본문 바로가기
IT 와 Social 이야기

[US-CERT: Bulletin(SB18-253)] 2018년 9월 3일까지 발표된 보안 취약점

by manga0713 2018. 9. 11.

 

 

 

*** 출처: [US-CERT: Bulletin(SB18-253)] 2018년 9월 3일까지 발표된 보안 취약점

 

 

 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no medium vulnerabilities recorded this week.
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
absolute_software -- ctes_windows_agent
 
An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security permissions on the %ProgramData%\CTES folder and sub-folders may allow write access to low-privileged user accounts. This allows unauthorized replacement of service program executable (EXE) or dynamically loadable library (DLL) files, causing elevated (SYSTEM) user access. Configuration control files or data files under this folder could also be similarly modified to affect service process behavior. 2018-09-08 not yet calculated CVE-2018-16715
CONFIRM(link is external)
adobe -- experience_manager
 
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a Cross-site Scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2018-09-06 not yet calculated CVE-2018-5005
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
adrenaline -- hrms
 
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4.0 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the flexiportal/GeneralInfo.aspx strAction parameter. 2018-09-06 not yet calculated CVE-2018-12234
MISC(link is external)
amcrest -- networked_devices
 
Amcrest networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation, as demonstrated by Amcrest_IPC-HX1X3X-LEXUS_Eng_N_AMCREST_V2.420.AC01.3.R.20180206. 2018-09-05 not yet calculated CVE-2018-16546
MISC
antenna_house -- dmc_htmlfilter
 
An exploitable heap corruption vulnerability exists in the Txo functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS file to trigger this vulnerability. 2018-09-07 not yet calculated CVE-2017-2795
MISC(link is external)
antenna_house -- dmc_htmlfilter
 
An exploitable heap corruption vulnerability exists in the iBldDirInfo functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can provide a malicious xls file to trigger this vulnerability. 2018-09-07 not yet calculated CVE-2017-2792
MISC(link is external)
artifex -- ghostscript
 
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. 2018-09-05 not yet calculated CVE-2018-16541
MISC(link is external)
MISC(link is external)
MISC(link is external)
DEBIAN
artifex -- ghostscript
 
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. 2018-09-05 not yet calculated CVE-2018-16542
MISC(link is external)
MISC
MISC(link is external)
DEBIAN
artifex -- ghostscript
 
An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. 2018-09-06 not yet calculated CVE-2018-16585
MISC(link is external)
MISC(link is external)
MISC
DEBIAN
artifex -- ghostscript
 
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact. 2018-09-05 not yet calculated CVE-2018-16513
MISC(link is external)
MISC(link is external)
MISC(link is external)
DEBIAN
artifex -- ghostscript
 
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact. 2018-09-05 not yet calculated CVE-2018-16540
MISC(link is external)
MISC(link is external)
MISC(link is external)
DEBIAN
artifex -- ghostscript
 
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable. 2018-09-05 not yet calculated CVE-2018-16539
MISC(link is external)
MISC(link is external)
MISC(link is external)
DEBIAN
artifex -- ghostscript
 
An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. 2018-09-05 not yet calculated CVE-2018-16511
MISC(link is external)
MISC
MISC(link is external)
MISC(link is external)
DEBIAN
artifex -- ghostscript
 
In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an unspecified impact. 2018-09-05 not yet calculated CVE-2018-16543
MISC(link is external)
MISC(link is external)
DEBIAN
artifex -- ghostscript
 
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact. 2018-09-05 not yet calculated CVE-2018-16510
MISC(link is external)
MISC(link is external)
MISC(link is external)
artifex -- ghostscript
 
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. 2018-09-05 not yet calculated CVE-2018-16509
MISC(link is external)
MISC(link is external)
MISC(link is external)
CONFIRM(link is external)
MISC
MISC(link is external)
MISC(link is external)
artifex -- mupdf In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow. 2018-09-06 not yet calculated CVE-2018-16648
MISC(link is external)
artifex -- mupdf
 
In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file. 2018-09-06 not yet calculated CVE-2018-16647
MISC(link is external)
asus -- wl-330nul_firmware Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2018-09-07 not yet calculated CVE-2018-0647
JVN(link is external)
MISC(link is external)
auracms -- auracms
 
An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic. 2018-09-02 not yet calculated CVE-2018-16338
MISC(link is external)
baigo -- cms
 
An issue was discovered in baigo CMS v2.1.1. There is an index.php?m=article&c=request CSRF that can cause publication of any article. 2018-09-04 not yet calculated CVE-2018-16458
MISC(link is external)
baijiacms -- baijiacms
 
An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request. 2018-09-08 not yet calculated CVE-2018-16724
MISC(link is external)
baijiacms -- biajiacms
 
An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClipboard.swf id parameter, aka "Non-standard use of the flash component." 2018-09-08 not yet calculated CVE-2018-16725
MISC(link is external)
bit_part -- mtappjquery
 
MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors. 2018-09-07 not yet calculated CVE-2018-0645
JVN(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
bluecms -- bluecms
 
BlueCMS 1.6 allows SQL Injection via the user_name parameter to uploads/user.php?act=index_login. 2018-09-03 not yet calculated CVE-2018-16432
MISC(link is external)
btiteam -- xbtit An issue was discovered in BTITeam XBTIT 2.5.4. The "act" parameter in the sign-up page available at /index.php?page=signup is vulnerable to reflected cross-site scripting. 2018-09-05 not yet calculated CVE-2018-15678
CONFIRM(link is external)
MISC(link is external)
btiteam -- xbtit
 
An issue was discovered in BTITeam XBTIT. PHP error logs are stored in an open directory (/include/logs) using predictable file names, which can lead to full path disclosure and leakage of sensitive data. 2018-09-05 not yet calculated CVE-2018-15684
MISC(link is external)
btiteam -- xbtit
 
An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS via the id parameter. 2018-09-05 not yet calculated CVE-2018-16361
CONFIRM(link is external)
MISC(link is external)
btiteam -- xbtit
 
An issue was discovered in BTITeam XBTIT 2.5.4. The "keywords" parameter in the search function available at /index.php?page=forums&action=search is vulnerable to reflected cross-site scripting. 2018-09-05 not yet calculated CVE-2018-15679
CONFIRM(link is external)
MISC(link is external)
btiteam -- xbtit
 
An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtit_users table are stored as unsalted MD5 hashes, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. 2018-09-05 not yet calculated CVE-2018-15680
MISC(link is external)
btiteam -- xbtit
 
An issue was discovered in BTITeam XBTIT. By using String.replace and eval, it is possible to bypass the includes/crk_protection.php anti-XSS mechanism that looks for a number of dangerous fingerprints. 2018-09-05 not yet calculated CVE-2018-15676
MISC(link is external)
btiteam -- xbtit
 
An issue was discovered in BTITeam XBTIT. The "returnto" parameter of the login page is vulnerable to an open redirect due to a lack of validation. If a user is already logged in when accessing the page, they will be instantly redirected. 2018-09-05 not yet calculated CVE-2018-15683
MISC(link is external)
btiteam -- xbtit
 
An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site request forgery protection, it is possible to automate the action of sending private messages to users by luring an authenticated user to a web page that automatically submits a form on their behalf. 2018-09-05 not yet calculated CVE-2018-15682
MISC(link is external)
btiteam -- xbtit
 
The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF. 2018-09-05 not yet calculated CVE-2018-15677
CONFIRM(link is external)
MISC(link is external)
btiteam -- xbtit
 
An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the "pass" cookie, which is not flagged as HTTPOnly. Due to the weak and predictable salt that is in place, an attacker who successfully steals this cookie can efficiently brute-force it to retrieve the user's cleartext password. 2018-09-05 not yet calculated CVE-2018-15681
MISC(link is external)
canon_it_solutions -- multiple_products Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2018-09-07 not yet calculated CVE-2018-0649
JVN(link is external)
CONFIRM(link is external)
chatwork -- desktop_app_for_windows
 
Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2018-09-07 not yet calculated CVE-2018-0648
JVN(link is external)
MISC(link is external)
chemcms -- chem_cms
 
ChemCMS 1.0.6 has XSS via the "setting -> website information" field. 2018-09-02 not yet calculated CVE-2018-16346
MISC(link is external)
contiki_ng -- contiki_ng
 
An issue was discovered in Contiki-NG through 4.1. There is a buffer over-read in lookup in os/storage/antelope/lvm.c while parsing AQL (lvm_register_variable, lvm_set_variable_value, create_intersection, create_union). 2018-09-07 not yet calculated CVE-2018-16667
MISC(link is external)
contiki_ng -- contiki_ng
 
An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow while parsing AQL in lvm_shift_for_operator in os/storage/antelope/lvm.c. 2018-09-07 not yet calculated CVE-2018-16665
MISC(link is external)
contiki_ng -- contiki_ng
 
An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in next_string in os/storage/antelope/aql-lexer.c while parsing AQL (parsing next string). 2018-09-07 not yet calculated CVE-2018-16666
MISC(link is external)
contiki_ng -- contiki_ng
 
An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow in lvm_set_type in os/storage/antelope/lvm.c while parsing AQL (lvm_set_op, lvm_set_relation, lvm_set_operand). 2018-09-07 not yet calculated CVE-2018-16664
MISC(link is external)
contiki_ng -- contiki_ng
 
An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in parse_relations in os/storage/antelope/aql-parser.c while parsing AQL (storage of relations). 2018-09-07 not yet calculated CVE-2018-16663
MISC(link is external)
contronics -- homeputer_cl_studio_fur_homematic Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack. 2018-09-07 not yet calculated CVE-2017-17691
MISC(link is external)
craftedweb -- craftedweb CraftedWeb through 2013-09-24 has reflected XSS via the p parameter. 2018-09-04 not yet calculated CVE-2018-16450
MISC(link is external)
creme -- crm An XSS issue was discovered in CremeCRM 1.6.12. It is affected by 10 stored Cross-Site Scripting (XSS) vulnerabilities in the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters in the contact creation and modification page. The payload is stored within the application database and allows the execution of JavaScript code each time a client visit an infected page. 2018-09-07 not yet calculated CVE-2018-9283
MISC(link is external)
creme -- crm
 
An issue was discovered in Creme CRM 1.6.12. The value of the cancel button uses the content of the HTTP Referer header, and could be used to trick a user into visiting a fake login page in order to steal credentials. 2018-09-07 not yet calculated CVE-2018-14398
MISC(link is external)
creme -- crm
 
An issue was discovered in Creme CRM 1.6.12. The salesman creation page is affected by 10 stored cross-site scripting vulnerabilities involving the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters. 2018-09-07 not yet calculated CVE-2018-14396
MISC(link is external)
creme -- crm
 
An issue was discovered in Creme CRM 1.6.12. The organization creation page is affected by 9 stored cross-site scripting vulnerabilities involving the name, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters. 2018-09-07 not yet calculated CVE-2018-14397
MISC(link is external)
cscms -- cscms \upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save. 2018-09-08 not yet calculated CVE-2018-16732
MISC(link is external)
MISC(link is external)
cscms -- cscms
 
\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name. 2018-09-08 not yet calculated CVE-2018-16730
MISC(link is external)
MISC(link is external)
cscms -- cscms
 
Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save. 2018-09-04 not yet calculated CVE-2018-16448
MISC(link is external)
cscms -- cscms
 
CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data. 2018-09-08 not yet calculated CVE-2018-16731
MISC(link is external)
MISC(link is external)
cscms -- cscms
 
An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save. 2018-09-02 not yet calculated CVE-2018-16337
MISC(link is external)
curl -- curl
 
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.) 2018-09-05 not yet calculated CVE-2018-14618
SECTRACK(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
DEBIAN
d_link -- dir-846_devices
 
D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access. 2018-09-03 not yet calculated CVE-2018-16408
MISC(link is external)
docker -- docker_for_windows
 
HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges. 2018-08-31 not yet calculated CVE-2018-15514
BID(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
dojo -- dojotoolkit
 
Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. This vulnerability appears to have been fixed in 1.14. 2018-09-06 not yet calculated CVE-2018-1000665
CONFIRM
CONFIRM(link is external)
doracms -- doracms
 
Multiple cross-site scripting (XSS) vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) discription or (2) comments field, related to users/userAddContent. 2018-09-06 not yet calculated CVE-2018-16622
MISC(link is external)
dotclear -- dotclear
 
A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml. 2018-09-02 not yet calculated CVE-2018-16358
MISC
e107 -- e107
 
e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter. 2018-09-05 not yet calculated CVE-2018-16381
MISC(link is external)
easycms -- easycms An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent. 2018-09-02 not yet calculated CVE-2018-16345
MISC(link is external)
elefant -- cms
 
An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF vulnerability that can add an account via user/add. 2018-09-02 not yet calculated CVE-2018-16387
MISC(link is external)
elfutils -- elfutils libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash. 2018-09-03 not yet calculated CVE-2018-16403
MISC
MISC
elfutils -- elfutils
 
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. 2018-09-03 not yet calculated CVE-2018-16402
MISC
empirecms -- empirecms
 
An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser. 2018-09-02 not yet calculated CVE-2018-16339
MISC(link is external)
endress+hauser -- wirelesshart_fieldgate_swg70_devices
 
Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter. 2018-09-07 not yet calculated CVE-2018-16059
EXPLOIT-DB(link is external)
ethereum -- go_ethereum
 
In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block. 2018-09-08 not yet calculated CVE-2018-16733
MISC(link is external)
exceljs -- exceljs
 
An unescaped payload in exceljs <v1.6 allows a possible XSS via cell value when worksheet is displayed in browser. 2018-09-06 not yet calculated CVE-2018-16459
MISC(link is external)
fhcrm -- fhcrm An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the index.php/User/read limit parameter. 2018-09-02 not yet calculated CVE-2018-16354
MISC(link is external)
fhcrm -- fhcrm
 
An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the /index.php/Customer/read limit parameter. 2018-09-02 not yet calculated CVE-2018-16353
MISC(link is external)
flask-admin -- flask-admin
 
helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL. 2018-09-05 not yet calculated CVE-2018-16516
MISC(link is external)
foliovision -- fb_flowplayer_video_player
 
Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2018-09-07 not yet calculated CVE-2018-0642
JVN(link is external)
CONFIRM
fortinet -- fortimanager
 
An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom. 2018-09-05 not yet calculated CVE-2018-1353
CONFIRM(link is external)
fortinet -- fortios
 
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under VIP SSL feature when CPx being used. 2018-09-05 not yet calculated CVE-2018-9194
CONFIRM(link is external)
MISC
CERT-VN
fortinet -- fortios
 
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx being used. 2018-09-05 not yet calculated CVE-2018-9192
CONFIRM(link is external)
MISC
CERT-VN
freebsd -- freebsd
 
In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. This issue can allow a remote attacker who is able to send an arbitrary ip fragments to cause the machine to consume excessive resources. 2018-09-04 not yet calculated CVE-2018-6923
SECTRACK(link is external)
FREEBSD
frog -- cms Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings. 2018-09-02 not yet calculated CVE-2018-16374
MISC(link is external)
frog -- cms Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF. 2018-09-04 not yet calculated CVE-2018-16447
MISC(link is external)
frog -- cms
 
Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save. 2018-09-02 not yet calculated CVE-2018-16373
MISC(link is external)
fspro_labs -- event_log_explorer
 
FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection. 2018-09-05 not yet calculated CVE-2018-16252
MISC
MISC(link is external)
EXPLOIT-DB(link is external)
fuel -- cms
 
Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password. 2018-09-03 not yet calculated CVE-2018-16416
MISC(link is external)
MISC(link is external)
fuji_xerox -- docucentre_and_apeosport
 
Fuji Xerox DocuCentre-V 3065, ApeosPort-VI C3371, ApeosPort-V C4475, ApeosPort-V C3375, DocuCentre-VI C2271, ApeosPort-V C5576, DocuCentre-IV C2263, DocuCentre-V C2263, and ApeosPort-V 5070 devices allow remote attackers to read or write to files via crafted PJL commands. 2018-09-07 not yet calculated CVE-2018-16709
EXPLOIT-DB(link is external)
furuno -- felcom_devices
 
FURUNO FELCOM 250 and 500 devices use only client-side JavaScript for authentication. 2018-09-06 not yet calculated CVE-2018-16590
MISC(link is external)
gig_technology -- jumpscale_portal
 
GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in method: notifySpaceModification; that can result in Improper validation of parameters results in command execution. This attack appear to be exploitable via Network connectivity, required minimal auth privileges (everyone can register an account). This vulnerability appears to have been fixed in After commit 15443122ed2b1cbfd7bdefc048bf106f075becdb. 2018-09-06 not yet calculated CVE-2018-1000666
MISC(link is external)
MISC(link is external)
CONFIRM(link is external)
MISC(link is external)
gleez -- cms An issue was discovered in Gleez CMS v1.2.0. There is XSS via media/imagecache/resize. 2018-09-02 not yet calculated CVE-2018-16347
MISC(link is external)
gleez -- cms A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker to perform multiple user enumerations, which can further help an attacker to perform login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side access control and login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Portal login page. An exploit could allow the attacker to identify existing users and perform brute-force password attacks on the Portal, as demonstrated by navigating to the user/4 URI. 2018-09-07 not yet calculated CVE-2018-16703
MISC(link is external)
gleez -- cms
 
An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers (logged in users) to view profile page of other users, as demonstrated by navigating to user/3 on demo.gleezcms.org. 2018-09-07 not yet calculated CVE-2018-16704
MISC(link is external)
gmo_payment_gateway -- ec-cube_and_gmo-pg_payment_modules Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier allows an attacker with administrative rights to execute arbitrary PHP code on the server via unspecified vectors. 2018-09-07 not yet calculated CVE-2018-0658
JVN(link is external)
gmo_payment_gateway -- ec-cube_and_gmo-pg_payment_modules
 
Cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE (EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, and GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier) allow an attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors. 2018-09-07 not yet calculated CVE-2018-0657
JVN(link is external)
gnome -- glib
 
In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference. 2018-09-03 not yet calculated CVE-2018-16428
BID(link is external)
MISC
MISC
gnome -- glib
 
GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). 2018-09-03 not yet calculated CVE-2018-16429
MISC
MISC
gnu -- libextractor
 
GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c. 2018-09-03 not yet calculated CVE-2018-16430
BID(link is external)
MISC
MISC
gogs -- gogs
 
In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF. 2018-09-03 not yet calculated CVE-2018-16409
MISC(link is external)
google -- android A vulnerability in NoMachine App for Android 5.0.63 and earlier allows attackers to alter environment variables via unspecified vectors. 2018-09-04 not yet calculated CVE-2018-0664
JVN(link is external)
CONFIRM(link is external)
google -- android The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2018-09-07 not yet calculated CVE-2018-0650
JVN(link is external)
CONFIRM(link is external)
MISC(link is external)
google -- android
 
In Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel while trying to find out total number of partition via a non zero check, there could be possibility where the 'TotalPart' could cross 'GptHeader->MaxPtCnt' and which could result in OOB write in patching GPT. 2018-09-04 not yet calculated CVE-2018-11262
CONFIRM
CONFIRM
google -- android
 
In all Android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, radio_id is received from the FW and is used to access the buffer to copy the radio stats received for each radio from FW. If the radio_id received from the FW is greater than or equal to maximum, an OOB write will occur. On supported Google Pixel and Nexus devices, this has been addressed in security patch level 2018-08-05. 2018-09-06 not yet calculated CVE-2018-11263
CONFIRM(link is external)
CONFIRM
CONFIRM
google -- gvisor Google gVisor before 2018-08-23, within the seccomp sandbox, permits access to the renameat system call, which allows attackers to rename files on the host OS. 2018-09-02 not yet calculated CVE-2018-16359
MISC
MISC(link is external)
gxlcms -- gxlcms
 
Gxlcms 2.0 has Directory Traversal exploitable by an administrator. 2018-09-05 not yet calculated CVE-2018-16437
MISC(link is external)
gxlcms -- gxlcms
 
Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php. 2018-09-07 not yet calculated CVE-2018-16655
MISC(link is external)
MISC(link is external)
gxlcms -- gxlcms
 
Gxlcms 2.0 has SQL Injection exploitable by an administrator. 2018-09-05 not yet calculated CVE-2018-16436
MISC(link is external)
hdf -- hdf5
 
An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c. 2018-09-03 not yet calculated CVE-2018-16438
MISC(link is external)
hibara -- attachecase Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create arbitrary files via specially crafted ATC file. 2018-09-07 not yet calculated CVE-2018-0660
JVN(link is external)
CONFIRM
hibara -- attachecase Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create or overwrite existing files via specially crafted ATC file. 2018-09-07 not yet calculated CVE-2018-0659
JVN(link is external)
CONFIRM
hibara -- attachecase
 
AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script execution via unspecified vectors. 2018-09-04 not yet calculated CVE-2018-0675
JVN(link is external)
CONFIRM
hibara -- attachecase
 
AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script execution via unspecified vectors. 2018-09-04 not yet calculated CVE-2018-0674
JVN(link is external)
CONFIRM
hscripts -- php_file_browser
 
HScripts PHP File Browser Script v1.0 allows Directory Traversal via the index.php path parameter. 2018-09-05 not yet calculated CVE-2018-16549
MISC(link is external)
huawei -- hirouter-cd20-10
 
In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into installing it. Successful exploit could allow the attacker to obtain the root permission of the device and take full control over the device. 2018-09-04 not yet calculated CVE-2018-7937
CONFIRM(link is external)
huawei -- mate_10_pro_smartphones
 
Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can connect the phone with PC and send special instructions to install third party desktop and disable the boot wizard. As a result, the FRP function is bypassed. 2018-09-04 not yet calculated CVE-2018-7936
CONFIRM(link is external)
huawei -- mate_10_pro_smartphones
 
Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. During the mobile phone reseting process, an attacker could bypass "Find My Phone" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP. 2018-09-04 not yet calculated CVE-2018-7990
CONFIRM(link is external)
huawei -- p10_smartphones
 
P10 Huawei smartphones with the versions before Victoria-AL00AC00B217 have an information leak vulnerability due to the lack of permission validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can read some hardware serial number, which may cause sensitive information leak. 2018-09-04 not yet calculated CVE-2018-7938
CONFIRM(link is external)
i-o_data_device -- ts-wrlp_firmware Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector. 2018-09-07 not yet calculated CVE-2018-0663
JVN(link is external)
CONFIRM(link is external)
i-o_data_device -- ts-wrlp_firmware Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to bypass access restriction to add files on a specific directory that may result in executing arbitrary OS commands/code or information including credentials leakage or alteration. 2018-09-07 not yet calculated CVE-2018-0661
JVN(link is external)
CONFIRM(link is external)
i-o_data_device -- ts-wrlp_firmware
 
Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to add malicious files on the device and execute arbitrary code. 2018-09-07 not yet calculated CVE-2018-0662
JVN(link is external)
CONFIRM(link is external)
ibm -- api_connect
 
IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939. 2018-09-07 not yet calculated CVE-2018-1789
XF(link is external)
CONFIRM(link is external)
ibm -- campaign IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 121153. 2018-09-07 not yet calculated CVE-2017-1115
XF(link is external)
CONFIRM(link is external)
ibm -- campaign
 
IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121152. 2018-09-07 not yet calculated CVE-2017-1114
XF(link is external)
CONFIRM(link is external)
ibm -- security_identity_governance_and_intelligence
 
IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to obtain sensitive information due to missing authentication in IGI for the survey application. IBM X-Force ID: 148601. 2018-09-07 not yet calculated CVE-2018-1757
CONFIRM(link is external)
XF(link is external)
ibm -- security_identity_governance_and_intelligence
 
IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM X-Force ID: 148599. 2018-09-07 not yet calculated CVE-2018-1756
CONFIRM(link is external)
XF(link is external)
ibm -- websphere_application_server
 
IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 145769. 2018-09-06 not yet calculated CVE-2018-1695
XF(link is external)
CONFIRM(link is external)
ibm -- websphere_application_server
 
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024. 2018-09-07 not yet calculated CVE-2018-1567
XF(link is external)
CONFIRM(link is external)
ice_qube -- thermal_management_center In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allow an attacker to gain access to sensitive information. 2018-09-06 not yet calculated CVE-2017-14026
MISC
ice_qube -- thermal_management_center In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication. 2018-09-06 not yet calculated CVE-2017-16714
MISC
ideacms -- ideacms
 
The issue was discovered in IdeaCMS through 2016-04-30. There is reflected XSS via the index.php?c=content&a=search kw parameter. NOTE: this product is discontinued. 2018-09-02 not yet calculated CVE-2018-16372
MISC(link is external)
idreamsoft -- icms
 
An issue discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF. 2018-09-02 not yet calculated CVE-2018-16365
MISC(link is external)
idreamsoft -- icms
 
An issue discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF. 2018-09-02 not yet calculated CVE-2018-16366
MISC(link is external)
imagemagick -- imagemagick ImageMagick 7.0.8-6 has a memory leak vulnerability in the TIFFWritePhotoshopLayers function in coders/tiff.c. 2018-09-06 not yet calculated CVE-2018-16641
MISC(link is external)
MISC(link is external)
imagemagick -- imagemagick ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c. 2018-09-06 not yet calculated CVE-2018-16640
MISC(link is external)
MISC(link is external)
imagemagick -- imagemagick The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc function, which allows remote attackers to cause a denial of service via a crafted image file. 2018-09-06 not yet calculated CVE-2018-16643
MISC(link is external)
MISC(link is external)
imagemagick -- imagemagick There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image. 2018-09-06 not yet calculated CVE-2018-16644
MISC(link is external)
MISC(link is external)
MISC(link is external)
imagemagick -- imagemagick The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write. 2018-09-06 not yet calculated CVE-2018-16642
MISC(link is external)
MISC(link is external)
imagemagick -- imagemagick
 
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function. 2018-09-03 not yet calculated CVE-2018-16412
BID(link is external)
MISC(link is external)
imagemagick -- imagemagick
 
There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file. 2018-09-06 not yet calculated CVE-2018-16645
MISC(link is external)
MISC(link is external)
imagemagick -- imagemagick
 
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function. 2018-09-03 not yet calculated CVE-2018-16413
BID(link is external)
MISC(link is external)
MISC(link is external)
information_builders -- webfocus_business_intelligence_portal
 
An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal 8.1 . A specially crafted web parameter can cause a command injection. An authenticated attacker can send a crafted web request to trigger this vulnerability. 2018-09-07 not yet calculated CVE-2016-9044
MISC(link is external)
jorani -- jorani An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) allows a user of the application without permissions to read and modify sensitive information from the database used by the application via the startdate or enddate parameter to leaves/validate. 2018-09-05 not yet calculated CVE-2018-15918
MISC(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
jorani -- jorani
 
Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language. 2018-09-05 not yet calculated CVE-2018-15917
MISC(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
joyent -- smartos
 
An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32 bit model. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploit this will result in memory exhaustion, resulting in a full system denial of service. 2018-09-07 not yet calculated CVE-2016-9040
MISC(link is external)
jsish -- jsish
 
jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in Jsi_LogMsg (jsiUtils.c:196) that can result in Crash due to segmentation fault. This attack appear to be exploitable via the victim executing specially crafted javascript code. This vulnerability appears to have been fixed in 2.4.69. 2018-09-06 not yet calculated CVE-2018-1000661
CONFIRM
jsish -- jsish
 
jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds Read vulnerability in function jsi_ObjArrayLookup (jsiObj.c:274) that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code. This vulnerability appears to have been fixed in 2.4.71. 2018-09-06 not yet calculated CVE-2018-1000668
CONFIRM
jsish -- jsish
 
jsish version 2.4.70 2.047 contains a Buffer Overflow vulnerability in function _jsi_evalcode from jsiEval.c that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code. 2018-09-06 not yet calculated CVE-2018-1000663
CONFIRM
kaizen -- asset_manager_and_training_manager
 
Kaizen Asset Manager (Enterprise Edition) and Training Manager (Enterprise Edition) allow a remote attacker to achieve arbitrary code execution via file impersonation. For example, a malicious dynamic-link library (dll) assumed the identity of a temporary (tmp) file (isxdl.dll) and an executable file assumed the identity of a temporary file (996E.temp). 2018-09-05 not yet calculated CVE-2018-16545
MISC(link is external)
kamailio -- kamailio
 
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash for To tags. (An additional error is present in the check_via_address core function: this function also misses input validation.) This could result in denial of service and potentially the execution of arbitrary code. 2018-09-07 not yet calculated CVE-2018-16657
MISC(link is external)
koha -- library_system
 
KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments as paid for certain users on behalf of Administrators. This attack appear to be exploitable via The victim must be socially engineered into clicking a link, usually via email. This vulnerability appears to have been fixed in 17.11. 2018-09-06 not yet calculated CVE-2018-1000669
CONFIRM
koha -- library_system
 
KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Scripting (XSS) vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number] , /cgi-bin/koha/serials/subscription-add.pl that can result in Privilege escalation by taking control of higher privileged users browser sessions. This attack appear to be exploitable via Victims must be socially engineered to visit a vulnerable webpage containing malicious payload. This vulnerability appears to have been fixed in 17.11. 2018-09-06 not yet calculated CVE-2018-1000670
CONFIRM
kone -- group_controller
 
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03. 2018-09-07 not yet calculated CVE-2018-15485
MISC(link is external)
CONFIRM(link is external)
kone -- group_controller
 
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01. 2018-09-07 not yet calculated CVE-2018-15484
MISC(link is external)
CONFIRM(link is external)
kone -- group_controller
 
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02. 2018-09-07 not yet calculated CVE-2018-15486
MISC(link is external)
CONFIRM(link is external)
kone -- group_controller
 
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Denial of Service can occur through the open HTTP interface, aka KONE-04. 2018-09-07 not yet calculated CVE-2018-15483
MISC(link is external)
CONFIRM(link is external)
lavalite -- cms
 
LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit. 2018-09-05 not yet calculated CVE-2018-16551
MISC(link is external)
limesurvey -- limesurvey
 
In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file, 2018-09-03 not yet calculated CVE-2018-16397
MISC(link is external)
limesurvey -- limesurvey
 
LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious php files that can be called under certain circumstances. This vulnerability appears to have been fixed in after commit 91d143230eb357260a19c8424b3005deb49a47f7 / version 3.14.4. 2018-09-06 not yet calculated CVE-2018-1000658
CONFIRM(link is external)
CONFIRM(link is external)
limesurvey -- limesurvey
 
LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An authenticated user can upload a specially crafted zip file to get remote code execution. This vulnerability appears to have been fixed in after commit 72a02ebaaf95a80e26127ee7ee2b123cccce05a7 / version 3.14.4. 2018-09-06 not yet calculated CVE-2018-1000659
CONFIRM(link is external)
linux -- linux_kernel Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket. 2018-09-04 not yet calculated CVE-2018-6554
MLIST(link is external)
MLIST(link is external)
linux -- linux_kernel The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket. 2018-09-04 not yet calculated CVE-2018-6555
MLIST(link is external)
MLIST(link is external)
linux -- linux_kernel The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. 2018-09-06 not yet calculated CVE-2018-5391
CONFIRM(link is external)
BID(link is external)
SECTRACK(link is external)
MISC
MLIST
UBUNTU(link is external)
UBUNTU(link is external)
UBUNTU(link is external)
UBUNTU(link is external)
UBUNTU(link is external)
UBUNTU(link is external)
DEBIAN
CERT-VN
linux -- linux_kernel
 
An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940. 2018-09-07 not yet calculated CVE-2018-16658
MISC
MISC
MISC(link is external)
little_color_management_system -- little_color_management_system
 
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. 2018-09-03 not yet calculated CVE-2018-16435
MISC(link is external)
MISC(link is external)
MLIST
DEBIAN
mantisbt -- mantisbt
 
An issue was discovered in the Source Integration plugin before 1.5.9 and 2.x before 2.1.5 for MantisBT. A cross-site scripting (XSS) vulnerability in the Manage Repository and Changesets List pages allows execution of arbitrary code (if CSP settings permit it) via repo_manage_page.php or list.php. 2018-09-02 not yet calculated CVE-2018-16362
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
mayan -- edms
 
An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS. 2018-09-03 not yet calculated CVE-2018-16405
MISC(link is external)
MISC(link is external)
MISC(link is external)
mayan -- edms
 
An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app has XSS via a crafted cabinet label. 2018-09-03 not yet calculated CVE-2018-16406
MISC(link is external)
MISC(link is external)
MISC(link is external)
mayan -- edms
 
An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled. 2018-09-03 not yet calculated CVE-2018-16407
MISC(link is external)
MISC(link is external)
MISC(link is external)
micropyramid -- django-crm
 
MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/edit/, and /accounts/##/delete/ URIs. 2018-09-05 not yet calculated CVE-2018-16552
MISC(link is external)
multiple_vendors -- multiple_products
 
The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network. 2018-09-06 not yet calculated CVE-2018-5389
MISC(link is external)
MISC(link is external)
CERT-VN
MISC
netwide_assembler -- netwide_assembler NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appear to be exploitable via a specially crafted asm file.. 2018-09-06 not yet calculated CVE-2018-1000667
MISC(link is external)
MISC(link is external)
netwide_assembler -- netwide_assembler asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file. 2018-09-06 not yet calculated CVE-2018-16517
MISC(link is external)
MISC(link is external)
netwide_assembler -- netwide_assembler Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c. 2018-09-02 not yet calculated CVE-2018-16382
MISC(link is external)
nibbleblog -- nibbleblog
 
An issue was discovered in Nibbleblog v4.0.5. With an admin's username and password, an attacker can execute arbitrary PHP code by changing the username because the username is surrounded by double quotes (e.g., "${phpinfo()}"). 2018-09-06 not yet calculated CVE-2018-16604
MISC(link is external)
nordvpn -- nordvpn
 
An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges. 2018-09-07 not yet calculated CVE-2018-3952
MISC(link is external)
ogma_cms -- ogma_cms Ogma CMS 0.4 Beta has XSS via the "Footer Text footer" field on the "Theme/Theme Options" screen. 2018-09-02 not yet calculated CVE-2018-16379
MISC(link is external)
ogma_cms -- ogma_cms An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF vulnerability in users.php?action=createnew that can add an admin account. 2018-09-02 not yet calculated CVE-2018-16380
MISC(link is external)
okular -- okular
 
okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1 2018-09-06 not yet calculated CVE-2018-1000801
CONFIRM
CONFIRM
onethink -- onethink
 
OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html. 2018-09-04 not yet calculated CVE-2018-16449
MISC(link is external)
onlinejudge -- onlinejudge
 
In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file anywhere. A user can write a directory listing to /tmp, and can leak file data with a #include. 2018-09-02 not yet calculated CVE-2018-16367
MISC(link is external)
openjpeg -- openjpeg An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow. 2018-09-02 not yet calculated CVE-2018-16375
BID(link is external)
MISC(link is external)
openjpeg -- openjpeg
 
An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. 2018-09-02 not yet calculated CVE-2018-16376
BID(link is external)
MISC(link is external)
openmrs -- reference_application
 
An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0. 2018-09-05 not yet calculated CVE-2018-16521
MISC(link is external)
MISC(link is external)
opensc -- opensc
 
A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-09-03 not yet calculated CVE-2018-16425
MISC(link is external)
MISC(link is external)
MISC(link is external)
opensc -- opensc
 
Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-09-03 not yet calculated CVE-2018-16421
MISC(link is external)
MISC(link is external)
MISC(link is external)
opensc -- opensc
 
Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs. 2018-09-03 not yet calculated CVE-2018-16427
MISC(link is external)
MISC(link is external)
MISC(link is external)
opensc -- opensc
 
A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-09-03 not yet calculated CVE-2018-16424
MISC(link is external)
MISC(link is external)
MISC(link is external)
opensc -- opensc
 
A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-09-03 not yet calculated CVE-2018-16423
MISC(link is external)
MISC(link is external)
MISC(link is external)
opensc -- opensc
 
Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs. 2018-09-03 not yet calculated CVE-2018-16426
MISC(link is external)
MISC(link is external)
MISC(link is external)
opensc-- opensc Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-09-03 not yet calculated CVE-2018-16392
MISC(link is external)
MISC(link is external)
MISC(link is external)
opensc-- opensc Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-09-03 not yet calculated CVE-2018-16391
MISC(link is external)
MISC(link is external)
MISC(link is external)
opensc-- opensc A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-09-03 not yet calculated CVE-2018-16418
MISC(link is external)
MISC(link is external)
MISC(link is external)
opensc-- opensc A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-09-03 not yet calculated CVE-2018-16422
MISC(link is external)
MISC(link is external)
MISC(link is external)
opensc-- opensc Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-09-03 not yet calculated CVE-2018-16393
MISC(link is external)
MISC(link is external)
MISC(link is external)
opensc-- opensc Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-09-03 not yet calculated CVE-2018-16419
MISC(link is external)
MISC(link is external)
MISC(link is external)
opensc-- opensc
 
Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-09-03 not yet calculated CVE-2018-16420
MISC(link is external)
MISC(link is external)
MISC(link is external)
openshift -- container_platform
 
An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management. 2018-09-06 not yet calculated CVE-2018-14632
CONFIRM(link is external)
CONFIRM(link is external)
opsview -- monitor The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting. 2018-09-05 not yet calculated CVE-2018-16147
CONFIRM(link is external)
CONFIRM(link is external)
FULLDISC
MISC(link is external)
opsview -- monitor The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting. 2018-09-05 not yet calculated CVE-2018-16148
CONFIRM(link is external)
CONFIRM(link is external)
FULLDISC
MISC(link is external)
opsview -- monitor The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection with the privileges of the nagios user account. 2018-09-05 not yet calculated CVE-2018-16146
CONFIRM(link is external)
FULLDISC
MISC(link is external)
opsview -- monitor The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancid_password parameter. 2018-09-05 not yet calculated CVE-2018-16144
CONFIRM(link is external)
CONFIRM(link is external)
FULLDISC
MISC(link is external)
opsview -- monitor The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of the appliance. 2018-09-05 not yet calculated CVE-2018-16145
CONFIRM(link is external)
CONFIRM(link is external)
FULLDISC
MISC(link is external)
owasp -- modsecurity_core_rule_set
 
A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed. 2018-09-02 not yet calculated CVE-2018-16384
MISC(link is external)
pescms-team -- pescms-team In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team&m=Setting&a=upgrade by placing a .php file in a ZIP archive. 2018-09-02 not yet calculated CVE-2018-16370
MISC(link is external)
pescms-team -- pescms-team
 
PESCMS Team 2.2.1 has multiple reflected XSS via the keyword parameter: g=Team&m=User&a=index&keyword=, g=Team&m=User_group&a=index&keyword=, g=Team&m=Department&a=index&keyword=, and g=Team&m=Bulletin&a=index&keyword=. 2018-09-02 not yet calculated CVE-2018-16371
MISC(link is external)
phpmyfaq -- phpmyfaq phpMyFAQ before 2.9.11 allows CSRF. 2018-09-07 not yet calculated CVE-2018-16650
CONFIRM(link is external)
phpmyfaq -- phpmyfaq
 
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports. 2018-09-07 not yet calculated CVE-2018-16651
CONFIRM(link is external)
phpscriptsmall.com -- olx_clone_script PHP Scripts Mall Olx Clone 3.4.2 has XSS. 2018-09-07 not yet calculated CVE-2018-16454
MISC(link is external)
pidgin -- pidgin
 
Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0. 2018-09-05 not yet calculated CVE-2016-1000030
CONFIRM(link is external)
CONFIRM
CONFIRM(link is external)
GENTOO
CONFIRM(link is external)
pon_software -- explzh Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors. 2018-09-04 not yet calculated CVE-2018-0646
JVN(link is external)
CONFIRM(link is external)
poppler -- poppler
 
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. 2018-09-06 not yet calculated CVE-2018-16646
MISC(link is external)
prim'x -- zed! A directory traversal vulnerability with remote code execution in Prim'X Zed! FREE through 1.0 build 186 and Zed! Limited Edition through 6.1 build 2208 allows creation of arbitrary files on a user's workstation using crafted ZED! containers because the watermark loading function can place an executable file into a Startup folder. 2018-09-05 not yet calculated CVE-2018-16518
MISC(link is external)
proconf -- proconf
 
In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Position) by changing the value of Paper ID (the pid parameter). 2018-09-06 not yet calculated CVE-2018-16606
MISC(link is external)
protonvpn -- protonvpn
 
An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the system's privileges. 2018-09-07 not yet calculated CVE-2018-4010
MISC(link is external)
pulse_secure -- connect_secure_and_policy_secure download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability. 2018-09-06 not yet calculated CVE-2018-14366
CONFIRM(link is external)
pulse_secure -- connect_secure_and_policy_secure
 
A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation. 2018-09-06 not yet calculated CVE-2018-6320
CONFIRM(link is external)

pulse_secure -- pulse_desktop_client
 

The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability. 2018-09-06 not yet calculated CVE-2018-15726
CONFIRM(link is external)
pulse_secure -- pulse_desktop_client
 
In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust. 2018-09-06 not yet calculated CVE-2018-16261
CONFIRM(link is external)

pulse_secure -- pulse_desktop_client
 

The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability. 2018-09-06 not yet calculated CVE-2018-15749
CONFIRM(link is external)

pulse_secure -- pulse_desktop_client
 

The Pulse Secure Desktop (macOS) has a Privilege Escalation Vulnerability. 2018-09-06 not yet calculated CVE-2018-15865
CONFIRM(link is external)
red_hat -- enterprise_linux_server_and_gluster_storage_server A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value. 2018-09-04 not yet calculated CVE-2018-10911
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
CONFIRM
red_hat -- enterprise_linux_server_and_gluster_storage_server An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file. 2018-09-04 not yet calculated CVE-2018-10913
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
CONFIRM
red_hat -- enterprise_linux_server_and_gluster_storage_server A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes. 2018-09-04 not yet calculated CVE-2018-10929
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
red_hat -- enterprise_linux_server_and_gluster_storage_server It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume. 2018-09-04 not yet calculated CVE-2018-10904
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
CONFIRM
red_hat -- enterprise_linux_server_and_gluster_storage_server It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node. 2018-09-04 not yet calculated CVE-2018-10923
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
red_hat -- enterprise_linux_server_and_gluster_storage_server It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes. 2018-09-04 not yet calculated CVE-2018-10914
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
red_hat -- enterprise_linux_server_and_gluster_storage_server It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution. 2018-09-04 not yet calculated CVE-2018-10907
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
CONFIRM
red_hat -- enterprise_linux_server_and_gluster_storage_server A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node. 2018-09-04 not yet calculated CVE-2018-10926
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
red_hat -- enterprise_linux_server_and_gluster_storage_server A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process. 2018-09-04 not yet calculated CVE-2018-10927
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
red_hat -- enterprise_linux_server_and_gluster_storage_server It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of the host machine. 2018-09-04 not yet calculated CVE-2018-10924
CONFIRM(link is external)
CONFIRM
red_hat -- enterprise_linux_server_and_gluster_storage_server A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes. 2018-09-04 not yet calculated CVE-2018-10928
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
red_hat -- enterprise_linux_server_and_gluster_storage_server A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume. 2018-09-04 not yet calculated CVE-2018-10930
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
CONFIRM
redhat -- 389-ds-base
 
A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash. 2018-09-06 not yet calculated CVE-2018-14624
CONFIRM(link is external)
MISC(link is external)
rejucms -- rejucms
 
rejucms 2.1 has XSS via the ucenter/cms_user_add.php u_name parameter. 2018-09-07 not yet calculated CVE-2018-16653
MISC(link is external)
seacms -- seacms An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter. 2018-09-04 not yet calculated CVE-2018-16444
MISC(link is external)
seacms -- seacms SeaCMS V6.61 has XSS via the admin_video.php v_content parameter, related to the site name. 2018-09-02 not yet calculated CVE-2018-16348
MISC(link is external)
seacms -- seacms An issue was discovered in SeaCMS through 6.61. adm1n/admin_database.php allows remote attackers to delete arbitrary files via directory traversal sequences in the bakfiles parameter. This can allow the product to be reinstalled by deleting install_lock.txt. 2018-09-04 not yet calculated CVE-2018-16446
MISC(link is external)
seacms -- seacms
 
An issue was discovered in SeaCMS through 6.61. SQL injection exists via the tid parameter in an adm1n/admin_topic_vod.php request. 2018-09-04 not yet calculated CVE-2018-16445
MISC(link is external)
seacms --seacms
 
SeaCMS 6.61 allows remote attackers to execute arbitrary code because parseIf() in include/main.class.php does not block use of $GLOBALS. 2018-09-02 not yet calculated CVE-2018-16343
MISC(link is external)
MISC(link is external)
showdoc -- showdoc
 
ShowDoc v1.8.0 has XSS via a new page. 2018-09-02 not yet calculated CVE-2018-16342
MISC(link is external)
six_apart -- movable_type
 
Cross-site scripting vulnerability in Movable Type versions prior to Ver. 6.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2018-09-04 not yet calculated CVE-2018-0672
JVN(link is external)
solarwinds -- dameware_mini_remote_control
 
SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow. 2018-09-07 not yet calculated CVE-2018-12897
MISC(link is external)
sony -- digital_paper_app
 
Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2018-09-04 not yet calculated CVE-2018-0656
JVN(link is external)
CONFIRM(link is external)
subsonic -- subsonic
 
daneren2005 DSub for Subsonic (Android client) version 5.4.1 contains a CWE-295: Improper Certificate Validation vulnerability in HTTPS Client that can result in Any non-CA signed server certificate, including self signed and expired, are accepted by the client. This attack appear to be exploitable via The victim connects to a server that's MITM/Proxied by an attacker. 2018-09-06 not yet calculated CVE-2018-1000664
CONFIRM(link is external)
sympa -- sympa
 
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available. 2018-09-06 not yet calculated CVE-2018-1000671
MISC(link is external)
team_viewer -- team_viewer
 
TeamViewer 10.x through 13.x allows remote attackers to bypass the brute-force authentication protection mechanism by skipping the "Cancel" step, which makes it easier to determine the correct value of the default 4-digit PIN. 2018-09-05 not yet calculated CVE-2018-16550
MISC(link is external)
technicolor -- technicolor_tg558v
 
Technicolor TG588V V2 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-15907. 2018-09-06 not yet calculated CVE-2018-16310
MISC(link is external)
theethereumlottery -- theethereumlottery
 
The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable "maxTickets" (which is private, yet predictable and readable by the eth.getStorageAt function). Therefore, it allows attackers to always win and get rewards. 2018-09-07 not yet calculated CVE-2018-15552
MISC(link is external)
thinkphp -- thinkphp
 
ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string. 2018-09-02 not yet calculated CVE-2018-16385
MISC(link is external)
tock -- tock
 
TOCK version prior to commit 42f7f36e74088036068d62253e1d8fb26605feed. For example dfde28196cd12071fcf6669f7654be7df482b85d contains a Insecure Permissions vulnerability in Function get_package_name in the file kernel/src/tbfheader.rs, variable "pub package_name: &'static str," in the file process.rs that can result in A tock capsule (untrusted driver) could access arbitrary memory by using only safe code. This vulnerability appears to have been fixed in commit 42f7f36e74088036068d62253e1d8fb26605feed. 2018-09-06 not yet calculated CVE-2018-1000660
CONFIRM(link is external)
tough-cookie -- tough-cookie NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0. 2018-09-05 not yet calculated CVE-2016-1000232
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
MISC(link is external)
twistlock -- authz_broker
 
In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=\/start to bypass a policy in which "docker start" is allowed but "docker pause" is not allowed. 2018-09-03 not yet calculated CVE-2018-16398
MISC(link is external)
MISC(link is external)
ubiquiti_networks -- multiple_products
 
The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2. 2018-09-05 not yet calculated CVE-2015-9266
MISC(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
EXPLOIT-DB(link is external)
MISC(link is external)
ubuntu -- orca
 
Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u5jma1 and earlier allows authenticated attackers to cause denial-of-service (DoS) condition via unspecified vectors. 2018-09-07 not yet calculated CVE-2018-0644
JVN(link is external)
CONFIRM(link is external)
ubuntu -- orca
 
Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-server) 1:1.4.9+p41-u4jma1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. 2018-09-07 not yet calculated CVE-2018-0643
JVN(link is external)
CONFIRM(link is external)
umbraengineering -- ps A command Injection in ps package versions <1.0.0 for Node.js allowed arbitrary commands to be executed when attacker controls the PID. 2018-09-07 not yet calculated CVE-2018-16460
MISC(link is external)
vanilla -- vanilla
 
Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php. 2018-09-03 not yet calculated CVE-2018-16410
MISC(link is external)
MISC(link is external)
vivotek -- fd8177_devices
 
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via eventscript.cgi. 2018-09-05 not yet calculated CVE-2018-14771
CONFIRM(link is external)
MISC(link is external)
vivotek -- fd8177_devices
 
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF. 2018-09-05 not yet calculated CVE-2018-14769
CONFIRM(link is external)
MISC(link is external)
vivotek -- fd8177_devices
 
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface, (/onvif/device_service). 2018-09-05 not yet calculated CVE-2018-14770
CONFIRM(link is external)
MISC(link is external)
weaselcms -- weaselcms There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used. 2018-09-02 not yet calculated CVE-2018-16352
MISC(link is external)
weseek -- growi Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the modal for creating Wiki page. 2018-09-07 not yet calculated CVE-2018-0654
JVN(link is external)
CONFIRM(link is external)
weseek -- growi Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via Wiki page view. 2018-09-07 not yet calculated CVE-2018-0653
JVN(link is external)
CONFIRM(link is external)
weseek -- growi Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page. 2018-09-07 not yet calculated CVE-2018-0652
JVN(link is external)
CONFIRM(link is external)
weseek -- growi Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the app settings section of admin page. 2018-09-07 not yet calculated CVE-2018-0655
JVN(link is external)
CONFIRM(link is external)
wildfly -- wildfly
 
The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: <transport-config confidentiality="required" trust-in-target="supported"/> 2018-09-04 not yet calculated CVE-2018-14627
CONFIRM(link is external)
CONFIRM
wordpress -- wordpress
 
The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request because set_transient is used in file_folder_manager.php and there is an echo of lang in lib\wpfilemanager.php. 2018-09-07 not yet calculated CVE-2018-16363
MISC(link is external)
MISC
CONFIRM
wordpress -- wordpress
 
WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time. 2018-09-06 not yet calculated CVE-2018-1000773
MISC(link is external)
MISC(link is external)
wordpress -- wordpress
 
WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time. This issue appears to have been partially, but not completely fixed in WordPress 4.9 2018-09-06 not yet calculated CVE-2017-1000600
MISC(link is external)
MISC(link is external)
wordpress -- wordpress
 
The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php. 2018-09-06 not yet calculated CVE-2018-16285
MISC(link is external)
MISC(link is external)
wuzhi -- cms WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter. 2018-09-02 not yet calculated CVE-2018-16350
MISC(link is external)

wuzhi -- cms

WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter. 2018-09-02 not yet calculated CVE-2018-16349
MISC(link is external)
xiaomi -- miwifi_xiaomi_55dd_devices
 
An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name (containing a random string) is used in the HTTP Host header, the application performs an HTTP request to the specified domain. The response from that request is then included in the application's own response. 2018-09-05 not yet calculated CVE-2018-16307
MISC(link is external)
xpdf -- xpdf
 
SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. 2018-09-02 not yet calculated CVE-2018-16368
MISC(link is external)
xpdf -- xpdf
 
XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453. 2018-09-02 not yet calculated CVE-2018-16369
MISC(link is external)
yayoi -- multiple_products Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver. 20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of msjet49.dll loaded by the vulnerable products. 2018-09-07 not yet calculated CVE-2018-0623
JVN(link is external)
yayoi -- multiple_products
 
Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of ykkapi.dll loaded by the vulnerable products. 2018-09-07 not yet calculated CVE-2018-0624
JVN(link is external)
yfcmf -- yfcmf
 
admin/admin/adminsave.html in YFCMF v3.0 allows CSRF to add an administrator account. 2018-09-03 not yet calculated CVE-2018-16431
MISC(link is external)
zephyr -- zephyr_rtos
 
zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). This attack appear to be exploitable via a malicious application call the vulnerable kernel APIs (system sys_ring_buf_get() and sys_ring_buf_put). 2018-09-06 not yet calculated CVE-2018-1000800
CONFIRM(link is external)
zsh -- zsh
 
An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one. 2018-09-05 not yet calculated CVE-2018-13259
MISC
MISC(link is external)
MISC
zsh -- zsh
 
An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line. 2018-09-05 not yet calculated CVE-2018-0502
MISC
MISC(link is external)
MISC
zurmo -- zurmo
 
Zurmo 3.2.4 Stable allows XSS via app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1. 2018-09-07 not yet calculated CVE-2018-16654
MISC
zzcms -- zzcms
 
An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock. 2018-09-02 not yet calculated CVE-2018-16344
MISC(link is external)
zziplib -- zziplib
 
An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack. 2018-09-05 not yet calculated CVE-2018-16548
MISC