[US-CERT: Bulletin(SB18-330)] 2018년 11월 19일까지 발표된 보안 취약점

 

 

 

 

*** 출처: [US-CERT: Bulletin(SB18-330)] 2018년 11월 19일까지 발표된 보안 취약점

 

 

 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

• High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

• Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

• Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
There were no medium vulnerabilities recorded this week.

Back to top

 

Low Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
apache -- spark	In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute code too. Note that this does not affect standalone clusters with authentication enabled. While the master host typically has less outbound access to other resources than a worker, the execution of code on the master is nevertheless unexpected.	2018-11-19	not yet calculated	CVE-2018-17190 BID MISC
arm -- adult_filter	Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List file.	2018-11-22	not yet calculated	CVE-2018-19459 MISC EXPLOIT-DB
articlecms -- articlecms	ArticleCMS through 2017-02-19 has XSS via the /update_personal_infomation realname or email parameter.	2018-11-23	not yet calculated	CVE-2018-19469 MISC
artifex -- ghostscript	psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.	2018-11-23	not yet calculated	CVE-2018-19475 MISC MISC MISC MISC
artifex -- ghostscript	An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.	2018-11-21	not yet calculated	CVE-2018-19409 BID MISC MISC GENTOO MISC
artifex -- ghostscript	psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.	2018-11-23	not yet calculated	CVE-2018-19477 MISC MISC MISC MISC
artifex -- ghostscript	psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.	2018-11-23	not yet calculated	CVE-2018-19476 MISC MISC MISC MISC
askey-- qbee_camera_app_for_android	Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password.	2018-11-20	not yet calculated	CVE-2018-16223 MISC FULLDISC
bestxsoftware -- best_free_keylogger	BestXsoftware Best Free Keylogger 5.2.9 allows local users to gain privileges via a Trojan horse "%PROGRAMFILES%\BFK 5.2.9\syscrb.exe" file because of insecure permissions for the BUILTIN\Users group.	2018-11-19	not yet calculated	CVE-2018-18519 MISC
clippercms -- clippercms	ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files.	2018-11-21	not yet calculated	CVE-2018-19424 MISC
cloud_foundry -- user_account_and_authentication_server	Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges.	2018-11-19	not yet calculated	CVE-2018-15761 CONFIRM
comsenz-- discuz!	Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting.php and template\default\common\footer.htm mishandle s statcode field from third-party stats code.	2018-11-22	not yet calculated	CVE-2018-19464 MISC
contiki-ng -- contiki-ng	An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH (default 64) bytes, and a length check is missing. This could lead to Remote Code Execution via a stack-smashing attack (overwriting the function return address). Contiki-NG does not separate the MQTT server from other servers and the OS modules, so access to all memory regions is possible.	2018-11-21	not yet calculated	CVE-2018-19417 MISC
control_web_panel -- centos-webpanel	CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter.	2018-11-20	not yet calculated	CVE-2018-18774 MISC MISC EXPLOIT-DB
control_web_panel -- centos-webpanel	CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command.	2018-11-20	not yet calculated	CVE-2018-18772 MISC MISC EXPLOIT-DB
control_web_panel -- centos-webpanel	CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password.	2018-11-20	not yet calculated	CVE-2018-18773 MISC MISC EXPLOIT-DB
denx -- u-boot	DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image.	2018-11-20	not yet calculated	CVE-2018-18439 MLIST
denx -- u-boot	DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled.	2018-11-20	not yet calculated	CVE-2018-18440 MLIST
fineuploader -- fineuploader	Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server <= v1.2.2	2018-11-19	not yet calculated	CVE-2018-9209 MISC
fluidbyte -- codiad	Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file.	2018-11-21	not yet calculated	CVE-2018-19423 MISC
foxit_software -- foxit_reader	FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via BMP data because of a ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification issue.	2018-11-20	not yet calculated	CVE-2018-19389 MISC MISC
foxit_software -- foxit_reader	FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via TIFF data because of a ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification issue.	2018-11-20	not yet calculated	CVE-2018-19390 MISC MISC
foxit_software -- foxit_reader	FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read, access violation, and application crash) via TIFF data because of a ConvertToPDF_x86!ReleaseFXURLToHtml issue.	2018-11-20	not yet calculated	CVE-2018-19388 MISC MISC
freeware_advanced_audio_decoder_2 -- freeware_advanced_audio_decoder_2	An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a heap-based buffer overflow in the function excluded_channels() in libfaad/syntax.c.	2018-11-23	not yet calculated	CVE-2018-19502 MISC MISC
freeware_advanced_audio_decoder_2 -- freeware_advanced_audio_decoder_2	An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a stack-based buffer overflow in the function calculate_gain() in libfaad/sbr_hfadj.c.	2018-11-23	not yet calculated	CVE-2018-19503 MISC MISC
freeware_advanced_audio_decoder_2 -- freeware_advanced_audio_decoder_2	An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There is a NULL pointer dereference in ifilter_bank() in libfaad/filtbank.c.	2018-11-23	not yet calculated	CVE-2018-19504 MISC MISC
getsimple_cms -- getsimple_cms	In GetSimple CMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.	2018-11-21	not yet calculated	CVE-2018-19420 MISC
getsimple_cms -- getsimple_cms	In GetSimple CMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.	2018-11-21	not yet calculated	CVE-2018-19421 MISC
git -- git	Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.	2018-11-23	not yet calculated	CVE-2018-19486 MISC MISC
gnome -- keyring	GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used.	2018-11-18	not yet calculated	CVE-2018-19358 MISC MISC MISC
gnuplot -- gnuplot	An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function.	2018-11-23	not yet calculated	CVE-2018-19490 MISC MISC
gnuplot -- gnuplot	An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot postscript terminal is used as a backend.	2018-11-23	not yet calculated	CVE-2018-19491 MISC MISC
gnuplot -- gnuplot	An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend.	2018-11-23	not yet calculated	CVE-2018-19492 MISC MISC
google -- chromium	Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the content of bug reports.	2018-11-20	not yet calculated	CVE-2018-10099 MISC MISC MISC
google -- chromium	Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports.	2018-11-20	not yet calculated	CVE-2018-19335 MISC MISC MISC
google -- chromium	Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports.	2018-11-20	not yet calculated	CVE-2018-19334 MISC MISC MISC
greencms -- greencms	An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to delete a log file via the index.php?m=admin&c=data&a=clear URI.	2018-11-20	not yet calculated	CVE-2018-19376 MISC
hayageek -- hayageek	Arbitrary file upload in jQuery Upload File <= 4.0.2	2018-11-19	not yet calculated	CVE-2018-9207 MISC
hucart_cms -- hucart_cms	HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI.	2018-11-23	not yet calculated	CVE-2018-19468 MISC
ibm -- api_connect	IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. IBM X-Force ID: 148802.	2018-11-20	not yet calculated	CVE-2018-1779 BID XF CONFIRM
ibm -- cloud_private	The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to network traffic to sniff packets from the connection and uncover data. IBM X-Force ID: 150903	2018-11-21	not yet calculated	CVE-2018-1843 CONFIRM XF
ibm -- cloud_private	IBM Cloud Private 2.1.0 could allow a local user to obtain the CA Private Key due to it being world readable in boot/master node. IBM X-Force ID: 150901.	2018-11-19	not yet calculated	CVE-2018-1841 BID XF CONFIRM
ibm -- websphere_application_server	IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives (EBA) could allow a local attacker to traverse directories on the system. By persuading a victim to extract a specially-crafted ZIP archive containing "dot dot slash" sequences (../), an attacker could exploit this vulnerability to write to arbitrary files on the system. Note: This vulnerability is known as "Zip-Slip". IBM X-Force ID: 149427.	2018-11-16	not yet calculated	CVE-2018-1797 BID SECTRACK XF CONFIRM
ismart_alarm-- ismartalarm_cube_one_devices	Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device.	2018-11-20	not yet calculated	CVE-2018-16224 MISC FULLDISC
ismart_alarm -- ismartalarm_app_for_android	Cleartext Storage of credentials in the iSmartAlarmData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password.	2018-11-20	not yet calculated	CVE-2018-16222 MISC FULLDISC
libansilove -- libansilove	The ansilove_ansi function in loaders/ansi.c in libansilove 1.0.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.	2018-11-18	not yet calculated	CVE-2018-19353 MISC MISC
libsndfile -- libsndfile	An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service.	2018-11-22	not yet calculated	CVE-2018-19432 BID MISC
linux -- linux_kernel	In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.	2018-11-16	not yet calculated	CVE-2018-18955 MISC BID MISC MISC MISC MISC EXPLOIT-DB
linux -- linux_kernel	kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where the apic map is uninitialized.	2018-11-20	not yet calculated	CVE-2018-19406 BID MISC
linux -- linux_kernel	The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.	2018-11-20	not yet calculated	CVE-2018-19407 BID MISC
liquidvpn -- liquidvpn	Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "command_line" parameter as a shell command.	2018-11-20	not yet calculated	CVE-2018-18857 MISC FULLDISC EXPLOIT-DB
liquidvpn -- liquidvpn	Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the value of the "tun_path" or "tap_path" pathname in a kextload() call.	2018-11-20	not yet calculated	CVE-2018-18859 MISC FULLDISC EXPLOIT-DB
liquidvpn -- liquidvpn_	Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "tun_path" or "tap_path" pathname within a shell command.	2018-11-20	not yet calculated	CVE-2018-18858 MISC FULLDISC EXPLOIT-DB
liquidvpn -- liquidvpn	Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "openvpncmd" parameter as a shell command.	2018-11-20	not yet calculated	CVE-2018-18856 MISC FULLDISC EXPLOIT-DB
loadbalancer.org -- enterprise_va_max	Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed.	2018-11-20	not yet calculated	CVE-2018-18864 MISC FULLDISC
logicspice -- logicspice	Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file.	2018-11-22	not yet calculated	CVE-2018-19457 MISC EXPLOIT-DB
micro_focus/netiq -- access_manager_identity_provider	An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.	2018-11-20	not yet calculated	CVE-2018-17948 MISC
novell -- netware	In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing of CALLIT RPC calls in the NFS Portmapper daemon in PKERNEL.NLM allowed remote unauthenticated attackers to execute code, because a length field was incorrectly trusted.	2018-11-21	not yet calculated	CVE-2009-5153 MISC MISC MISC
paessler-- prtg_network_monitor	PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including administrator) via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights.	2018-11-21	not yet calculated	CVE-2018-19411 MISC
paessler-- prtg_network_monitor	PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local File Inclusion attack, by including /api/addusers and executing it. By providing the 'id' and 'users' parameters, an unauthenticated attacker can create a user with read-write privileges (including administrator).	2018-11-21	not yet calculated	CVE-2018-19410 MISC
pcman_ftp_server -- pcman_ftp_server	Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command.	2018-11-20	not yet calculated	CVE-2018-18861 MISC
philips -- multiple_products	Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system.	2018-11-19	not yet calculated	CVE-2018-17906 BID MISC
php -- php	ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM("WScript.Shell").	2018-11-20	not yet calculated	CVE-2018-19395 BID MISC
php -- php	ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class.	2018-11-20	not yet calculated	CVE-2018-19396 BID MISC
php_proxy -- php_proxy	In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.	2018-11-22	not yet calculated	CVE-2018-19458 MISC EXPLOIT-DB
phpbb -- phpbb	Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions.	2018-11-17	not yet calculated	CVE-2018-19274 MISC MLIST CONFIRM
pivotal -- cloud_foundry_on_demand_services_sdk	Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and gain access to perform broker operations.	2018-11-19	not yet calculated	CVE-2018-15759 CONFIRM
portainer.io -- portainer	Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case.	2018-11-20	not yet calculated	CVE-2018-19367 MISC MISC
prestashop -- prestashop	modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfiles), order (for upload destinations under modules/files), or cart (for upload destinations under modules/cartfiles).	2018-11-18	not yet calculated	CVE-2018-19355 MISC
project_jupyter -- jupyter_notebook	Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py, NbconvertFileHandler and NbconvertPostHandler do not set a Content Security Policy to prevent this.	2018-11-18	not yet calculated	CVE-2018-19351 MISC MISC MISC MISC
project_jupyter -- jupyter_notebook	Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely.	2018-11-18	not yet calculated	CVE-2018-19352 MISC MISC MISC
roche_diagnostics -- accu-check_inform_ii_base_unit_and_coaguchek	An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Weak access credentials may enable attackers in the adjacent network to gain unauthorized service access via a service interface.	2018-11-20	not yet calculated	CVE-2018-18562 BID MISC
roche_diagnostics -- accu-chek_inform_ii_base_unit_and_coaguchek	An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Insecure permissions in a service interface may allow authenticated attackers in the adjacent network to execute arbitrary commands on the operating system.	2018-11-20	not yet calculated	CVE-2018-18561 BID MISC
roche_diagnostics -- multiple_products	An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial Number below KQ0400000 or KS0400000) and cobas h 232 before 04.00.04 (Serial Number above KQ0400000 or KS0400000). Improper access control to a service command allows attackers in the adjacent network to execute arbitrary code on the system through a crafted Poct1-A message.	2018-11-20	not yet calculated	CVE-2018-18563 BID MISC
roche_diagnostics -- multiple_products	An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial number below KQ0400000 or KS0400000), and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000). A vulnerability in the software update mechanism allows authenticated attackers in the adjacent network to overwrite arbitrary files on the system through a crafted update package.	2018-11-20	not yet calculated	CVE-2018-18565 BID MISC
roche_diagnostics -- multiple_products	An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000). Improper access control allows attackers in the adjacent network to change the instrument configuration.	2018-11-20	not yet calculated	CVE-2018-18564 BID MISC
royal_applications -- royal_ts_and_tsx_browser_extensions	The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure.	2018-11-20	not yet calculated	CVE-2018-18865 MISC FULLDISC FULLDISC EXPLOIT-DB
samsung -- 840_evo_devices	An issue was discovered on Samsung 840 EVO devices. Vendor-specific commands may allow access to the disk-encryption key.	2018-11-20	not yet calculated	CVE-2018-12038 CERT-VN BID MISC CONFIRM
samsung -- multiple_devices	An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows attackers with privileged access to SSD firmware full access to encrypted data.	2018-11-20	not yet calculated	CVE-2018-12037 BID MISC CONFIRM
showdoc -- showdoc	ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value.	2018-11-22	not yet calculated	CVE-2018-19433 MISC
subrion -- subrion_cms	/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.	2018-11-21	not yet calculated	CVE-2018-19422 MISC
sysstat -- sysstat	An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memmove call, as demonstrated by sadf.	2018-11-21	not yet calculated	CVE-2018-19416 MISC
sysstat -- sysstat	An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memset call, as demonstrated by sadf.	2018-11-24	not yet calculated	CVE-2018-19517 MISC
tryton -- tryton	The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. This connection attempt fails, but it contains in the header the current session of the user. This session could then be stolen by a man-in-the-middle.	2018-11-22	not yet calculated	CVE-2018-19443 MISC MISC
ucms -- ucms	UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash] is used for arbitrary cookie values that are set and not empty.	2018-11-22	not yet calculated	CVE-2018-19437 MISC
vanilla_forums -- vanilla	Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class.	2018-11-23	not yet calculated	CVE-2018-19499 MISC
weberp -- weberp	An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear_ parameter.	2018-11-22	not yet calculated	CVE-2018-19434 MISC
weberp -- weberp	An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter.	2018-11-22	not yet calculated	CVE-2018-19435 MISC
weberp -- weberp	An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter.	2018-11-22	not yet calculated	CVE-2018-19436 MISC
yxcms -- yxcms	In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url= followed by that URL. This is related to the onlineinstall and import functions.	2018-11-20	not yet calculated	CVE-2018-19404 MISC
z-blogphp -- z-blogphp	zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI.	2018-11-22	not yet calculated	CVE-2018-19463 MISC
zoho -- manageengine_opmanager	Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability.	2018-11-20	not yet calculated	CVE-2018-18716 MISC FULLDISC BUGTRAQ
zoho -- manageengine_opmanager	Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS.	2018-11-20	not yet calculated	CVE-2018-18715 MISC FULLDISC BUGTRAQ