVE-2018-1460
CONFIRM(link is external)
BID(link is external)
XF(link is external)
MISC(link is external)
ibm -- websphere_mq
 
IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a user to cause a deadlock in the IBM MQ PAM code which could result in a denial of service. IBM X-Force ID: 138949. 2018-06-15 not yet calculated CVE-2018-1419
CONFIRM(link is external)
BID(link is external)
XF(link is external)
imagemagick -- imagemagick
 
In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file. 2018-06-20 not yet calculated CVE-2018-12599
CONFIRM(link is external)
imagemagick -- imagemagick
 
In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file. 2018-06-20 not yet calculated CVE-2018-12600
CONFIRM(link is external)
insteon -- hd_ip_camera_white_2864-222
 
The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100. 2018-06-23 not yet calculated CVE-2018-11560
MISC(link is external)
insteon -- hd_ip_camera_white_2864-222
 
The webService binary on Insteon HD IP Camera White 2864-222 devices has a Buffer Overflow via a crafted pid, pwd, or usr key in a GET request on port 34100. 2018-06-23 not yet calculated CVE-2018-12640
MISC(link is external)
intel -- core-based_microprocessors
 
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. 2018-06-21 not yet calculated CVE-2018-3665
BID(link is external)
SECTRACK(link is external)
SECTRACK(link is external)
REDHAT(link is external)
REDHAT(link is external)
FREEBSD
CONFIRM(link is external)
DEBIAN
CONFIRM(link is external)
CONFIRM(link is external)
jboss -- richfaces
 
JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310. 2018-06-18 not yet calculated CVE-2018-12533
BID(link is external)
MISC(link is external)
jboss -- richfaces
 
JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309. 2018-06-18 not yet calculated CVE-2018-12532
BID(link is external)
MISC(link is external)
libjpeg-turbo -- libjpeg-turbo
 
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image. 2018-06-18 not yet calculated CVE-2018-1152
CONFIRM(link is external)
MISC(link is external)
libmobi -- libmobi
 
The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file. 2018-06-19 not yet calculated CVE-2018-11724
MISC(link is external)
FULLDISC
libmobi -- libmobi
 
The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file. 2018-06-19 not yet calculated CVE-2018-11726
MISC(link is external)
FULLDISC
libmobi -- libmobi
 
The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted mobi file. 2018-06-19 not yet calculated CVE-2018-11725
MISC(link is external)
FULLDISC

libyal/libfsntfs -- libyal/libfsntfs

The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. 2018-06-19 not yet calculated CVE-2018-11728
MISC(link is external)
FULLDISC

libyal/libfsntfs -- libyal/libfsntfs

The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. 2018-06-19 not yet calculated CVE-2018-11727
MISC(link is external)
FULLDISC
libyal/libfsntfs -- libyal/libfsntfs
 
The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. 2018-06-19 not yet calculated CVE-2018-11729
MISC(link is external)
FULLDISC
libyal/libfsntfs -- libyal/libfsntfs
 
The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause a denial of service (double-free) via a crafted ntfs file. 2018-06-19 not yet calculated CVE-2018-11730
MISC(link is external)
FULLDISC
libyal/libfsntfs -- libyal/libfsntfs
 
The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. 2018-06-19 not yet calculated CVE-2018-11731
MISC(link is external)
FULLDISC

libyal/liblnk -- libyal/liblnk

The liblnk_data_string_get_utf8_string_size function in liblnk_data_string.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. 2018-06-19 not yet calculated CVE-2018-12096
FULLDISC
libyal/liblnk -- libyal/liblnk
 
The liblnk_data_block_read function in liblnk_data_block.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. 2018-06-19 not yet calculated CVE-2018-12098
FULLDISC
libyal/liblnk -- libyal/liblnk
 
The liblnk_location_information_read_data function in liblnk_location_information.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. 2018-06-19 not yet calculated CVE-2018-12097
FULLDISC

libyal/libpff -- libyal/libpff

The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted pff file. 2018-06-19 not yet calculated CVE-2018-11723
MISC(link is external)
FULLDISC
linaro -- lava
 
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml. 2018-06-19 not yet calculated CVE-2018-12564
CONFIRM
linaro -- lava
 
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml. 2018-06-19 not yet calculated CVE-2018-12563
CONFIRM
linaro -- lava
 
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur. 2018-06-19 not yet calculated CVE-2018-12565
CONFIRM
linux -- linux_kernel
 
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks). 2018-06-20 not yet calculated CVE-2018-1120
MLIST
BID(link is external)
CONFIRM(link is external)
CONFIRM
EXPLOIT-DB(link is external)
linux -- linux_kernel
 
An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the critical variables (hdr.size_in and hdr.size_out) in the header between the two fetches because of a race condition, leading to severe kernel errors, such as buffer over-accesses. This bug can cause a local denial of service and information leakage. 2018-06-21 not yet calculated CVE-2018-12633
MISC
MISC
MISC(link is external)
mao10cms -- mao10cms
 
mao10cms 6 allows XSS via the m=bbs&a=index page. 2018-06-23 not yet calculated CVE-2018-12695
MISC(link is external)
mao10cms -- mao10cms
 
mao10cms 6 allows XSS via the article page. 2018-06-23 not yet calculated CVE-2018-12696
MISC(link is external)
mcafee -- epolicy_orchestrator Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors. 2018-06-15 not yet calculated CVE-2018-6672
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
mcafee -- epolicy_orchestrator
 
Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request. 2018-06-15 not yet calculated CVE-2018-6671
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
metinfo -- metinfo
 
An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF. 2018-06-18 not yet calculated CVE-2018-12530
MISC(link is external)
metinfo -- metinfo
 
An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271. 2018-06-18 not yet calculated CVE-2018-12531
MISC(link is external)
micro_focus -- solutions_business_manager
 
Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files. 2018-06-21 not yet calculated CVE-2018-7683
CONFIRM(link is external)
micro_focus -- solutions_business_manager
 
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains. 2018-06-22 not yet calculated CVE-2018-7682
CONFIRM(link is external)
micro_focus -- solutions_business_manager
 
Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values. 2018-06-21 not yet calculated CVE-2018-7680
CONFIRM(link is external)
micro_focus -- solutions_business_manager
 
Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system. 2018-06-21 not yet calculated CVE-2018-7681
CONFIRM(link is external)
micro_focus -- solutions_business_manager
 
Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution. 2018-06-21 not yet calculated CVE-2018-7679
CONFIRM(link is external)
mirasys -- dvms_workstation
 
Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earlier allows an attacker to traverse the file system to access files or directories via the Web Client webserver. 2018-06-19 not yet calculated CVE-2018-8727
MISC(link is external)
misp -- misp
 
An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. An adversary can bypass the brute-force protection by using a PUT HTTP method instead of a POST HTTP method in the login part, because this protection was only covering POST requests. 2018-06-22 not yet calculated CVE-2018-12649
CONFIRM(link is external)
netapp -- oncommand_unified_manager_for_7-mode
 
NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface. 2018-06-22 not yet calculated CVE-2017-7568
CONFIRM(link is external)
netflix -- zuul
 
An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the no_log attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable (e.g., with_items), the contents of the loop items would be printed in the console. This could lead to accidentally leaking credentials or secrets. 2018-06-19 not yet calculated CVE-2018-12557
MISC
MISC
MISC
newmark -- nmcms
 
NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI. 2018-06-21 not yet calculated CVE-2018-12630
EXPLOIT-DB(link is external)
ntp -- ntp
 
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source. 2018-06-20 not yet calculated CVE-2018-12327
BID(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
oauth2orize-fprm -- oauth2orize-fprm
 
index.js in oauth2orize-fprm before 0.2.1 has XSS via a crafted URL. 2018-06-17 not yet calculated CVE-2018-11647
MISC(link is external)
MISC(link is external)

opendaylight/sdninterfaceapp -- opendaylight/sdninterfaceapp

A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers can SQL inject the component's database (SQLite) without authenticating to the controller or SDNInterfaceapp. SDNInterface has been deprecated in OpenDayLight since it was last used in the final Carbon series release. In addition to the component not being included in OpenDayLight in newer releases, the SDNInterface component is not packaged in the opendaylight package included in RHEL. 2018-06-20 not yet calculated CVE-2018-1132
BID(link is external)
CONFIRM(link is external)
CONFIRM
EXPLOIT-DB(link is external)
openwrt -- openwrt
 
OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution. 2018-06-19 not yet calculated CVE-2018-11116
MISC(link is external)
ovirt -- ovirt-ansible
 
ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosing admin passwords in the provisioning log. In an environment where logs are shared with other parties, this could lead to privilege escalation. 2018-06-19 not yet calculated CVE-2018-1117
BID(link is external)
REDHAT(link is external)
CONFIRM(link is external)
ovirt -- ovirt-engine
 
The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts. 2018-06-19 not yet calculated CVE-2018-1073
BID(link is external)
REDHAT(link is external)
CONFIRM(link is external)
perfsonar -- maddash
 
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /images/ provides a directory listing. 2018-06-18 not yet calculated CVE-2018-12525
MISC(link is external)
EXPLOIT-DB(link is external)
perfsonar -- maddash
 
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /etc/ provides a directory listing. 2018-06-18 not yet calculated CVE-2018-12523
MISC(link is external)
EXPLOIT-DB(link is external)
perfsonar -- maddash
 
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /lib/ provides a directory listing. 2018-06-18 not yet calculated CVE-2018-12524
MISC(link is external)
EXPLOIT-DB(link is external)
perfsonar -- maddash
 
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /style/ provides a directory listing. 2018-06-18 not yet calculated CVE-2018-12522
MISC(link is external)
EXPLOIT-DB(link is external)
perl -- perl
 
The parse() method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters ("\f"). 2018-06-20 not yet calculated CVE-2018-12558
MLIST(link is external)
MISC
phpldapadmin -- phpldapadmin
 
phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel. 2018-06-22 not yet calculated CVE-2018-12689
EXPLOIT-DB(link is external)
phpmyadmin -- phpmyadmin
 
An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature. 2018-06-21 not yet calculated CVE-2018-12581
BID(link is external)
CONFIRM(link is external)
phpmyadmin -- phpmyadmin
 
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication). 2018-06-21 not yet calculated CVE-2018-12613
BID(link is external)
EXPLOIT-DB(link is external)
CONFIRM(link is external)
phusion -- phusion_passenger
 
An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket. 2018-06-17 not yet calculated CVE-2018-12027
MISC(link is external)
phusion -- phusion_passenger
 
An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an error, it would cause Passenger's process manager to kill said reported arbitrary PID. 2018-06-17 not yet calculated CVE-2018-12028
MISC(link is external)
phusion -- phusion_passenger
 
An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges. 2018-06-21 not yet calculated CVE-2018-12615
MISC(link is external)
phusion -- phusion_passenger
 
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation. 2018-06-17 not yet calculated CVE-2018-12029
MISC(link is external)
MISC(link is external)
phusion -- phusion_passenger
 
During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in turn can result in information disclosure and privilege escalation. 2018-06-17 not yet calculated CVE-2018-12026
MISC(link is external)
polycom -- realpresence_web_suite
 
Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting (when the user has explicitly chosen to turn off the video using a specific option). During those seconds, a meeting invitee may unknowingly be on camera with other participants able to view. 2018-06-20 not yet calculated CVE-2018-12592
BID(link is external)
CONFIRM(link is external)
portainer -- portainer
 
Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks. 2018-06-22 not yet calculated CVE-2018-12678
CONFIRM(link is external)
CONFIRM(link is external)
portswigger -- burp_suite
 
Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic. 2018-06-18 not yet calculated CVE-2018-1153
CONFIRM(link is external)
MISC(link is external)
portswigger -- burp_suite
 
PortSwigger Burp Suite before 1.7.34 has Improper Certificate Validation of the Collaborator server certificate, which might allow man-in-the-middle attackers to obtain interaction data. 2018-06-17 not yet calculated CVE-2018-10377
MISC(link is external)
MISC(link is external)
MISC(link is external)
public_knowledge_project -- open_monograph_press
 
Cross-site scripting (XSS) vulnerability in templates/frontend/pages/searchResults.tpl in Public Knowledge Project (PKP) Open Monograph Press (OMP) v1.2.0 through 3.1.1-1 before 3.1.1-2 allows remote attackers to inject arbitrary web script or HTML via the catalog.noTitlesSearch parameter (aka the Search field). 2018-06-19 not yet calculated CVE-2018-12588
CONFIRM(link is external)
CONFIRM(link is external)
pulp -- pulp
 
In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets. 2018-06-18 not yet calculated CVE-2018-1090
CONFIRM(link is external)
CONFIRM(link is external)
python -- python
 
python before versions 2.7.15, 3.4.9, 3.5.6 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. 2018-06-19 not yet calculated CVE-2018-1061
CONFIRM
CONFIRM(link is external)
CONFIRM
python -- python
 
python before versions 2.7.15, 3.4.9, 3.5.6 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. 2018-06-18 not yet calculated CVE-2018-1060
CONFIRM
CONFIRM(link is external)
CONFIRM
qa_systems -- cantata
 
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as file_mode= by manipulating (for example) the domain parameter of the samba URL. 2018-06-19 not yet calculated CVE-2018-12561
MISC(link is external)
MISC(link is external)
qa_systems -- cantata
 
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient. A regular user can consequently mount a CIFS filesystem anywhere (e.g., outside of the /home directory tree) by passing directory traversal sequences such as a home/../usr substring. 2018-06-19 not yet calculated CVE-2018-12559
MISC(link is external)
MISC(link is external)
qa_systems -- cantata
 
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring. 2018-06-19 not yet calculated CVE-2018-12560
MISC(link is external)
qa_systems -- cantata
 
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards (such as in an injected string:/home/../tmp/* string). 2018-06-19 not yet calculated CVE-2018-12562
MISC(link is external)
MISC(link is external)
qemu -- qemu
 
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket. 2018-06-21 not yet calculated CVE-2018-12617
BID(link is external)
MISC(link is external)
MISC
EXPLOIT-DB(link is external)
qnap -- qts
 
Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code. 2018-06-21 not yet calculated CVE-2017-13072
CONFIRM(link is external)
qnap -- qts
 
Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20180402, QTS 4.3.4 build 20180413 and their earlier versions could allow remote attackers to run arbitrary commands or install malware on the NAS. 2018-06-21 not yet calculated CVE-2018-0712
SECTRACK(link is external)
CONFIRM(link is external)
red_hat -- ansible
 
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. 2018-06-22 not yet calculated CVE-2017-7466
BID(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
redatam -- redatam7
 
Redatam7 (formerly Redatam WebServer) allows remote attackers to discover the installation path via an invalid LFN parameter to the /redbin/rpwebutilities.exe/text URI. 2018-06-21 not yet calculated CVE-2018-12632
EXPLOIT-DB(link is external)
redatam -- redatam7
 
Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal. 2018-06-21 not yet calculated CVE-2018-12631
EXPLOIT-DB(link is external)
redislabs -- redis
 
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source. 2018-06-17 not yet calculated CVE-2018-12326
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
redislabs -- redis
 
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows. 2018-06-17 not yet calculated CVE-2018-11218
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
DEBIAN
redislabs -- redis
 
Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream. 2018-06-16 not yet calculated CVE-2018-12453
MISC(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
redislabs -- redis
 
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking. 2018-06-17 not yet calculated CVE-2018-11219
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
DEBIAN
reliable_controls -- mach-prowebcom
 
Reliable Controls MACH-ProWebCom 7.80 devices allow remote attackers to obtain sensitive information via a direct request for the data/fileinfo.xml or job/job.json file, as demonstrated the Master Password field. 2018-06-20 not yet calculated CVE-2018-12594
MISC
rsa -- authentication_manager_operation_console
 
RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier, contains a stored cross-site scripting vulnerability. A malicious Operations Console administrator could potentially exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser. 2018-06-21 not yet calculated CVE-2018-1253
FULLDISC
SECTRACK(link is external)
rsa -- authentication_manager_security_console
 
RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim Security Console administrator to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. 2018-06-21 not yet calculated CVE-2018-1254
FULLDISC
SECTRACK(link is external)
ruby-ffi -- ruby-ffi
 
ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later. 2018-06-22 not yet calculated CVE-2018-1000201
CONFIRM(link is external)
CONFIRM(link is external)
sage -- connx_esp_hr_management
 
SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows remote attackers to execute arbitrary SQL commands via the ctl00$cphMainContent$txtUserName parameter to frmLogin.aspx. 2018-06-19 not yet calculated CVE-2015-4043
MISC(link is external)
sam2p -- sam2p
 
There is a heap-based buffer overflow in ReadImage in input-tga.ci in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact. 2018-06-20 not yet calculated CVE-2018-12601
MISC(link is external)
sam2p -- sam2p
 
There is a heap-based buffer overflow in bmp_compress1_row in appliers.cpp in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact. 2018-06-19 not yet calculated CVE-2018-12578
MISC(link is external)
slims -- slims_8_akasia
 
SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protection mechanism and obtain admin access by omitting the csrf_token parameter. 2018-06-22 not yet calculated CVE-2018-12659
MISC(link is external)
slims -- slims_8_akasia
 
Reflected Cross-Site Scripting (XSS) exists in the Master File module in SLiMS 8 Akasia 8.3.1 via an admin/modules/master_file/rda_cmc.php?keywords= URI. 2018-06-22 not yet calculated CVE-2018-12657
MISC(link is external)
slims -- slims_8_akasia
 
Reflected Cross-Site Scripting (XSS) exists in the Membership module in SLiMS 8 Akasia 8.3.1 via an admin/modules/membership/index.php?keywords= URI. 2018-06-22 not yet calculated CVE-2018-12656
MISC(link is external)
slims -- slims_8_akasia
 
Reflected Cross-Site Scripting (XSS) exists in the Circulation module in SLiMS 8 Akasia 8.3.1 via an admin/modules/circulation/loan_rules.php?keywords= URI, a related issue to CVE-2017-7242. 2018-06-22 not yet calculated CVE-2018-12655
MISC(link is external)
slims -- slims_8_akasia
 
Reflected Cross-Site Scripting (XSS) exists in the Bibliography module in SLiMS 8 Akasia 8.3.1 via an admin/modules/bibliography/index.php?keywords= URI. 2018-06-22 not yet calculated CVE-2018-12654
MISC(link is external)
slims -- slims_8_akasia
 
Reflected Cross-Site Scripting (XSS) exists in the Stock Take module in SLiMS 8 Akasia 8.3.1 via an admin/modules/stock_take/index.php?keywords= URI. 2018-06-22 not yet calculated CVE-2018-12658
MISC(link is external)
strongswan -- strongswan
 
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable. 2018-06-19 not yet calculated CVE-2018-10811
CONFIRM
FEDORA
DEBIAN
CONFIRM
symantec -- endpoint_protection
 
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. 2018-06-20 not yet calculated CVE-2018-5237
BID(link is external)
CONFIRM(link is external)
symantec -- endpoint_protection
 
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). This type of issue occurs in software where the output is dependent on the sequence or timing of other uncontrollable events. 2018-06-20 not yet calculated CVE-2018-5236
BID(link is external)
CONFIRM(link is external)
telesquare -- sdt-cs3b1_and_sdt-cw3b1_devices
 
Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account. 2018-06-21 not yet calculated CVE-2018-12526
MISC(link is external)
MISC(link is external)
tibco -- data_virtualization
 
The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution. Affected releases are TIBCO Data Virtualization: 7.0.5; 7.0.6. 2018-06-20 not yet calculated CVE-2018-5428
BID(link is external)
CONFIRM(link is external)
tinyexr -- tinyexr
 
tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h. 2018-06-22 not yet calculated CVE-2018-12687
MISC(link is external)
tinyexr -- tinyexr
 
tinyexr 0.9.5 has a segmentation fault in the wav2Decode function. 2018-06-22 not yet calculated CVE-2018-12688
MISC(link is external)
totemo -- totemomail_encryption_gateway
 
Multiple cross-site request forgery (CSRF) vulnerabilities in totemomail Encryption Gateway before 6.0.0_Build_371 allow remote attackers to hijack the authentication of users for requests that (1) change user settings, (2) send emails, or (3) change contact information by leveraging lack of an anti-CSRF token. 2018-06-20 not yet calculated CVE-2018-6563
MISC(link is external)
BUGTRAQ(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
tp-link -- tl-wa850re_wi-fi_range_extender
 
Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to cause a denial of service (outage) via a long type parameter to /data/syslog.filter.json. 2018-06-23 not yet calculated CVE-2018-12693
MISC(link is external)
tp-link -- tl-wa850re_wi-fi_range_extender
 
TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json. 2018-06-23 not yet calculated CVE-2018-12694
MISC(link is external)
tp-link -- tl-wa850re_wi-fi_range_extender
 
TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wps_setup_pin parameter to /data/wps.setup.json. 2018-06-23 not yet calculated CVE-2018-12692
MISC(link is external)
EXPLOIT-DB(link is external)
ubiquiti_networks -- edgeswitch
 
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary shell instructions. 2018-06-20 not yet calculated CVE-2018-12591
MISC(link is external)
ubiquiti_networks -- edgeswitch
 
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary code. 2018-06-20 not yet calculated CVE-2018-12590
MISC(link is external)
wordpress -- wordpress
 
The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page. 2018-06-22 not yet calculated CVE-2018-12636
CONFIRM
wordpress -- wordpress
 
The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection. 2018-06-19 not yet calculated CVE-2018-11526
CONFIRM
MISC(link is external)
wordpress -- wordpress
 
A SQL injection issue was discovered in the Quick Chat plugin before 4.00 for WordPress. 2018-06-18 not yet calculated CVE-2018-12534
CONFIRM
wordpress -- wordpress
 
SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid. 2018-06-17 not yet calculated CVE-2018-10969
MISC
EXPLOIT-DB(link is external)
wordpress -- wordpress
 
The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection. 2018-06-19 not yet calculated CVE-2018-11525
CONFIRM
MISC