SB18-162: Vulnerability Summary for the Week of June 4, 2018

Original release date: June 11, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National
Institute of Standards and Technology
(NIST) National Vulnerability Database
(NVD) in the past week. The NVD is sponsored by the Department of Homeland Security
(DHS) National Cybersecurity and Communications Integration Center
(NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For
modified or updated entries, please visit the NVD, which
contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming
standard and are organized according to severity, determined by the Common
Vulnerability Scoring System
(CVSS) standard. The division of high, medium, and low severities correspond
to the following scores:

  • High – Vulnerabilities will
    be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities
    will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be
    labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This
information may include identifying information, values, definitions, and related links. Patch information is
provided when available. Please note that some of the information in the bulletins is compiled from external, open
source reports and is not a direct result of US-CERT analysis.

 

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of
Standards and Technology (NIST) National Vulnerability Database
(NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD
for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no medium vulnerabilities recorded this week.

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
11xiaoli — 11xiaoli
 
11xiaoli is a simple file server. 11xiaoli is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16160
MISC
MISC
22lixian — 22lixian
 
22lixian is a simple file server. 22lixian is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16162
MISC
MISC
360class.jansenhm — 360class.jansenhm
 
360class.jansenhm is a static file server. 360class.jansenhm is vulnerable to a directory traversal
issue, giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16186
MISC
MISC
3rd-eden — useragent
 
Useragent is used to parse useragent headers. It uses several regular expressions to accomplish
this. An attacker could edit their own headers, creating an arbitrarily long useragent string,
causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.
2018-06-04not yet calculatedCVE-2017-16030
MISC
626 — 626
 
626 node module suffers from a Path Traversal vulnerability due to lack of validation of file,
which allows a malicious user to read content of any file with known path.
2018-06-06not yet calculatedCVE-2018-3727
MISC
abb — ip_gateway
 
In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was
performed by the authenticated user, which may allow an attacker to launch a request impersonating
that user.
2018-06-06not yet calculatedCVE-2017-7906
BID
MISC
abb — ip_gateway
 
In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text,
which may allow an attacker to gain unauthorized access.
2018-06-06not yet calculatedCVE-2017-7933
BID
MISC
abb — ip_gateway
 
In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator (URL) on the web
server, a malicious user is able to access the configuration files and application pages without
authentication.
2018-06-06not yet calculatedCVE-2017-7931
BID
MISC
ablankenship10 — goserv
 
goserv is an http server. goserv is vulnerable to a directory traversal issue, giving an attacker
access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16133
MISC
MISC
ag-grid — ag-grid
 
ag-grid is an advanced data grid that is library agnostic. ag-grid is vulnerable to Cross-site
Scripting (XSS) via Angular Expressions, if AngularJS is used in combination with ag-grid.
2018-06-04not yet calculatedCVE-2017-16009
MISC
MISC
MISC
allen_bradley — micrologix
 
An exploitable file write vulnerability exists in the memory module functionality of Allen Bradley
Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a file write
resulting in a new program being written to the memory module. An attacker can send an
unauthenticated packet to trigger this vulnerability.
2018-06-04not yet calculatedCVE-2017-12092
MISC
angular-http-server — angular-http-server
 
angular-http-server node module suffers from a Path Traversal vulnerability due to lack of
validation of possibleFilename, which allows a malicious user to read content of any file with
known path.
2018-06-06not yet calculatedCVE-2018-3713
MISC
apache — mxnet
 
The clustered setup of Apache MXNet allows users to specify which IP address and port the scheduler
will listen on via the DMLC_PS_ROOT_URI and DMLC_PS_ROOT_PORT env variables. In versions older than
1.0.0, however, the MXNet framework will listen on 0.0.0.0 rather than user specified
DMLC_PS_ROOT_URI once a scheduler node is initialized. This exposes the instance running MXNet to
any attackers reachable via the interface they didn’t expect to be listening on. For example: If a
user wants to run a clustered setup locally, they may specify to run on 127.0.0.1. But since MXNet
will listen on 0.0.0.0, it makes the port accessible on all network interfaces.
2018-06-08not yet calculatedCVE-2018-1281
CONFIRM
apache — storm
 
Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a
vulnerability that could allow a user to impersonate another user when communicating with some
Storm Daemons.
2018-06-05not yet calculatedCVE-2018-1332
BID
CONFIRM
apache — storm
 
Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an
arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive
(affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal
filenames. So when the filename gets concatenated to the target extraction directory, the final
path ends up outside of the target folder.
2018-06-05not yet calculatedCVE-2018-8008
BID
CONFIRM
apple — ios_and_macos_and_icloud_and_itunes_and_tvos_and_watchos
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before
10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is
affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the
“Security” component. It allows local users to bypass intended restrictions on the reading of a
persistent device identifier.
2018-06-08not yet calculatedCVE-2018-4224
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios_and_macos_and_icloud_and_itunes_and_watchos
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before
10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is
affected. watchOS before 4.3.1 is affected. The issue involves the “Security” component. It allows
local users to bypass intended restrictions on the reading of sensitive user information.
2018-06-08not yet calculatedCVE-2018-4226
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios_and_macos_and_icloud_and_itunes_and_watchos
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before
10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is
affected. watchOS before 4.3.1 is affected. The issue involves the “Security” component. It allows
local users to bypass intended restrictions on Keychain state modifications.
2018-06-08not yet calculatedCVE-2018-4225
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios_and_macos_and_tvos_and_watchosAn issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before
10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue
involves the “Messages” component. It allows remote attackers to cause a denial of service via a
crafted message.
2018-06-08not yet calculatedCVE-2018-4240
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios_and_macos_and_tvos_and_watchos
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before
10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue
involves the “UIKit” component. It allows remote attackers to cause a denial of service via a
crafted text file.
2018-06-08not yet calculatedCVE-2018-4198
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios_and_macos_and_tvos_and_watchos
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before
10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue
involves the “Security” component. It allows local users to bypass intended restrictions on the
reading of a persistent account identifier.
2018-06-08not yet calculatedCVE-2018-4223
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios_and_macos_and_tvos_and_watchos
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before
10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue
involves the “Kernel” component. A buffer overflow in getvolattrlist allows attackers to execute
arbitrary code in a privileged context via a crafted app.
2018-06-08not yet calculatedCVE-2018-4243
SECTRACK
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DB
apple — ios_and_macos_and_tvos_and_watchos
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before
10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue
involves the “Kernel” component. A buffer overflow in mptcp_usr_connectx allows attackers to
execute arbitrary code in a privileged context via a crafted app.
2018-06-08not yet calculatedCVE-2018-4241
SECTRACK
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DB
apple — ios_and_macos_and_tvos_and_watchos
 
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before
10.13.4 Security Update 2018-001 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is
affected. The issue involves the “Crash Reporter” component. It allows attackers to execute
arbitrary code or cause a denial of service (memory corruption) via a crafted app that replaces a
privileged port name.
2018-06-08not yet calculatedCVE-2018-4206
BID
BID
SECTRACK
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DB
apple — ios_and_macos_and_tvos_and_watchos
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before
10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue
involves pktmnglr_ipfilter_input in com.apple.packet-mangler in the “Kernel” component. It allows
attackers to execute arbitrary code in a privileged context or cause a denial of service (integer
overflow and stack-based buffer overflow) via a crafted app.
2018-06-08not yet calculatedCVE-2018-4249
SECTRACK
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios_and_macos_and_tvos_and_watchos
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before
10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue
involves the “FontParser” component. It allows remote attackers to execute arbitrary code or cause
a denial of service (memory corruption and application crash) via a crafted font file.
2018-06-08not yet calculatedCVE-2018-4211
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios_and_macos_and_tvos_and_watchos
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before
10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue
involves the “libxpc” component. It allows attackers to gain privileges via a crafted app that
leverages a logic error.
2018-06-08not yet calculatedCVE-2018-4237
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios_and_macos
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before
10.13.5 is affected. The issue involves the “Security” component. It allows web sites to track
users by leveraging the transmission of S/MIME client certificates.
2018-06-08not yet calculatedCVE-2018-4221
SECTRACK
CONFIRM
CONFIRM
apple — ios_and_macos
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before
10.13.5 is affected. The issue involves the “iBooks” component. It allows man-in-the-middle
attackers to spoof a password prompt.
2018-06-08not yet calculatedCVE-2018-4202
SECTRACK
CONFIRM
CONFIRM
apple — ios_and_macos
 
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before
10.13.4 Security Update 2018-001 is affected. The issue involves the “LinkPresentation” component.
It allows remote attackers to spoof the UI via a crafted URL in a text message.
2018-06-08not yet calculatedCVE-2018-4187
BID
BID
SECTRACK
CONFIRM
CONFIRM
apple — ios_and_safari_and_icloud_and_itunes_and_tvosAn issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before
11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is
affected. tvOS before 11.4 is affected. The issue involves the “WebKit” component. It allows remote
attackers to execute arbitrary code or cause a denial of service (memory corruption and application
crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free.
2018-06-08not yet calculatedCVE-2018-4200
BID
SECTRACK
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
UBUNTU
EXPLOIT-DB
apple — ios_and_safari_and_icloud_and_itunes_and_tvosAn issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1
is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes
before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the “WebKit”
component. It allows remote attackers to execute arbitrary code or cause a denial of service
(memory corruption and application crash) via a crafted web site.
2018-06-08not yet calculatedCVE-2018-4204
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios_and_safari_and_icloud_and_itunes_and_tvosAn issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before
11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is
affected. tvOS before 11.4 is affected. The issue involves the “WebKit” component. It allows remote
attackers to overwrite cookies via a crafted web site.
2018-06-08not yet calculatedCVE-2018-4232
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios_and_safari_and_icloud_and_itunes_and_tvos_and_watchosAn issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before
11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is
affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the
“WebKit” component. It allows remote attackers to execute arbitrary code via a crafted web site
that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation.
2018-06-08not yet calculatedCVE-2018-4222
SECTRACK
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DB
apple — ios_and_safari_and_icloud_and_itunes_and_tvos_and_watchos
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before
11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is
affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the
“WebKit” component. It allows remote attackers to cause a denial of service (memory corruption and
Safari crash) or possibly have unspecified other impact via a crafted web site.
2018-06-08not yet calculatedCVE-2018-4214
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios_and_safari_and_icloud_and_itunes_and_tvos_and_watchos
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before
11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is
affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the
“WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
2018-06-08not yet calculatedCVE-2018-4201
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios_and_safari_and_icloud_and_itunes_and_tvos_and_watchos
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before
11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is
affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the
“WebKit” component. It allows remote attackers to execute arbitrary code via a crafted web site
that leverages type confusion.
2018-06-08not yet calculatedCVE-2018-4246
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios_and_safari_and_icloud_and_itunes_and_tvos_and_watchos
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before
11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is
affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the
“WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site that triggers an
@generatorState use-after-free.
2018-06-08not yet calculatedCVE-2018-4218
SECTRACK
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DB
apple — ios_and_safari_and_icloud_and_itunes_and_tvos_and_watchos
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before
11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is
affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the
“WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
2018-06-08not yet calculatedCVE-2018-4233
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios_and_safari_and_icloud_and_itunes_and_tvos_and_watchos
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before
11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is
affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the
“WebKit” component. It allows remote attackers to execute arbitrary code via a crafted web site
that leverages a race condition.
2018-06-08not yet calculatedCVE-2018-4192
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios_and_safari_and_icloud_and_itunes_and_tvos
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before
11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is
affected. tvOS before 11.4 is affected. The issue involves the “WebKit” component. It allows remote
attackers to obtain sensitive credential information that is transmitted during a CSS mask-image
fetch.
2018-06-08not yet calculatedCVE-2018-4190
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios_and_safari_and_icloud_and_itunes_and_tvos
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before
11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is
affected. tvOS before 11.4 is affected. The issue involves the “WebKit” component. It allows remote
attackers to execute arbitrary code or cause a denial of service (buffer overflow and application
crash) via a crafted web site.
2018-06-08not yet calculatedCVE-2018-4199
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves
the “Messages” component. It allows remote attackers to cause a denial of service via a crafted
message.
2018-06-08not yet calculatedCVE-2018-4250
SECTRACK
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves
the “Siri” component. It allows physically proximate attackers to bypass the lock-screen protection
mechanism and obtain private notification content via Siri.
2018-06-08not yet calculatedCVE-2018-4252
SECTRACK
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves
the “Siri Contacts” component. It allows physically proximate attackers to discover private contact
information via Siri.
2018-06-08not yet calculatedCVE-2018-4244
SECTRACK
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves
the “Bluetooth” component. It allows attackers to gain privileges or cause a denial of service
(buffer overflow) via a crafted app.
2018-06-08not yet calculatedCVE-2018-4215
SECTRACK
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves
the “Magnifier” component. It allows physically proximate attackers to bypass the lock-screen
protection mechanism and see the most recent Magnifier image.
2018-06-08not yet calculatedCVE-2018-4239
SECTRACK
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves
the “Siri” component. It allows physically proximate attackers to bypass the lock-screen protection
mechanism and enable Siri.
2018-06-08not yet calculatedCVE-2018-4238
SECTRACK
CONFIRM
apple — macosAn issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue
involves the “Bluetooth” component. It allows attackers to obtain sensitive kernel memory-layout
information via a crafted app that leverages device properties.
2018-06-08not yet calculatedCVE-2018-4171
SECTRACK
CONFIRM
apple — macosAn issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue
involves the “Hypervisor” component. It allows attackers to execute arbitrary code in a privileged
context or cause a denial of service (memory corruption) via a crafted app.
2018-06-08not yet calculatedCVE-2018-4242
SECTRACK
CONFIRM
apple — macos_and_tvos_and_watchos
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before
10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue
involves the “Messages” component. It allows local users to perform impersonation attacks via an
unspecified injection.
2018-06-08not yet calculatedCVE-2018-4235
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue
involves the “Windows Server” component. It allows attackers to execute arbitrary code in a
privileged context or cause a denial of service (memory corruption) via a crafted app.
2018-06-08not yet calculatedCVE-2018-4193
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue
involves the “AMD” component. It allows local users to bypass intended memory-read restrictions or
cause a denial of service (out-of-bounds read of kernel memory) via a crafted app.
2018-06-08not yet calculatedCVE-2018-4253
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue
involves the “Grand Central Dispatch” component. It allows attackers to bypass a sandbox protection
mechanism by leveraging the misparsing of entitlement plists.
2018-06-08not yet calculatedCVE-2018-4229
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue
involves the “IOFireWireAVC” component. It allows attackers to execute arbitrary code in a
privileged context via a crafted app that leverages a race condition.
2018-06-08not yet calculatedCVE-2018-4228
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue
involves the “IOGraphics” component. It allows attackers to execute arbitrary code in a privileged
context or cause a denial of service (memory corruption) via a crafted app.
2018-06-08not yet calculatedCVE-2018-4236
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue
involves the “Accessibility Framework” component. It allows attackers to execute arbitrary code in
a privileged context or obtain sensitive information via a crafted app.
2018-06-08not yet calculatedCVE-2018-4196
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before
10.13.5 is affected. The issue involves the “Mail” component. It allows remote attackers to read
the cleartext content of S/MIME encrypted messages via direct exfiltration.
2018-06-08not yet calculatedCVE-2018-4227
SECTRACK
MISC
CONFIRM
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue
involves the “Graphics Drivers” component. It allows attackers to bypass intended memory-read
restrictions via a crafted app.
2018-06-08not yet calculatedCVE-2018-4159
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue
involves the “IOHIDFamily” component. It allows attackers to execute arbitrary code in a privileged
context or cause a denial of service (memory corruption) via a crafted app.
2018-06-08not yet calculatedCVE-2018-4234
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue
involves the “ATS” component. It allows attackers to gain privileges via a crafted app that
leverages type confusion.
2018-06-08not yet calculatedCVE-2018-4219
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue
involves the “Intel Graphics Driver” component. It allows attackers to bypass intended memory-read
restrictions via a crafted app.
2018-06-08not yet calculatedCVE-2018-4141
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue
involves the “Speech” component. It allows attackers to bypass a sandbox protection mechanism to
obtain microphone access.
2018-06-08not yet calculatedCVE-2018-4184
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue
involves the “NVIDIA Graphics Drivers” component. It allows attackers to execute arbitrary code in
a privileged context via a crafted app that triggers a SetAppSupportBits use-after-free because of
a race condition.
2018-06-08not yet calculatedCVE-2018-4230
SECTRACK
MISC
CONFIRM
EXPLOIT-DB
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue
involves the “Firmware” component. It allows attackers to modify the EFI flash-memory region that a
crafted app that has root access.
2018-06-08not yet calculatedCVE-2018-4251
SECTRACK
CONFIRM
apple — safari_and_icloud_and_itunes_and_tvosAn issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before
11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is
affected. tvOS before 11.4 is affected. The issue involves the “WebKit” component. It allows remote
attackers to spoof the address bar via a crafted web site.
2018-06-08not yet calculatedCVE-2018-4188
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — safari
 
An issue was discovered in certain Apple products. Safari before 11.1.1 is affected. The issue
involves the “Safari” component. It allows remote attackers to spoof the address bar via a crafted
web site.
2018-06-08not yet calculatedCVE-2018-4205
SECTRACK
CONFIRM
apple — safari
 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before
11.1.1 is affected. The issue involves the “Safari” component. It allows remote attackers to cause
a denial of service (persistent Safari outage) via a crafted web site.
2018-06-08not yet calculatedCVE-2018-4247
BID
SECTRACK
CONFIRM
CONFIRM
MISC
apple — swift
 
An issue was discovered in certain Apple products. Swift before 4.1.1 Security Update 2018-001 is
affected. The issue involves the “Swift for Ubuntu” component. It allows attackers to execute
arbitrary code in a privileged context because write and execute permissions are enabled during
library loading.
2018-06-08not yet calculatedCVE-2018-4220
BID
CONFIRM

aprendecondedos — dedos-web

 

In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded
values that are visible in the source code published on GitHub. An attacker can edit the contents
of the session cookie and re-sign it using the hardcoded secret. Due to the use of Passport.js,
this could lead to privilege escalation.
2018-06-05not yet calculatedCVE-2018-10813
MISC
MISC
arthur-zhang — node-bsdiff-android
 
node-bsdiff-android downloads resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-04not yet calculatedCVE-2016-10641
MISC
augustine — augustine
 
augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url,
which allows a malicious user to read content of any file with known path.
2018-06-04not yet calculatedCVE-2017-0930
MISC
babelcli — babelcli
 
babelcli was a malicious module published with the intent to hijack environment variables. It has
been unpublished by npm.
2018-06-06not yet calculatedCVE-2017-16060
MISC
beaconmedaes — totalalert_scroll_medical_air_systems_web_application
 
In the web application in BeaconMedaes TotalAlert Scroll Medical Air Systems running software
versions prior to 4107600010.23, passwords are presented in plaintext in a file that is accessible
without authentication.
2018-06-06not yet calculatedCVE-2018-7510
MISC
bear-qv — ex
 
exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide. exxxxxxxxxxx is vulnerable to a
directory traversal issue, giving an attacker access to the filesystem by placing “../” in the url.
Accessible files are restricted to those with a file extension. Files with no extension such as
/etc/passwd throw an error.
2018-06-06not yet calculatedCVE-2017-16130
MISC
MISC
betterjs — badjs-sourcemap-server
 
`badjs-sourcemap-server` receives files sent by `badjs-sourcemap`. `badjs-sourcemap-server` is
vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing
“../” in the url.
2018-06-04not yet calculatedCVE-2017-16036
MISC
MISC
bird — internet_routing_daemon
 
BIRD Internet Routing Daemon before 1.6.4 allows local users to cause a denial of service (stack
consumption and daemon crash) via BGP mask expressions in birdc.
2018-06-08not yet calculatedCVE-2018-12066
CONFIRM
CONFIRM
CONFIRM
CONFIRM

bitfu — uc-httpd-1.0.0-buffer-overflow-exploit

 

Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different
vulnerability than CVE-2017-16725.
2018-06-08not yet calculatedCVE-2018-10088
MISC
EXPLOIT-DB
bitjson — slimerjs-edge
 
slimerjs-edge is a npm wrapper for installing the bleeding edge version of slimerjs. slimerjs-edge
downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be
possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker
controlled binary if the attacker is on the network or positioned in between the user and the
remote server.
2018-06-04not yet calculatedCVE-2016-10644
MISC

blakeembrey — no-case

 

The no-case module is vulnerable to regular expression denial of service. When malicious untrusted
user input is passed into no-case it can block the event loop causing a denial of service
condition.
2018-06-06not yet calculatedCVE-2017-16099
MISC
MISC
bmeck — node-sfml
 
sfml downloads resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-04not yet calculatedCVE-2016-10654
MISC
botbait — botbait
 
The module botbait is a tool to be used to track bot and automated tools usage with-in the npm
ecosystem. botbait is known to record and track user information. The module tracks the following
information. Source IP process.versions process.platform How the module was invoked (test, require,
pre-install)
2018-06-06not yet calculatedCVE-2017-16126
MISC
bouncy_castle — bc_and_bc-fja
 
Bouncy Castle BC 1.54 – 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level
interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with
added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60
beta 4 and later, BC-FJA 1.0.2 and later.
2018-06-05not yet calculatedCVE-2018-1000180
CONFIRM
CONFIRM
CONFIRM
MISC
bouncy_castle — jce_providerIn the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable
to timing attack. Where timings can be closely observed for the generation of signatures, the lack
of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature’s k
value and ultimately the private value as well.
2018-06-04not yet calculatedCVE-2016-1000341
CONFIRM
bouncy_castle — jce_provider
 
In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not
fully validated. This can cause issues as invalid keys can be used to reveal details about the
other party’s private key where static Diffie-Hellman is in use. As of release 1.56 the key
parameters are checked on agreement calculation.
2018-06-04not yet calculatedCVE-2016-1000346
CONFIRM
bouncy_castle — jce_provider
 
In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES
was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that
if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak
information on the AES key being used. There was also a leak in AESEngine although it was
substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out
on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of
AESFastEngine is now only recommended where otherwise deemed appropriate.
2018-06-04not yet calculatedCVE-2016-1000339
CONFIRM
CONFIRM
bouncy_castle — jce_provider
 
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use
of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
2018-06-04not yet calculatedCVE-2016-1000344
CONFIRM
bouncy_castle — jce_provider
 
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to
padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily
observed, it is possible with enough observations to identify when the decryption is failing due to
padding.
2018-06-04not yet calculatedCVE-2016-1000345
CONFIRM
bouncy_castle — jce_provider
 
In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a
weak private key if used with default values. If the JCA key pair generator is not explicitly
initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key
size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair
generator.
2018-06-04not yet calculatedCVE-2016-1000343
CONFIRM
bouncy_castle — jce_provider
 
In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in
the implementation of squaring for several raw math classes have been fixed
(org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve
implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in
general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would
have been detected with high probability by the output validation for our scalar multipliers.
2018-06-04not yet calculatedCVE-2016-1000340
CONFIRM
bouncy_castle — jce_provider
 
In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1
encoding of signature on verification. It is possible to inject extra elements in the sequence
making up the signature and still have it validate, which in some cases may allow the introduction
of ‘invisible’ data into a signed structure.
2018-06-04not yet calculatedCVE-2016-1000342
CONFIRM
bouncy_castle — jce_provider
 
In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use
of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
2018-06-04not yet calculatedCVE-2016-1000352
CONFIRM
brianc — node-postgres
 
A remote code execution vulnerability was found within the pg module when the remote database or
query specifies a specially crafted column name. There are 2 likely scenarios in which one would
likely be vulnerable. 1) Executing unsafe, user-supplied sql which contains a malicious column
name. 2) Connecting to an untrusted database and executing a query which returns results where any
of the column names are malicious.
2018-06-06not yet calculatedCVE-2017-16082
MISC
MISC

brit95 — lab6

 

lab6.brit95 is a file server. lab6.brit95 is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16140
MISC
MISC
broofa — node-mime
 
The mime module is vulnerable to regular expression denial of service when a mime lookup is
performed on untrusted user input.
2018-06-06not yet calculatedCVE-2017-16138
MISC
MISC
brother — hl-l2340d_printers_and_hl-l2380dw_printers
 
Cross-site scripting (XSS) vulnerability on Brother HL-L2340D and HL-L2380DW series printers allows
remote attackers to inject arbitrary web script or HTML via the url parameter to
etc/loginerror.html.
2018-06-01not yet calculatedCVE-2018-11581
MISC
EXPLOIT-DB
byucslabsix — byucslabsix
 
byucslabsix is an http server. byucslabsix is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16166
MISC
MISC
calmquist.static-server — calmquist.static-server
 
calmquist.static-server is a static file server. calmquist.static-server is vulnerable to a
directory traversal issue, giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16165
MISC
MISC
canon — lbp6030w_web_interface
 
A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a
PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device.
2018-06-07not yet calculatedCVE-2018-12049
MISC
canon — lbp7110cw_web_interface
 
A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN
for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device.
2018-06-07not yet calculatedCVE-2018-12048
MISC
canon — mf210_and_mf220_web_interface
 
A remote attacker can bypass the System Manager Mode on the Canon MF210 and MF220 web interface
without knowing the PIN for /login.html via vectors involving /portal_top.html to get full access
to the device.
2018-06-04not yet calculatedCVE-2018-11711
MISC
EXPLOIT-DB
canon — multiple_devices
 
An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices. It is possible to
bypass the Administrator Mode authentication for /tlogin.cgi via vectors involving
frame.cgi?page=DevStatus.
2018-06-04not yet calculatedCVE-2018-11692
MISC
EXPLOIT-DB

caolan — forms

 

Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html
escaping. This means that if the application did not sanitize html on behalf of forms, use of forms
may be vulnerable to cross site scripting
2018-06-04not yet calculatedCVE-2017-16015
MISC
MISC
caolilinode — caolilinode
 
caolilinode is a simple file server. caolilinode is vulnerable to a directory traversal issue,
giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16159
MISC
MISC
cedced19 — fast-http
 
fast-http-cli is the command line interface for fast-http, a simple web server. fast-http-cli is
vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing
“../” in the url.
2018-06-06not yet calculatedCVE-2017-16155
MISC
MISC
censorify.tanisjr — censorify.tanisjr
 
censorify.tanisjr is a simple web server and API RESTful service. censorify.tanisjr is vulnerable
to a directory traversal issue, giving an attacker access to the filesystem by placing “../” in the
url.
2018-06-06not yet calculatedCVE-2017-16157
MISC
MISC
charset — charset
 
charset 1.0.0 and below are vulnerable to regular expression denial of service. Input of around 50k
characters is required for a slow down of around 2 seconds. Unless node was compiled using the
-DHTTP_MAX_HEADER_SIZE= option the default header max length is 80kb, so the impact of the ReDoS is
relatively low.
2018-06-06not yet calculatedCVE-2017-16098
MISC
MISC
chatbyvista — chatbyvista
 
chatbyvista is a file server. chatbyvista is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16177
MISC
MISC
cisco — 6800_and_7800_and_8800_series_ip_phones
 
A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP
Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an
unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a
temporary denial of service (DoS) condition. The vulnerability exists because the firmware of an
affected phone incorrectly handles errors that could occur when an incoming phone call is not
answered. An attacker could exploit this vulnerability by sending a set of maliciously crafted SIP
packets to an affected phone. A successful exploit could allow the attacker to cause the affected
phone to reload unexpectedly, resulting in a temporary DoS condition. This vulnerability affects
Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware if they are running a
Multiplatform Firmware release prior to Release 11.1(2). Cisco Bug IDs: CSCvi24718.
2018-06-07not yet calculatedCVE-2018-0316
CONFIRM
cisco — adaptive_security_appliance
 
A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an
unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a
denial of service (DoS) condition. It is also possible on certain software releases that the ASA
will not reload, but an attacker could view sensitive system information without authentication by
using directory traversal techniques. The vulnerability is due to lack of proper input validation
of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to
an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated
disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This
vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is
running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V
Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation
Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series
Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance,
Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv).
Cisco Bug IDs: CSCvi16029.
2018-06-07not yet calculatedCVE-2018-0296
CONFIRM
cisco — anyconnect_network_access_manager_and_anyconnect_secure_mobility_client
 
A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager
and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could
allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading
certain configuration files. The vulnerability is due to improper use of Simple Certificate
Enrollment Protocol and improper server certificate validation. An attacker could exploit this
vulnerability by preparing malicious profile and localization files for Cisco AnyConnect to use. A
successful exploit could allow the attacker to remotely change the configuration profile, a
certificate, or the localization data used by AnyConnect Secure Mobility Client. Cisco Bug IDs:
CSCvh23141.
2018-06-07not yet calculatedCVE-2018-0334
CONFIRM
cisco — appdynamics_app_iq_platform
 
The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4.3.10598 (HF4) allows SQL
injection, aka the Security Advisory 2089 issue.
2018-06-08not yet calculatedCVE-2018-0225
CONFIRM
cisco — firesight_system_software
 
A vulnerability in the VPN configuration management of Cisco FireSIGHT System Software could allow
an unauthenticated, remote attacker to bypass VPN security due to unintended side effects of
dynamic configuration changes that could allow an attacker to bypass configured policies. The
vulnerability is due to incorrect management of the configured interface names and VPN parameters
when dynamic CLI configuration changes are performed. An attacker could exploit this vulnerability
by sending packets through an interface on the targeted device. A successful exploit could allow
the attacker to bypass configured VPN policies. Cisco Bug IDs: CSCvh49388.
2018-06-07not yet calculatedCVE-2018-0333
BID
CONFIRM
cisco — identity_services_engine
 
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could
allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a
user of the web-based interface. The vulnerability is due to insufficient input validation of some
parameters passed to the web-based management interface. An attacker could exploit this
vulnerability by convincing a user of the interface to click a specific link. A successful exploit
could allow the attacker to execute arbitrary script code in the context of the interface or allow
the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf72309.
2018-06-07not yet calculatedCVE-2018-0339
CONFIRM
cisco — integrated_management_controller_supervisor_software_and_
ucs_director_software
 
A vulnerability in the web-based management interface of Cisco Integrated Management Controller
Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker
to conduct a Document Object Model-based (DOM-based), stored cross-site scripting (XSS) attack
against a user of the web-based management interface of an affected device. The vulnerability is
due to insufficient validation of user-supplied input by the web-based management interface of the
affected software. An attacker could exploit this vulnerability by persuading a user of the
affected interface to click a malicious link. A successful exploit could allow the attacker to
execute arbitrary script code in the context of the affected interface or allow the attacker to
access sensitive browser-based information on the affected device. Cisco Bug IDs: CSCvh12994.
2018-06-07not yet calculatedCVE-2018-0149
CONFIRM
cisco — ios_xe_software
 
A vulnerability in the authentication, authorization, and accounting (AAA) security services of
Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on
an affected device or cause an affected device to reload, resulting in a denial of service (DoS)
condition. The vulnerability is due to incorrect memory operations that the affected software
performs when the software parses a username during login authentication. An attacker could exploit
this vulnerability by attempting to authenticate to an affected device. A successful exploit could
allow the attacker to execute arbitrary code on the affected device or cause the affected device to
reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are running
Cisco IOS XE Software Release Fuji 16.7.1 or Fuji 16.8.1 and are configured to use AAA for login
authentication. Cisco Bug IDs: CSCvi25380.
2018-06-07not yet calculatedCVE-2018-0315
BID
CONFIRM
cisco — meeting_server
 
A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to
access services running on internal device interfaces of an affected system. The vulnerability is
due to incorrect default configuration of the device, which can expose internal interfaces and
ports on the external interface of the system. A successful exploit could allow the attacker to
gain unauthenticated access to configuration and database files and sensitive meeting information
on an affected system. This vulnerability affects Cisco Meeting Server (CMS) 2000 Platforms that
are running a CMS Software release prior to Release 2.2.13 or Release 2.3.4. Cisco Bug IDs:
CSCvg76471.
2018-06-07not yet calculatedCVE-2018-0263
BID
CONFIRM
cisco — multiple_productsMultiple Cisco products are affected by a vulnerability in local file management for certain system
log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to
cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability
occurs because a certain system log file does not have a maximum size restriction. Therefore, the
file is allowed to consume the majority of available disk space on the appliance. An attacker could
exploit this vulnerability by sending crafted remote connection requests to the appliance.
Successful exploitation could allow the attacker to increase the size of a system log file so that
it consumes most of the disk space. The lack of available disk space could lead to a DoS condition
in which the application functions could operate abnormally, making the appliance unstable. This
vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency
Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager,
SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence
Service (IM&P – earlier releases were known as Cisco Unified Presence), Unified Communication
Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified
Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also
affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs:
CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556,
CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823.
2018-06-07not yet calculatedCVE-2017-6779
CONFIRM
cisco — network_services_orchestrator
 
A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an
authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root
user. The vulnerability is due to insufficient input validation. An attacker could exploit this
vulnerability by injecting malicious arguments into vulnerable commands. A successful exploit could
allow the attacker to execute arbitrary commands with root privileges on the affected system. This
vulnerability affects the following releases of Cisco Network Services Orchestrator (NSO): 4.1
through 4.1.6.0, 4.2 through 4.2.4.0, 4.3 through 4.3.3.0, 4.4 through 4.4.2.0. Cisco Bug IDs:
CSCvf99982.
2018-06-07not yet calculatedCVE-2018-0274
CONFIRM
cisco — node-jose
 
node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for
current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable
to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with
Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) is used.
2018-06-04not yet calculatedCVE-2017-16007
MISC
MISC
MISC
MISC
cisco — prime_collaboration_provisioningA vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP)
could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device.
The vulnerability is due to insufficient validation of a password recovery request. An attacker
could exploit this vulnerability by submitting a password recovery request and changing the
password for any user on an affected system. An exploit could allow the attacker to gain
administrative-level privileges on the affected system. This vulnerability affects Cisco Prime
Collaboration Provisioning (PCP) Releases 11.6 and prior. Cisco Bug IDs: CSCvd07253.
2018-06-07not yet calculatedCVE-2018-0319
CONFIRM
cisco — prime_collaboration_provisioning
 
A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning
could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to
improper logging of authentication data. An attacker could exploit this vulnerability by monitoring
a specific World-Readable file for this authentication data (Cleartext Passwords). An exploit could
allow the attacker to gain authentication information for other users. Cisco Bug IDs: CSCvd86602.
2018-06-07not yet calculatedCVE-2018-0335
CONFIRM
cisco — prime_collaboration_provisioning
 
A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning (PCP) could
allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is
due to a lack of proper validation on user-supplied input in SQL queries. An attacker could exploit
this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected
application. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.1
and prior. Cisco Bug IDs: CSCvd61754.
2018-06-07not yet calculatedCVE-2018-0320
BID
CONFIRM
cisco — prime_collaboration_provisioning
 
A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could
allow an authenticated, remote attacker to escalate privileges to the Administrator level. The
vulnerability is due to insufficient authorization enforcement on batch processing. An attacker
could exploit this vulnerability by uploading a batch file and having the batch file processed by
the system. A successful exploit could allow the attacker to escalate privileges to the
Administrator level. Cisco Bug IDs: CSCvd86578.
2018-06-07not yet calculatedCVE-2018-0336
CONFIRM
cisco — prime_collaboration_provisioning
 
A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated,
remote attacker to access the Java Remote Method Invocation (RMI) system. The vulnerability is due
to an open port in the Network Interface and Configuration Engine (NICE) service. An attacker could
exploit this vulnerability by accessing the open RMI system on an affected PCP instance. An exploit
could allow the attacker to perform malicious actions that affect PCP and the devices that are
connected to it. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases
11.6 and prior. Cisco Bug IDs: CSCvd61746.
2018-06-07not yet calculatedCVE-2018-0321
BID
CONFIRM
cisco — prime_collaboration_provisioning
 
A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP)
could allow an authenticated, remote attacker to modify sensitive data that is associated with
arbitrary accounts on an affected device. The vulnerability is due to a failure to enforce access
restrictions on the Help Desk and User Provisioning roles that are assigned to authenticated users.
This failure could allow an authenticated attacker to modify critical attributes of
higher-privileged accounts on the device. A successful exploit could allow the attacker to gain
elevated privileges on the device. This vulnerability affects Cisco Prime Collaboration
Provisioning (PCP) Releases 12.1 and prior. Cisco Bug IDs: CSCvd61779.
2018-06-07not yet calculatedCVE-2018-0322
CONFIRM
cisco — prime_collaboration_provisioning
 
A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP)
could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device.
The vulnerability is due to insufficient validation of a password reset request. An attacker could
exploit this vulnerability by submitting a password reset request and changing the password for any
user on an affected system. An exploit could allow the attacker to gain administrative-level
privileges on the affected system. This vulnerability affects Cisco Prime Collaboration
Provisioning (PCP) Releases 11.6 and prior. Cisco Bug IDs: CSCvd07245.
2018-06-07not yet calculatedCVE-2018-0318
CONFIRM
cisco — prime_collaboration_provisioning
 
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an
authenticated, remote attacker to escalate their privileges. The vulnerability is due to
insufficient web portal access control checks. An attacker could exploit this vulnerability by
modifying an access request. An exploit could allow the attacker to promote their account to any
role defined on the system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP)
Releases 12.2 and prior. Cisco Bug IDs: CSCvc90286.
2018-06-07not yet calculatedCVE-2018-0317
CONFIRM
cisco — unified_communications_manager
 
A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM)
software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS)
attack against the user of the web interface of the affected system. The vulnerability is due to
insufficient input validation of certain parameters passed to the web server. An attacker could
exploit this vulnerability by convincing the user to access a malicious link or by intercepting the
user request and injecting certain malicious code. A successful exploit could allow the attacker to
execute arbitrary script code in the context of the affected site or allow the attacker to access
sensitive browser-based information. Cisco Bug IDs: CSCvj00512.
2018-06-07not yet calculatedCVE-2018-0340
CONFIRM
cisco — unified_communications_manager
 
A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an
unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user
of the web UI of an affected system. The vulnerability is due to insufficient protections for HTML
inline frames (iframes) by the web UI of the affected software. An attacker could exploit this
vulnerability by persuading a user of the affected UI to navigate to an attacker-controlled web
page that contains a malicious HTML iframe. A successful exploit could allow the attacker to
conduct click-jacking or other client-side browser attacks on the affected system. Cisco Bug IDs:
CSCvg19761.
2018-06-07not yet calculatedCVE-2018-0355
CONFIRM
cisco — unified_computing_system
 
A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System
(UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an
affected system. The vulnerability exists because the affected software lacks proper input and
validation checks for certain file systems. An attacker could exploit this vulnerability by issuing
crafted commands in the CLI of an affected system. A successful exploit could allow the attacker to
cause other users to execute unwanted arbitrary commands on the affected system. Cisco Bug IDs:
CSCvf52994.
2018-06-07not yet calculatedCVE-2018-0338
CONFIRM
cisco — unified_ip_phone_software
 
A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified
IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service
(DoS) condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An
attacker could exploit this vulnerability by sending high volumes of SIP INVITE traffic to the
targeted device. Successful exploitation could allow the attacker to cause a disruption of services
on the targeted IP phone. Cisco Bug IDs: CSCve10064, CSCve14617, CSCve14638, CSCve14683,
CSCve20812, CSCve20926, CSCve20945.
2018-06-07not yet calculatedCVE-2018-0332
CONFIRM
cisco — unity_connection
 
A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated,
remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web
interface of an affected system. The vulnerability is due to insufficient input validation of
certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods.
An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary
script or HTML code in the user’s browser in the context of an affected site. Cisco Bug IDs:
CSCvf76417.
2018-06-07not yet calculatedCVE-2018-0354
CONFIRM
cisco — web_security_appliance
 
A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow
an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor (L4TM) functionality and
bypass security protections. The vulnerability is due to a change in the underlying operating
system software that is responsible for monitoring affected traffic. An attacker could exploit this
vulnerability by sending crafted IP packets to an affected device. A successful exploit could allow
the attacker to pass traffic through the device, which the WSA was configured to deny. This
vulnerability affects both IPv4 and IPv6 traffic. This vulnerability affects Cisco AsyncOS versions
for WSA on both virtual and hardware appliances running any release of the 10.5.1, 10.5.2, or
11.0.0 WSA Software. The WSA is vulnerable if it is configured for L4TM. Cisco Bug IDs: CSCvg78875.
2018-06-07not yet calculatedCVE-2018-0353
BID
CONFIRM
cisco — webex
 
A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker
to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected
system. The vulnerability is due to insufficient input validation of certain parameters that are
passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can
convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in
the user’s browser in the context of an affected site. Cisco Bug IDs: CSCvi63757.
2018-06-07not yet calculatedCVE-2018-0356
BID
CONFIRM
cisco — webex
 
A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker
to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected
system. The vulnerability is due to insufficient input validation of certain parameters that are
passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can
convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in
the user’s browser in the context of an affected site. Cisco Bug IDs: CSCvi71274.
2018-06-07not yet calculatedCVE-2018-0357
BID
CONFIRM
cisco — wide_area_application_services_software
 
A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services
(WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to
root. The attacker must have valid user credentials with super user privileges (level 15) to log in
to the device. The vulnerability is due to insufficient validation of script files executed in the
context of the Disk Check Tool. An attacker could exploit this vulnerability by replacing one
script file with a malicious script file while the affected tool is running. A successful exploit
could allow the attacker to gain root-level privileges and take full control of the device. Cisco
Bug IDs: CSCvi72673.
2018-06-07not yet calculatedCVE-2018-0352
CONFIRM
cisco — wide_area_application_services
 
A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP)
feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated,
remote attacker to read data from an affected device via SNMP. The vulnerability is due to a
hard-coded, read-only community string in the configuration file for the SNMP daemon. An attacker
could exploit this vulnerability by using the static community string in SNMP version 2c queries to
an affected device. A successful exploit could allow the attacker to read any data that is
accessible via SNMP on the affected device. Note: The static credentials are defined in an internal
configuration file and are not visible in the current operation configuration (‘running-config’) or
the startup configuration (‘startup-config’). Cisco Bug IDs: CSCvi40137.
2018-06-07not yet calculatedCVE-2018-0329
CONFIRM
citypredict.whauwiller — citypredict.whauwiller
 
citypredict.whauwiller is vulnerable to a directory traversal issue, giving an attacker access to
the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16104
MISC
MISC
clang-extra — clang-extra
 
The clang-extra module installs LLVM’s clang-extra tools. clang-extra downloads binary resources
over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code
execution (RCE) by swapping out the requested resources with an attacker controlled copy if the
attacker is on the network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10655
MISC
cloud_foundry — diego
 
Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar
and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack
that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego
Cell.
2018-06-06not yet calculatedCVE-2018-1265
CONFIRM
cloud_foundry — loggregator
 
Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1
or 101.x prior to 101.9 or 102.x prior to 102.2, does not validate app GUID structure in requests.
A remote authenticated malicious user knowing the GUID of an app may construct malicious requests
to read from or write to the logs of that app.
2018-06-06not yet calculatedCVE-2018-1268
CONFIRM
cloud_foundry — loggregator
 
Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1
or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing
certain http requests. A remote authenticated user may construct malicious requests to cause the
traffic controller to leave dangling TCP connections, which could cause denial of service.
2018-06-06not yet calculatedCVE-2018-1269
CONFIRM
cloudpub-redis — cloudpub-redis
 
cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis downloads binary resources
over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code
execution (RCE) by swapping out the requested resources with an attacker controlled copy if the
attacker is on the network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10672
MISC
co-cli-installer — co-cli-installer
 
co-cli-installer downloads the co-cli module as part of the install process, but does so over HTTP,
which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE)
by swapping out the requested resources with an attacker controlled copy if the attacker is on the
network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10657
MISC
cofee-script — cofee-script
 
The cofee-script module exfiltrates sensitive data such as a user’s private SSH key and bash
history to a third party server during installation.
2018-06-06not yet calculatedCVE-2017-16206
MISC
cofeescript — cofeescript
 
The cofeescript module exfiltrates sensitive data such as a user’s private SSH key and bash history
to a third party server during installation.
2018-06-06not yet calculatedCVE-2017-16202
MISC
coffe-script — coffe-script
 
The coffe-script module exfiltrates sensitive data such as a user’s private SSH key and bash
history to a third party server during installation.
2018-06-06not yet calculatedCVE-2017-16205
MISC
coffe-script — coffe-script
 
The coffe-script module exfiltrates sensitive data such as a user’s private SSH key and bash
history to a third party server during installation.
2018-06-06not yet calculatedCVE-2017-16203
MISC

commentapp.stetsonwood — commentapp.stetsonwood

 

commentapp.stetsonwood is an http server. commentapp.stetsonwood is vulnerable to a directory
traversal issue, giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16143
MISC
MISC
creatiwity — witycms
 
A Local File Inclusion vulnerability in /system/WCore/WHelper.php in Creatiwity wityCMS 0.6.2
allows remote attackers to include local PHP files (execute PHP code) or read non-PHP files by
replacing a helper.json file.
2018-06-08not yet calculatedCVE-2018-12065
MISC
MISC
crestron — mulitple_devices
 
Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before
2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron
Toolbox Protocol (CTP).
2018-06-07not yet calculatedCVE-2018-11229
CONFIRM
crestron — mulitple_devices
 
Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before
2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron
Toolbox Protocol (CTP).
2018-06-07not yet calculatedCVE-2018-11228
CONFIRM
cross-env.js — cross-env.js
 
cross-env.js was a malicious module published with the intent to hijack environment variables. It
has been unpublished by npm.
2018-06-06not yet calculatedCVE-2017-16081
MISC
crossenv — crossenv
 
crossenv was a malicious module published with the intent to hijack environment variables. It has
been unpublished by npm.
2018-06-06not yet calculatedCVE-2017-16074
MISC
cuciuci — cuciuci
 
cuciuci is a simple fileserver. cuciuci is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16122
MISC
MISC
cyber-js — cyber-js
 
cyber-js is a simple http server. A cyberjs server is vulnerable to a directory traversal issue,
giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16093
MISC
MISC
cypserver — cypserver
 
cypserver is a static file server. cypserver is vulnerable to a directory traversal issue, giving
an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16191
MISC
MISC

danlevan — bracket-template

bracket-template suffers from reflected XSS possible when variable passed via GET parameter is used
in template
2018-06-06not yet calculatedCVE-2018-3735
MISC
dasafio — dasafio
 
dasafio is a web server. dasafio is vulnerable to a directory traversal issue, giving an attacker
access to the filesystem by placing “../” in the url. File access is restricted to only .html
files.
2018-06-06not yet calculatedCVE-2017-16179
MISC
MISC
datachannel-client — datachannel-clientdatachannel-client is a signaling implementation for DataChannel.js. datachannel-client is
vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing
“../” in the url.
2018-06-06not yet calculatedCVE-2017-16121
MISC
MISC
dcdcdcdcdc — dcdcdcdcdc
 
dcdcdcdcdc is a static file server. dcdcdcdcdc is vulnerable to a directory traversal issue, giving
an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16190
MISC
MISC
dckt — localhost-now
 
localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of
file, which allows a malicious user to read content of any file with known path.
2018-06-06not yet calculatedCVE-2018-3729
MISC
dcserver — dcserver
 
dcserver is a static file server. dcserver is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16158
MISC
MISC
dedecms — dedecms
 
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a
dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by
uploading a .php file.
2018-06-07not yet calculatedCVE-2018-12045
MISC
dedecms — dedecms
 
DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a
dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by
writing to a new .php file.
2018-06-07not yet calculatedCVE-2018-12046
MISC
desafio — desafio
 
desafio a simple web server. desafio is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the url, but is limited to accessing only
.html files.
2018-06-06not yet calculatedCVE-2017-16164
MISC
MISC

dgard8 — lab6

dgard8.lab6 is a static file server. dgard8.lab6 is vulnerable to a directory traversal issue,
giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16218
MISC
MISC
discordi.js — discordi.js
 
discordi.js is a malicious module based on the discord.js library that exfiltrates login tokens to
pastebin.
2018-06-06not yet calculatedCVE-2017-16207
MISC
displaylink — core_software_cleaner_application
 
An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956. When the drivers
are updated to a newer version, the product launches a process as SYSTEM to uninstall the old
version: cl_1956.exe is run as SYSTEM on the %systemroot%Temp folder, where any user can write a
DLL (e.g., version.dll) to perform DLL Hijacking and elevate privileges to SYSTEM.
2018-06-05not yet calculatedCVE-2018-7884
FULLDISC
dmmcquay.lab6 — dmmcquay.lab6
 
dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a directory traversal issue, giving
an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16208
MISC
MISC

dodo — node-slug

slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular
expression denial of service is specially crafted untrusted input is passed as input. About 50k
characters can block the event loop for 2 seconds.
2018-06-06not yet calculatedCVE-2017-16117
MISC
MISC

drewfus — lab6

 

lab6drewfusbyu is an http server. lab6drewfusbyu is vulnerable to a directory traversal issue,
giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16141
MISC
MISC

duyetdev — static-html-server

static-html-server is a static file server. static-html-server is vulnerable to a directory
traversal issue, giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16152
MISC
MISC
dylmomo — dylmomo
 
dylmomo is a simple file server. dylmomo is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16163
MISC
MISC
earlybird — earlybird
 
earlybird is a web server module for early development. earlybird is vulnerable to a directory
traversal issue, giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16154
MISC
MISC
easyquick — easyquick
 
easyquick is a simple web server. easyquick is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the url. Access is constrained, however, to
supported file types. Requesting a file such as /etc/passwd returns a “not supported” error.
2018-06-06not yet calculatedCVE-2017-16109
MISC
MISC
eclipse — mosquitto
 
In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto
Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of
service in the Mosquitto Broker.
2018-06-05not yet calculatedCVE-2017-7654
CONFIRM
eclipse — mosquitto
 
The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8.
A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect
themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a
denial of service for the clients.
2018-06-05not yet calculatedCVE-2017-7653
CONFIRM
eeems — pooledwebsocket
 
pooledwebsocket is vulnerable to a directory traversal issue, giving an attacker access to the
filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16107
MISC
MISC
elding — elding
 
elding is a simple web server. elding is vulnerable to a directory traversal issue, allowing an
attacker to access the filesystem by placing “../” in the url. The files accessible, however, are
limited to files with a file extension. Sending a GET request to /../../../etc/passwd, for example,
will return a 404 on etc/passwd/index.js.
2018-06-06not yet calculatedCVE-2017-16222
MISC
MISC
electron — electron
 
Based on details posted by the ElectronJS team; A remote code execution vulnerability has been
discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that
accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox
option](https://electron.atom.io/docs/api/sandbox-option) is enabled.
2018-06-06not yet calculatedCVE-2017-16151
MISC
MISC
emreovunc — eaton-intelligent-power-manager-local
 
Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file
via server/node_upgrade_srv.js directory traversal with the firmware parameter in a
downloadFirmware action.
2018-06-07not yet calculatedCVE-2018-12031
MISC
ems — master_calendarData input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly
sanitized, allowing malicious attackers to send a crafted URL for XSS.
2018-06-01not yet calculatedCVE-2018-11628
MISC
MISC
EXPLOIT-DB
enserver — enserver
 
enserver is a simple web server. enserver is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16209
MISC
MISC

erming — shout

 

Shout is an IRC client. Because the `/topic` command in messages is unescaped, attackers have the
ability to inject HTML scripts that will run in the victim’s browser. Affects shout >=0.44.0
<=0.49.3.
2018-06-04not yet calculatedCVE-2017-16043
MISC
MISC
ewgaddis.lab6 — ewgaddis.lab6
 
ewgaddis.lab6 is a file server. ewgaddis.lab6 is vulnerable to a directory traversal issue, giving
an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16175
MISC
MISC
expressjs — method-override
 
method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT
or DELETE in places where the client doesn’t support it. method-override is vulnerable to a regular
expression denial of service vulnerability when specially crafted input is passed in to be parsed
via the X-HTTP-Method-Override header.
2018-06-06not yet calculatedCVE-2017-16136
MISC
eyalar — lwip
 
prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation.
prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks.
2018-06-04not yet calculatedCVE-2016-10652
MISC
f5 — big-ip
 
On F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, when processing
DIAMETER transactions with carefully crafted attribute-value pairs, TMM may crash.
2018-06-01not yet calculatedCVE-2018-5522
BID
CONFIRM
fabric-js — fabric-js
 
`fabric-js` was a malicious module published with the intent to hijack environment variables. It
has been unpublished by npm.
2018-06-04not yet calculatedCVE-2017-16053
MISC

fastify — fastify

Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request
with “Content-Type: application/json” and a very large payload.
2018-06-06not yet calculatedCVE-2018-3711
MISC
MISC
felicienfrancois — node-resourcehacker
 
resourcehacker is a Node wrapper of Resource Hacker (windows executable resource editor).
resourcehacker downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It
may be possible to cause remote code execution (RCE) by swapping out the requested binary with an
attacker controlled binary if the attacker is on the network or positioned in between the user and
the remote server.
2018-06-04not yet calculatedCVE-2016-10646
MISC
ffmepg — ffmepg
 
ffmepg was a malicious module published with the intent to hijack environment variables. It has
been unpublished by npm.
2018-06-06not yet calculatedCVE-2017-16068
MISC

fis-dev — fis-sass

 

fis-sass-all is another libsass wrapper for node. fis-sass-all downloads binary resources over
HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution
(RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is
on the network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10686
MISC

fis-stuff — fis-parser-sass-bin

 

fis-parser-sass-bin a plugin for fis to compile sass using node-sass-binaries. fis-parser-sass-bin
downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be
possible to cause remote code execution (RCE) by swapping out the requested resources with an
attacker controlled copy if the attacker is on the network or positioned in between the user and
the remote server.
2018-06-04not yet calculatedCVE-2016-10660
MISC
foxit_software — pdf_reader
 
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit
PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed
object in memory to be reused resulting in arbitrary code execution. An attacker needs to trick the
user to open the malicious file to trigger this vulnerability. If the browser plugin extension is
enabled, visiting a malicious site can also trigger the vulnerability.
2018-06-04not yet calculatedCVE-2018-3853
BID
SECTRACK
MISC
frames-compiler — frames-compiler
 
frames-compiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.
It may be possible to cause remote code execution (RCE) by swapping out the requested binary with
an attacker controlled binary if the attacker is on the network or positioned in between the user
and the remote server.
2018-06-04not yet calculatedCVE-2016-10649
MISC
fsk-server — fsk-server
 
fsk-server is a simple http server. fsk-server is vulnerable to a directory traversal issue, giving
an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16090
MISC
MISC
gamerpolls — gamerpolls.com
 
An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and
config/initializers/02_passport.js. An attacker can edit the Passport.js contents of the session
cookie to contain the ID number of the account they wish to take over, and re-sign it using the
hard coded secret.
2018-06-05not yet calculatedCVE-2018-10966
CONFIRM
MISC
MISC
gaoxiaotingtingting — gaoxiaotingtingting
 
gaoxiaotingtingting is an HTTP server. gaoxiaotingtingting is vulnerable to a directory traversal
issue, giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16108
MISC
MISC
garycourt — uri-js
 
uri-js is a module that tries to fully implement RFC 3986. One of these features is validating
whether or not a supplied URL is valid or not. To do this, uri-js uses a regular expression, This
regular expression is vulnerable to redos. This causes the program to hang and the CPU to idle at
100% usage while uri-js is trying to validate if the supplied URL is valid or not. To check if
you’re vulnerable, look for a call to `require(“uri-js”).parse()` where a user is able to send
their own input. This affects uri-js 2.1.1 and earlier.
2018-06-04not yet calculatedCVE-2017-16021
MISC
MISC
gcpantazis — grunt-images
 
grunt-images is a grunt plugin for processing images. grunt-images downloads binary resources over
HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution
(RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on
the network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10645
MISC
ge — mds_pulsenet_and_mds_pulsenet_enterprise
 
Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS
PulseNET Enterprise version 3.2.1 and prior host platform.
2018-06-04not yet calculatedCVE-2018-10615
CONFIRM
BID
MISC
ge — mds_pulsenet_and_mds_pulsenet_enterprise
 
Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise
version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and
support remote code execution through web services.
2018-06-04not yet calculatedCVE-2018-10611
CONFIRM
BID
MISC
ge — mds_pulsenet_and_mds_pulsenet_enterprise
 
Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host
Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior.
2018-06-04not yet calculatedCVE-2018-10613
CONFIRM
BID
MISC
gentoo — gentoo
 
The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp
directory, which might allow local users to obtain read and write access to arbitrary files by
leveraging access to a certain account for a burp-server.conf change.
2018-06-04not yet calculatedCVE-2017-18285
CONFIRM
gentoo — gentoo
 
The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to
the burp account, which might allow local users to kill arbitrary processes by leveraging access to
this account for PID file modification before a root script sends a SIGKILL.
2018-06-04not yet calculatedCVE-2017-18284
CONFIRM
geohey-team — node-thulac
 
node-thulac is a node binding for thulac. node-thulac downloads binary resources over HTTP, which
leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by
swapping out the requested binary with an attacker controlled binary if the attacker is on the
network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10640
MISC
get — parsejson
 
The parsejson module is vulnerable to regular expression denial of service when untrusted user
input is passed into it to be parsed.
2018-06-06not yet calculatedCVE-2017-16113
MISC
MISC
gfe-sass — gfe-sass
 
gfe-sass is a library for promises (CommonJS/Promises/A,B,D) gfe-sass downloads resources over
HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution
(RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is
on the network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2017-16040
MISC

git-lt — iterhttp

 

iter-http is a server for static files. iter-http is vulnerable to a directory traversal issue,
giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16094
MISC
MISC
gitbookio — gitbook
 
GitBook is a command line tool (and Node.js library) for building beautiful books using GitHub/Git
and Markdown (or AsciiDoc). Stored Cross-Site-Scripting (XSS) is possible in GitBook before 3.2.2
by including code outside of backticks in any ebook. This code will be executed on the online
reader.
2018-06-04not yet calculatedCVE-2017-16019
MISC
MISC
gnome_project — gnome_web
 
libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a
denial of service (application crash) via certain window.open and document.write calls.
2018-06-07not yet calculatedCVE-2018-12016
MISC
gnupg — gnupg
 
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and
verification actions, which allows remote attackers to spoof the output that GnuPG sends on file
descriptor 2 to other programs that use the “–status-fd 2” option. For example, the OpenPGP data
might represent an original filename that contains line feed characters in conjunction with GOODSIG
or VALIDSIG status codes.
2018-06-08not yet calculatedCVE-2018-12020
MISC
MISC
MISC
DEBIAN
DEBIAN
DEBIAN
gomeplusfed — meixin-h5-proxy
 
`gomeplus-h5-proxy` is vulnerable to a directory traversal issue, allowing attackers to access any
file in the system by placing ‘../’ in the URL.
2018-06-04not yet calculatedCVE-2017-16037
MISC
MISC
greencms — greencms
 
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers
to execute arbitrary PHP code via the content parameter to index.php?m=admin&c=media&a=fileconnect.
2018-06-01not yet calculatedCVE-2018-11670
MISC
EXPLOIT-DB
greencms — greencms
 
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin
account via index.php?m=admin&c=access&a=adduserhandle.
2018-06-01not yet calculatedCVE-2018-11671
MISC
EXPLOIT-DB
grunt — grunt-ccompiler
 
grunt-ccompiler is a Closure Compiler Grunt Plugin. grunt-ccompiler downloads binary resources over
HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution
(RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on
the network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10636
MISC
gruntcli — gruntcli
 
gruntcli was a malicious module published with the intent to hijack environment variables. It has
been unpublished by npm.
2018-06-06not yet calculatedCVE-2017-16058
MISC
guardian — html-janitor
 
html-janitor node module suffers from a Cross-Site Scripting (XSS) vulnerability via clean()
accepting user-controlled values.
2018-06-04not yet calculatedCVE-2017-0931
MISC
MISC

guardian — html-janitor

 

html-janitor node module suffers from an External Control of Critical State Data vulnerability via
user-control of the ‘_sanitized’ variable causing sanitization to be bypassed.
2018-06-04not yet calculatedCVE-2017-0928
MISC
MISC
gvarsanyi — sync-exec
 
The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential information from the buffer/tmp file, while it exists.2018-06-04not yet calculatedCVE-2017-16024
MISC
MISC
MISC
MISC

hacksparrow — safe-eval

 

The safe-eval module describes itself as a safer version of eval. By accessing the object
constructors, un-sanitized user input can access the entire standard library and effectively break
out of the sandbox.
2018-06-06not yet calculatedCVE-2017-16088
MISC
MISC
MISC

hapijs — content

 

The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework
to provide this functionality. The module is vulnerable to regular expression denial of service
when passed a specifically crafted Content-Type or Content-Disposition header.
2018-06-06not yet calculatedCVE-2017-16111
MISC
hapijs — hapi
 
hapi is a web and services application framework. When hapi >= 15.0.0 <= 16.1.0 encounters a malformed `accept-encoding` header an uncaught exception is thrown. This may cause hapi to crash or to hang the client connection until the timeout period is reached.2018-06-04not yet calculatedCVE-2017-16013
MISC
MISC
hapijs — nes
 
Nes is a websocket extension library for hapi. Hapi is a webserver framework. Versions below and
including 6.4.0 have a denial of service vulnerability via an invalid Cookie header. This is only
present when websocket authentication is set to `cookie`. Submitting an invalid cookie on the
websocket upgrade request will cause the node process to error out.
2018-06-04not yet calculatedCVE-2017-16025
MISC
MISC
MISC

hardog — ritp

ritp is a static web server. ritp is vulnerable to a directory traversal issue whereby an attacker
can gain access to the file system by placing ../ in the URL. Access is restricted to files with a
file extension, so files such as /etc/passwd are not accessible.
2018-06-06not yet calculatedCVE-2017-16198
MISC
MISC
haxe-dev — haxe-dev
 
haxe-dev is a cross-platform toolkit. haxe-dev downloads binary resources over HTTP, which leaves
it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping
out the requested binary with an attacker controlled binary if the attacker is on the network or
positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10637
MISC
hcbserver — hcbserver
 
hcbserver is a static file server. hcbserver is vulnerable to a directory traversal issue, giving
an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16171
MISC
MISC
healthcenter — healthcenter
 
healthcenter – IBM Monitoring and Diagnostic Tools health Center agent healthcenter downloads
binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause
remote code execution (RCE) by swapping out the requested resources with an attacker controlled
copy if the attacker is on the network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10684
MISC

helloheary — sgin.cn_xiangyun_platform

SGIN.CN xiangyun platform V9.4.10 has XSS via the login_url parameter to /login.php.2018-06-05not yet calculatedCVE-2018-11553
MISC
henrytseng — hostr
 
hostr is a simple web server that serves up the contents of the current directory. There is a
directory traversal vulnerability in hostr 2.3.5 and earlier that allows an attacker to read files
outside the current directory by sending `../` in the url path for GET requests.
2018-06-04not yet calculatedCVE-2017-16029
MISC
MISC
herber — hekto
 
hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file,
which allows a malicious user to read content of any file with known path.
2018-06-06not yet calculatedCVE-2018-3725
MISC
hftp — hftp
 
`hftp` is a static http or ftp server `hftp` is vulnerable to a directory traversal issue, giving
an attacker access to the filesystem by placing “../” in the url.
2018-06-04not yet calculatedCVE-2017-16039
MISC
MISC
hopper — disassembler
 
An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of
Hopper Disassembler 3.11.20. A specially crafted ELF file can cause attacker controlled pointer
arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF
file with specific section headers to trigger this vulnerability.
2018-06-04not yet calculatedCVE-2016-8390
BID
MISC
http-proxy.js — http-proxy.js
 
http-proxy.js was a malicious module published with the intent to hijack environment variables. It
has been unpublished by npm.
2018-06-06not yet calculatedCVE-2017-16075
MISC

https-proxy-agent — https-proxy-agent

https-proxy-agent passes unsanitized options to Buffer(arg) resulting in DoS and uninitialized
memory leak.
2018-06-06not yet calculatedCVE-2018-3736
MISC
https-proxy-agent — https-proxy-agent
 
https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper
sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could
submit typed input to the ‘auth’ parameter (e.g. JSON).
2018-06-06not yet calculatedCVE-2018-3739
MISC
huawei — multiple_servers
 
There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low
privilege may bypass the authentication by some special operations. Due to insufficient
authentication, an attacker may exploit the vulnerability to get some sensitive information and
high-level users’ privilege.
2018-06-05not yet calculatedCVE-2018-7943
CONFIRM
hubl-server — hubl-server
 
The hubl-server module is a wrapper for the HubL Development Server. During installation
hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these
files are downloaded over HTTPS however the api.hubapi.com endpoint redirects to a HTTP url.
Because of this behavior an attacker with the ability to man-in-the-middle a developer or system
performing a package installation could compromise the integrity of the installation.
2018-06-04not yet calculatedCVE-2017-16035
MISC
hujiang-fe — arcanist
 
arcanist downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be
possible to cause remote code execution (RCE) by swapping out the requested resources with an
attacker controlled copy if the attacker is on the network or positioned in between the user and
the remote server.
2018-06-04not yet calculatedCVE-2016-10683
MISC
hypesystem — jikes
 
jikes is a file server. jikes is vulnerable to a directory traversal issue, giving an attacker
access to the filesystem by placing “../” in the url. Accessible files are restricted to files with
.htm and .js extensions.
2018-06-06not yet calculatedCVE-2017-16139
MISC
MISC
i18next — i18next
 
i18next is a language translation framework. Because of how the interpolation is implemented,
making replacements from the dictionary one at a time, untrusted user input can use the name of one
of the dictionary keys to inject script into the browser. This affects i18next <=1.10.2.
2018-06-04not yet calculatedCVE-2017-16008
MISC
MISC
ibm — bigfix_platform
 
IBM BigFix Platform 9.2 and 9.5 transmits sensitive or security-critical data in clear text in a
communication channel that can be sniffed by unauthorized actors. IBM X-Force ID: 143745.
2018-06-04not yet calculatedCVE-2018-1600
CONFIRM
XF
ibm — connections
 
IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to conduct phishing attacks, using
an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote
attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a
malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly
sensitive information or conduct further attacks against the victim. IBM X-Force ID: 135521.
2018-06-04not yet calculatedCVE-2017-1748
CONFIRM
XF
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain
sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An
attacker could exploit this vulnerability to obtain sensitive information using man in the middle
techniques. IBM X-Force ID: 140089.
2018-06-05not yet calculatedCVE-2018-1454
CONFIRM
SECTRACK
XF
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their
privileges to administrator due to improper access controls. IBM X-Force ID: 126526.
2018-06-05not yet calculatedCVE-2017-1350
CONFIRM
SECTRACK
XF
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting
which is a vulnerability that allows an attacker to load Information Server components inside an
HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking
attack to conduct phishing, frame sniffing, social engineering or Cross-Site Request Forgery
attacks. IBM X-Force ID: 139360.
2018-06-05not yet calculatedCVE-2018-1432
CONFIRM
SECTRACK
XF
ibm — rhapsody_dm
 
IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to a XML External Entity
Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability
to expose sensitive information or consume memory resources. IBM X-Force ID: 140091.
2018-06-06not yet calculatedCVE-2018-1456
CONFIRM
XF
ibm — robotic_process_automation_with_automation_anywhere
 
IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to
execute arbitrary code on the system, caused by improper output encoding in an CSV export. By
persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the
two security questions, an attacker could exploit this vulnerability to run any command or program
on the victim’s machine. IBM X-Force ID: 142651.
2018-06-07not yet calculatedCVE-2018-1547
CONFIRM
XF
ibm — robotic_process_automation_with_automation_anywhere
 
IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request
forgery which could allow an attacker to execute malicious and unauthorized actions transmitted
from a user that the website trusts. IBM X-Force ID: 141622.
2018-06-07not yet calculatedCVE-2018-1514
CONFIRM
XF
ibm — security_access_manager_applianceIBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores
potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID:
128617.
2018-06-06not yet calculatedCVE-2017-1480
CONFIRM
XF
ibm — security_access_manager_appliance
 
IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could
allow a remote attacker to obtain sensitive information, caused by the failure to properly enable
HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive
information using man in the middle techniques. IBM X-Force ID: 128610.
2018-06-06not yet calculatedCVE-2017-1476
CONFIRM
XF
ibm — security_access_manager_appliance
 
IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1
discloses sensitive information to unauthorized users. The information can be used to mount further
attacks on the system. IBM X-Force ID: 128606.
2018-06-06not yet calculatedCVE-2017-1474
CONFIRM
XF
ibm — security_identity_manager_virtual_appliance
 
IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other
updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID:
127392.
2018-06-08not yet calculatedCVE-2017-1405
CONFIRM
XF
ibm — security_identity_manager_virtual_appliance
 
IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or
transfer files of dangerous types that can be automatically processed within the environment. IBM
X-Force ID: 140055.
2018-06-08not yet calculatedCVE-2018-1453
CONFIRM
XF
ibm-swift — kitura
 
Kitura 2.3.0 and earlier have an unintended read access to unauthorised files and folders that can
be exploited by a crafted URL resulting in information disclosure.
2018-06-05not yet calculatedCVE-2018-1000181
CONFIRM
ikst — ikst
 
ikst versions before 1.1.2 download resources over HTTP, which leaves it vulnerable to MITM
attacks.
2018-06-04not yet calculatedCVE-2017-16041
MISC
indexzero– timespan
 
The timespan module is vulnerable to regular expression denial of service. Given 50k characters of
untrusted user input it will block the event loop for around 10 seconds.
2018-06-06not yet calculatedCVE-2017-16115
MISC
MISC
intel — integrated_performance_primitives_cryptography_library
 
Some implementations in Intel Integrated Performance Primitives Cryptography Library before version
2018 U2.1 do not properly ensure constant execution time.
2018-06-05not yet calculatedCVE-2018-3691
CONFIRM
intsol-package — intsol-package
 
intsol-package is a file server. intsol-package is vulnerable to a directory traversal issue,
giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16178
MISC
MISC

ipfs — aegir

 

aegir is a module to help automate JavaScript project management. Version 12.0.0 through and
including 12.0.7 bundled and published to npm the user (that performed a aegir-release) GitHub
token.
2018-06-06not yet calculatedCVE-2017-16225
MISC
ipip-coffee — ipip-coffee
 
ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources
over HTTP, which leaves it vulnerable to MITM attacks. This could impact the integrity and
availability of the data being used to make geolocation decisions by an application.
2018-06-04not yet calculatedCVE-2016-10673
MISC

isaacs — st

 

st is a module for serving static files. An attacker is able to craft a request that results in an
HTTP 301 (redirect) to an entirely different domain. A request for:
http://some.server.com//nodesecurity.org/%2e%2e would result in a 301 to //nodesecurity.org/%2e%2e
which most browsers treat as a proper redirect as // is translated into the current schema being
used. Mitigating factor: In order for this to work, st must be serving from the root of a server
(/) rather than the typical sub directory (/static/) and the redirect URL will end with some form
of URL encoded .. (“%2e%2e”, “%2e.”, “.%2e”).
2018-06-06not yet calculatedCVE-2017-16224
MISC
iter-server — iter-server
 
iter-server is a static file server. iter-server is vulnerable to a directory traversal issue,
giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16183
MISC
MISC
jansenstuffpleasework — jansenstuffpleasework
 
jansenstuffpleasework is a file server. jansenstuffpleasework is vulnerable to a directory
traversal issue, giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16176
MISC
MISC
jaredmh — lab6-node.js
 
http_static_simple is an http server. http_static_simple is vulnerable to a directory traversal
issue, giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16134
MISC
MISC

jarofghosts — glance

glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of
validation of path passed to it, which allows a malicious user to read content of any file with
known path.
2018-06-06not yet calculatedCVE-2018-3715
MISC
MISC
jenkins — jenkins
 
A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and
older in various Jelly files that allows attackers able to control build badge content to define
JavaScript that would be executed in another user’s browser when that other user performs some UI
actions.
2018-06-05not yet calculatedCVE-2018-1000202
CONFIRM
jenkins — jenkins
 
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older
in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an
attacker-specified URL using attacker-specified credentials IDs obtained through another method,
capturing credentials stored in Jenkins.
2018-06-05not yet calculatedCVE-2018-1000183
CONFIRM
jenkins — jenkins
 
A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and
older in gitlab_notifier.rb, views/gitlab_notifier/global.erb that allows attackers with local
Jenkins master file system access or control of a Jenkins administrator’s web browser (e.g.
malicious extension) to retrieve the configured Gitlab token.
2018-06-05not yet calculatedCVE-2018-1000196
CONFIRM
jenkins — jenkins
 
A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in
FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary
files on the Jenkins master, bypassing the agent-to-master security subsystem protection.
2018-06-05not yet calculatedCVE-2018-1000194
CONFIRM
jenkins — jenkins
 
An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in
PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the
Black Duck Hub plugin configuration.
2018-06-05not yet calculatedCVE-2018-1000197
CONFIRM
jenkins — jenkins
 
A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in
AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate
all installed plugins.
2018-06-05not yet calculatedCVE-2018-1000192
CONFIRM
jenkins — jenkins
 
A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in
CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET
request to a specified URL.
2018-06-05not yet calculatedCVE-2018-1000188
CONFIRM
jenkins — jenkins
 
A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and
older in ContainerExecDecorator.java that results in sensitive variables such as passwords being
written to logs.
2018-06-05not yet calculatedCVE-2018-1000187
CONFIRM
jenkins — jenkins
 
A command execution vulnerability exists in Jenkins Absint Astree Plugin 1.0.5 and older in
AstreeBuilder.java that allows attackers with Overall/Read access to execute a command on the
Jenkins master.
2018-06-05not yet calculatedCVE-2018-1000189
CONFIRM
jenkins — jenkins
 
A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and
older in PostBuildScanDescriptor.java that allows attackers with Overall/Read access to connect to
an attacker-specified URL using attacker-specified credentials IDs obtained through another method,
capturing credentials stored in Jenkins.
2018-06-05not yet calculatedCVE-2018-1000190
CONFIRM
jenkins — jenkins
 
A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in
GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a
GET request to a specified URL.
2018-06-05not yet calculatedCVE-2018-1000184
CONFIRM
jenkins — jenkins
 
A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and
older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins
submit a HTTP GET request to an arbitrary URL and learn whether the response is successful (200) or
not.
2018-06-05not yet calculatedCVE-2018-1000195
CONFIRM
jenkins — jenkins
 
A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and
older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a
GET request to a specified URL.
2018-06-05not yet calculatedCVE-2018-1000185
CONFIRM
jenkins — jenkins
 
A exposure of sensitive information vulnerability exists in Jenkins Black Duck Detect Plugin 1.4.0
and older in DetectPostBuildStepDescriptor.java that allows attackers with Overall/Read access to
connect to an attacker-specified URL using attacker-specified credentials IDs obtained through
another method, capturing credentials stored in Jenkins.
2018-06-05not yet calculatedCVE-2018-1000191
CONFIRM
jenkins — jenkins
 
A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS
2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names
containing control characters that can then appear to have the same name as other users, and cannot
be deleted via the UI.
2018-06-05not yet calculatedCVE-2018-1000193
CONFIRM
jenkins — jenkins
 
A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in
AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java,
ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET
request to a specified URL.
2018-06-05not yet calculatedCVE-2018-1000182
CONFIRM
jenkins — jenkins
 
A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder
Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to
connect to an attacker-specified URL using attacker-specified credentials IDs obtained through
another method, capturing credentials stored in Jenkins.
2018-06-05not yet calculatedCVE-2018-1000186
CONFIRM
jenkins — jenkins
 
A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and
older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make
Jenkins process XML eternal entities in an XML document.
2018-06-05not yet calculatedCVE-2018-1000198
CONFIRM
jeremylong — dependencycheck
 
OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted
archive that holds directory traversal filenames.
2018-06-07not yet calculatedCVE-2018-12036
MISC
MISC
jn_jj_server — jn_jj_server
 
jn_jj_server is a static file server. jn_jj_server is vulnerable to a directory traversal issue,
giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16210
MISC
MISC

jonschlinkert — assign-deep

 

assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID)
vulnerability, which allows a malicious user to modify the prototype of “Object” via __proto__,
causing the addition or modification of an existing property that will exist on all objects.
2018-06-06not yet calculatedCVE-2018-3720
MISC
MISC

jonschlinkert — defaults-deep

defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID)
vulnerability, which allows a malicious user to modify the prototype of “Object” via __proto__,
causing the addition or modification of an existing property that will exist on all objects.
2018-06-06not yet calculatedCVE-2018-3723
MISC
MISC

jonschlinkert — merge-deep

 

merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID)
vulnerability, which allows a malicious user to modify the prototype of “Object” via __proto__,
causing the addition or modification of an existing property that will exist on all objects.
2018-06-06not yet calculatedCVE-2018-3722
MISC
MISC
jonschlinkert — randomatic
 
react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The
oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()).
2018-06-04not yet calculatedCVE-2017-16028
MISC
MISC
jonschlinkert — remarkable
 
Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkable allows the use of `data:`
URIs in links and can therefore execute javascript.
2018-06-04not yet calculatedCVE-2017-16006
MISC
MISC
joyent — node-http-signature
 
Http-signature is a “Reference implementation of Joyent’s HTTP Signature Scheme”. In versions
<=0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header names and change the meaning of the request without changing the signature.
2018-06-04not yet calculatedCVE-2017-16005
MISC
MISC

joyent — node-sshpk

sshpk is vulnerable to ReDoS when parsing crafted invalid public keys.2018-06-06not yet calculatedCVE-2018-3737
MISC

joyplus — joyplus-cms

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue
in manager/index.php involving use of a “/!select/” substring in place of a select substring.
2018-06-07not yet calculatedCVE-2018-12039
MISC

jprichardson — string.js

 

The string module is a module that provides extra string operations. The string module is
vulnerable to regular expression denial of service when specifically crafted untrusted user input
is passed into the underscore or unescapeHTML methods.
2018-06-06not yet calculatedCVE-2017-16116
MISC
MISC
jquery — jquery
 
Jquery is a javascript library for DOM traversal and manipulation, event handling, animation, and
Ajax. When text/javascript responses are received from cross-origin ajax requests not containing
the option `dataType`, the result is executed in `jQuery.globalEval` potentially allowing an
attacker to execute arbitrary code on the origin. This affects Jquery >=1.4.0 <=1.11.3 ||>=1.12.4
<=2.2.4.
2018-06-04not yet calculatedCVE-2017-16012
MISC
MISC
MISC
jquery — jquery
 
jQuery is a javascript library for DOM manipulation. jQuery’s main method in affected versions
(>=1.7.1 <=1.8.3) contains an unreliable way of detecting whether the input to the `jQuery(strInput)` function is intended to be a selector or HTML.
2018-06-04not yet calculatedCVE-2017-16011
MISC
MISC
MISC
MISC
MISC
jquery.js — jquery.js
 
`jquery.js` was a malicious module published with the intent to hijack environment variables. It
has been unpublished by npm.
2018-06-04not yet calculatedCVE-2017-16045
MISC
jquey — jquey
 
The jquey module exfiltrates sensitive data such as a user’s private SSH key and bash history to a
third party server during installation.
2018-06-06not yet calculatedCVE-2017-16204
MISC
js-given — js-given
 
js-given is a JavaScript frontend to jgiven. js-given downloads binary resources over HTTP, which
leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by
swapping out the requested binary with an attacker controlled binary if the attacker is on the
network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10638
MISC

jshttp — forwarded

 

The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It
is vulnerable to a regular expression denial of service when it’s passed specially crafted input to
parse. This causes the event loop to be blocked causing a denial of service condition.
2018-06-06not yet calculatedCVE-2017-16118
MISC

jshttp — fresh

 

Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is
vulnerable to a regular expression denial of service when it is passed specially crafted input to
parse. This causes the event loop to be blocked causing a denial of service condition.
2018-06-06not yet calculatedCVE-2017-16119
MISC
jstestdriver — jstestdriver
 
jstestdriver is a wrapper for Google’s jstestdriver. jstestdriver downloads binary resources over
HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution
(RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on
the network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10643
MISC

julien — sencisho

Sencisho is a simple http server for local development. Sencisho is vulnerable to a directory
traversal issue, giving an attacker access to the filesystem by placing “../” in the URL.
2018-06-06not yet calculatedCVE-2017-16092
MISC
MISC
kevinjreece — reecerver
 
reecerver is a web server. reecerver is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16188
MISC
MISC
korynunn — list-n-stream
 
list-n-stream is a server for static files to list and stream local videos. list-n-stream v0.0.10
or lower is vulnerable to a directory traversal issue, giving an attacker access to the filesystem
by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16084
MISC
MISC
lennym — redis-srvr
 
redis-srvr is a npm wrapper for redis-server. redis-srvr downloads binary resources over HTTP,
which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE)
by swapping out the requested binary with an attacker controlled binary if the attacker is on the
network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10639
MISC
lessindex — lessindex
 
lessindex is a static file server. lessindex is vulnerable to a directory traversal issue, giving
an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16211
MISC
MISC
libjpeg — libjpeg
 
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.2018-06-05not yet calculatedCVE-2018-11813
MISC
MISC
liblouis — liblouis
 
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in
compileTranslationTable.c.
2018-06-04not yet calculatedCVE-2018-11685
MISC
UBUNTU
liblouis — liblouis
 
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in
compileTranslationTable.c.
2018-06-04not yet calculatedCVE-2018-11684
MISC
UBUNTU
liblouis — liblouis
 
Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in
compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
2018-06-09not yet calculatedCVE-2018-12085
MISC
liblouis — liblouis
 
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in
compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
2018-06-04not yet calculatedCVE-2018-11683
MISC
UBUNTU
libopenmpt — libopenmpt
 
soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via a crafted AMS file because of an
invalid write near address 0 in an out-of-memory situation.
2018-06-04not yet calculatedCVE-2018-11710
CONFIRM
CONFIRM
libsaas — libsaas
 
An issue was discovered in LibSaas through 3.5.4. An out-of-bounds read of a memory region was
found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to
disclose information or manipulated to read from unmapped memory causing a denial of service.
2018-06-04not yet calculatedCVE-2018-11693
MISC
libsaas — libsaas
 
An issue was discovered in LibSaas through 3.5.2. A NULL pointer dereference was found in the
function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of
service (application crash) or possibly have unspecified other impact.
2018-06-04not yet calculatedCVE-2018-11695
MISC
libsaas — libsaas
 
An issue was discovered in LibSaas through 3.5.4. A NULL pointer dereference was found in the
function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial
of service (application crash) or possibly have unspecified other impact.
2018-06-04not yet calculatedCVE-2018-11694
MISC
libsaas — libsaas
 
An issue was discovered in LibSaas through 3.5.4. A NULL pointer dereference was found in the
function Sass::Inspect::operator which could be leveraged by an attacker to cause a denial of
service (application crash) or possibly have unspecified other impact.
2018-06-04not yet calculatedCVE-2018-11696
MISC
linux — linux_kernel
 
The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in
an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed
process’s final thread calling exit_mmap(), which calls munlock_vma_pages_all() for mlocked
vmas.This can happen synchronously with the oom reaper’s unmap_page_range() since the vma’s
VM_LOCKED bit is cleared before munlocking (to determine if any other vmas share the memory and are
mlocked).
2018-06-05not yet calculatedCVE-2018-1000200
MLIST
BID
CONFIRM
CONFIRM
MLIST
MLIST
liuyaserver — liuyaserver
 
liuyaserver is a static file server. liuyaserver is vulnerable to a directory traversal issue,
giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16170
MISC
MISC
lix-pm — haxeshim
 
haxeshim haxe shim to deal with coexisting versions. haxeshim downloads resources over HTTP, which
leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by
swapping out the requested resources with an attacker controlled copy if the attacker is on the
network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10692
MISC
liyujing — liyujing
 
liyujing is a static file server. liyujing is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16120
MISC
MISC
lodash — lodash
 
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID)
vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to
modify the prototype of “Object” via __proto__, causing the addition or modification of an existing
property that will exist on all objects.
2018-06-06not yet calculatedCVE-2018-3721
MISC
MISC
looppake — looppake
 
looppake is a simple http server. looppake is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16169
MISC
MISC
ltt — ltt
 
ltt is a static file server. ltt is vulnerable to a directory traversal issue, giving an attacker
access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16212
MISC
MISC
lutron — multiple_products
 
Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total
super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron
integration protocol Revision M to Revision Y.
2018-06-02not yet calculatedCVE-2018-11681
MISC
MISC
lutron — multiple_products
 
Default and unremovable support credentials allow attackers to gain total super user control of an
IoT device through a TELNET session to products using the Stanza Lutron integration protocol
Revision M to Revision Y.
2018-06-02not yet calculatedCVE-2018-11682
MISC
MISC
lutron — multiple_products
 
Default and unremovable support credentials (user:lutron password:integration) allow attackers to
gain total super user control of an IoT device through a TELNET session to products using the
HomeWorks QS Lutron integration protocol Revision M to Revision Y.
2018-06-02not yet calculatedCVE-2018-11629
MISC
MISC
manageengine — applications_managerManageEngine Applications Manager versions 12 and 13 suffer from a Reflected Cross-Site Scripting
vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter
LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also available without
authentication.
2018-06-05not yet calculatedCVE-2016-9490
FULLDISC
BID
MISC
manageengine — applications_manager
 
ManageEngine Applications Manager versions 12 and 13 suffer from remote SQL injection
vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet,
which is vulnerable to SQL injection. The attacker could extract users’ password hashes, which are
MD5 hashes without salt, and, depending on the database type and its configuration, could also
execute operating system commands using SQL queries.
2018-06-05not yet calculatedCVE-2016-9488
FULLDISC
BID
MISC

manastungare — whispercast

whispercast is a file server. whispercast is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16174
MISC
MISC
mapbox — node-sqlite3
 
The npm-test-sqlite3-trunk module provides asynchronous, non-blocking SQLite3 bindings.
npm-test-sqlite3-trunk downloads binary resources over HTTP, which leaves it vulnerable to MITM
attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested
resources with an attacker controlled copy if the attacker is on the network or positioned in
between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10695
MISC
mariadb — mariadb
 
`mariadb` was a malicious module published with the intent to hijack environment variables. It has
been unpublished by npm.
2018-06-04not yet calculatedCVE-2017-16046
MISC

markedjs — marked

 

The marked module is vulnerable to a regular expression denial of service. Based on the information
published in the public issue, 1k characters can block for around 6 seconds.
2018-06-06not yet calculatedCVE-2017-16114
MISC
MISC
mcafee — common_ui
 
External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows
remote authenticated users to view confidential information via a crafted HTTP request parameter.
2018-06-07not yet calculatedCVE-2018-6670
CONFIRM
mcafee — management_of_native_encryption
 
Privilege Escalation vulnerability in McAfee Management of Native Encryption (MNE) before 4.1.4
allows local users to gain elevated privileges via a crafted user input.
2018-06-05not yet calculatedCVE-2018-6662
BID
CONFIRM
mebyz — haxe3
 
Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton’s damoebius/haxe-npm) haxe3 downloads
resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote
code execution (RCE) by swapping out the requested resources with an attacker controlled copy if
the attacker is on the network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10688
MISC
mediatek — awus036nh_wireless_usb_adapter
 
An issue was discovered on the MediaTek AWUS036NH wireless USB adapter through 5.1.25.0. Attackers
can remotely deny service by sending specially constructed 802.11 frames.
2018-06-07not yet calculatedCVE-2018-12041
MISC
MISC
medium — phantomjs
 
phantomjs-cheniu is a Headless WebKit with JS API phantomjs-cheniu downloads binary resources over
HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution
(RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is
on the network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10661
MISC
mfrs — mfrs
 
mfrs is a static file server. mfrs is vulnerable to a directory traversal issue, giving an attacker
access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16193
MISC
MISC
mfrserver — mfrserver
 
mfrserver is a simple file server. mfrserver is vulnerable to a directory traversal issue, giving
an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16213
MISC
MISC
mixin-deep node — mixin-deep node
 
mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID)
vulnerability, which allows a malicious user to modify the prototype of “Object” via __proto__,
causing the addition or modification of an existing property that will exist on all objects.
2018-06-06not yet calculatedCVE-2018-3719
MISC
MISC
mongose — mongose
 
mongose was a malicious module published with the intent to hijack environment variables. It has
been unpublished by npm.
2018-06-06not yet calculatedCVE-2017-16077
MISC
monkpod — node-wixtoolset
 
wixtoolset is a Node module wrapper around the wixtoolset binaries wixtoolset downloads binary
resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote
code execution (RCE) by swapping out the requested resources with an attacker controlled copy if
the attacker is on the network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10663
MISC
monstra — cms
 
plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login Rate Limiting Bypass via
manipulation of the login_attempts cookie.
2018-06-05not yet calculatedCVE-2018-11678
MISC
morrisjs — morris.js
 
Morris.js creates an svg graph, with labels that appear when hovering over a point. The hovering
label names are not escaped in versions 0.5.0 and earlier. If control over the labels is obtained,
script can be injected. The script will run on the client side whenever that specific graph is
loaded.
2018-06-04not yet calculatedCVE-2017-16022
MISC
MISC
mozilla — marionette-socket-host
 
marionette-socket-host is a marionette-js-runner host for sending actions over a socket.
marionette-socket-host downloads binary resources over HTTP, which leaves it vulnerable to MITM
attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested
binary with an attacker controlled binary if the attacker is on the network or positioned in
between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10648
MISC
mruby — mruby
 
The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS
objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer
and application crash) or possibly have unspecified other impact.
2018-06-05not yet calculatedCVE-2018-11743
MISC
MISC

mrvautin — express-cart

Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain
access in the hosting machine.
2018-06-07not yet calculatedCVE-2018-3758
MISC
mssql-node — mssql-node
 
mssql-node was a malicious module published with the intent to hijack environment variables. It has
been unpublished by npm.
2018-06-06not yet calculatedCVE-2017-16059
MISC
mssql.js — mssql.js
 
mssql.js was a malicious module published with the intent to hijack environment variables. It has
been unpublished by npm.
2018-06-06not yet calculatedCVE-2017-16056
MISC
muaz-khan — filebufferreader
 
fbr-client sends files through sockets via socket.io and webRTC. fbr-client is vulnerable to a
directory traversal issue, giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16217
MISC
MISC
mybb — mybb
 
The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread subject.2018-06-04not yet calculatedCVE-2018-11715
MISC
EXPLOIT-DB
myprolyz — myprolyz
 
myprolyz is a static file server. myprolyz is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16156
MISC
MISC
myserver.alexcthomas18 — myserver.alexcthomas18
 
myserver.alexcthomas18 is a file server. myserver.alexcthomas18 is vulnerable to a directory
traversal issue, giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16144
MISC
MISC
node-air-sdk — node-air-sdk
 
node-air-sdk is an AIR SDK for nodejs. node-air-sdk downloads binary resources over HTTP, which
leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by
swapping out the requested binary with an attacker controlled binary if the attacker is on the
network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10647
MISC
node-fabric — node-fabric
 
`node-fabric` was a malicious module published with the intent to hijack environment variables. It
has been unpublished by npm.
2018-06-04not yet calculatedCVE-2017-16052
MISC
node-opencv — node-opencv
 
node-opencv was a malicious module published with the intent to hijack environment variables. It
has been unpublished by npm.
2018-06-06not yet calculatedCVE-2017-16067
MISC
node-opensl — node-opensl
 
node-opensl was a malicious module published with the intent to hijack environment variables. It
has been unpublished by npm.
2018-06-06not yet calculatedCVE-2017-16063
MISC
node-openssl — node-openssl
 
node-openssl was a malicious module published with the intent to hijack environment variables. It
has been unpublished by npm.
2018-06-06not yet calculatedCVE-2017-16064
MISC
node-sqlite — node-sqlite
 
`node-sqlite` was a malicious module published with the intent to hijack environment variables. It
has been unpublished by npm.
2018-06-04not yet calculatedCVE-2017-16048
MISC
node-srv — node-srv
 
node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url,
which allows a malicious user to read content of any file with known path.
2018-06-06not yet calculatedCVE-2018-3714
MISC
nodeaaaaa — nodeaaaaa
 
nodeaaaaa is a static file server. nodeaaaaa is vulnerable to a directory traversal issue, giving
an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16223
MISC
MISC
nodecaffe — nodecaffe
 
nodecaffe was a malicious module published with the intent to hijack environment variables. It has
been unpublished by npm.
2018-06-06not yet calculatedCVE-2017-16070
MISC
nodefabric — nodefabric
 
`nodefabric` was a malicious module published with the intent to hijack environment variables. It
has been unpublished by npm.
2018-06-04not yet calculatedCVE-2017-16054
MISC
nodeffmpeg — nodeffmpeg
 
nodeffmpeg was a malicious module published with the intent to hijack environment variables. It has
been unpublished by npm.
2018-06-06not yet calculatedCVE-2017-16069
MISC
nodejitsu — node-http-proxy
 
Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0,
an attacker that forces an error can crash the server, causing a denial of service.
2018-06-04not yet calculatedCVE-2017-16014
MISC
MISC
nodemailer-js — nodemailer-js
 
nodemailer-js was a malicious module published with the intent to hijack environment variables. It
has been unpublished by npm.
2018-06-06not yet calculatedCVE-2017-16071
MISC
nodemailer.js — nodemailer.js
 
nodemailer.js was a malicious module published with the intent to hijack environment variables. It
has been unpublished by npm.
2018-06-06not yet calculatedCVE-2017-16072
MISC
nodemssql — nodemssql
 
nodemssql was a malicious module published with the intent to hijack environment variables. It has
been unpublished by npm.
2018-06-06not yet calculatedCVE-2017-16057
MISC
noderequest — noderequest
 
noderequest was a malicious module published with the intent to hijack environment variables. It
has been unpublished by npm.
2018-06-06not yet calculatedCVE-2017-16073
MISC
nodesass — nodesass
 
nodesass was a malicious module published with the intent to hijack environment variables. It has
been unpublished by npm.
2018-06-06not yet calculatedCVE-2017-16080
MISC
nodesqlite — nodesqlite
 
`nodesqlite` was a malicious module published with the intent to hijack environment variables. It
has been unpublished by npm.
2018-06-04not yet calculatedCVE-2017-16049
MISC
notduncansmith — summit
 
Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later
allows an attacker to execute arbitrary commands via the collection name.
2018-06-04not yet calculatedCVE-2017-16020
MISC
MISC
nowk — serc.js
 
serc.js is a Selenium RC process wrapper serc.js downloads binary resources over HTTP, which leaves
it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping
out the requested resources with an attacker controlled copy if the attacker is on the network or
positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10678
MISC

npm — security-holder

 

`d3.js` was a malicious module published with the intent to hijack environment variables. It has
been unpublished by npm.
2018-06-04not yet calculatedCVE-2017-16044
MISC
npm-script-demo — npm-script-demo
 
The module npm-script-demo opened a connection to a command and control server. It has been removed
from the npm registry.
2018-06-06not yet calculatedCVE-2017-16128
MISC
ntp — ntp
 
An exploitable denial of service vulnerability exists in the origin timestamp check functionality
of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the
expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the
origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service
condition.
2018-06-04not yet calculatedCVE-2016-9042
BID
SECTRACK
SECTRACK
FREEBSD
MISC
nzedb — nzedb
 
nZEDb v0.7.3.3 has XSS in the 404 error page.2018-06-05not yet calculatedCVE-2017-18286
MISC
ocularis — recorder
 
An exploitable denial of service vulnerability exists in the Ocularis Recorder functionality of
Ocularis 5.5.0.242. A specially crafted TCP packet can cause a process to terminate resulting in
denial of service. An attacker can send a crafted TCP packet to trigger this vulnerability.
2018-06-06not yet calculatedCVE-2018-3852
BID
MISC
olebedev — node-mystem
 
mystem is a Node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem downloads
binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause
remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary
if the attacker is on the network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10664
MISC

omphalos — crud-file-server

 

crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a
lack of validation of file names.
2018-06-06not yet calculatedCVE-2018-3726
MISC
MISC
open-device — open-device
 
open-device creates a web interface for any device. open-device is vulnerable to a directory
traversal issue, giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16187
MISC
MISC
opencv.js — opencv.js
 
opencv.js was a malicious module published with the intent to hijack environment variables. It has
been unpublished by npm.
2018-06-06not yet calculatedCVE-2017-16066
MISC
openframe-ascii-image — openframe-ascii-imageopenframe-ascii-image module is an openframe plugin which adds support for ascii images via fim.
openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It
may be possible to cause remote code execution (RCE) by swapping out the requested resources with
an attacker controlled copy if the attacker is on the network or positioned in between the user and
the remote server.
2018-06-04not yet calculatedCVE-2016-10690
MISC
openssl.js — openssl.js
 
openssl.js was a malicious module published with the intent to hijack environment variables. It has
been unpublished by npm.
2018-06-06not yet calculatedCVE-2017-16065
MISC
opensuse — open_build_service_apiThe controller of the Open Build Service API prior to version 2.4.4 is missing a write permission
check, allowing an authenticated attacker to add or remove user roles from packages and/or project
meta data.
2018-06-08not yet calculatedCVE-2013-3703
CONFIRM
CONFIRM
opensuse — open_build_service
 
In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in
the web interface, allowing for requests without the user’s consent.
2018-06-08not yet calculatedCVE-2014-0594
CONFIRM
CONFIRM
opensuse — open_build_service
 
The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not
properly sanitize device names, which allows local attackers to execute arbitrary commands as root.
2018-06-08not yet calculatedCVE-2014-5220
CONFIRM
SUSE

opensuse — open_build_service

 

The set_version script as shipped with obs-service-set_version is a source validator for the Open
Build Service (OBS). In versions prior to 0.5.3-1.1 this script did not properly sanitize the input
provided by the user, allowing for code execution on the executing server.
2018-06-08not yet calculatedCVE-2014-0593
CONFIRM
CONFIRM
MLIST
CONFIRM
opensuse — open_build_service
 
A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3
allowed all authenticated users to modify sources in projects where they do not have write
permissions.
2018-06-07not yet calculatedCVE-2018-7688
CONFIRM
CONFIRM
MLIST
opensuse — open_build_service
 
Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service
before 2.9.3 allowed authenticated users to modify packages where they do not have write
permissions.
2018-06-07not yet calculatedCVE-2018-7689
CONFIRM
CONFIRM
MLIST
otrs — otrs
 
An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a
customer can use the ticket overview screen to disclose internal article information of their
customer tickets.
2018-06-06not yet calculatedCVE-2018-10198
CONFIRM
overflow636 — simple-npm-registry
 
simple-npm-registry is a local npm package cache. simple-npm-registry is vulnerable to a directory
traversal issue, giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16132
MISC
MISC
pagekit — cms
 
Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the
picture upload feature. A user with elevated privileges could upload a photo to the system in an
SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The
user can create a link on the website pointing to “/storage/poc.svg” that will point to
http://localhost/pagekit/storage/poc.svg. When a user comes along to click that link, it will
trigger a XSS attack.
2018-06-01not yet calculatedCVE-2018-11564
MISC
MISC
EXPLOIT-DB
pandora-doomsday — pandora-doomsday
 
The module pandora-doomsday infects other modules. It’s since been unpublished from the registry.2018-06-06not yet calculatedCVE-2017-16127
MISC
peiserver — peiserver
 
peiserver is a static file server. peiserver is vulnerable to a directory traversal issue, giving
an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16214
MISC
MISC
perl — perl
 
The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x,
insufficiently sanitizes or escapes variable values used as part of shell command execution,
resulting in shell code injection via the create(), run_file(), backup(), or restore() function.
The vulnerability allows unauthorized users to execute code with the same privileges as the running
application.
2018-06-07not yet calculatedCVE-2018-9246
CONFIRM
perl — perl
 
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a
directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file
containing a symlink and a regular file with the same name.
2018-06-07not yet calculatedCVE-2018-12015
SECTRACK
CONFIRM

peterhel — mockserve

mockserve is a file server. mockserve is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16146
MISC
MISC
philips — intellivue_patient_monitors_and_avalon_fetal/maternal_monitors
 
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M,
IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon
Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a
vulnerability that exposes an “echo” service, in which an attacker-sent buffer to an
attacker-chosen device address within the same subnet is copied to the stack with no boundary
checks, hence resulting in stack overflow.
2018-06-05not yet calculatedCVE-2018-10601
MISC
philips — intellivue_patient_monitors_and_avalon_fetal/maternal_monitors
 
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M,
IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon
Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a
vulnerability that allows an unauthenticated attacker to read memory from an attacker-chosen device
address within the same subnet.
2018-06-05not yet calculatedCVE-2018-10599
MISC
philips — intellivue_patient_monitors_and_avalon_fetal/maternal_monitors
 
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M,
IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon
Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a
vulnerability that allows an unauthenticated attacker to access memory (“write-what-where”) from an
attacker-chosen device address within the same subnet.
2018-06-05not yet calculatedCVE-2018-10597
MISC
phpscriptsmall.com — schools_alert_management_script
 
Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img
parameter in delete_img.php by using directory traversal.
2018-06-08not yet calculatedCVE-2018-12053
MISC
phpscriptsmall.com — schools_alert_management_script
 
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in
get_sec.php.
2018-06-08not yet calculatedCVE-2018-12052
MISC
phpscriptsmall.com — schools_alert_management_script
 
Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter
in img.php, aka absolute path traversal.
2018-06-08not yet calculatedCVE-2018-12054
MISC
phpscriptsmall.com — schools_alert_management_script
 
Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management
Script via $_FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg
content type.
2018-06-08not yet calculatedCVE-2018-12051
MISC
phpscriptsmall.com — schools_alert_management_script
 
Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST
data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on.
2018-06-08not yet calculatedCVE-2018-12055
MISC
picard — picard
 
picard is a micro framework. picard is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16194
MISC
MISC

pillarjs — resolve-path

resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of
validation of paths with certain special characters, which allows a malicious user to read content
of any file with known path.
2018-06-06not yet calculatedCVE-2018-3732
MISC
MISC
pk-app-wonderbox — pk-app-wonderbox
 
pk-app-wonderbox is an integration with wonderbox pk-app-wonderbox downloads binary resources over
HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution
(RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is
on the network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10685
MISC

pluck-cms — pluck

An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to
upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file.
2018-06-05not yet calculatedCVE-2018-11736
CONFIRM
CONFIRM
pm2-kafka — pm2-kafka
 
pm2-kafka is a PM2 module that installs and runs a kafka server pm2-kafka downloads binary
resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote
code execution (RCE) by swapping out the requested resources with an attacker controlled copy if
the attacker is on the network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10693
MISC
protobufjs — protobufjs
 
protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files.2018-06-06not yet calculatedCVE-2018-3738
MISC
proxy.js — proxy.js
 
proxy.js was a malicious module published with the intent to hijack environment variables. It has
been unpublished by npm.
2018-06-06not yet calculatedCVE-2017-16076
MISC
punkave — sanitize-htmlSanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below
are vulnerable to cross site scripting (XSS) in certain scenarios: If allowed at least one
nonTextTags, the result is a potential XSS vulnerability.
2018-06-04not yet calculatedCVE-2017-16016
MISC
MISC
MISC
punkave — sanitize-html
 
sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below
have a cross site scripting vulnerability.
2018-06-04not yet calculatedCVE-2017-16017
MISC
MISC
MISC
pytservce — pytservce
 
pytservce is a static file server. pytservce is vulnerable to a directory traversal issue, giving
an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16195
MISC
MISC
qbs — qbs
 
qbs is a build tool that helps simplify the build process for developing projects across multiple
platforms. qbs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It
may be possible to cause remote code execution (RCE) by swapping out the requested resources with
an attacker controlled copy if the attacker is on the network or positioned in between the user and
the remote server.
2018-06-04not yet calculatedCVE-2016-10656
MISC
qinserve — qinserve
 
qinserve is a static file server. qinserve is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16197
MISC
MISC
qnap — nasQNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections.2018-06-05not yet calculatedCVE-2017-7635
SECTRACK
CONFIRM
qnap — nas
 
QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly.
Successful exploitation can lead to change of the settings of Proxy Server.
2018-06-05not yet calculatedCVE-2017-7639
SECTRACK
CONFIRM
qnap — nas
 
QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS
commands against the system with root privileges.
2018-06-05not yet calculatedCVE-2017-7637
SECTRACK
CONFIRM
qnap — nas
 
Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0
allows remote attackers to inject arbitrary web script or HTML.
2018-06-05not yet calculatedCVE-2017-7636
SECTRACK
CONFIRM
qualcomm — androidIn Android before the 2018-06-05 security patch level, NVIDIA TLZ TrustZone contains a possible out
of bounds write due to integer overflow which could lead to local escalation of privilege in the
TrustZone with no additional execution privileges needed. User interaction is not needed for
exploitation. This issue is rated as high. Version: N/A. Android: A-69480285. Reference:
N-CVE-2017-6292.
2018-06-07not yet calculatedCVE-2017-6292
CONFIRM
qualcomm — androidIn Android before the 2018-06-05 security patch level, NVIDIA TLK TrustZone contains a possible out
of bounds write due to an integer overflow which could lead to local escalation of privilege with
no additional execution privileges needed. User interaction not needed for exploitation. This issue
is rated as high. Version: N/A. Android: A-69559414. Reference: N-CVE-2017-6290.
2018-06-07not yet calculatedCVE-2017-6290
CONFIRM
qualcomm — androiddcc_curr_list is initialized with a default invalid value that is expected to be programmed by the
user through a sysfs node which could lead to an invalid access in all Android releases from CAF
(Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
2018-06-06not yet calculatedCVE-2018-5841
MISC
qualcomm — androidBuffer over -read can occur while processing a FILS authentication frame in all Android releases
from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
2018-06-06not yet calculatedCVE-2018-3562
MISC
qualcomm — androidWhile sending a probe request indication in lim_send_sme_probe_req_ind() in all Android releases
from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer
overflow can occur.
2018-06-06not yet calculatedCVE-2018-3565
MISC
qualcomm — android
 
A crafted binder request can cause an arbitrary unmap in MediaServer in all Android releases from
CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
2018-06-06not yet calculatedCVE-2017-18154
MISC
qualcomm — android
 
Buffer Copy without Checking Size of Input can occur during the DRM SDE driver initialization
sequence in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using
the Linux Kernel.
2018-06-06not yet calculatedCVE-2018-5840
MISC
qualcomm — android
 
A race condition in drm_atomic_nonblocking_commit() in the display driver can potentially lead to a
Use After Free scenario in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD
Android) using the Linux Kernel.
2018-06-06not yet calculatedCVE-2018-5845
MISC
qualcomm — android
 
A Use After Free condition can occur in the IPA driver whenever the IPA IOCTLs
IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_ADD/IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_DEL/IPA_IOC_NOTIFY_WAN_EMBMS_CONNECTED
are called in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android)
using the Linux Kernel.
2018-06-06not yet calculatedCVE-2018-5846
MISC
qualcomm — android
 
Stack-based buffer overflow can occur In the WLAN driver if the pmkid_count value is larger than
the PMKIDCache size in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD
Android) using the Linux Kernel.
2018-06-06not yet calculatedCVE-2018-3580
MISC
qualcomm — android
 
In the function csr_update_fils_params_rso(), insufficient validation on a key length can result in
an integer underflow leading to a buffer overflow in all Android releases from CAF (Android for
MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
2018-06-06not yet calculatedCVE-2018-5850
MISC
qualcomm — android
 
In Android before the 2018-06-05 security patch level, NVIDIA Tegra X1 TZ contains a possible out
of bounds write due to missing bounds check which could lead to escalation of privilege from the
kernel to the TZ. User interaction is not needed for exploitation. This issue is rated as high.
Version: N/A. Android: A-69316825. Reference: N-CVE-2017-6294.
2018-06-07not yet calculatedCVE-2017-6294
CONFIRM
qualcomm — android
 
Type mismatch for ie_len can cause the WLAN driver to allocate less memory on the heap due to
implicit casting leading to a heap buffer overflow in all Android releases from CAF (Android for
MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
2018-06-06not yet calculatedCVE-2018-3578
MISC
quest — dr_series_disk_backupQuest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 27 of
46).
2018-06-01not yet calculatedCVE-2018-11169
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 4 of
46).
2018-06-01not yet calculatedCVE-2018-11146
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 3 of
46).
2018-06-01not yet calculatedCVE-2018-11145
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 44 of
46).
2018-06-01not yet calculatedCVE-2018-11186
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 36 of
46).
2018-06-01not yet calculatedCVE-2018-11178
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 31 of
46).
2018-06-01not yet calculatedCVE-2018-11173
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 45 of
46).
2018-06-01not yet calculatedCVE-2018-11187
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 15 of
46).
2018-06-01not yet calculatedCVE-2018-11157
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 22 of
46).
2018-06-01not yet calculatedCVE-2018-11164
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of
6).
2018-06-01not yet calculatedCVE-2018-11192
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 5 of
46).
2018-06-01not yet calculatedCVE-2018-11147
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 7 of
46).
2018-06-01not yet calculatedCVE-2018-11149
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 41 of
46).
2018-06-01not yet calculatedCVE-2018-11183
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 10 of
46).
2018-06-01not yet calculatedCVE-2018-11152
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 20 of
46).
2018-06-01not yet calculatedCVE-2018-11162
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of
6).
2018-06-01not yet calculatedCVE-2018-11189
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 11 of
46).
2018-06-01not yet calculatedCVE-2018-11153
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 24 of
46).
2018-06-01not yet calculatedCVE-2018-11166
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 35 of
46).
2018-06-01not yet calculatedCVE-2018-11177
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 9 of
46).
2018-06-01not yet calculatedCVE-2018-11151
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 13 of
46).
2018-06-01not yet calculatedCVE-2018-11155
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 28 of
46).
2018-06-01not yet calculatedCVE-2018-11170
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 39 of
46).
2018-06-01not yet calculatedCVE-2018-11181
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 21 of
46).
2018-06-01not yet calculatedCVE-2018-11163
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 43 of
46).
2018-06-01not yet calculatedCVE-2018-11185
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 30 of
46).
2018-06-01not yet calculatedCVE-2018-11172
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 33 of
46).
2018-06-01not yet calculatedCVE-2018-11175
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 40 of
46).
2018-06-01not yet calculatedCVE-2018-11182
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 23 of
46).
2018-06-01not yet calculatedCVE-2018-11165
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 29 of
46).
2018-06-01not yet calculatedCVE-2018-11171
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 38 of
46).
2018-06-01not yet calculatedCVE-2018-11180
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of
6).
2018-06-01not yet calculatedCVE-2018-11190
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 6 of
46).
2018-06-01not yet calculatedCVE-2018-11148
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 32 of
46).
2018-06-01not yet calculatedCVE-2018-11174
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 17 of
46).
2018-06-01not yet calculatedCVE-2018-11159
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 37 of
46).
2018-06-01not yet calculatedCVE-2018-11179
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 16 of
46).
2018-06-01not yet calculatedCVE-2018-11158
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 2 of
46).
2018-06-01not yet calculatedCVE-2018-11144
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 14 of
46).
2018-06-01not yet calculatedCVE-2018-11156
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 18 of
46).
2018-06-01not yet calculatedCVE-2018-11160
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 34 of
46).
2018-06-01not yet calculatedCVE-2018-11176
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of
6).
2018-06-01not yet calculatedCVE-2018-11193
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 8 of
46).
2018-06-01not yet calculatedCVE-2018-11150
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 1 of
46).
2018-06-01not yet calculatedCVE-2018-11143
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 46 of
46).
2018-06-01not yet calculatedCVE-2018-11188
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 25 of
46).
2018-06-01not yet calculatedCVE-2018-11167
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of
6).
2018-06-01not yet calculatedCVE-2018-11194
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 26 of
46).
2018-06-01not yet calculatedCVE-2018-11168
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 12 of
46).
2018-06-01not yet calculatedCVE-2018-11154
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of
6).
2018-06-01not yet calculatedCVE-2018-11191
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 42 of
46).
2018-06-01not yet calculatedCVE-2018-11184
MISC
FULLDISC
MISC
quest — dr_series_disk_backup
 
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 19 of
46).
2018-06-01not yet calculatedCVE-2018-11161
MISC
FULLDISC
MISC
react-melon — react-native-baidu-voice-synthesizer
 
react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native.
react-native-baidu-voice-synthesizer downloads resources over HTTP, which leaves it vulnerable to
MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested
resources with an attacker controlled copy if the attacker is on the network or positioned in
between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10697
MISC
request — request
 
Request is an http client. If a request is made using “`multipart“`, and the body type is a
“`number“`, then the specified number of non-zero memory is passed in the body. This affects
Request >=2.2.6 <2.47.0 ||>2.51.0 <=2.67.0.
2018-06-04not yet calculatedCVE-2017-16026
MISC
MISC
MISC
restify — node-restifyRestify is a framework for building REST APIs. Restify >=2.0.0 <=4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers.2018-06-04not yet calculatedCVE-2017-16018
MISC
MISC
rockwell_automation — grslinx_classic_and_factorytalk_linx_gateway
 
An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk
Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to
execute arbitrary code and allow a threat actor to escalate user privileges on the affected
workstation.
2018-06-07not yet calculatedCVE-2018-10619
BID
MISC
roxy_fileman — roxy_fileman
 
Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter.2018-06-07not yet calculatedCVE-2018-12042
MISC
rs-brightcove — rs-brightcove
 
rs-brightcove is a wrapper around brightcove’s web api rs-brightcove downloads source file
resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote
code execution (RCE) by swapping out the requested resources with an attacker controlled copy if
the attacker is on the network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10676
MISC
rsa — web_threat_detection
 
RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the
Administration and Forensics applications. An authenticated malicious user with low privileges
could potentially exploit this vulnerability to execute SQL commands on the back-end database to
gain unauthorized access to the tool’s monitoring and user information by supplying specially
crafted input data to the affected application.
2018-06-05not yet calculatedCVE-2018-1252
FULLDISC
BID
SECTRACK

rtcmulticonnection-client — rtcmulticonnection-client

 

rtcmulticonnection-client is a signaling implementation for RTCMultiConnection.js, a multi-session
manager. rtcmulticonnection-client is vulnerable to a directory traversal issue, giving an attacker
access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16125
MISC
MISC
saas — libsaas
 
An issue was discovered in LibSaas through 3.5.4. An out-of-bounds read of a memory region was
found in the function Sass::handle_error which could be leveraged by an attacker to disclose
information or manipulated to read from unmapped memory causing a denial of service.
2018-06-04not yet calculatedCVE-2018-11698
MISC
saas — libsaas
 
An issue was discovered in LibSaas through 3.5.4. An out-of-bounds read of a memory region was
found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose
information or manipulated to read from unmapped memory causing a denial of service.
2018-06-04not yet calculatedCVE-2018-11697
MISC

samatt — herbivore

herbivore is a packet sniffing and crafting library. Built on libtins herbivore 0.0.3 and below
download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible
to cause remote code execution (RCE) by swapping out the requested resources with an attacker
controlled copy if the attacker is on the network or positioned in between the user and the remote
server.
2018-06-04not yet calculatedCVE-2016-10665
MISC
MISC

sandy98 — node-simple-router

 

node-simple-router is a minimalistic router for Node. node-simple-router is vulnerable to a
directory traversal issue, giving an attacker access to the filesystem by placing “../” in the URL.
2018-06-06not yet calculatedCVE-2017-16083
MISC
MISC
scott-blanch-weather-app — scott-blanch-weather-app
 
scott-blanch-weather-app is a sample Node.js app using Express 4. scott-blanch-weather-app is
vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing
“../” in the url.
2018-06-06not yet calculatedCVE-2017-16184
MISC
MISC
sdaltonb — utahcityfinder
 
utahcityfinder constructs lists of Utah cities with a certain prefix. utahcityfinder is vulnerable
to a directory traversal issue, giving an attacker access to the filesystem by placing “../” in the
url.
2018-06-06not yet calculatedCVE-2017-16173
MISC
MISC
searchblox — searchblox
 
XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote
unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks
via a crafted DTD in an XML request.
2018-06-05not yet calculatedCVE-2018-11586
MISC
EXPLOIT-DB
section2.madisonjbrooks12 — section2.madisonjbrooks12
 
section2.madisonjbrooks12 is a simple web server. section2.madisonjbrooks12 is vulnerable to a
directory traversal issue, giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16172
MISC
MISC
selenium-portal — portal
 
selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over
HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution
(RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is
on the network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10667
MISC
senchalabs — connect
 
connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a
lack of validation of file in directory.js middleware.
2018-06-06not yet calculatedCVE-2018-3717
MISC
MISC
MISC
serve46 — serve46
 
serve46 is a static file server. serve46 is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16148
MISC
MISC
serverabc — serverabc
 
serverabc is a static file server. serverabc is vulnerable to a directory traversal issue, giving
an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16180
MISC
MISC
serverhuwenhui — serverhuwenhui
 
serverhuwenhui is a simple http server. serverhuwenhui is vulnerable to a directory traversal
issue, giving an attacker access to the filesystem by placing “../” in the URL.
2018-06-06not yet calculatedCVE-2017-16102
MISC
MISC

serverliujiayi1 — serverliujiayi1

serverliujiayi1 is a simple http server. serverliujiayi1 is vulnerable to a directory traversal
issue, giving an attacker access to the filesystem by placing “../” in the URL.
2018-06-06not yet calculatedCVE-2017-16095
MISC
MISC
serverlyr — serverlyr
 
serverlyr is a simple http server. serverlyr is vulnerable to a directory traversal issue, giving
an attacker access to the filesystem by placing “../” in the URL.
2018-06-06not yet calculatedCVE-2017-16089
MISC
MISC
serverwg — serverwg
 
serverwg is a simple http server. serverwg is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the URL.
2018-06-06not yet calculatedCVE-2017-16101
MISC
MISC
serverwzl — serverwzl
 
serverwzl is a simple http server. serverwzl is vulnerable to a directory traversal issue, giving
an attacker access to the filesystem by placing “../” in the URL.
2018-06-06not yet calculatedCVE-2017-16105
MISC
MISC
serverxxx — serverxxx
 
serverxxx is a static file server. serverxxx is vulnerable to a directory traversal issue, giving
an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16182
MISC
MISC
serveryaozeyan — serveryaozeyan
 
serveryaozeyan is a simple HTTP server. serveryaozeyan is vulnerable to a directory traversal
issue, giving an attacker access to the filesystem by placing “../” in the URL.
2018-06-06not yet calculatedCVE-2017-16096
MISC
MISC
serveryztyzt — serveryztyzt
 
serveryztyzt is a simple http server. serveryztyzt is vulnerable to a directory traversal issue,
giving an attacker access to the filesystem by placing “../” in the URL.
2018-06-06not yet calculatedCVE-2017-16103
MISC
MISC
serverzyy — serverzyy
 
serverzyy is a static file server. serverzyy is vulnerable to a directory traversal issue, giving
an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16135
MISC
MISC
sgqserve — sgqserve
 
sgqserve is a simple file server. sgqserve is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16215
MISC
MISC
shadowsock — shadowsock
 
shadowsock was a malicious module published with the intent to hijack environment variables. It has
been unpublished by npm.
2018-06-06not yet calculatedCVE-2017-16078
MISC
shenliru — shenliru
 
shenliru is a simple file server. shenliru is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16161
MISC
MISC
shit-server — shit-server
 
shit-server is a file server. shit-server is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16147
MISC
MISC
shy2850 — f2e-server
 
`f2e-server` 1.12.11 and earlier is vulnerable to a directory traversal issue, giving an attacker
access to the filesystem by placing “../” in the url. This is compounded by `f2e-server` requiring
elevated privileges to run.
2018-06-04not yet calculatedCVE-2017-16038
MISC
MISC
MISC
simplehttpserver — simplehttpserver
 
simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of
validation of file names.
2018-06-06not yet calculatedCVE-2018-3716
MISC
sindresorhus — decamelize
 
Decamelize is used to convert a dash/dot/underscore/space separated string to camelCase. Decamelize
1.1.0 through 1.1.1 uses regular expressions to evaluate a string and takes unescaped separator
values, which can be used to create a denial of service attack.
2018-06-04not yet calculatedCVE-2017-16023
MISC
MISC

skoranga — node-dns-sync

 

dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve()
method then command injection is possible.
2018-06-06not yet calculatedCVE-2017-16100
MISC
MISC
sleuthkit — sleuthkit
 
An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to
4.6.1. An out-of-bounds read of a memory region was found in the function tsk_UTF16toUTF8 in
tsk/base/tsk_unicode.c which could be leveraged by an attacker to disclose information or
manipulated to read from unmapped memory causing a denial of service attack.
2018-06-05not yet calculatedCVE-2018-11740
MISC
sleuthkit — sleuthkit
 
An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1.
An out-of-bounds read of a memory region was found in the function ntfs_fix_idxrec in
tsk/fs/ntfs_dent.cpp which could be leveraged by an attacker to disclose information or manipulated
to read from unmapped memory causing a denial of service.
2018-06-05not yet calculatedCVE-2018-11737
MISC
sleuthkit — sleuthkit
 
An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1.
An out-of-bounds read of a memory region was found in the function ntfs_make_data_run in
tsk/fs/ntfs.c which could be leveraged by an attacker to disclose information or manipulated to
read from unmapped memory causing a denial of service attack.
2018-06-05not yet calculatedCVE-2018-11738
MISC
sleuthkit — sleuthkit
 
An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1.
An out-of-bounds read of a memory region was found in the function raw_read in tsk/img/raw.c which
could be leveraged by an attacker to disclose information or manipulated to read from unmapped
memory causing a denial of service attack.
2018-06-05not yet calculatedCVE-2018-11739
MISC

sly07 — lab5

 

sly07 is an API for censoring text. sly07 is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16189
MISC
MISC
smb — smb
 
smb was a malicious module published with the intent to hijack environment variables. It has been
unpublished by npm.
2018-06-06not yet calculatedCVE-2017-16079
MISC
soar_labs — soar_coin
 
Soar Labs Soar Coin version up to and including git commit 4a2aa71ee21014e2880a3f7aad11091ed6ad434f
(latest release as of Sept 2017) contains an intentional backdoor vulnerability in the function
zero_fee_transaction() that can result in theft of Soar Coins by the “onlycentralAccount” (Soar
Labs) after payment is processed.
2018-06-06not yet calculatedCVE-2018-1000203
MISC
MISC
soci — soci
 
soci downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be
possible to cause remote code execution (RCE) by swapping out the requested resources with an
attacker controlled copy if the attacker is on the network or positioned in between the user and
the remote server.
2018-06-04not yet calculatedCVE-2016-10669
MISC
socketio — socket.io
 
Socket.io is a realtime application framework that provides communication via websockets. Because
socket.io 0.9.6 and earlier depends on `Math.random()` to create socket IDs, the IDs are
predictable. An attacker is able to guess the socket ID and gain access to socket.io servers,
potentially obtaining sensitive information.
2018-06-04not yet calculatedCVE-2017-16031
MISC
MISC
MISC
MISC
splunk — splunk
 
Splunk through 7.0.1 allows information disclosure by appending
__raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering
a license key.
2018-06-08not yet calculatedCVE-2018-11409
MISC
EXPLOIT-DB
sqlite.js — sqlite.js
 
`sqlite.js` was a malicious module published with the intent to hijack environment variables. It
has been unpublished by npm.
2018-06-04not yet calculatedCVE-2017-16050
MISC
sqliter — sqliter
 
`sqliter` was a malicious module published with the intent to hijack environment variables. It has
been unpublished by npm.
2018-06-04not yet calculatedCVE-2017-16051
MISC
sqlserver — sqlserver
 
`sqlserver` was a malicious module published with the intent to hijack environment variables. It
has been unpublished by npm.
2018-06-04not yet calculatedCVE-2017-16055
MISC
sspa — sspa
 
sspa is a server dedicated to single-page apps. sspa is vulnerable to a directory traversal issue,
giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16145
MISC
MISC
stanleygu — cmake
 
cmake installs the cmake x86 linux binaries. cmake downloads binary resources over HTTP, which
leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by
swapping out the requested binary with an attacker controlled binary if the attacker is on the
network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10642
MISC
stanleygu — libsbmlsim
 
libsbmlsim is a module that installs linux binaries for libsbmlsim libsbmlsim downloads binary
resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote
code execution (RCE) by swapping out the requested resources with an attacker controlled copy if
the attacker is on the network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10675
MISC
stanleygu — libsbml
 
libsbml is a module that installs Linux binaries for libSBML libsbml downloads resources over HTTP,
which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE)
by swapping out the requested resources with an attacker controlled copy if the attacker is on the
network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10668
MISC

substack — static-eval

 

The static-eval module is intended to evaluate statically-analyzable expressions. In affected
versions, untrusted user input is able to access the global function constructor, effectively
allowing arbitrary code execution.
2018-06-06not yet calculatedCVE-2017-16226
MISC
MISC
MISC
suse — suse
 
A vulnerability in pam_modules of SUSE SUSE Linux Enterprise allows attackers to log into accounts
that should have been disabled. Affected releases are SUSE SUSE Linux Enterprise: versions prior to
12.
2018-06-08not yet calculatedCVE-2011-3172
CONFIRM
CONFIRM
suse — suse
 
The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH
integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different
in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use
this flaw to impersonate the correct kdump server to obtain security sensitive information (kdump
core files).
2018-06-08not yet calculatedCVE-2011-4190
CONFIRM
CONFIRM
suse — suse
 
A vulnerability in the listing of available software of SUSE SUSE Studio Onsite, SUSE Studio Onsite
1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection.
Affected releases are SUSE SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite
1.1 Appliance: versions prior to 1.1.2-0.25.1.
2018-06-07not yet calculatedCVE-2011-0467
CONFIRM
CONFIRM
suse — suse
 
The install-chef-suse.sh script shipped with crowbar before 2012-10-02 is creating files containing
confidential data with insecure permissions, allowing local users to read confidential data.
2018-06-08not yet calculatedCVE-2012-0433
CONFIRM
CONFIRM
susu-sum — susu-sumsusu-sum is a static file server. susu-sum is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16199
MISC
MISC
symphonycms — symphony-2content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page.2018-06-07not yet calculatedCVE-2018-12043
MISC
synology — diskstation_manager
 
Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM)
before 6.2-23739 allows remote authenticated users to reset password without verification.
2018-06-08not yet calculatedCVE-2018-8916
CONFIRM
synology — diskstation_manager
 
Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before
6.2-23739 allows remote authenticated users to execute arbitrary command via the username
parameter.
2018-06-08not yet calculatedCVE-2017-12075
CONFIRM
synology — drive
 
Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before
1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the
malicious file name.
2018-06-01not yet calculatedCVE-2018-8921
CONFIRM
synology — file_station
 
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before
1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious
attachments.
2018-06-05not yet calculatedCVE-2018-8923
CONFIRM
synology — office
 
Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143
allows remote authenticated users to inject arbitrary web script or HTML via the malicious file
name.
2018-06-05not yet calculatedCVE-2018-8924
CONFIRM
synology — photo_station
 
Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before
6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of
administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6)
modify_admin parameter.
2018-06-08not yet calculatedCVE-2018-8925
CONFIRM
synology — photo_station
 
Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before
6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation
attacks via the fullname parameter.
2018-06-08not yet calculatedCVE-2018-8926
CONFIRM
synology — router_manager
 
Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931
allows remote authenticated users to execute arbitrary command via the username parameter.
2018-06-08not yet calculatedCVE-2017-12078
CONFIRM
tencent-server — tencent-server
 
tencent-server is a simple web server. tencent-server is vulnerable to a directory traversal issue,
giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16216
MISC
MISC

timqi — general-file-server

general-file-server node module suffers from a Path Traversal vulnerability due to lack of
validation of currpath, which allows a malicious user to read content of any file with known path.
2018-06-06not yet calculatedCVE-2018-3724
MISC

tintinweb — cgminer_and_bfgminer

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote
attacker to write the miner configuration file to arbitrary locations on the server due to missing
basedir restrictions (absolute directory traversal).
2018-06-05not yet calculatedCVE-2018-10057
MLIST
MISC
tintinweb — cgminer_and_bfgminer
 
The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote
attacker to execute arbitrary code due to a stack-based buffer overflow in the addpool,
failover-only, poolquota, and save command handlers.
2018-06-05not yet calculatedCVE-2018-10058
MLIST
MISC
tiny-http — tiny-http
 
tiny-http is a simple http server. tiny-http is vulnerable to a directory traversal issue, giving
an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16097
MISC
MISC
tinyexr — tinyexr
 
tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChannelInfo in tinyexr.h.2018-06-08not yet calculatedCVE-2018-12064
MISC
tinyserver2 — tinyserver2
 
tinyserver2 is a webserver for static files. tinyserver2 is vulnerable to a directory traversal
issue, giving an attacker access to the filesystem by placing “../” in the URL.
2018-06-06not yet calculatedCVE-2017-16085
MISC
MISC
titarenko — mystem-wrapper
 
mystem-wrapper is a Yandex mystem app wrapper module. mystem-wrapper downloads binary resources
over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code
execution (RCE) by swapping out the requested resources with an attacker controlled copy if the
attacker is on the network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10671
MISC
tj — node-growl
 
Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize
input before passing it to exec, allowing for arbitrary command execution.
2018-06-04not yet calculatedCVE-2017-16042
MISC
MISC
MISC
tjchaplin — mcstatic
 
mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of
filePath, which allows a malicious user to read content of any file with known path.
2018-06-06not yet calculatedCVE-2018-3730
MISC
tmock — tmock
 
tmock is a static file server. tmock is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16106
MISC
MISC
tnantoka — public
 
public node module suffers from a Path Traversal vulnerability due to lack of validation of
filePath, which allows a malicious user to read content of any file with known path.
2018-06-06not yet calculatedCVE-2018-3731
MISC

tobie — ua-parser

 

ua-parser is a port of Browserscope’s user agent parser. ua-parser is vulnerable to a ReDoS
(Regular Expression Denial of Service) attack when given a specially crafted UserAgent header.
2018-06-06not yet calculatedCVE-2017-16086
MISC
tobli — alto-saxophone
 
alto-saxophone is a module to install and launch Chromedriver for Mac, Linux or Windows.
alto-saxophone versions below 2.25.1 download binary resources over HTTP, which leaves it
vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out
the requested binary with an attacker controlled binary if the attacker is on the network or
positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10694
MISC
tomita — tomita
 
tomita is a node wrapper for Yandex Tomita Parser tomita downloads binary resources over HTTP,
which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE)
by swapping out the requested resources with an attacker controlled copy if the attacker is on the
network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10662
MISC

torthu — quickserver

quickserver is a simple static file server. quickserver is vulnerable to a directory traversal
issue, giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16196
MISC
MISC
tp-link — multiple_devices
 
An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n
and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused
by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of
“Referer: http://192.168.0.1/mainFrame.htm” then no authentication is required for any action.
2018-06-04not yet calculatedCVE-2018-11714
MISC
EXPLOIT-DB
trend_micro — officescan
 
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG
could allow a local attacker to escalate privileges on vulnerable installations due to a flaw
within the processing of IOCTL 0x220078 in the TMWFP driver. An attacker must first obtain the
ability to execute low-privileged code on the target system in order to exploit this vulnerability.
2018-06-08not yet calculatedCVE-2018-10359
CONFIRM
MISC
trend_micro — officescan
 
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG
could allow a local attacker to escalate privileges on vulnerable installations due to a flaw
within the processing of IOCTL 0x2200B4 in the TMWFP driver. An attacker must first obtain the
ability to execute low-privileged code on the target system in order to exploit this vulnerability.
2018-06-08not yet calculatedCVE-2018-10358
CONFIRM
MISC
trend_micro — officescan
 
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG
could allow a local attacker to escalate privileges on vulnerable installations due to a flaw
within the processing of IOCTL 0x220008 in the TMWFP driver. An attacker must first obtain the
ability to execute low-privileged code on the target system in order to exploit this vulnerability.
2018-06-08not yet calculatedCVE-2018-10505
CONFIRM
MISC
trend_micro — officescan
 
A out-of-bounds read information disclosure vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG
could allow a local attacker to disclose sensitive information on vulnerable installations due to a
flaw within the processing of IOCTL 0x220004 by the TMWFP driver. An attacker must first obtain the
ability to execute low-privileged code on the target system in order to exploit this vulnerability.
2018-06-08not yet calculatedCVE-2018-10506
CONFIRM
MISC
twonky — server
 
Twonky Server before 8.5.1 has XSS via a modified “language” parameter in the Language section.2018-06-07not yet calculatedCVE-2018-9182
MISC
twonky — server
 
Twonky Server before 8.5.1 has XSS via a folder name on the Shared Folders screen.2018-06-07not yet calculatedCVE-2018-9177
MISC
uekw1511server — uekw1511server
 
uekw1511server is a static file server. uekw1511server is vulnerable to a directory traversal
issue, giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16185
MISC
MISC
uv-tj-demo — uv-tj-demo
 
uv-tj-demo is a static file server. uv-tj-demo is vulnerable to a directory traversal issue, giving
an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16200
MISC
MISC

vannio — unicorn-framework

unicorn-list is a web framework. unicorn-list is vulnerable to a directory traversal issue, giving
an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16131
MISC
MISC
visionmedia — debug
 
The debug module is vulnerable to regular expression denial of service when untrusted user input is
passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a
low severity issue.
2018-06-06not yet calculatedCVE-2017-16137
MISC
MISC
MISC

visionmedia — superagent

 

The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP
server replies with a compressed response that becomes several magnitudes larger once uncompressed.
If a client does not take special care when processing such responses, it may result in excessive
CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To
exploit this the attacker must control the location (URL) that superagent makes a request to.
2018-06-06not yet calculatedCVE-2017-16129
MISC
MISC
vsonix-bub — node-google-closure-tools-latest
 
google-closure-tools-latest is a Node.js module wrapper for downloading the latest version of the
Google Closure tools google-closure-tools-latest downloads binary resources over HTTP, which leaves
it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping
out the requested resources with an attacker controlled copy if the attacker is on the network or
positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10677
MISC
wangcaifeng — node-server-forfront
 
node-server-forfront is a simple static file server. node-server-forfront is vulnerable to a
directory traversal issue, giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16124
MISC
MISC
wanggoujing123 — wanggoujing123
 
wanggoujing123 is a simple webserver. wanggoujing123 is vulnerable to a directory traversal issue,
giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16150
MISC
MISC
weather.swlyons — weather.swlyons
 
weather.swlyons is a simple web server for weather updates. weather.swlyons is vulnerable to a
directory traversal issue, giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16110
MISC
MISC
webdriver-launcher — webdriver-launcher
 
webdriver-launcher is a Node.js Selenium Webdriver Launcher. webdriver-launcher downloads binary
resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote
code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the
attacker is on the network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10651
MISC
webkit — webkit
 
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of
WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly
failed to use system proxy settings for WebSocket connections. As a result, users could be
deanonymized by crafted web sites via a WebSocket connection.
2018-06-04not yet calculatedCVE-2018-11713
MISC
MISC
webkit — webkit
 
webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in
UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3,
mishandle an unset pageURL, leading to an application crash.
2018-06-01not yet calculatedCVE-2018-11646
MISC
MISC
EXPLOIT-DB
webkit — webkit
 
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of
WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate
verification for WebSocket connections.
2018-06-04not yet calculatedCVE-2018-11712
MISC
MISC
welcomyzt — welcomyzt
 
welcomyzt is a simple file server. welcomyzt is vulnerable to a directory traversal issue, giving
an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16123
MISC
MISC
wffserve — wffserve
 
wffserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem
by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16168
MISC
MISC
wind-mvc — wind-mvc
 
wind-mvc is an mvc framework. wind-mvc is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16220
MISC
MISC
windows-iedriver — windows-iedriver
 
The windows-iedriver module downloads fixed version of iedriverserver.exe windows-iedriver
downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be
possible to cause remote code execution (RCE) by swapping out the requested resources with an
attacker controlled copy if the attacker is on the network or positioned in between the user and
the remote server.
2018-06-04not yet calculatedCVE-2016-10689
MISC
windows-latestchromedriver — windows-latestchromedriver
 
windows-latestchromedriver downloads the latest version of chromedriver.exe.
windows-latestchromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM
attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested
resources with an attacker controlled copy if the attacker is on the network or positioned in
between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10696
MISC
windows-selenium-chromedriver — windows-selenium-chromedriver
 
windows-selenium-chromedriver is a module that downloads the Selenium Jar file.
windows-selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to
MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested
resources with an attacker controlled copy if the attacker is on the network or positioned in
between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10687
MISC
windows-seleniumjar — windows-seleniumjar
 
windows-seleniumjar is a module that downloads the Selenium Jar file windows-seleniumjar downloads
binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause
remote code execution (RCE) by swapping out the requested resources with an attacker controlled
copy if the attacker is on the network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10691
MISC
windows-seleniumjar-mirror — windows-seleniumjar-mirror
 
windows-seleniumjar-mirror downloads the Selenium Jar file windows-seleniumjar-mirror downloads
binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause
remote code execution (RCE) by swapping out the requested resources with an attacker controlled
copy if the attacker is on the network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10670
MISC
wintiwebdev — wintiwebdev
 
wintiwebdev is a static file server. wintiwebdev is vulnerable to a directory traversal issue,
giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16181
MISC
MISC
wordpress — wordpress
 
wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for
WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI.
2018-06-04not yet calculatedCVE-2018-11709
MISC
MISC
MISC

wuzhi_cms — wuzhi_cms

 

WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the ‘code’ parameter, because ‘UC_KEY’ is
hard coded.
2018-06-05not yet calculatedCVE-2018-11722
MISC
xd-testing — xd-testing
 
xd-testing is a testing library for cross-device (XD) web applications. xd-testing downloads binary
resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote
code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the
attacker is on the network or positioned in between the user and the remote server.
2018-06-04not yet calculatedCVE-2016-10653
MISC
ximdex — ximdex
 
xfind/search in Ximdex 4.0 has XSS via the filter[n][value] parameters for non-negative values of
n, as demonstrated by n equal to 0 through 12.
2018-06-07not yet calculatedCVE-2018-12047
MISC
ximdex — ximdex
 
index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter.2018-06-05not yet calculatedCVE-2018-11735
MISC
xtalk — xtalk
 
xtalk helps your browser talk to nodex, a simple web framework. xtalk is vulnerable to a directory
traversal issue, giving an attacker access to the filesystem by placing “../” in the URL.
2018-06-06not yet calculatedCVE-2017-16091
MISC

xuemen — infra

infraserver is a RESTful server. infraserver is vulnerable to a directory traversal issue, giving
an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16142
MISC
MISC

yoehoehne — cs360_getcity

 

getcityapi.yoehoehne is a web server. getcityapi.yoehoehne is vulnerable to a directory traversal
issue, giving an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16192
MISC
MISC
yttivy — yttivy
 
yttivy is a static file server. yttivy is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16219
MISC
MISC
yyooopack — yyooopack
 
yyooopack is a simple file server. yyooopack is vulnerable to a directory traversal issue, giving
an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16167
MISC
MISC
yzmcms — yzmcms
 
The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through
v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a
verification code, which makes it easier for remote attackers to hijack accounts via a brute-force
approach.
2018-06-05not yet calculatedCVE-2018-11554
MISC
yzt — yzt
 
yzt is a simple file server. yzt is vulnerable to a directory traversal issue, giving an attacker
access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16221
MISC
MISC
zeit — serve
 
serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e
(.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of
any directory with known path.
2018-06-06not yet calculatedCVE-2018-3712
MISC
MISC
zeit — serve
 
serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored
files if a filename is URL encoded.
2018-06-06not yet calculatedCVE-2018-3718
MISC
zjjserver — zjjserver
 
zjjserver is a static file server. zjjserver is vulnerable to a directory traversal issue, giving
an attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16201
MISC
MISC
zoho — manageengine_applications_manager
 
Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager
Version 13 before build 13740 allows an attacker to delete any file and read certain files on the
server in the context of the user (which by default is “NT AUTHORITY / SYSTEM”) by sending a
specially crafted request to the server.
2018-06-05not yet calculatedCVE-2018-11808
MISC
zwserver — zwserver
 
zwserver is a weather web server. zwserver is vulnerable to a directory traversal issue, giving an
attacker access to the filesystem by placing “../” in the url.
2018-06-06not yet calculatedCVE-2017-16149
MISC
MISC

Back to top


This product is provided subject to this Notification and
this Privacy & Use policy.

This entry was posted in Alerts. Bookmark the permalink.