본문 바로가기
IT 와 Social 이야기

[US-CERT: Bulletin(SB18-246)] 2018년 8월 27일까지 발표된 보안 취약점

by manga0713 2018. 9. 6.

 

 

 

 

*** 출처: [US-CERT: Bulletin(SB18-246)] 2018년 8월 27일까지 발표된 보안 취약점

 

 

 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no medium vulnerabilities recorded this week.
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
a10 -- acos_web_application_firewall A10 ACOS Web Application Firewall (WAF) 2.7.1 and 2.7.2 before 2.7.2-P12, 4.1.0 before 4.1.0-P11, 4.1.1 before 4.1.1-P8, and 4.1.2 before 4.1.2-P4 mishandles the configured rules for blocking SQL injection attacks, aka A10-2017-0008. 2018-08-27 not yet calculated CVE-2018-15904
CONFIRM(link is external)
abb -- esoms ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability. 2018-08-29 not yet calculated CVE-2018-14805
BID(link is external)
MISC
CONFIRM(link is external)
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-08-29 not yet calculated CVE-2018-12808
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution. 2018-08-29 not yet calculated CVE-2018-12799
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
adobe -- creative_cloud Adobe Creative Cloud Desktop Application before 4.6.1 has an improper certificate validation vulnerability. Successful exploitation could lead to privilege escalation. 2018-08-29 not yet calculated CVE-2018-12829
BID(link is external)
CONFIRM(link is external)
adobe -- creative_cloud Adobe Creative Cloud Desktop Application before 4.5.5.342 (installer) has an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. 2018-08-29 not yet calculated CVE-2018-5003
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
adobe -- experience_manager Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have an input validation bypass vulnerability. Successful exploitation could lead to unauthorized information modification. 2018-08-29 not yet calculated CVE-2018-12807
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
adobe -- experience_manager Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2018-08-29 not yet calculated CVE-2018-12806
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
adobe -- flash_player Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-08-29 not yet calculated CVE-2018-12826
BID(link is external)
SECTRACK(link is external)
REDHAT(link is external)
CONFIRM(link is external)
adobe -- flash_player Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-08-29 not yet calculated CVE-2018-12827
BID(link is external)
SECTRACK(link is external)
REDHAT(link is external)
CONFIRM(link is external)
EXPLOIT-DB(link is external)
adobe -- flash_player Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Successful exploitation could lead to security mitigation bypass. 2018-08-29 not yet calculated CVE-2018-12825
BID(link is external)
SECTRACK(link is external)
REDHAT(link is external)
CONFIRM(link is external)
adobe -- flash_player Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-08-29 not yet calculated CVE-2018-12824
BID(link is external)
SECTRACK(link is external)
REDHAT(link is external)
CONFIRM(link is external)
adobe -- flash_player Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability. Successful exploitation could lead to privilege escalation. 2018-08-29 not yet calculated CVE-2018-12828
BID(link is external)
SECTRACK(link is external)
REDHAT(link is external)
CONFIRM(link is external)
adobe -- photoshop_cc Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution. 2018-08-29 not yet calculated CVE-2018-12811
BID(link is external)
CONFIRM(link is external)
adobe -- photoshop_cc Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution. 2018-08-29 not yet calculated CVE-2018-12810
BID(link is external)
CONFIRM(link is external)
alcatel -- a30_device The Alcatel A30 device with a build fingerprint of TCL/5046G/MICKEY6US:7.0/NRD90M/J63:user/release-keys contains a hidden privilege escalation capability to achieve command execution as the root user. They have made modifications that allow a user with physical access to the device to obtain a root shell via ADB. Modifying the read-only properties by an app as the system user creates a UNIX domain socket named factory_test that will execute commands as the root user by processes that have privilege to access it (as per the SELinux rules that the vendor controls). 2018-08-29 not yet calculated CVE-2018-6597
MISC(link is external)
amazon – amazon_web_services An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog. 2018-08-24 not yet calculated CVE-2018-15869
BID(link is external)
MISC(link is external)
apache -- perl
 
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes. 2018-08-26 not yet calculated CVE-2011-2767
MISC
MISC
apache -- traffic_server There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions. 2018-08-29 not yet calculated CVE-2018-8004
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
MLIST
DEBIAN
apache -- traffic_server A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. This affects version 6.2.2. To resolve this issue users running 6.2.2 should upgrade to 6.2.3 or later versions. 2018-08-29 not yet calculated CVE-2018-8022
BID(link is external)
CONFIRM(link is external)
MLIST
apache -- traffic_server Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions. 2018-08-29 not yet calculated CVE-2018-8040
BID(link is external)
CONFIRM(link is external)
MLIST
MLIST
DEBIAN
apache -- traffic_server When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x users should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions. 2018-08-29 not yet calculated CVE-2018-8005
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
MLIST
DEBIAN
apache -- traffic_server Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server (ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions. 2018-08-29 not yet calculated CVE-2018-1318
BID(link is external)
CONFIRM(link is external)
MLIST
DEBIAN
argus -- surveillance_dvr Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter. 2018-08-30 not yet calculated CVE-2018-15745
MISC
MISC(link is external)
EXPLOIT-DB(link is external)
artifex -- ghostscript In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code. 2018-08-28 not yet calculated CVE-2018-15911
MISC(link is external)
MISC(link is external)
MISC
artifex -- ghostscript In Artifex Ghostscript 9.23 before 2018-08-23, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. 2018-08-27 not yet calculated CVE-2018-15910
MISC(link is external)
MISC
artifex -- ghostscript In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code. 2018-08-27 not yet calculated CVE-2018-15909
MISC(link is external)
MISC(link is external)
BID(link is external)
MISC
artifex -- ghostscript In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files. 2018-08-27 not yet calculated CVE-2018-15908
MISC(link is external)
MISC
aspcm -- aspcms An issue was discovered in ASPCMS 2.5.6. When registering ordinary users in the addUser function of the /member/reg.asp page, they can be registered with the super administrators GroupID directly. 2018-08-26 not yet calculated CVE-2018-15888
MISC
MISC
asus -- dsl-n12e_c1 Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request. 2018-08-27 not yet calculated CVE-2018-15887
MISC(link is external)
asustor -- data_master ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field. 2018-08-27 not yet calculated CVE-2018-15699
MISC(link is external)
asustor -- data_master ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. For example, /home/admin/.ash_history. 2018-08-27 not yet calculated CVE-2018-15697
MISC(link is external)
asustor -- data_master ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi. 2018-08-27 not yet calculated CVE-2018-15698
MISC(link is external)
asustor -- data_master ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi. 2018-08-27 not yet calculated CVE-2018-15696
MISC(link is external)
asustor -- data_master ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi. 2018-08-27 not yet calculated CVE-2018-15695
MISC(link is external)
asustor -- data_master ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled. 2018-08-27 not yet calculated CVE-2018-15694
MISC(link is external)
atlassian -- jira Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and before version 7.11.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the epic colour field of an issue while an issue is being moved. 2018-08-28 not yet calculated CVE-2018-13395
CONFIRM(link is external)
atlassian -- jira_server The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and from version 7.11.0 before version 7.11.2 allows remote attackers who can access & view an issue to obtain the email address of the reporter and assignee user of an issue despite the configured email visibility setting being set to hidden. 2018-08-28 not yet calculated CVE-2018-13391
BID(link is external)
CONFIRM(link is external)
auth0 -- auth0
 
An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations. 2018-08-28 not yet calculated CVE-2018-15121
CONFIRM(link is external)
bludit -- bludit
 
Bludit 2.3.4 allows XSS via a user name. 2018-09-01 not yet calculated CVE-2018-16313
MISC(link is external)
ca -- ppm An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks. 2018-08-30 not yet calculated CVE-2018-13826
CONFIRM(link is external)
ca -- ppm Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information. 2018-08-30 not yet calculated CVE-2018-13822
CONFIRM(link is external)
ca -- ppm Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks. 2018-08-30 not yet calculated CVE-2018-13825
CONFIRM(link is external)
ca -- ppm Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks. 2018-08-30 not yet calculated CVE-2018-13824
CONFIRM(link is external)
ca -- ppm An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information. 2018-08-30 not yet calculated CVE-2018-13823
CONFIRM(link is external)
ca -- release_automation Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code. 2018-08-30 not yet calculated CVE-2018-15691
SECTRACK(link is external)
CONFIRM(link is external)
ca -- unified_infrastructure_management A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. 2018-08-30 not yet calculated CVE-2018-13820
CONFIRM(link is external)
ca -- unified_infrastructure_management A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. 2018-08-30 not yet calculated CVE-2018-13819
CONFIRM(link is external)
ca -- unified_infrastructure_management A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing. 2018-08-30 not yet calculated CVE-2018-13821
CONFIRM(link is external)
cms -- isweb CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or oggettiRicerca parameter to index.php. 2018-08-29 not yet calculated CVE-2018-15562
MISC(link is external)
conference-scheduler-cli -- conference-scheduler-cli
 
In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call. 2018-08-28 not yet calculated CVE-2018-14572
MISC(link is external)
couchbase -- couchbase_server An issue was discovered in Couchbase Server. Authenticated users can send arbitrary Erlang code to the 'diag/eval' endpoint of the REST API (available by default on TCP/8091 and/or TCP/18091). The executed code in the underlying operating system will run with the privileges of the user running Couchbase server. 2018-08-24 not yet calculated CVE-2018-15728
BUGTRAQ
BID(link is external)
cpanel -- cpanel cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering. 2018-08-30 not yet calculated CVE-2018-16236
MISC(link is external)
cybrotech -- cybrohttpserver Cybrotech CyBroHttpServer 1.0.3 allows XSS via a URI. 2018-08-29 not yet calculated CVE-2018-16134
MISC(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
cybrotech -- cybrohttpserver Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI. 2018-08-29 not yet calculated CVE-2018-16133
MISC(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
d-link -- dir-601_devices An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account (which is a low privilege account) access, an attacker can intercept the response from a POST request to obtain "Admin" rights due to the admin password being displayed in XML. 2018-08-29 not yet calculated CVE-2018-12710
FULLDISC
EXPLOIT-DB(link is external)
d-link -- dir-615_devices D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header. 2018-08-28 not yet calculated CVE-2018-15839
MISC(link is external)

dabeaz -- ply

In PLY (aka Python Lex-Yacc) 3.11, as used in pycparser and other products, a pickle.load call (within the read_pickle function of the LRTable class in yacc.py) on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call. 2018-08-28 not yet calculated CVE-2018-14400
MISC(link is external)
damicms -- damicms An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html file. 2018-08-30 not yet calculated CVE-2018-16238
MISC(link is external)
damicms -- damicms admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password. 2018-09-01 not yet calculated CVE-2018-16331
MISC(link is external)
damicms -- damicms An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI. 2018-08-30 not yet calculated CVE-2018-16237
MISC(link is external)
damicms -- damicms An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() function for cookies, which makes it possible to determine the cookie for an existing admin session via 10800 guesses. 2018-08-30 not yet calculated CVE-2018-16239
MISC(link is external)
docker -- docker_for_windows HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges. 2018-08-31 not yet calculated CVE-2018-15514
MISC(link is external)
MISC(link is external)
MISC(link is external)
e107 -- e107
 
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators. 2018-08-28 not yet calculated CVE-2018-15901
MISC(link is external)
eaton -- power_xpert_meter Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option. 2018-08-30 not yet calculated CVE-2018-16158
MISC(link is external)
MISC(link is external)
eaton -- power_xpert_meter Michael Roth Software Personal FTP Server (PFTP) through 8.4f allows remote attackers to cause a denial of service (daemon crash) via an unspecified sequence of FTP commands. 2018-08-30 not yet calculated CVE-2018-16231
MISC(link is external)
elfutils -- elfutils dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. 2018-08-28 not yet calculated CVE-2018-16062
MISC
MISC
episerver -- episerver
 
XML external entity (XXE) vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx. 2018-08-29 not yet calculated CVE-2017-17762
MISC(link is external)
MISC(link is external)
epson -- iprint_application_6.6.3_for_android The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services. 2018-08-30 not yet calculated CVE-2018-14901
MISC(link is external)
epson -- iprint_application_6.6.3_for_android The ContentProvider in the EPSON iPrint application 6.6.3 for Android does not properly restrict data access. This allows an attacker's application to read scanned documents. 2018-08-30 not yet calculated CVE-2018-14902
MISC(link is external)
epson -- wf-2750_printer_with_firmware_jp02i2 On the EPSON WF-2750 printer with firmware JP02I2, the Web interface AirPrint Setup page is vulnerable to HTML Injection that can redirect users to malicious sites. 2018-08-30 not yet calculated CVE-2018-14899
MISC(link is external)
epson -- wf-2750_printer_with_firmware_jp02i2 EPSON WF-2750 printers with firmware JP02I2 do not properly validate files before running updates, which allows remote attackers to cause a printer malfunction or send malicious data to the printer. 2018-08-30 not yet calculated CVE-2018-14903
MISC(link is external)
epson -- wf-2750_printer_with_firmware_jp02i2 On EPSON WF-2750 printers with firmware JP02I2, there is no filtering of print jobs. Remote attackers can send print jobs directly to the printer via TCP port 9100. 2018-08-30 not yet calculated CVE-2018-14900
MISC(link is external)
exiv2 -- exiv2 Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999. 2018-09-01 not yet calculated CVE-2018-16336
MISC(link is external)
fig2dev -- fig2dev
 
A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file. 2018-08-29 not yet calculated CVE-2018-16140
MISC(link is external)
foxit -- reader
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6683. 2018-08-30 not yet calculated CVE-2018-14317
CONFIRM(link is external)
MISC(link is external)
getsimple -- cms There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field. 2018-09-01 not yet calculated CVE-2018-16325
MISC(link is external)
gleez -- cms There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add. 2018-08-25 not yet calculated CVE-2018-15845
MISC(link is external)
EXPLOIT-DB(link is external)
google -- chrome Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. 2018-08-28 not yet calculated CVE-2017-15410
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page. 2018-08-28 not yet calculated CVE-2017-15415
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2018-08-28 not yet calculated CVE-2017-15417
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome Inappropriate implementation in browser navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2018-08-28 not yet calculated CVE-2017-15420
SECTRACK(link is external)
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
DEBIAN
google -- chrome Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2018-08-28 not yet calculated CVE-2017-15418
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read. 2018-08-28 not yet calculated CVE-2017-15416
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic. 2018-08-28 not yet calculated CVE-2017-15423
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2018-08-28 not yet calculated CVE-2017-15399
BID(link is external)
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. 2018-08-28 not yet calculated CVE-2017-15422
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
UBUNTU(link is external)
DEBIAN
google -- chrome Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. 2018-08-28 not yet calculated CVE-2017-15424
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome Unsafe navigation in Chromecast in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. 2018-08-28 not yet calculated CVE-2017-15430
MISC(link is external)
MISC(link is external)
google -- chrome Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page. 2018-08-28 not yet calculated CVE-2017-15419
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. 2018-08-28 not yet calculated CVE-2017-15411
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server. 2018-08-28 not yet calculated CVE-2017-15407
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. 2018-08-28 not yet calculated CVE-2017-15425
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. 2018-08-28 not yet calculated CVE-2017-15426
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium. 2018-08-28 not yet calculated CVE-2017-15408
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome A stack buffer overflow in V8 in Google Chrome prior to 62.0.3202.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. 2018-08-28 not yet calculated CVE-2017-15406
MISC(link is external)
MISC(link is external)
google -- chrome Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2018-08-28 not yet calculated CVE-2017-15409
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar. 2018-08-28 not yet calculated CVE-2017-15427
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2018-08-28 not yet calculated CVE-2017-15412
SECTRACK(link is external)
REDHAT(link is external)
REDHAT(link is external)
MISC
MISC(link is external)
MISC(link is external)
MLIST
GENTOO
DEBIAN
google -- chrome Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2018-08-28 not yet calculated CVE-2017-15413
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. 2018-08-28 not yet calculated CVE-2017-15429
BID(link is external)
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server. 2018-08-28 not yet calculated CVE-2017-15398
BID(link is external)
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
google -- chrome
 
A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2018-08-28 not yet calculated CVE-2017-15396
MISC
BID(link is external)
REDHAT(link is external)
MISC(link is external)
MISC(link is external)
GENTOO
DEBIAN
grafana -- grafana
 
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user. 2018-08-29 not yet calculated CVE-2018-15727
BID(link is external)
CONFIRM(link is external)
ibm -- cloud_orchestrator A vulnerability has been identified in IBM Cloud Orchestrator 2.3, 2.3.0.1, 2.4, and 2.4.0.1 that could allow an attacker after authentication to enumerate valid users of the system. IBM X-Force ID: 109394. 2018-08-30 not yet calculated CVE-2016-0205
XF(link is external)
CONFIRM(link is external)
ibm -- maximo_asset_management IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145968. 2018-08-24 not yet calculated CVE-2018-1699
BID(link is external)
XF(link is external)
CONFIRM(link is external)
ibm -- openpages_grc_platform IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser. IBM X-Force ID: 110303. 2018-08-30 not yet calculated CVE-2016-0234
CONFIRM(link is external)
XF(link is external)
ibm -- platform_symphony IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 contain an information disclosure vulnerability that could allow an authenticated attacker to obtain highly sensitive information. IBM X-Force ID: 146340. 2018-08-28 not yet calculated CVE-2018-1705
XF(link is external)
CONFIRM(link is external)
ibm -- security_access_manager_appliance IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running. IBM X-Force ID: 147370. 2018-08-24 not yet calculated CVE-2018-1722
BID(link is external)
SECTRACK(link is external)
XF(link is external)
CONFIRM(link is external)
ibm -- urbancode_deploy IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. IBM X-Force ID: 112119. 2018-08-30 not yet calculated CVE-2016-0373
CONFIRM(link is external)
XF(link is external)
ibm -- websphere_application_server_liberty IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication SPI for Containers (JASPIC). This can happen when the Application Server is configured to permit access on non-secure (http) port and using JASPIC or JSR375 authentication. 2018-08-24 not yet calculated CVE-2018-1755
BID(link is external)
SECTRACK(link is external)
XF(link is external)
CONFIRM(link is external)
ibm -- websphere_commerce IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another user. 2018-08-27 not yet calculated CVE-2018-1644
CONFIRM(link is external)
XF(link is external)
icewarp -- server In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. 2018-09-01 not yet calculated CVE-2018-16324
MISC(link is external)
MISC(link is external)
icms -- icms An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability. 2018-09-01 not yet calculated CVE-2018-16332
MISC(link is external)
idera -- up.time An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands. 2018-08-27 not yet calculated CVE-2015-9263
MISC(link is external)
EXPLOIT-DB(link is external)
MISC(link is external)
idreamsoft -- icms An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header. 2018-09-01 not yet calculated CVE-2018-16314
MISC(link is external)
idreamsoft -- icms idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file. 2018-09-01 not yet calculated CVE-2018-16320
MISC(link is external)
idreamsoft -- icms An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14858. 2018-08-27 not yet calculated CVE-2018-15895
MISC(link is external)
imagemagick -- imagemagick In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c. 2018-09-01 not yet calculated CVE-2018-16329
MISC(link is external)
imagemagick -- imagemagick ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data. 2018-09-01 not yet calculated CVE-2018-16323
MISC(link is external)
imagemagick -- imagemagick
 
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. 2018-09-01 not yet calculated CVE-2018-16328
MISC(link is external)
infoblox -- netmri Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter. 2018-08-28 not yet calculated CVE-2018-6643
MISC(link is external)
joomla -- joomla An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter. 2018-08-28 not yet calculated CVE-2018-15882
BID(link is external)
CONFIRM
joomla -- joomla An issue was discovered in Joomla! before 3.8.12. Inadequate checks regarding disabled fields can lead to an ACL violation. 2018-08-28 not yet calculated CVE-2018-15881
BID(link is external)
CONFIRM
joomla -- joomla
 
The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=com_joomanager&controller=details&task=download&path=configuration.php request. 2018-08-26 not yet calculated CVE-2017-18345
MISC(link is external)
MISC
EXPLOIT-DB(link is external)
joomla -- joomla
 
An issue was discovered in Joomla! before 3.8.12. Inadequate output filtering on the user profile page could lead to a stored XSS attack. 2018-08-28 not yet calculated CVE-2018-15880
BID(link is external)
CONFIRM
lansweeper -- lansweeper Lansweeper 4.x through 6.x before 6.0.0.48 allows attackers to execute arbitrary code on the administrator's workstation via a crafted Windows service. 2018-08-27 not yet calculated CVE-2015-9264
MISC(link is external)
libtiff -- libtiff newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. 2018-09-01 not yet calculated CVE-2018-16335
MISC
libtirpc -- libtirpc A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections. 2018-08-30 not yet calculated CVE-2018-14622
CONFIRM
REDHAT(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
MLIST
libtirpc -- libtirpc
 
An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted. 2018-08-30 not yet calculated CVE-2018-14621
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
libx11 -- libx11 An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact. 2018-08-24 not yet calculated CVE-2018-14599
MLIST(link is external)
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
CONFIRM
MLIST
MLIST
UBUNTU(link is external)
libx11 -- libx11 An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution. 2018-08-24 not yet calculated CVE-2018-14600
MLIST(link is external)
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
CONFIRM
MLIST
MLIST
UBUNTU(link is external)
libx11 -- libx11
 
An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault). 2018-08-24 not yet calculated CVE-2018-14598
MLIST(link is external)
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
CONFIRM
MLIST
MLIST
UBUNTU(link is external)
libzypp -- libzypp
 
The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download. 2018-08-31 not yet calculated CVE-2018-7685
MISC(link is external)
CONFIRM(link is external)
MISC(link is external)
lightbend -- akka Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. A random number generator is used in Akka Remoting for TLS (both classic and Artery Remoting). Akka allows configuration of custom random number generators. For historical reasons, Akka included the AES128CounterSecureRNG and AES256CounterSecureRNG random number generators. The implementations had a bug that caused the generated numbers to be repeated after only a few bytes. The custom RNG implementations were not configured by default but examples in the documentation showed (and therefore implicitly recommended) using the custom ones. This can be used by an attacker to compromise the communication if these random number generators are enabled in configuration. It would be possible to eavesdrop, replay, or modify the messages sent with Akka Remoting/Cluster. 2018-08-29 not yet calculated CVE-2018-16115
MISC(link is external)
lightbend -- akka The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service (memory consumption and daemon crash) via a ZIP bomb. 2018-08-30 not yet calculated CVE-2018-16131
MISC(link is external)
MISC(link is external)
MISC(link is external)
linux -- linux_kernel An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges. 2018-08-31 not yet calculated CVE-2018-16276
MISC
MISC
MISC(link is external)
linux -- linux_kernel A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed while it is still in use leading to a local user being able to crash the system or possibly escalate privileges. 2018-08-30 not yet calculated CVE-2018-14619
CONFIRM(link is external)
CONFIRM
linux -- linux_kernel
 
A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. 2018-08-27 not yet calculated CVE-2018-10938
MLIST
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
CONFIRM
manjaro -- linux An issue was discovered in manjaro-update-system.sh in manjaro-system 20180716-1 on Manjaro Linux. A local attacker can install or remove arbitrary packages and package repositories potentially containing hooks with arbitrary code, which will automatically be run as root, or remove packages vital to the system. 2018-08-29 not yet calculated CVE-2018-15912
CONFIRM
MLIST

mediacomm -- zip-n-go

MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted file. 2018-09-01 not yet calculated CVE-2018-16302
EXPLOIT-DB(link is external)
micro_focus -- service_management_automation_containerized_suites Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05, Service Virtualization (SV) with floating licenses using Any version using APLS older than 10.7, Unified Functional Testing (UFT) with floating licenses using Any version using APLS older than 10.7, Network Virtualization (NV) with floating licenses using Any version using APLS older than 10.7 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution. 2018-08-30 not yet calculated CVE-2018-6499
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
micro_focus -- service_management_automation_containerized_suites
 
Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution. 2018-08-30 not yet calculated CVE-2018-6498
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
minicms -- minicms An issue was discovered in MiniCMS 1.10. There is a post.php?date= XSS vulnerability. 2018-08-27 not yet calculated CVE-2018-15899
MISC(link is external)
minicms -- minicms An issue was discovered in MiniCMS 1.10. There is an mc-admin/post.php?tag= XSS vulnerability for a state=delete, state=draft, or state=publish request. 2018-08-31 not yet calculated CVE-2018-16298
MISC(link is external)
minicms -- minicms MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter. 2018-08-30 not yet calculated CVE-2018-16233
MISC(link is external)
morningstar -- whatweb MorningStar WhatWeb 0.4.9 has XSS via JSON report files. 2018-08-30 not yet calculated CVE-2018-16234
MISC(link is external)
mutiny -- monitoring_appliance A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload. 2018-08-28 not yet calculated CVE-2018-15529
MISC(link is external)
MISC(link is external)
mybb -- mybb
 
An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles (within title elements of the generated XML documents) aren't sanitized, leading to XSS. 2018-08-28 not yet calculated CVE-2018-15596
CONFIRM(link is external)
mystrom -- wifi_switch_and_bulb_and_led_strip_and_button_devices An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. Devices did not authenticate themselves to the cloud in device to cloud communication. This lack of device authentication allowed an attacker to impersonate any device by guessing or learning their MAC address. 2018-08-30 not yet calculated CVE-2018-15479
MISC(link is external)
mystrom -- wifi_switch_and_bulb_and_led_strip_and_button_devices An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The process of registering a device with a cloud account was based on an activation code derived from the device MAC address. By guessing valid MAC addresses or using MAC addresses printed on devices in shops and reverse engineering the protocol, an attacker would have been able to register previously unregistered devices to their account. When the rightful owner would have connected them after purchase to their WiFi network, the devices would not have registered with their account, would subsequently not have been controllable from the owner's mobile app, and would not have been visible in the owner's account. Instead, they would have been under control of the attacker. 2018-08-30 not yet calculated CVE-2018-15478
MISC(link is external)
mystrom -- wifi_switch_and_bulb_and_led_strip_and_button_devices An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The SSL/TLS server certificate in the device to cloud communication was not verified by the device. As a result, an attacker in control of the network traffic of a device could have taken control of a device by intercepting and modifying commands issued from the server to the device in a Man-in-the-Middle attack. This included the ability to inject firmware update commands into the communication and cause the device to install maliciously modified firmware. 2018-08-30 not yet calculated CVE-2018-15476
MISC(link is external)
mystrom -- wifi_switch_and_bulb_and_led_strip_and_button_devices An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The cloud API had a hidden parameter, which allowed an authenticated user to reconfigure the server URL for a device registered to their account. In combination with an insecure device registration vulnerability, this allowed an attacker to reconfigure a maliciously registered device to their own rogue replica of the myStrom API and issue commands to the device, including firmware update commands. 2018-08-30 not yet calculated CVE-2018-15480
MISC(link is external)
mystrom -- wifi_switch_devices myStrom WiFi Switch V1 devices before 2.66 did not sanitize a parameter received from the cloud that was used in an OS command. Malicious servers were able to run operating system commands on the device. 2018-08-30 not yet calculated CVE-2018-15477
MISC(link is external)
norton -- identity_safe The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihood of encrypted data being recovered without adequate credentials. 2018-08-29 not yet calculated CVE-2018-12240
BID(link is external)
CONFIRM(link is external)
npm -- mosca This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacker can leverage this vulnerability to deny access to the target system. Was ZDI-CAN-6306. 2018-08-30 not yet calculated CVE-2018-11615
MISC(link is external)
nvidia -- geforce_experience NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges, or both. 2018-08-31 not yet calculated CVE-2018-6257
CONFIRM(link is external)
nvidia -- geforce_experience NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a Man-in-the-Middle (MitM) attack to obtain sensitive information. 2018-08-31 not yet calculated CVE-2018-6258
CONFIRM(link is external)
nvidia -- geforce_experience NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where limited information disclosure may be possible. 2018-08-31 not yet calculated CVE-2018-6259
CONFIRM(link is external)
open_whisper -- signal_app The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images. This allows for a large image sent to a user to exhaust all available memory when the image is displayed, resulting in a forced restart of the device. 2018-08-29 not yet calculated CVE-2018-16132
MISC
openssh -- openssh Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.' 2018-08-28 not yet calculated CVE-2018-15919
MISC
BID(link is external)
openstack-cinder -- openstack-cinder
 
A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants. 2018-08-27 not yet calculated CVE-2017-15139
CONFIRM(link is external)
MISC
opswat -- metadefender OPSWAT MetaDefender before v4.11.2 allows CSV injection. 2018-08-31 not yet calculated CVE-2018-16275
CONFIRM(link is external)
orbic -- wonder_orbic_release-keys_devices An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices, allowing attackers to obtain sensitive information (such as text-message content) by reading a copy of the Android log on the SD card. The system-wide Android logs are not directly available to third-party apps since they tend to contain sensitive data. Third-party apps can read from the log but only the log messages that the app itself has written. Certain apps can leak data to the Android log due to not sanitizing log messages, which is in an insecure programming practice. Pre-installed system apps and apps that are signed with the framework key can read from the system-wide Android log. We found a pre-installed app on the Orbic Wonder that when started via an Intent will write the Android log to the SD card, also known as external storage, via com.ckt.mmitest.MmiMainActivity. Any app that requests the READ_EXTERNAL_STORAGE permission can read from the SD card. Therefore, a local app on the device can quickly start a specific component in the pre-installed system app to have the Android log written to the SD card. Therefore, any app co-located on the device with the READ_EXTERNAL_STORAGE permission can obtain the data contained within the Android log and continually monitor it and mine the log for relevant data. In addition, the default messaging app (com.android.mms) writes the body of sent and received text messages to the Android log, as well as the recipient phone number for sent text messages and the sending phone number for received text messages. In addition, any call data contains phone numbers for sent and received calls. 2018-08-29 not yet calculated CVE-2018-6599
MISC(link is external)
orbic -- wonder_orbic_release-keys_devices An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices. Any app co-located on the device can send an intent to factory reset the device programmatically because of com.android.server.MasterClearReceiver. This does not require any user interaction and does not require any permission to perform. A factory reset will remove all user data from the device. This will result in the loss of any data that the user has not backed up or synced externally. This capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves), although this capability is present in an unprotected component of the Android OS. This vulnerability is not present in Google's Android Open Source Project (AOSP) code. Therefore, it was introduced by Orbic or another entity in the supply chain. 2018-08-29 not yet calculated CVE-2018-6598
MISC(link is external)
ovation -- findme Ovation FindMe 1.4-1083-1 is intended to support transmission of network traffic from covert video recorders but does not properly disrupt binary analysis for discovering the product's capabilities or purpose. This makes it easier for adversaries to detect the covert operation. Specifically, the product uses a compression technique to prevent the identification of certain libraries in the software by obfuscation. The software relies on a TLS callback and an additional executable file to enable these libraries and their access to certain websites. The unpacked software can be exploited by several different types of documented techniques. 2018-08-26 not yet calculated CVE-2018-15885
MISC(link is external)
pandao -- editor.md Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element. 2018-09-01 not yet calculated CVE-2018-16330
MISC(link is external)
pango -- pango
 
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences. 2018-08-24 not yet calculated CVE-2018-15120
MISC(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
MLIST
UBUNTU(link is external)
EXPLOIT-DB(link is external)
pdf-xchange -- editor PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564. 2018-09-01 not yet calculated CVE-2018-16303
MISC(link is external)
phpkaiyuancms -- phpopensourcecms phpkaiyuancms PhpOpenSourceCMS (POSCMS) V3.2.0 allows an unauthenticated user to execute arbitrary SQL commands via the diy/module/member/controllers/Api.php ajax_save_draft function with the dir parameter. 2018-08-31 not yet calculated CVE-2018-16278
MISC(link is external)
phpmyadmin -- phpmyadmin An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature. 2018-08-24 not yet calculated CVE-2018-15605
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
phpmyfaq -- phpmyfaq phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter. 2018-08-28 not yet calculated CVE-2014-6049
MISC(link is external)
CONFIRM(link is external)
phpmyfaq -- phpmyfaq phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks. 2018-08-28 not yet calculated CVE-2014-6047
MISC(link is external)
CONFIRM(link is external)
phpmyfaq -- phpmyfaq SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function. 2018-08-28 not yet calculated CVE-2014-6045
MISC(link is external)
CONFIRM(link is external)
phpmyfaq -- phpmyfaq Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token. 2018-08-28 not yet calculated CVE-2014-6046
MISC(link is external)
CONFIRM(link is external)
phpmyfaq -- phpmyfaq phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request. 2018-08-28 not yet calculated CVE-2014-6050
MISC(link is external)
CONFIRM(link is external)
phpmyfaq -- phpmyfaq phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request. 2018-08-28 not yet calculated CVE-2014-6048
MISC(link is external)
CONFIRM(link is external)
phpok -- phpok PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login_control.php via the _back parameter to the ok_f function. 2018-08-30 not yet calculated CVE-2018-16142
MISC(link is external)
phpscriptsmall.com -- website_seller_script PHP Scripts Mall Website Seller Script 2.0.5 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, Company Name, or Fax field, as demonstrated by crossPwn. 2018-08-28 not yet calculated CVE-2018-15897
MISC(link is external)
phpscriptsmall.com -- website_seller_script PHP Scripts Mall Website Seller Script 2.0.5 has XSS via Personal Address or Company Name. 2018-08-28 not yet calculated CVE-2018-15896
MISC(link is external)
podofo -- podofo
 
In podofo 0.9.6, the function PoDoFo::PdfParser::ReadObjects() in base/PdfParser.cpp can cause the program to be aborted, because PoDoFo::PdfVecObjects::Reserve() in base/PdfVecObjects.h can be called with a large size value. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. 2018-08-26 not yet calculated CVE-2018-15889
MISC(link is external)
MISC(link is external)
portainer -- portainer A stored Cross-site scripting (XSS) vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field. 2018-09-01 not yet calculated CVE-2018-16316
MISC(link is external)
postgresql-jdbc -- postgresql-jdbc
 
A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA. 2018-08-30 not yet calculated CVE-2018-10936
CONFIRM(link is external)
CONFIRM
qemu -- qemu qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread. 2018-08-29 not yet calculated CVE-2018-15746
MLIST(link is external)
MLIST
qnap -- photo_station Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascript code in the compromised application. 2018-08-27 not yet calculated CVE-2018-0715
CONFIRM(link is external)
responsive_filemanager -- responsive_filemanager /filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is outside of that directory, aka Directory Traversal. 2018-08-24 not yet calculated CVE-2018-15535
FULLDISC
EXPLOIT-DB(link is external)
responsive_filemanager -- responsive_filemanager /filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal. 2018-08-24 not yet calculated CVE-2018-15536
FULLDISC
EXPLOIT-DB(link is external)
ricoh -- mp_c4504ex_devices RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter. 2018-08-28 not yet calculated CVE-2018-15884
MISC(link is external)
EXPLOIT-DB(link is external)
rsa -- bsafe_micro_edition_suite RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service. 2018-08-31 not yet calculated CVE-2018-11054
FULLDISC
rsa -- bsafe_micro_edition_suite RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection. 2018-08-31 not yet calculated CVE-2018-11055
FULLDISC
rsa -- bsafe_micro_edition_suite RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service. 2018-08-31 not yet calculated CVE-2018-11056
FULLDISC
rsa -- bsafe_micro_edition_suite RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key. 2018-08-31 not yet calculated CVE-2018-11057
FULLDISC
samsung -- smartthings_hub_sth-eth-250_firmware An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process incorrectly handles malformed files existing in its data directory, leading to an infinite loop, which eventually causes the process to crash. An attacker can send an HTTP request to trigger this vulnerability. 2018-08-28 not yet calculated CVE-2018-3926
BID(link is external)
MISC(link is external)
samsung -- smartthings_hub_sth-eth-250_firmware An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the backtrace.io service, leading to the exposure of sensitive data. An attacker can impersonate the remote backtrace.io server in order to trigger this vulnerability. 2018-08-27 not yet calculated CVE-2018-3927
MISC(link is external)
samsung -- smartthings_hub_sth-eth-250_firmware An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. 2018-08-27 not yet calculated CVE-2018-3893
MISC(link is external)
samsung -- smartthings_hub_sth-eth-250_firmware An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. 2018-08-27 not yet calculated CVE-2018-3904
MISC(link is external)
samsung -- smartthings_hub_sth-eth-250_firmware An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync' operation, leading to arbitrary deletion of cameras. An attacker can send an HTTP request to trigger this vulnerability. 2018-08-27 not yet calculated CVE-2018-3918
MISC(link is external)
samsung -- smartthings_hub_sth-eth-250_firmware An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. With the implementation of the on_body callback, defined by sub_41734, an attacker can send an HTTP request to trigger this vulnerability. 2018-08-28 not yet calculated CVE-2018-3908
MISC(link is external)
samsung -- smartthings_hub_sth-eth-250_firmware An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long 'endTime' value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability. 2018-08-28 not yet calculated CVE-2018-3895
MISC(link is external)
samsung -- smartthings_hub_sth-eth-250_firmware An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 136 bytes. An attacker can send an arbitrarily long 'directory' value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability. 2018-08-28 not yet calculated CVE-2018-3916
MISC(link is external)
schneider_electric -- modicon_m221 A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC. 2018-08-29 not yet calculated CVE-2018-7791
BID(link is external)
CONFIRM(link is external)
schneider_electric -- modicon_m221 An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames. 2018-08-29 not yet calculated CVE-2018-7789
BID(link is external)
MISC
CONFIRM(link is external)
schneider_electric -- modicon_m221 An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC. 2018-08-29 not yet calculated CVE-2018-7790
BID(link is external)
CONFIRM(link is external)
schneider_electric -- modicon_m221 A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table. 2018-08-29 not yet calculated CVE-2018-7792
BID(link is external)
CONFIRM(link is external)
schneider_electric -- powerlogic A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code. 2018-08-29 not yet calculated CVE-2018-7795
BID(link is external)
MISC
CONFIRM(link is external)
sentrifugo -- sentrifugo
 
A SQL Injection issue was discovered in Sentrifugo 3.2 via the deptid parameter. 2018-08-28 not yet calculated CVE-2018-15873
MISC(link is external)
simplehttpserver -- simplehttpserver
 
Path traversal in simplehttpserver <v0.2.1 allows listing any file on the server. 2018-08-31 not yet calculated CVE-2018-3787
MISC(link is external)
subrion -- subrion There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration. 2018-09-01 not yet calculated CVE-2018-16327
MISC(link is external)
technicolor -- tc8305c_devices Technicolor (formerly RCA) TC8305C devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852. 2018-08-29 not yet calculated CVE-2018-15907
MISC(link is external)
tencent -- foxmail This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tencent Foxmail 7.2.9.115. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5543. 2018-08-30 not yet calculated CVE-2018-11616
MISC(link is external)

tenda -- multiple_routers

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow. 2018-09-01 not yet calculated CVE-2018-16333
MISC(link is external)
tenda -- multiple_routers An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection. 2018-09-01 not yet calculated CVE-2018-16334
MISC(link is external)
thinkcmf -- thinkcmf ThinkCMF X2.2.3 has an arbitrary file deletion vulnerability in do_avatar in \application\User\Controller\ProfileController.class.php via an imgurl parameter with a ..\ sequence. A member user can delete any file on a Windows server. 2018-08-30 not yet calculated CVE-2018-16141
MISC(link is external)
trend_micro -- officescan_xg A Named Pipe Request Processing Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro OfficeScan XG (12.0) could allow a local attacker to disclose sensitive information on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. 2018-08-30 not yet calculated CVE-2018-15364
CONFIRM(link is external)
MISC(link is external)
trend_micro -- security A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. 2018-08-30 not yet calculated CVE-2018-10513
CONFIRM(link is external)
MISC(link is external)
trend_micro -- security An Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. 2018-08-30 not yet calculated CVE-2018-15363
CONFIRM(link is external)
MISC(link is external)
trend_micro -- security A Missing Impersonation Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. 2018-08-30 not yet calculated CVE-2018-10514
CONFIRM(link is external)
MISC(link is external)
umbraco -- umbraco
 
Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files. 2018-08-27 not yet calculated CVE-2014-10074
MISC
MISC(link is external)
vanilla -- vanilla
 
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items). 2018-08-26 not yet calculated CVE-2018-15833
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
visiology -- flipbox_software_suite Visiology Flipbox Software Suite before 2.7.0 allows directory traversal via %5c%2e%2e%2f because it does not sanitize filename parameters. 2018-08-27 not yet calculated CVE-2018-15810
MISC(link is external)
MISC(link is external)
vivotek -- multiple_devices Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code. 2018-08-29 not yet calculated CVE-2018-14768
CONFIRM(link is external)
CONFIRM(link is external)
waimai -- super_cms In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add. 2018-09-01 not yet calculated CVE-2018-16315
MISC(link is external)
waimai -- super_cms waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=cart&a=save item_totals parameter to zero, the entire cart is sold for free. 2018-08-30 not yet calculated CVE-2018-16157
MISC(link is external)
wireshark -- wireshark In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure. 2018-08-29 not yet calculated CVE-2018-16058
BID(link is external)
MISC
MISC
MISC
wireshark -- wireshark In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations. 2018-08-29 not yet calculated CVE-2018-16057
BID(link is external)
MISC
MISC
MISC
wireshark -- wireshark In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists. 2018-08-29 not yet calculated CVE-2018-16056
BID(link is external)
MISC
MISC
MISC
wordpress -- wordpress An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for WordPress. The register form, login form, and password-recovery form require solving a CAPTCHA to perform actions. However, this is required only once per user session, and therefore one could send as many requests as one wished by automation. 2018-08-26 not yet calculated CVE-2018-15876
MISC(link is external)
wordpress -- wordpress The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request. 2018-08-30 not yet calculated CVE-2018-16159
MISC(link is external)
EXPLOIT-DB(link is external)
wordpress -- wordpress The Plainview Activity Monitor plugin 4.7.11 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request. 2018-08-26 not yet calculated CVE-2018-15877
MISC(link is external)
EXPLOIT-DB(link is external)
wordpress -- wordpress Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the val parameter to whois.php. 2018-08-28 not yet calculated CVE-2014-4932
MISC(link is external)
CONFIRM(link is external)
wordpress -- wordpress The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. 2018-09-01 not yet calculated CVE-2018-16308
MISC(link is external)
MISC
EXPLOIT-DB(link is external)
wordpress -- wordpress
 
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection. 2018-08-28 not yet calculated CVE-2018-15571
MISC(link is external)
EXPLOIT-DB(link is external)
wuzhi -- cms A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter. 2018-08-27 not yet calculated CVE-2018-15893
MISC(link is external)
wuzhi -- cms A SQL injection was discovered in /coreframe/app/admin/pay/admin/index.php in WUZHI CMS 4.1.0 via the index.php?m=pay&f=index&v=listing keyValue parameter. 2018-08-27 not yet calculated CVE-2018-15894
MISC(link is external)
xovis -- pc-series_sensors_firmware Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow Directory Traversal. 2018-08-30 not yet calculated CVE-2018-11720
CONFIRM(link is external)
xovis -- pc-series_sensors_firmware Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE. 2018-08-30 not yet calculated CVE-2018-11719
CONFIRM(link is external)
xovis -- pc-series_sensors_firmware Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF. 2018-08-30 not yet calculated CVE-2018-11718
CONFIRM(link is external)
zoho_manageengine -- admanager_plus Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen. 2018-08-28 not yet calculated CVE-2018-15608
EXPLOIT-DB(link is external)
zoho_manageengine -- admanager_plus Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen. 2018-08-28 not yet calculated CVE-2018-15740
MISC(link is external)
MISC(link is external)
MISC(link is external)
zyxel -- vmg3312_b10b_devices Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter. 2018-08-26 not yet calculated CVE-2018-15602
MISC