본문 바로가기
IT 와 Social 이야기

[US-CERT: Bulletin(SB18-218)] 2018년 7월 30일까지 발표된 보안 취약점

by manga0713 2018. 8. 7.

 

 

 

 

*** 출처: [US-CERT: Bulletin(SB18-218)] 2018년 7월 30일까지 발표된 보안 취약점

 

 

 

 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no medium vulnerabilities recorded this week.
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
3cx -- 3cx The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters. 2018-08-03 not yet calculated CVE-2018-14906
MISC(link is external)
3cx -- 3cx The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname. 2018-08-03 not yet calculated CVE-2018-14907
MISC(link is external)
3cx -- 3cx
 
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter. 2018-08-03 not yet calculated CVE-2018-14905
MISC(link is external)
ansible -- ansible Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as. 2018-07-31 not yet calculated CVE-2016-8628
BID(link is external)
REDHAT(link is external)
CONFIRM(link is external)
ansible -- ansible
 
A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key. 2018-07-31 not yet calculated CVE-2016-8614
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
apache -- axis Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. 2018-08-02 not yet calculated CVE-2018-8032
MLIST
CONFIRM
apache -- camel Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor. 2018-07-31 not yet calculated CVE-2018-8027
CONFIRM
BID(link is external)
MLIST
apache -- karaf It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. An attacker could use this flaw to execute remote code on the server as the user running the Java Virtual Machine if the target MBean contain deserialization gadgets in its classpath. 2018-08-01 not yet calculated CVE-2016-8648
BID(link is external)
CONFIRM(link is external)
apache -- tomcat When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS. Users not using OCSP checks are not affected by this vulnerability. 2018-07-31 not yet calculated CVE-2018-8019
MLIST
BID(link is external)
apache -- tomcat Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists (multiple entries) of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing for users to authenticate with revoked certificates to connections that require mutual TLS. Users not using OCSP checks are not affected by this vulnerability. 2018-07-31 not yet calculated CVE-2018-8020
MLIST
BID(link is external)
apache -- tomcat The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88. 2018-08-01 not yet calculated CVE-2018-8034
MLIST
BID(link is external)
SECTRACK(link is external)
MLIST
UBUNTU(link is external)
apache -- tomcat
 
A bug in the tracking of connection closures can lead to reuse of user sessions in a new connection. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31. 2018-08-02 not yet calculated CVE-2018-8037
MLIST
BID(link is external)
SECTRACK(link is external)
apache -- tomcat
 
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86. 2018-08-02 not yet calculated CVE-2018-1336
MLIST
BID(link is external)
SECTRACK(link is external)
UBUNTU(link is external)

ca_technologies -- api_developer_portal

CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability. 2018-08-03 not yet calculated CVE-2018-6590
SECTRACK(link is external)
CONFIRM(link is external)
cfitsio -- cfitsio
 
Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. 2018-08-01 not yet calculated CVE-2018-3847
MISC(link is external)
cgit -- cgit
 
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request. 2018-08-03 not yet calculated CVE-2018-14912
MISC
MISC(link is external)
DEBIAN
cisco -- amp_for_endpoints_mac_connector_software A vulnerability in Cisco AMP for Endpoints Mac Connector Software installed on Apple macOS 10.12 could allow an unauthenticated, remote attacker to cause a kernel panic on an affected system, resulting in a denial of service (DoS) condition. The vulnerability exists if the affected software is running in Block network conviction mode. Exploitation could occur if the system that is running the affected software starts a server process and an address in the IP blacklist cache of the affected software attempts to connect to the affected system. A successful exploit could allow the attacker to cause a kernel panic on the system that is running the affected software, resulting in a DoS condition. Cisco Bug IDs: CSCvk08192. 2018-08-01 not yet calculated CVE-2018-0397
BID(link is external)
CONFIRM(link is external)
cisco -- identity_services_engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvi85159. 2018-08-01 not yet calculated CVE-2018-0413
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

cisco -- prime_collaboration_provisioning

A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. The vulnerability is due to insufficient validation of a password change request. An attacker could exploit this vulnerability by changing a specific administrator account password. A successful exploit could allow the attacker to cause the affected device to become inoperable, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.2 and prior. Cisco Bug IDs: CSCvd86586. 2018-08-01 not yet calculated CVE-2018-0391
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- small_business_managed_switches A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvi87330. 2018-08-01 not yet calculated CVE-2018-0408
BID(link is external)
CONFIRM(link is external)
cisco -- small_business_managed_switches A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvi87326. 2018-08-01 not yet calculated CVE-2018-0407
BID(link is external)
CONFIRM(link is external)
cisco -- unified_communications_manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvk15343. 2018-08-01 not yet calculated CVE-2018-0411
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- web_security_appliance A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected or Document Object Model based (DOM-based) cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve84006. 2018-08-01 not yet calculated CVE-2018-0406
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

click_studios -- passwordstate

Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authenticated users via an uploaded HTML document. 2018-08-01 not yet calculated CVE-2018-14776
MISC(link is external)
MISC(link is external)
cloud-init -- cloud-init
 
The default cloud-init configuration, in cloud-init 0.6.2 and newer, included "ssh_deletekeys: 0", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks. 2018-08-01 not yet calculated CVE-2018-10896
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
cloudwu -- pbc An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c while making a query. 2018-07-29 not yet calculated CVE-2018-14740
MISC(link is external)
cloudwu -- pbc An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A NULL pointer dereference can occur in pbc_wmessage_string in wmessage.c. 2018-07-29 not yet calculated CVE-2018-14737
MISC(link is external)
cloudwu -- pbc An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c during a memcpy. 2018-07-29 not yet calculated CVE-2018-14742
MISC(link is external)
cloudwu -- pbc An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_rmessage_message in rmessage.c. 2018-07-29 not yet calculated CVE-2018-14738
MISC(link is external)
cloudwu -- pbc An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_pattern_set_default in pattern.c. 2018-07-29 not yet calculated CVE-2018-14739
MISC(link is external)
cloudwu -- pbc An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_pattern_pack in pattern.c. 2018-07-29 not yet calculated CVE-2018-14741
MISC(link is external)
cloudwu -- pbc An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in wiretype_decode in context.c. 2018-07-29 not yet calculated CVE-2018-14743
MISC(link is external)
cloudwu -- pbc An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A buffer over-read can occur in pbc_wmessage_string in wmessage.c for PTYPE_ENUM. 2018-07-29 not yet calculated CVE-2018-14736
MISC(link is external)
cloudwu -- pbc An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A use-after-free can occur in _pbcM_sp_query in map.c. 2018-07-29 not yet calculated CVE-2018-14744
MISC(link is external)
clustered_data -- ontap Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients. This behavior has been resolved in the GA release. Customers running prior release candidates (RCs) are requested to update their systems to the NetApp Data ONTAP 8.3 GA release. 2018-08-03 not yet calculated CVE-2018-5490
CONFIRM(link is external)
computerinsel -- photoline A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. 2018-08-01 not yet calculated CVE-2018-3923
MISC(link is external)
computerinsel -- photoline A memory corruption vulnerability exists in the PSD-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PSD image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver a PSD image to trigger this vulnerability and gain code execution. 2018-08-01 not yet calculated CVE-2018-3921
MISC(link is external)
computerinsel -- photoline A memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54. A specially crafted ANI image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver an ANI image to trigger this vulnerability and gain code execution. 2018-08-01 not yet calculated CVE-2018-3922
MISC(link is external)
curl -- curl The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free. 2018-08-01 not yet calculated CVE-2016-8619
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
GENTOO
CONFIRM(link is external)
curl -- curl A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password. 2018-08-01 not yet calculated CVE-2016-8616
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
GENTOO
CONFIRM(link is external)
curl -- curl curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host. 2018-08-01 not yet calculated CVE-2016-8625
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
GENTOO
CONFIRM(link is external)
curl -- curl A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure. 2018-08-01 not yet calculated CVE-2016-8623
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
GENTOO
CONFIRM(link is external)
curl -- curl The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short. 2018-07-31 not yet calculated CVE-2016-8621
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
GENTOO
CONFIRM(link is external)
curl -- curl The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`. 2018-07-31 not yet calculated CVE-2016-8617
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
GENTOO
CONFIRM(link is external)
curl -- curl The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables. 2018-07-31 not yet calculated CVE-2016-8618
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
GENTOO
CONFIRM(link is external)
curl -- curl The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input. 2018-08-01 not yet calculated CVE-2016-8620
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
GENTOO
CONFIRM(link is external)
curl -- curl curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them. 2018-07-31 not yet calculated CVE-2016-8624
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
MISC(link is external)
GENTOO
CONFIRM(link is external)
curl -- curl
 
A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar. 2018-08-01 not yet calculated CVE-2016-8615
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
GENTOO
CONFIRM(link is external)

datalife_engine -- datalife_engine

An issue was discovered in DataLife Engine (DLE) through 13.0. An attacker can use XSS (related to the /addnews.html and /index.php?do=addnews URIs) to send a malicious script to unsuspecting Admins or users. 2018-08-01 not yet calculated CVE-2018-14777
MISC(link is external)
davolink -- dvw-3200n Davolink DVW-3200N all version prior to Version 1.00.06. The device generates a weak password hash that is easily cracked, allowing a remote attacker to obtain the password for the device. 2018-08-01 not yet calculated CVE-2018-10618
BID(link is external)
MISC
EXPLOIT-DB(link is external)

dell_emc -- networker

Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component. User credentials are sent unencrypted to the remote AMQP service. An unauthenticated attacker in the same network collision domain, could potentially sniff the password from the network and use it to access the component using the privileges of the compromised user. 2018-08-01 not yet calculated CVE-2018-11050
FULLDISC
SECTRACK(link is external)
django -- django
 
django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect. 2018-08-03 not yet calculated CVE-2018-14574
SECTRACK(link is external)
UBUNTU(link is external)
CONFIRM(link is external)
dracut -- dracut
 
A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryption keys or credentials. 2018-08-01 not yet calculated CVE-2016-8637
MLIST
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
ethereum -- cryptogs
 
The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block's hash. Therefore, attackers can predict the random number and always win the game. 2018-08-03 not yet calculated CVE-2018-14715
MISC(link is external)

ethereum -- suncontract_token

The mintToken function of a smart contract implementation for SunContract, an Ethereum token, has an integer overflow via the _amount variable. 2018-08-03 not yet calculated CVE-2018-14576
FULLDISC
MISC(link is external)
ezplayer -- ezplayer
 
A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to execute arbitrary code on a targeted system via video playback. 2018-08-03 not yet calculated CVE-2018-14923
MISC
f5 -- big-ip When the F5 BIG-IP APM 13.0.0-13.1.1 or 12.1.0-12.1.3 renders certain pages (pages with a logon agent or a confirm box), the BIG-IP APM may disclose configuration information such as partition and agent names via URI parameters. 2018-07-31 not yet calculated CVE-2018-5544
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
f5 -- big-ip
 
The F5 BIG-IP Controller for Kubernetes 1.0.0-1.5.0 (k8s-bigip-crtl) passes BIG-IP username and password as command line parameters, which may lead to disclosure of the credentials used by the container. 2018-07-31 not yet calculated CVE-2018-5543
BID(link is external)
CONFIRM(link is external)

flif -- flif

An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3. Attackers can trigger a longjmp that leads to an uninitialized stack frame after a libpng error concerning the IHDR image width. 2018-08-02 not yet calculated CVE-2018-14876
MISC(link is external)

focalscope -- focalscope

An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope v2416. A unauthenticated attacker could submit a specially crafted web request to FocalScope's server that could cause an XXE, and potentially result in data compromise. 2018-08-01 not yet calculated CVE-2018-3881
MISC(link is external)
foreman -- foreman It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface. 2018-08-01 not yet calculated CVE-2016-8639
BID(link is external)
REDHAT(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM
foreman -- foreman
 
A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the user's browser. The output of the job is stored, making this a stored XSS vulnerability. 2018-07-31 not yet calculated CVE-2016-8613
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM
foreman -- foreman
 
A vulnerability was found in foreman 1.14.0. When creating an organization or location in Foreman, if the name contains HTML then the second step of the wizard (/organizations/id/step2) will render the HTML. This occurs in the alertbox on the page. The result is a stored XSS attack if an organization/location with HTML in the name is created, then a user is linked directly to this URL. 2018-08-01 not yet calculated CVE-2016-8634
BID(link is external)
CONFIRM(link is external)
CONFIRM
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the importTextData method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6030. 2018-07-31 not yet calculated CVE-2018-14267
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the mailForm method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6031. 2018-07-31 not yet calculated CVE-2018-14268
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeDataObject method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6033. 2018-07-31 not yet calculated CVE-2018-14270
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6034. 2018-07-31 not yet calculated CVE-2018-14271
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeIcon method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6035. 2018-07-31 not yet calculated CVE-2018-14272
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getOCGs method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6019. 2018-07-31 not yet calculated CVE-2018-14256
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getPageRotation method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6023. 2018-07-31 not yet calculated CVE-2018-14260
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getPageNthWordQuads method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6022. 2018-07-31 not yet calculated CVE-2018-14259
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the importDataObject method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6029. 2018-07-31 not yet calculated CVE-2018-14266
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the scroll method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6037. 2018-07-31 not yet calculated CVE-2018-14274
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Line annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6215. 2018-07-31 not yet calculated CVE-2018-14299
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the spawnPageFromTemplate method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6038. 2018-07-31 not yet calculated CVE-2018-14275
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Polygon annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6216. 2018-07-31 not yet calculated CVE-2018-14300
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the mailDoc method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6059. 2018-07-31 not yet calculated CVE-2018-14277
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the newDoc function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5773. 2018-07-31 not yet calculated CVE-2018-14284
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getPageBox method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6020. 2018-07-31 not yet calculated CVE-2018-14257
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of FreeText annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6213. 2018-07-31 not yet calculated CVE-2018-14297
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getField method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6015. 2018-07-31 not yet calculated CVE-2018-14252
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getIcon method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6016. 2018-07-31 not yet calculated CVE-2018-14253
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Circle annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6212. 2018-07-31 not yet calculated CVE-2018-14296
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6231. 2018-07-31 not yet calculated CVE-2018-14291
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getAnnot method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6013. 2018-07-31 not yet calculated CVE-2018-14250
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-5873. 2018-07-31 not yet calculated CVE-2018-11622
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the importAnXFDX method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6028. 2018-07-31 not yet calculated CVE-2018-14265
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addAdLayer method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6003. 2018-07-31 not yet calculated CVE-2018-11623
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getLinks method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6017. 2018-07-31 not yet calculated CVE-2018-14254
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5896. 2018-07-31 not yet calculated CVE-2018-11621
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the importAnFDF method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6027. 2018-07-31 not yet calculated CVE-2018-14264
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addField method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6005. 2018-07-31 not yet calculated CVE-2018-14242
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6233. 2018-07-31 not yet calculated CVE-2018-14293
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Link objects. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6267. 2018-07-31 not yet calculated CVE-2018-14307
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5756. 2018-07-31 not yet calculated CVE-2018-11620
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Format events for ComboBox fields. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5415. 2018-07-31 not yet calculated CVE-2018-11617
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getNthFieldName method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6018. 2018-07-31 not yet calculated CVE-2018-14255
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the print method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6032. 2018-07-31 not yet calculated CVE-2018-14269
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getPageNthWord method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6021. 2018-07-31 not yet calculated CVE-2018-14258
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setFocus method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5417. 2018-07-31 not yet calculated CVE-2018-11619
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Sound annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6217. 2018-07-31 not yet calculated CVE-2018-14301
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addAnnot method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6004. 2018-07-31 not yet calculated CVE-2018-14241
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getDataObject method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6014. 2018-07-31 not yet calculated CVE-2018-14251
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the calculateNow method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6007. 2018-07-31 not yet calculated CVE-2018-14244
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resetForm method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5416. 2018-07-31 not yet calculated CVE-2018-11618
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Ink annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6214. 2018-07-31 not yet calculated CVE-2018-14298
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getPageNumWords method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6058. 2018-07-31 not yet calculated CVE-2018-14278
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6351. 2018-07-31 not yet calculated CVE-2018-14316
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PolyLine annotations. By manipulating a document's elements an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6265. 2018-07-31 not yet calculated CVE-2018-14305
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the valueAsString function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6326. 2018-07-31 not yet calculated CVE-2018-14308
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the exportAsFDF function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6332. 2018-07-31 not yet calculated CVE-2018-14312
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of button objects. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6266. 2018-07-31 not yet calculated CVE-2018-14306
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6330. 2018-07-31 not yet calculated CVE-2018-14310
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Square annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6218. 2018-07-31 not yet calculated CVE-2018-14302
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of annotations. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6327. 2018-07-31 not yet calculated CVE-2018-14314
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportData XFA function. The issue results from the lack of proper validation of user-supplied data, which can lead to writing arbitrary files into attacker controlled locations. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5757. 2018-07-31 not yet calculated CVE-2018-14281
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6362. 2018-07-31 not yet calculated CVE-2018-14313
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF Phantom PDF 9.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF documents. When parsing shading patterns, the process does not properly validate user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6223. 2018-07-31 not yet calculated CVE-2018-14295
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getVersionID method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6026. 2018-07-31 not yet calculated CVE-2018-14263
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. 2018-08-01 not yet calculated CVE-2018-3924
SECTRACK(link is external)
MISC(link is external)
foxit -- pdf_reader An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. 2018-08-01 not yet calculated CVE-2018-3939
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of arguments passed to the mailDoc function. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5770. 2018-07-31 not yet calculated CVE-2018-14286
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getTemplate method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6024. 2018-07-31 not yet calculated CVE-2018-14261
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeTemplate method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6036. 2018-07-31 not yet calculated CVE-2018-14273
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the SeedValue Generic Object parameter provided to the signatureSetSeedValue function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6329. 2018-07-31 not yet calculated CVE-2018-14309
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of StrikeOut annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6219. 2018-07-31 not yet calculated CVE-2018-14303
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of annotations. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6328. 2018-07-31 not yet calculated CVE-2018-14315
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Text annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6220. 2018-07-31 not yet calculated CVE-2018-14304
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getURL method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6025. 2018-07-31 not yet calculated CVE-2018-14262
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of FileAttachment annotations. By manipulating a document's elements an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6211. 2018-07-31 not yet calculated CVE-2018-14294
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportAsFDF method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6010. 2018-07-31 not yet calculated CVE-2018-14247
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the submitForm method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6039. 2018-07-31 not yet calculated CVE-2018-14276
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the highlightMode attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5771. 2018-07-31 not yet calculated CVE-2018-14283
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6232. 2018-07-31 not yet calculated CVE-2018-14292
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportAsFDF XFA function. The issue results from the lack of proper validation of user-supplied data, which can lead to writing arbitrary files into attacker controlled locations. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5619. 2018-07-31 not yet calculated CVE-2018-14280
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the resetForm method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6060. 2018-07-31 not yet calculated CVE-2018-14279
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the convertTocPDF method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6009. 2018-07-31 not yet calculated CVE-2018-14246
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the closeDoc method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6008. 2018-07-31 not yet calculated CVE-2018-14245
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of arguments passed to the setFocus function. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5642. 2018-07-31 not yet calculated CVE-2018-14288
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of FlateDecode streams. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5763. 2018-07-31 not yet calculated CVE-2018-14282
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of arguments passed to the instanceManager.nodes.append function. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5641. 2018-07-31 not yet calculated CVE-2018-14287
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the oneOfChild attribute. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5774. 2018-07-31 not yet calculated CVE-2018-14285
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-6221. 2018-07-31 not yet calculated CVE-2018-14289
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportDataObject method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6012. 2018-07-31 not yet calculated CVE-2018-14249
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addPageOpenJSMessage method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6006. 2018-07-31 not yet calculated CVE-2018-14243
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA events. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6331. 2018-07-31 not yet calculated CVE-2018-14311
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6222. 2018-07-31 not yet calculated CVE-2018-14290
CONFIRM(link is external)
MISC(link is external)
foxit -- pdf_reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportAsXFDF method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6011. 2018-07-31 not yet calculated CVE-2018-14248
CONFIRM(link is external)
MISC(link is external)
geopython -- pycsw
 
A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL (at least) it is possible to perform updates/inserts/deletes and database modifications to any table the database user has access to. 2018-08-01 not yet calculated CVE-2016-8640
MLIST
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
gitlab -- community_edition_and_enterprise_edition An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter. 2018-08-03 not yet calculated CVE-2018-12605
CONFIRM(link is external)
CONFIRM(link is external)
gitlab -- community_edition_and_enterprise_edition An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding. 2018-08-03 not yet calculated CVE-2018-12607
CONFIRM(link is external)
CONFIRM(link is external)
gitlab -- community_edition_and_enterprise_edition An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature. 2018-08-03 not yet calculated CVE-2018-12606
CONFIRM(link is external)
CONFIRM(link is external)
huawei -- mate_10_smart_phones HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 8.1.0.311 have a use after free vulnerability on mediaserver component. An attacker tricks the user install a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause execution of arbitrary code. 2018-07-31 not yet calculated CVE-2018-7993
CONFIRM(link is external)
huawei -- multiple_products Mdapt Driver of Huawei MediaPad M3 BTV-W09C128B353CUSTC128D001; Mate 9 Pro versions earlier than 8.0.0.356(C00); P10 Plus versions earlier than 8.0.0.357(C00) has a buffer overflow vulnerability. The driver does not sufficiently validate the input, an attacker could trick the user to install a malicious application which would send crafted parameters to the driver. Successful exploit could cause a denial of service condition. 2018-07-31 not yet calculated CVE-2018-7992
CONFIRM(link is external)
huawei -- multiple_products Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; V500R002C10; NIP6300 V500R001C50; NIP6600 V500R001C50; NIP6800 V500R001C50; Secospace USG6600 V500R001C50; USG9500 V500R001C50 have a memory leak vulnerability. The software does not release allocated memory properly when processing Protal questionnaire. A remote attacker could send a lot questionnaires to the device, successful exploit could cause the device to reboot since running out of memory. 2018-07-31 not yet calculated CVE-2018-7994
CONFIRM(link is external)
huawei -- multiple_products
 
Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients and the affected products. The attacker may launch the Bleichenbacher attack on RSA key exchange to decrypt the session key and the previously captured sessions by some cryptanalytic operations. Successful exploit may cause information leak. 2018-07-31 not yet calculated CVE-2017-17174
CONFIRM(link is external)
huawei -- multiple_smart_phones Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause some malicious applications to be installed in the mobile phones. 2018-07-31 not yet calculated CVE-2018-7947
CONFIRM(link is external)
huawei -- multiple_smart_phones Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an information leakage vulnerability. Because an interface does not verify authorization correctly, attackers can exploit an application with the authorization of phone state to obtain user location additionally. 2018-07-31 not yet calculated CVE-2018-7957
CONFIRM(link is external)
huawei -- multiple_smart_phones
 
Some Huawei mobile phone with the versions before BLA-L29 8.0.0.145(C432) have a denial of service (DoS) vulnerability because they do not adapt to specific screen gestures. An attacker may trick users into installing a malicious app. As a result, apps running on the frontend crash after the users make specific screen gestures. 2018-07-31 not yet calculated CVE-2018-7934
CONFIRM(link is external)

ibm -- api_connect_developer_portal

IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two Factor Authentication (TFA) while resetting a user password but enforces it for all other login scenarios. IBM X-Force ID: 144483. 2018-07-31 not yet calculated CVE-2018-1638
XF(link is external)
CONFIRM(link is external)
ibm -- maximo_asset_management IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116. 2018-08-03 not yet calculated CVE-2018-1524
XF(link is external)
CONFIRM(link is external)
ibm -- maximo_asset_management IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142891. 2018-08-02 not yet calculated CVE-2018-1554
XF(link is external)
CONFIRM(link is external)
ibm -- spectrum_symphony_and_platform_symphony IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input. IBM X-Force ID: 143622. 2018-08-01 not yet calculated CVE-2018-1595
BID(link is external)
XF(link is external)
CONFIRM(link is external)
ibm -- sterling_b2b_integrator IBM Sterling B2B Integrator Standard Edition 5.2.0.1 - 5.2.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147166. 2018-07-31 not yet calculated CVE-2018-1718
BID(link is external)
XF(link is external)
CONFIRM(link is external)
idreamsoft -- icms An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14514. 2018-08-02 not yet calculated CVE-2018-14858
MISC(link is external)
insteon -- hub An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c224 the value for the s_vol_play key is copied using strcpy to the buffer at 0xa0000418. This buffer is maximum 8 bytes large (this is the maximum size it could be, it is possible other global variables are stored between this variable and the next one that we could identify), sending anything longer will cause a buffer overflow. 2018-08-02 not yet calculated CVE-2017-16341
MISC(link is external)
insteon -- hub An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01e7d4 the value for the s_vol key is copied using strcpy to the buffer at 0xa0001700. This buffer is maximum 12 bytes large (this is the maximum size it could be, it is possible other global variables are stored between this variable and the next one that we could identify), sending anything longer will cause a buffer overflow. 2018-08-02 not yet calculated CVE-2017-16347
MISC(link is external)
insteon -- hub An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c2c8 the value for the s_url key is copied using strcpy to the buffer at 0xa0001a0c. This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. The destination can also be shifted by using an sn_speaker parameter between "0" and "3". 2018-08-02 not yet calculated CVE-2017-16344
MISC(link is external)
insteon -- hub An exploitable stack-based buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation unsafely extracts parameters from the query string, leading to a buffer overflow on the stack. An attacker can send an HTTP GET request to trigger this vulnerability. 2018-08-02 not yet calculated CVE-2017-14446
MISC(link is external)
insteon -- hub An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c284 the value for the s_vol_brt_delta key is copied using strcpy to the buffer at 0xa0000510. This buffer is 4 bytes large, sending anything longer will cause a buffer overflow. 2018-08-02 not yet calculated CVE-2017-16343
MISC(link is external)
insteon -- hub An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the host parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET request to trigger this vulnerability. 2018-08-02 not yet calculated CVE-2017-14445
MISC(link is external)
insteon -- hub An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the URL parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET request to trigger this vulnerability. 2018-08-02 not yet calculated CVE-2017-14444
MISC(link is external)
insteon -- hub An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c368 the value for the s_mac key is copied using strcpy to the buffer at 0xa000170c. This buffer is 25 bytes large, sending anything longer will cause a buffer overflow. The destination can also be shifted by using an sn_speaker parameter between "0" and "3". 2018-08-02 not yet calculated CVE-2017-16346
MISC(link is external)
insteon -- hub An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c318 the value for the s_port key is copied using strcpy to the buffer at 0xa00017f4. This buffer is 6 bytes large, sending anything longer will cause a buffer overflow. The destination can also be shifted by using an sn_speaker parameter between "0" and "3". 2018-08-02 not yet calculated CVE-2017-16345
MISC(link is external)
insteon -- hub An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01bb1c the value for the uri key is copied using strcpy to the buffer at 0xa00016a0. This buffer is 64 bytes large, sending anything longer will cause a buffer overflow. 2018-08-02 not yet calculated CVE-2017-16339
MISC(link is external)
insteon -- hub An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c254 the value for the s_vol_dim_delta key is copied using strcpy to the buffer at 0xa0000514. This buffer is 4 bytes large, sending anything longer will cause a buffer overflow. 2018-08-02 not yet calculated CVE-2017-16342
MISC(link is external)
insteon -- hub An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the kind of firmware image that is going to be installed and thus allows for flashing any signed firmware into any MCU. Since the device contains different and incompatible MCUs, flashing one firmware to the wrong MCU will result in a permanent brick condition. To trigger this vulnerability, an attacker needs to impersonate the remote server "cache.insteon.com" and serve a signed firmware image. 2018-08-02 not yet calculated CVE-2018-3834
MISC(link is external)
insteon -- hub An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c0e8 the value for the s_dport key is copied using strcpy to the buffer at 0xa000180c. This buffer is 6 bytes large, sending anything longer will cause a buffer overflow. 2018-08-02 not yet calculated CVE-2017-16340
MISC(link is external)
insteon -- hub An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01bad0 the value for the host key is copied using strcpy to the buffer at 0xa00016e0. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. 2018-08-02 not yet calculated CVE-2017-16338
MISC(link is external)
intel -- distribution_for_python Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivileged user to bypass URI sanitization via local vector. 2018-08-01 not yet calculated CVE-2018-3650
CONFIRM(link is external)

intel -- graphics_driver_for_windows

Out-of-bounds read condition in older versions of some Intel Graphics Driver for Windows code branches allows local users to perform a denial of service attack. 2018-08-01 not yet calculated CVE-2017-5692
BID(link is external)
CONFIRM(link is external)
intel -- puma Firmware in the Intel Puma 5, 6, and 7 Series might experience resource depletion or timeout, which allows a network attacker to create a denial of service via crafted network traffic. 2018-07-31 not yet calculated CVE-2017-5693
BID(link is external)
CONFIRM(link is external)

intel -- saffron

Escalation of privilege in Intel Saffron admin application before 11.4 allows an authenticated user to access unauthorized information. 2018-08-01 not yet calculated CVE-2018-3671
CONFIRM(link is external)
intel -- saffron_memorybase Escalation of privilege in Intel Saffron MemoryBase before 11.4 allows an authenticated user access to privileged information. 2018-08-01 not yet calculated CVE-2018-3663
CONFIRM(link is external)
intel -- saffron_memorybase Escalation of privilege in Intel Saffron MemoryBase before version 11.4 potentially allows an authorized user of the Saffron application to execute arbitrary code as root. 2018-08-01 not yet calculated CVE-2018-3662
CONFIRM(link is external)

intel -- smart_sound_technology

Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a buffer overflow. 2018-08-01 not yet calculated CVE-2018-3670
CONFIRM(link is external)

intel -- smart_sound_technology

Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a non-paged pool overflow. 2018-08-01 not yet calculated CVE-2018-3666
CONFIRM(link is external)

intel -- smart_sound_technology

Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a system calls. 2018-08-01 not yet calculated CVE-2018-3672
CONFIRM(link is external)

inteno -- iopsys

read_tmp and write_tmp in Inteno IOPSYS allow attackers to gain privileges after writing to /tmp/etc/smb.conf because /var is a symlink to /tmp. 2018-07-31 not yet calculated CVE-2018-14533
MISC(link is external)
EXPLOIT-DB(link is external)

intuit -- lacerte_2017_for_windows

Intuit Lacerte 2017 for Windows in a client/server environment transfers the entire customer list in cleartext over SMB, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer list contains each customer's full name, social security number (SSN), address, job title, phone number, Email address, spouse's phone/Email address, and other sensitive information. After the client software authenticates to the server database, the server sends the customer list. There is no need for further exploitation as all sensitive data is exposed. This vulnerability was validated on Intuit Lacerte 2017, however older versions of Lacerte may be vulnerable. 2018-07-31 not yet calculated CVE-2018-11338
MISC(link is external)
jasper -- jasper
 
A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected. 2018-08-01 not yet calculated CVE-2016-8654
BID(link is external)
REDHAT(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
DEBIAN
jasper -- jasper
 
An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input. 2018-08-01 not yet calculated CVE-2016-9583
BID(link is external)
REDHAT(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
jenkins -- jenkins An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. 2018-08-01 not yet calculated CVE-2018-1999040
CONFIRM(link is external)
jenkins -- jenkins An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log. 2018-08-01 not yet calculated CVE-2018-1999036
CONFIRM(link is external)
jenkins -- jenkins An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. 2018-08-01 not yet calculated CVE-2018-1999027
CONFIRM(link is external)
jenkins -- jenkins An exposure of sensitive information vulnerability exists in Jenkins Accurev Plugin 0.7.16 and earlier in AccurevSCM.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. 2018-08-01 not yet calculated CVE-2018-1999028
CONFIRM(link is external)
jenkins -- jenkins An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin's configuration. 2018-08-01 not yet calculated CVE-2018-1999041
CONFIRM(link is external)
jenkins -- jenkins A data modification vulnerability exists in Jenkins Resource Disposer Plugin 0.11 and earlier in AsyncResourceDisposer.java that allows attackers to stop tracking a resource. 2018-08-01 not yet calculated CVE-2018-1999037
CONFIRM(link is external)
jenkins -- jenkins A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host. 2018-08-01 not yet calculated CVE-2018-1999026
CONFIRM(link is external)
jenkins -- jenkins A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to. 2018-08-01 not yet calculated CVE-2018-1999034
CONFIRM(link is external)
jenkins -- jenkins An exposure of sensitive information vulnerability exists in Jenkins Anchore Container Image Scanner Plugin 10.16 and earlier in AnchoreBuilder.java that allows attackers with Item/ExtendedRead permission or file system access to the Jenkins master to obtain the password stored in this plugin's configuration. 2018-08-01 not yet calculated CVE-2018-1999033
CONFIRM(link is external)
jenkins -- jenkins An exposure of sensitive information vulnerability exists in Jenkins meliora-testlab Plugin 1.14 and earlier in TestlabNotifier.java that allows attackers with file system access to the Jenkins master to obtain the API key stored in this plugin's configuration. 2018-08-01 not yet calculated CVE-2018-1999031
CONFIRM(link is external)
jenkins -- jenkins A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint. 2018-08-01 not yet calculated CVE-2018-1999032
CONFIRM(link is external)
jenkins -- jenkins A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to. 2018-08-01 not yet calculated CVE-2018-1999035
CONFIRM(link is external)
jenkins -- jenkins A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials. 2018-08-01 not yet calculated CVE-2018-1999039
CONFIRM(link is external)
jenkins -- jenkins
 
A cross-site scripting vulnerability exists in Jenkins Shelve Project Plugin 1.5 and earlier in ShelveProjectAction/index.jelly, ShelvedProjectsAction/index.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. 2018-08-01 not yet calculated CVE-2018-1999029
CONFIRM(link is external)
jenkins -- jenkins
 
A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to. 2018-08-01 not yet calculated CVE-2018-1999025
CONFIRM(link is external)
jenkins -- jenkins
 
A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials. 2018-08-01 not yet calculated CVE-2018-1999038
CONFIRM(link is external)
jenkins -- jenkins
 
An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. 2018-08-01 not yet calculated CVE-2018-1999030
CONFIRM(link is external)
jetbrains -- intellij_idea IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml. 2018-08-03 not yet calculated CVE-2017-8316
CONFIRM
MISC(link is external)
MISC(link is external)
johnson_controls -- metasys_and_bcpro In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information. 2018-08-01 not yet calculated CVE-2018-10624
BID(link is external)
MISC
kamailio -- kamailio
 
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "build_res_buf_from_sip_req" core function. This could result in denial of service and potentially the execution of arbitrary code. 2018-07-31 not yet calculated CVE-2018-14767
MISC(link is external)
keycloak -- keycloak
 
It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks. 2018-08-01 not yet calculated CVE-2018-10894
CONFIRM(link is external)
keycloak -- keycloak
 
It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks. 2018-08-01 not yet calculated CVE-2016-8609
REDHAT(link is external)
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
knot_resolver -- knot_resolver
 
Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache. 2018-08-02 not yet calculated CVE-2018-10920
CONFIRM(link is external)
CONFIRM(link is external)
lenovo -- xclarity_administrator In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended. 2018-07-30 not yet calculated CVE-2018-9065
CONFIRM(link is external)
lenovo -- xclarity_administrator In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user. 2018-07-30 not yet calculated CVE-2018-9064
CONFIRM(link is external)
lenovo -- xclarity_administrator In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system. 2018-07-30 not yet calculated CVE-2018-9066
CONFIRM(link is external)
lftp -- lftp
 
It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system. 2018-08-01 not yet calculated CVE-2018-10916
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
libcurl -- libcurl The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer. 2018-07-31 not yet calculated CVE-2016-8622
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
GENTOO
CONFIRM(link is external)
libmspack -- libmspack An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash). 2018-07-28 not yet calculated CVE-2018-14679
MISC(link is external)
SECTRACK(link is external)
MISC
MISC(link is external)
UBUNTU(link is external)
UBUNTU(link is external)
DEBIAN
libmspack -- libmspack An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression. 2018-07-28 not yet calculated CVE-2018-14682
MISC(link is external)
SECTRACK(link is external)
MISC
MISC(link is external)
UBUNTU(link is external)
UBUNTU(link is external)
DEBIAN
libmspack -- libmspack An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite. 2018-07-28 not yet calculated CVE-2018-14681
MISC(link is external)
SECTRACK(link is external)
MISC
MISC(link is external)
UBUNTU(link is external)
UBUNTU(link is external)
DEBIAN
libmspack -- libmspack
 
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames. 2018-07-28 not yet calculated CVE-2018-14680
MISC(link is external)
SECTRACK(link is external)
MISC
MISC(link is external)
UBUNTU(link is external)
UBUNTU(link is external)
DEBIAN
libxcursor -- libxcursor
 
_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow. 2018-08-01 not yet calculated CVE-2015-9262
MISC
MISC
libxdmcp -- libxdmcp
 
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions. 2018-07-27 not yet calculated CVE-2017-2625
BID(link is external)
SECTRACK(link is external)
REDHAT(link is external)
CONFIRM(link is external)
CONFIRM
GENTOO
MISC(link is external)
linux -- linux_kernel An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference in fscrypt_do_page_crypto() in fs/crypto/crypto.c when operating on a file in a corrupted f2fs image. 2018-07-27 not yet calculated CVE-2018-14616
BID(link is external)
MISC
linux -- linux_kernel A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this. 2018-07-30 not yet calculated CVE-2017-7518
MLIST(link is external)
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
UBUNTU(link is external)
UBUNTU(link is external)
DEBIAN
MLIST(link is external)
linux -- linus_kernel A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. 2018-07-30 not yet calculated CVE-2018-10883
CONFIRM(link is external)
CONFIRM
CONFIRM
MLIST
linux -- linus_kernel An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfs_read_block_groups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks in check_leaf in fs/btrfs/tree-checker.c. 2018-07-27 not yet calculated CVE-2018-14612
BID(link is external)
MISC
MISC
MISC
linux -- linus_kernel An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btrfs/tree-checker.c. 2018-07-27 not yet calculated CVE-2018-14613
BID(link is external)
MISC
MISC
linux -- linus_kernel An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative. 2018-07-27 not yet calculated CVE-2018-14615
BID(link is external)
MISC
linux -- linus_kernel drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). 2018-07-29 not yet calculated CVE-2018-14734
MISC
MISC(link is external)
linux -- linus_kernel An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges. 2018-07-28 not yet calculated CVE-2018-14678
BID(link is external)
SECTRACK(link is external)
MISC
linux -- linus_kernel In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation. 2018-07-30 not yet calculated CVE-2017-7482
MLIST
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
CONFIRM
DEBIAN
DEBIAN
linux -- linus_kernel An issue was discovered in the Linux kernel through 4.17.10. There is an out-of-bounds access in __remove_dirty_segment() in fs/f2fs/segment.c when mounting an f2fs image. 2018-07-27 not yet calculated CVE-2018-14614
BID(link is external)
MISC
linux -- linus_kernel An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not been initialized. 2018-07-27 not yet calculated CVE-2018-14609
BID(link is external)
MISC
MISC
linux -- linus_kernel An issue was discovered in the Linux kernel through 4.17.10. There is a use-after-free in try_merge_free_space() when mounting a crafted btrfs image, because of a lack of chunk type flag checks in btrfs_check_chunk_valid in fs/btrfs/volumes.c. 2018-07-27 not yet calculated CVE-2018-14611
BID(link is external)
MISC
MISC
linux -- linus_kernel An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory. 2018-07-27 not yet calculated CVE-2018-14617
BID(link is external)
MISC
MISC(link is external)
linux -- linus_kernel An issue was discovered in the Linux kernel through 4.17.10. There is out-of-bounds access in write_extent_buffer() when mounting and operating a crafted btrfs image, because of a lack of verification that each block group has a corresponding chunk at mount time, within btrfs_read_block_groups in fs/btrfs/extent-tree.c. 2018-07-27 not yet calculated CVE-2018-14610
BID(link is external)
MISC
MISC
mantisbt -- mantisbt
 
An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name (e.g., 'foobar" onclick="alert(1)'). 2018-08-03 not yet calculated CVE-2018-14504
CONFIRM(link is external)
CONFIRM
CONFIRM
mantisbt -- mantisbt
 
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. 2018-08-03 not yet calculated CVE-2018-13055
CONFIRM(link is external)
CONFIRM
CONFIRM
martem -- telem-gw6_and_gwm_devices Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process. 2018-07-31 not yet calculated CVE-2018-10603
BID(link is external)
MISC
martem -- telem-gw6_and_gwm_devices Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel. 2018-07-31 not yet calculated CVE-2018-10607
CONFIRM(link is external)
BID(link is external)
MISC
martem -- telem-gw6_and_gwm_devices Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges. 2018-07-31 not yet calculated CVE-2018-10609
CONFIRM(link is external)
BID(link is external)
MISC
matera_systems -- banco Matera Banco 1.0.0 is vulnerable to path traversal (allowing access to system files outside the default application folder) via the /contingency/servlet/ServletFileDownload file parameter, related to /contingency/web/receiptQuery/receiptDisplay.jsp. 2018-08-03 not yet calculated CVE-2018-14927
MISC(link is external)
matera_systems -- banco Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonstrated by the /contingency/web/index.jsp (aka home page) url parameter. 2018-08-03 not yet calculated CVE-2018-14929
MISC(link is external)
matera_systems -- banco Matera Banco 1.0.0 allows CSRF, as demonstrated by a /contingency/web/messageSend/messageSendHandler.jsp request. 2018-08-03 not yet calculated CVE-2018-14926
MISC(link is external)
matera_systems -- banco Matera Banco 1.0.0 is vulnerable to multiple stored XSS, as demonstrated by the sca/privilegio/consultarUsuario.jsf "Nome Completo" (aka user fullname) field. 2018-08-03 not yet calculated CVE-2018-14924
MISC(link is external)
matera_systems -- banco Matera Banco 1.0.0 mishandles Java errors in the backend, as demonstrated by a stack trace revealing use of net.sf.acegisecurity components. 2018-08-03 not yet calculated CVE-2018-14925
MISC(link is external)
matera_systems -- banco /contingency/servlet/ServletFileDownload executes as root and provides unauthenticated access to files via the file parameter. 2018-08-03 not yet calculated CVE-2018-14928
MISC(link is external)

metascrapper -- metascrapper

There is a stored Cross-Site Scripting vulnerability in Open Graph meta properties read by the `metascrape` npm module <= 3.9.2. 2018-07-30 not yet calculated CVE-2018-3773
MISC(link is external)
micro_focus -- groupwise A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code execution. 2018-08-01 not yet calculated CVE-2018-12468
CONFIRM(link is external)
mikrotik -- routeros Winbox for MikroTik RouterOS through 6.42 allows remote attackers to bypass authentication and read arbitrary files by modifying a request to change one byte related to a Session ID. 2018-08-02 not yet calculated CVE-2018-14847
MISC(link is external)
MISC(link is external)
MISC(link is external)
monitorix -- monitorix
 
Monitorix before 3.10.1 allows XSS via CGI variables. 2018-08-02 not yet calculated CVE-2018-7649
CONFIRM
mozilla -- network_security_services It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. 2018-08-01 not yet calculated CVE-2016-8635
REDHAT(link is external)
BID(link is external)
CONFIRM(link is external)
GENTOO
my_little_forum -- my_little_forum The Add page option in my little forum 2.4.12 allows XSS via the Title field. 2018-08-04 not yet calculated CVE-2018-14936
MISC(link is external)
my_little_forum -- my_little_forum The Add page option in my little forum 2.4.12 allows XSS via the Menu Link field. 2018-08-04 not yet calculated CVE-2018-14937
MISC(link is external)
nagios -- nagios
 
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change. 2018-08-01 not yet calculated CVE-2016-8641
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
GENTOO
EXPLOIT-DB(link is external)

naver -- whale_browser

Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name. 2018-08-02 not yet calculated CVE-2018-12448
MISC(link is external)

netapp -- 7-mode_transition_tool

NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which may have been intended to be restricted to administrators or privileged users. 7MTT versions below 2.0 do not enforce user authorization rules on file information and status that it has previously collected. The released version of 7MTT has been updated to maintain and verify authorization rules for file information, status and utilities. 2018-08-03 not yet calculated CVE-2018-5489
CONFIRM(link is external)
netapp -- oncommand_insight NetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are susceptible to clickjacking attacks which could cause a user to perform an unintended action in the user interface. 2018-07-31 not yet calculated CVE-2017-13652
CONFIRM(link is external)
nuuo -- nvrmini_devices upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. 2018-08-04 not yet calculated CVE-2018-14933
EXPLOIT-DB(link is external)

ocs -- inventory

OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate information or cause a Denial of Service. 2018-08-03 not yet calculated CVE-2018-14473
MISC(link is external)
ocs -- inventory OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues. 2018-08-03 not yet calculated CVE-2018-12482
MISC(link is external)
ocs -- inventory OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec() call in the PHP code. Authentication is needed in order to exploit this vulnerability. 2018-08-03 not yet calculated CVE-2018-12483
MISC(link is external)
open_ticket_request_system -- open_ticket_request_system An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent may escalate their privileges by accessing a specially crafted URL. 2018-08-03 not yet calculated CVE-2018-14593
CONFIRM(link is external)
openbsd -- openbsd
 
tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has a Local Denial of Service (system crash) due to incorrect I/O port access control on the i386 architecture. 2018-08-01 not yet calculated CVE-2018-14775
MISC
MISC
MISC
MISC
openbuildservice -- openbuildservice
 
Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689. 2018-08-01 not yet calculated CVE-2018-12467
CONFIRM(link is external)
CONFIRM(link is external)
openjpeg -- openjpeg An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2. 2018-08-01 not yet calculated CVE-2016-9581
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
GENTOO
openjpeg -- openjpeg
 
A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image. 2018-08-01 not yet calculated CVE-2016-9572
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
GENTOO
DEBIAN
openjpeg -- openjpeg
 
An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow. 2018-08-01 not yet calculated CVE-2016-9580
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
GENTOO
openshift -- enterprise
 
The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site. 2018-07-31 not yet calculated CVE-2016-8631
BID(link is external)
REDHAT(link is external)
CONFIRM(link is external)
openstack -- glance
 
A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation. 2018-07-31 not yet calculated CVE-2016-8611
MLIST
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
openstack -- keystone In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected. 2018-07-31 not yet calculated CVE-2018-14432
MLIST(link is external)
BID(link is external)
opensuse -- open-build-service openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links. 2018-08-01 not yet calculated CVE-2018-12466
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
oracle -- fusion_middleware Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Supported versions that are affected are 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Fusion Middleware MapViewer accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 2018-08-02 not yet calculated CVE-2018-3109
CONFIRM(link is external)
BID(link is external)
SECTRACK(link is external)

oracle -- fusion_middleware

Vulnerability in the Oracle Fusion Middleware component of Oracle Fusion Middleware (subcomponent: Oracle Nofication Service). Supported versions that are affected are 12.2.1.2 and 12.2.1.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Fusion Middleware accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). 2018-08-02 not yet calculated CVE-2018-3108
CONFIRM(link is external)
BID(link is external)
SECTRACK(link is external)

oracle -- weblogic_server

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. Note: Please refer to MOS document 2018-08-02 not yet calculated CVE-2018-2933
CONFIRM(link is external)
BID(link is external)
SECTRACK(link is external)
paypal -- invoice-sdk-php paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution. 2018-08-02 not yet calculated CVE-2017-6213
CONFIRM(link is external)
paypal -- permissions-sdk-php paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution. 2018-08-02 not yet calculated CVE-2017-6215
CONFIRM(link is external)
pearson -- vue_certiport_console_and_iqsystem The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrator, which allows local users to gain privileges. 2018-08-03 not yet calculated CVE-2018-12989
MISC(link is external)
php -- php An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c. 2018-08-03 not yet calculated CVE-2018-14883
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
php -- php PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string. 2018-08-02 not yet calculated CVE-2017-9120
MISC(link is external)
php -- php
 
exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file. 2018-08-02 not yet calculated CVE-2018-14851
MISC(link is external)
MISC(link is external)
MISC(link is external)
php -- php
 
An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an atoi call. 2018-08-03 not yet calculated CVE-2018-14884
CONFIRM(link is external)
CONFIRM(link is external)
php -- php
 
PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call. 2018-08-02 not yet calculated CVE-2017-9118
MISC(link is external)

phpscriptsmall.com -- basic_b2b_script

PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields. 2018-08-03 not yet calculated CVE-2018-14541
MISC(link is external)
EXPLOIT-DB(link is external)
pleasant_solutions -- pleasant_password_server Because of insufficient authorization checks it is possible for any authenticated user to change profile data of other users in Pleasant Password Server before 7.8.3. 2018-07-31 not yet calculated CVE-2017-17708
MISC(link is external)
pleasant_solutions -- pleasant_password_server Due to missing authorization checks, any authenticated user is able to list, upload, or delete attachments to password safe entries in Pleasant Password Server before 7.8.3. To perform those actions on an entry, the user needs to know the corresponding "CredentialId" value, which uniquely identifies a password safe entry. Since "CredentialId" values are implemented as GUIDs, they are hard to guess. However, if for example an entry's owner grants read-only access to a malicious user, the value gets exposed to the malicious user. The same holds true for temporary grants. 2018-07-31 not yet calculated CVE-2017-17707
MISC(link is external)
prosody -- prosody
 
prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of the same Prosody instance. 2018-07-30 not yet calculated CVE-2018-10847
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
DEBIAN

python-cryptography -- cryptography_python_library

A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. 2018-07-30 not yet calculated CVE-2018-10903
CONFIRM(link is external)
CONFIRM(link is external)
UBUNTU(link is external)
red_hat -- ceph A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected. 2018-08-01 not yet calculated CVE-2016-9579
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
BID(link is external)
CONFIRM(link is external)
red_hat -- ceph A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests. 2018-07-31 not yet calculated CVE-2016-8626
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
BID(link is external)
CONFIRM(link is external)
red_hat -- enterprise_linux
 
It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic /etc/init.d init scripts (i.e. on Red Hat Enterprise Linux 6 and earlier), the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted. 2018-07-31 not yet calculated CVE-2016-8657
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
BID(link is external)
REDHAT(link is external)
CONFIRM(link is external)
red_hat -- jboss_brms_and_brms_suite_6
 
JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before showing to other users, including admins. 2018-08-01 not yet calculated CVE-2016-8608
REDHAT(link is external)
REDHAT(link is external)
BID(link is external)
CONFIRM(link is external)
red_hat -- jboss_enterprise_application_platform An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. 2018-08-01 not yet calculated CVE-2016-9573
REDHAT(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
GENTOO
DEBIAN
red_hat -- jboss_fuse_and_a-mq It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. An attacker could use this flaw to launch a denial of service attack. 2018-08-01 not yet calculated CVE-2016-8653
BID(link is external)
CONFIRM(link is external)
red_hat -- openshift
 
An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image. 2018-08-01 not yet calculated CVE-2016-8651
BID(link is external)
REDHAT(link is external)
CONFIRM(link is external)
red_hat -- openstack
 
A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials. 2018-07-30 not yet calculated CVE-2018-10898
REDHAT(link is external)
CONFIRM(link is external)
red_hat -- satellite
 
A cross-site scripting (XSS) flaw was found in how the failed action entry is processed in Red Hat Satellite before version 5.8.0. A user able to specify a failed action could exploit this flaw to perform XSS attacks against other Satellite users. 2018-07-30 not yet calculated CVE-2017-7514
REDHAT(link is external)
CONFIRM(link is external)
red_hat -- jboss_core_services It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705. 2018-07-30 not yet calculated CVE-2016-9597
BID(link is external)
CONFIRM(link is external)
redgate -- .net_reflector_and_smartassembly Redgate .NET Reflector before 10.0.7.774 and SmartAssembly before 6.12.5 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific embedded resource file. 2018-07-31 not yet calculated CVE-2018-14581
CONFIRM(link is external)
CONFIRM(link is external)
rejucms -- rejucms
 
rejucms 2.1 has stored XSS via the admin/book.php content parameter. 2018-08-01 not yet calculated CVE-2018-14838
MISC(link is external)

responsive_filemanager -- responsive_filemanager

upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter. 2018-08-03 not yet calculated CVE-2018-14728
MISC(link is external)
restforce -- restforce
 
Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests. 2018-08-03 not yet calculated CVE-2018-3777
CONFIRM(link is external)
rincewind -- rincewind An issue was discovered in Rincewind 0.1. A reinstall vulnerability exists because the parameter p of index.php and another file named commonPages.php allows an attacker to reinstall the product, with all data reset. 2018-08-02 not yet calculated CVE-2018-14872
MISC(link is external)
rincewind -- rincewind
 
An issue was discovered in Rincewind 0.1. There is a cross-site scripting (XSS) vulnerability involving a p=account request to index.php and another file named commonPages.php. 2018-08-02 not yet calculated CVE-2018-14873
MISC(link is external)
samba -- samba
 
A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack. 2018-07-27 not yet calculated CVE-2017-12151
BID(link is external)
SECTRACK(link is external)
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
DEBIAN
CONFIRM
samsung -- syncthru_web_service Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid. 2018-08-03 not yet calculated CVE-2018-14904
MISC(link is external)
samsung -- syncthru_web_service Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action. 2018-08-03 not yet calculated CVE-2018-14908
MISC(link is external)
sap -- business_planning_and_consolidation_software An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service. An attacker can issue authenticated HTTP requests to trigger this vulnerability. 2018-08-02 not yet calculated CVE-2017-16349
MISC(link is external)
seacms -- seacms
 
SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php). The code is executed by visiting adm1n/admin_ip.php or data/admin/ip.php. This can also be exploited through CSRF. 2018-08-03 not yet calculated CVE-2018-14910
MISC(link is external)

seeddms -- seeddms

Unrestricted file upload vulnerability in "op/op.UploadChunks.php" in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the "qqfile" parameter. This allows an authenticated attacker to upload a malicious file containing PHP code to execute operating system commands to the web root of the application. 2018-07-31 not yet calculated CVE-2018-12940
CONFIRM(link is external)
MISC(link is external)
seeddms -- seeddms Cross-Site Scripting (XSS) vulnerability in every page that includes the "action" URL parameter in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter. 2018-07-31 not yet calculated CVE-2018-12943
CONFIRM(link is external)
MISC(link is external)

seeddms -- seeddms

A directory traversal flaw in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows an authenticated attacker to write to (or potentially delete) arbitrary files via a .. (dot dot) in the "op/op.UploadChunks.php" "qquuid" parameter. NOTE: this can be leveraged to execute arbitrary code by using CVE-2018-12940. 2018-07-31 not yet calculated CVE-2018-12939
CONFIRM(link is external)
MISC(link is external)
seeddms -- seeddms SQL injection vulnerability in the "Users management" functionality in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application server. An attacker can use this vulnerability to perform malicious tasks such as to extract, change, or delete sensitive information within the database supporting the application, and potentially run system commands on the underlying operating system. 2018-07-31 not yet calculated CVE-2018-12942
CONFIRM(link is external)
MISC(link is external)
seeddms -- seeddms Persistent Cross-Site Scripting (XSS) vulnerability in the "Categories" feature in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the name field. 2018-07-31 not yet calculated CVE-2018-12944
CONFIRM(link is external)
MISC(link is external)

seeddms -- seeddms

This vulnerability allows remote attackers to execute arbitrary code in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 by adding a system command at the end of the "cacheDir" path and following usage of the "Clear Cache" functionality. This allows an authenticated attacker, with permission to the Settings functionality, to inject arbitrary system commands within the application by manipulating the "Cache directory" path. An attacker can use it to perform malicious tasks such as to extract, change, or delete sensitive information or run system commands on the underlying operating system. 2018-07-31 not yet calculated CVE-2018-12941
CONFIRM(link is external)
MISC(link is external)
servicenow -- servicenow report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '${xyz}' Glide Scripting Injection in the sysparm_media parameter. 2018-08-03 not yet calculated CVE-2018-7748
MISC(link is external)
MISC(link is external)

simsong -- tcpflow

An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds read and may allow access to sensitive memory (or a denial of service). 2018-08-04 not yet calculated CVE-2018-14938
MISC(link is external)
MISC(link is external)

softnas -- cloud

A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root permissions. 2018-08-03 not yet calculated CVE-2018-14417
FULLDISC
BID(link is external)
CONFIRM(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)

sonicwall -- global_management_system

A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier. 2018-08-03 not yet calculated CVE-2018-9866
MISC(link is external)
CONFIRM(link is external)
MISC(link is external)
subrion -- cms uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads). 2018-08-01 not yet calculated CVE-2018-14840
MISC(link is external)
MISC(link is external)
subrion -- subrion_cms Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping added to the tooltip information being displayed in multiple areas. 2018-08-01 not yet calculated CVE-2018-14835
MISC(link is external)
MISC(link is external)
subrion -- subrion
 
Subrion 4.2.1 is vulnerable to Improper Access control because user groups not having access to the Admin panel are able to access it (but not perform actions) if the Guests user group has access to the Admin panel. 2018-08-01 not yet calculated CVE-2018-14836
MISC(link is external)
symfony -- symfony An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises from support for a (legacy) IIS header that lets users override the path in the request URL via the X-Original-URL or X-Rewrite-URL HTTP request header. These headers are designed for IIS support, but it's not verified that the server is in fact running IIS, which means anybody who can send these requests to an application can trigger this. This affects \Symfony\Component\HttpFoundation\Request::prepareRequestUri() where X-Original-URL and X_REWRITE_URL are both used. The fix drops support for these methods so that they cannot be used as attack vectors such as web cache poisoning. 2018-08-03 not yet calculated CVE-2018-14773
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM
symfony -- symfony An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection. 2018-08-03 not yet calculated CVE-2018-14774
CONFIRM(link is external)
CONFIRM(link is external)
synology -- diskstation_manager
 
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors. 2018-07-30 not yet calculated CVE-2018-13280
CONFIRM(link is external)

tenable -- securitycenter

In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this issue. 2018-08-02 not yet calculated CVE-2018-1154
CONFIRM(link is external)

tenable -- securitycenter

In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue. 2018-08-02 not yet calculated CVE-2018-1155
CONFIRM(link is external)

tenda -- d152_adsl_routers

Tenda D152 ADSL routers allow XSS via a crafted SSID. 2018-08-03 not yet calculated CVE-2018-14497
MISC(link is external)
ttembed -- ttembed An input validation flaw exists in ttembed. With a crafted input file, an attacker may be able to trigger a denial of service condition due to ttembed trusting attacker controlled values. 2018-08-02 not yet calculated CVE-2018-10922
CONFIRM(link is external)
CONFIRM(link is external)
ttembed -- ttembed
 
Certain input files may trigger an integer overflow in ttembed input file processing. This overflow could potentially lead to corruption of the input file due to a lack of checking return codes of fgetc/fputc function calls. 2018-08-02 not yet calculated CVE-2018-10921
CONFIRM(link is external)
CONFIRM(link is external)
ukcms -- ukcms
 
A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vulnerability is due to the system not strictly filtering the file upload type. An attacker can exploit the vulnerability to upload a script Trojan to admin.php/admin/configset/index/group/upload.html to gain server control by composing a request for a .txt upload and then changing it to a .php upload. The attacker must have admin access to change the upload_file_ext (aka "Allow upload file suffix") setting, and must use "php,php" in this setting to bypass the "php" restriction. 2018-08-03 not yet calculated CVE-2018-14911
MISC(link is external)

universal_media_server -- universal_media_server

In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running UMS, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains. 2018-08-03 not yet calculated CVE-2018-13416
FULLDISC
EXPLOIT-DB(link is external)
vvo -- node-whereis Concatenating unsanitized user input in the `whereis` npm module < 0.4.1 allowed an attacker to execute arbitrary commands. The `whereis` module is deprecated and it is recommended to use the `which` npm module instead. 2018-07-30 not yet calculated CVE-2018-3772
MISC(link is external)
weaselcms -- weaselcms
 
An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site Language, Site Title, Site Description, and Site Keywords on the SETTINGS page. 2018-08-02 not yet calculated CVE-2018-14877
MISC(link is external)
xk72 -- charles
 
Race condition in the Charles Proxy Settings suid binary in Charles Proxy before 4.2.1 allows local users to gain privileges via vectors involving the --self-repair option. 2018-08-03 not yet calculated CVE-2017-15358
MISC(link is external)
EXPLOIT-DB(link is external)
xorg-x11-server -- xorg-x11-server
 
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack. 2018-07-27 not yet calculated CVE-2017-2624
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
CONFIRM
MLIST
GENTOO
GENTOO
MISC(link is external)
yokogawa -- stardom_controllers Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution. 2018-07-31 not yet calculated CVE-2018-10592
BID(link is external)
MISC
CONFIRM(link is external)
yum-utils -- yum-utils
 
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected. 2018-08-01 not yet calculated CVE-2018-10897
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM