SB18-274: Vulnerability Summary for the Week of September 24, 2018

Original release date: October 01, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available

High Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no medium vulnerabilities recorded this week.

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
389_directory_server — 389_directory_serverA flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.2018-09-28not yet calculatedCVE-2018-14648
CONFIRM
adobe — acrobat_and_reader
 
Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-09-25not yet calculatedCVE-2018-12850
BID
SECTRACK
CONFIRM
adobe — acrobat_and_reader
 
Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-09-25not yet calculatedCVE-2018-12840
BID
SECTRACK
CONFIRM
adobe — acrobat_and_reader
 
Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-09-25not yet calculatedCVE-2018-12801
BID
SECTRACK
CONFIRM
adobe — acrobat_and_reader
 
Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-09-25not yet calculatedCVE-2018-12775
BID
SECTRACK
CONFIRM
adobe — acrobat_and_reader
 
Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-09-25not yet calculatedCVE-2018-12778
BID
SECTRACK
CONFIRM
adobe — acrobat_and_reader
 
Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-09-25not yet calculatedCVE-2018-12849
BID
SECTRACK
CONFIRM
adobe — acrobat_and_reader
 
Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2018-09-25not yet calculatedCVE-2018-12848
BID
SECTRACK
CONFIRM
adobe — coldfusion
 
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.2018-09-25not yet calculatedCVE-2018-15957
BID
SECTRACK
CONFIRM
adobe — coldfusion
 
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.2018-09-25not yet calculatedCVE-2018-15958
BID
SECTRACK
CONFIRM
adobe — coldfusion
 
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary folder creation.2018-09-25not yet calculatedCVE-2018-15963
BID
SECTRACK
CONFIRM
adobe — coldfusion
 
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure.2018-09-25not yet calculatedCVE-2018-15964
BID
SECTRACK
CONFIRM
adobe — coldfusion
 
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.2018-09-25not yet calculatedCVE-2018-15959
BID
SECTRACK
CONFIRM
adobe — coldfusion
 
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a directory listing vulnerability. Successful exploitation could lead to information disclosure.2018-09-25not yet calculatedCVE-2018-15962
BID
SECTRACK
CONFIRM
adobe — coldfusion
 
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.2018-09-25not yet calculatedCVE-2018-15965
BID
SECTRACK
CONFIRM
adobe — coldfusion
 
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.2018-09-25not yet calculatedCVE-2018-15961
BID
SECTRACK
CONFIRM
adobe — coldfusion
 
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to arbitrary file overwrite.2018-09-25not yet calculatedCVE-2018-15960
BID
SECTRACK
CONFIRM
adobe — flash_player
 
Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure.2018-09-25not yet calculatedCVE-2018-15967
BID
SECTRACK
REDHAT
CONFIRM
alcatel — ee_ee40vb_4g_mobile_broadband_modems
 
The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the “Web ConnectonEE40” and “Web ConnectonEE40BackgroundService” directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the “Web ConnectonEE40BackgroundService” directory.2018-09-26not yet calculatedCVE-2018-14327
MISC
MISC
BID
MISC
EXPLOIT-DB
apache — http_server
 
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.2018-09-25not yet calculatedCVE-2018-11763
BID
SECTRACK
CONFIRM
arris — tg2492lg-na_061213_devices
 
The web component on ARRIS TG2492LG-NA 061213 devices allows remote attackers to obtain sensitive information via the /snmpGet oids parameter.2018-09-26not yet calculatedCVE-2018-17555
MISC
avaya — aura_communication_manager
 
A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1.2018-09-27not yet calculatedCVE-2018-15611
CONFIRM
avaya — call_management_systemA vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x.2018-09-24not yet calculatedCVE-2018-15615
BID
CONFIRM
bigtree — bigtree_cms
 
BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a .. substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/.. URI.2018-09-23not yet calculatedCVE-2018-17341
MISC
circontrol — circarlife
 
An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information.2018-09-26not yet calculatedCVE-2018-16672
MISC
citrix — sharefile_storagezones_controller
 
Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal.2018-09-26not yet calculatedCVE-2018-16968
BID
CONFIRM
citrix — sharefile_storagezones_controller
 
Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message.2018-09-26not yet calculatedCVE-2018-16969
BID
CONFIRM
dell_emc — esrs_policy_manager
 
Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code in the server’s JVM.2018-09-28not yet calculatedCVE-2018-15764
BID
SECTRACK
FULLDISC
dell_emc — unity_and_unityvsaDell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect Unity users to arbitrary web URLs by tricking the victim user to click on a maliciously crafted Unisphere URL. Attacker could potentially phish information, including Unisphere users’ credentials, from the victim once they are redirected.2018-09-28not yet calculatedCVE-2018-1251
FULLDISC
dell_emc — unity_and_unityvsa
 
Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains an Authorization Bypass vulnerability. A remote authenticated user could potentially exploit this vulnerability to read files in NAS server by directly interacting with certain APIs of Unity OE, bypassing Role-Based Authorization control implemented only in Unisphere GUI.2018-09-28not yet calculatedCVE-2018-1250
FULLDISC
dell_emc — unity_and_unityvsa
 
Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser.2018-09-28not yet calculatedCVE-2018-1246
FULLDISC
delta_electronics — delta_industrial_automation_pmsoft
 
Delta Electronics Delta Industrial Automation PMSoft v2.11 or prior has an out-of-bounds read vulnerability that can be executed when processing project files, which may allow an attacker to read confidential information.2018-09-27not yet calculatedCVE-2018-14824
MISC
BID
MISC
digium — asteriskThere is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket.2018-09-24not yet calculatedCVE-2018-17281
CONFIRM
MISC
FULLDISC
BID
SECTRACK
CONFIRM
MLIST
BUGTRAQ
druide — antidote
 
Druide Antidote through 9.5.1 on Windows and Linux allows remote code execution through the update mechanism by leveraging use of HTTP to download installation packages.2018-09-24not yet calculatedCVE-2018-13140
MISC
FULLDISC
MISC
e107 — e107
 
e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page.2018-09-26not yet calculatedCVE-2018-17081
MISC
epee_library — levin
 
An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero ‘Lithium Luna’ (v0.12.2.0-master-ffab6700) and other cryptocurrencies. A specially crafted network packet can cause a logic flaw, resulting in code execution. An attacker can send a packet to trigger this vulnerability.2018-09-26not yet calculatedCVE-2018-3972
MISC
MISC
ethereum — cryptosaga
 
The random() function of the smart contract implementation for CryptoSaga, an Ethereum game, generates a random value with publicly readable variables such as timestamp, the current block’s blockhash, and a private variable (which can be read with a getStorageAt call). Therefore, attackers can precompute the random number and manipulate the game (e.g., get powerful characters or get critical damages).2018-09-24not yet calculatedCVE-2018-12975
MISC
exiv2 — exiv2
 
CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.2018-09-28not yet calculatedCVE-2018-17581
MISC
MISC
foxit — phantompdf_and_reader
 
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.2018-09-28not yet calculatedCVE-2018-17610
MISC
foxit — phantompdf_and_reader
 
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.2018-09-28not yet calculatedCVE-2018-17609
MISC
foxit — phantompdf_and_reader
 
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.2018-09-28not yet calculatedCVE-2018-17611
MISC
foxit — phantompdf_and_reader
 
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.2018-09-28not yet calculatedCVE-2018-17607
MISC
foxit — phantompdf_and_reader
 
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigger Uninitialized Object Information Disclosure because creation of ArrayBuffer and DataView objects is mishandled.2018-09-29not yet calculatedCVE-2018-17781
MISC
foxit — phantompdf_and_reader
 
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.2018-09-28not yet calculatedCVE-2018-17608
MISC
freebsd_project — freebsd
 
In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts privileged kernel data.2018-09-28not yet calculatedCVE-2018-17155
CONFIRM
freebsd_project — freebsd
 
In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELEASE-p15, due to insufficient memory checking in the freebsd4_getfsstat system call, a NULL pointer dereference can occur. Unprivileged authenticated local users may be able to cause a denial of service.2018-09-28not yet calculatedCVE-2018-17154
CONFIRM
freebsd_project — freebsd
 
In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985), and 10.4-RELEASE-p13, due to improper maintenance of IPv6 protocol control block flags through various failure paths, an unprivileged authenticated local user may be able to cause a NULL pointer dereference causing the kernel to crash.2018-09-28not yet calculatedCVE-2018-6925
CONFIRM
fuji — electirc_v-server
 
Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution.2018-09-26not yet calculatedCVE-2018-14811
BID
MISC
fuji — electric_v-serverFuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution.2018-09-26not yet calculatedCVE-2018-14817
BID
MISC
fuji — electric_v-server
 
Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution.2018-09-26not yet calculatedCVE-2018-14819
BID
MISC
fuji — electric_v-server
 
Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.2018-09-26not yet calculatedCVE-2018-14823
BID
MISC
fuji — electric_v-server
 
Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution.2018-09-26not yet calculatedCVE-2018-14815
BID
MISC
fuji — electric_v-server
 
Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution.2018-09-26not yet calculatedCVE-2018-14809
MISC
fuji — electric_v-server
 
Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution.2018-09-26not yet calculatedCVE-2018-14813
BID
MISC
gnu_binutils — gnu_binutils
 
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump.2018-09-23not yet calculatedCVE-2018-17360
MISC
gnu_binutils — gnu_binutils
 
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.2018-09-23not yet calculatedCVE-2018-17359
MISC
gnu_binutils — gnu_binutils
 
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.2018-09-23not yet calculatedCVE-2018-17358
MISC
google — chrome
 
Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.2018-09-25not yet calculatedCVE-2018-6119
CONFIRM
CONFIRM
google — chrome
 
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.2018-09-25not yet calculatedCVE-2018-6045
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
DEBIAN
google — chrome
 
Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.2018-09-25not yet calculatedCVE-2018-6041
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
DEBIAN
google — chrome
 
Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page.2018-09-25not yet calculatedCVE-2018-6037
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
DEBIAN
google — chrome
 
Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page.2018-09-25not yet calculatedCVE-2018-6036
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
DEBIAN
google — chrome
 
Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data.2018-09-25not yet calculatedCVE-2018-6052
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
DEBIAN
google — chrome
 
Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.2018-09-25not yet calculatedCVE-2018-6034
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
DEBIAN
google — chrome
 
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.2018-09-25not yet calculatedCVE-2018-6035
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
DEBIAN
google — chrome
 
XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page.2018-09-25not yet calculatedCVE-2018-6051
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
DEBIAN
google — chrome
 
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page.2018-09-25not yet calculatedCVE-2018-6032
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
DEBIAN
google — chrome
 
Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.2018-09-25not yet calculatedCVE-2018-6042
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
DEBIAN
google — chrome
 
Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page.2018-09-25not yet calculatedCVE-2018-6053
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
DEBIAN
google — chrome
 
Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.2018-09-25not yet calculatedCVE-2018-6039
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
DEBIAN
google — chrome
 
Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.2018-09-25not yet calculatedCVE-2018-6050
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
DEBIAN
google — chrome
 
Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.2018-09-25not yet calculatedCVE-2018-6046
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
DEBIAN
google — chrome
 
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page.2018-09-25not yet calculatedCVE-2018-6040
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
DEBIAN
google — chrome
 
Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page.2018-09-25not yet calculatedCVE-2018-6047
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
DEBIAN
google — chrome
 
Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page.2018-09-25not yet calculatedCVE-2018-6055
CONFIRM
CONFIRM
google — chrome
 
Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.2018-09-25not yet calculatedCVE-2018-6054
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
DEBIAN
google — chrome
 
Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension.2018-09-25not yet calculatedCVE-2018-6033
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
DEBIAN
google — chrome
 
Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page.2018-09-25not yet calculatedCVE-2018-6049
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
DEBIAN
google — chrome
 
Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.2018-09-25not yet calculatedCVE-2018-6031
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
DEBIAN
google — chrome
 
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page.2018-09-25not yet calculatedCVE-2018-6048
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
DEBIAN
google — chrome
 
Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page.2018-09-25not yet calculatedCVE-2018-6043
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
DEBIAN
google — chrome
 
Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.2018-09-25not yet calculatedCVE-2018-6038
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
DEBIAN
grails — grails
 
An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in AssetPipelineFilter.groovy or AssetPipelineFilterCore.groovy.2018-09-28not yet calculatedCVE-2018-17605
MISC
MISC
hdf — hdf5
 
A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file.2018-09-24not yet calculatedCVE-2018-17433
MISC
hdf — hdf5
 
ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (invalid write access) via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file.2018-09-24not yet calculatedCVE-2018-17436
MISC
hdf — hdf5
 
A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.2018-09-24not yet calculatedCVE-2018-17438
MISC
hdf — hdf5
 
Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.2018-09-24not yet calculatedCVE-2018-17437
MISC
hdf — hdf5
 
A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.2018-09-24not yet calculatedCVE-2018-17434
MISC
hdf — hdf5
 
A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting an HDF file to GIF file.2018-09-24not yet calculatedCVE-2018-17435
MISC
hdf — hdf5
 
An issue was discovered in the HDF HDF5 1.10.3 library. There is a stack-based buffer overflow in the function H5S_extent_get_dims() in H5S.c. Specifically, this issue occurs while converting an HDF5 file to a GIF file.2018-09-24not yet calculatedCVE-2018-17439
MISC
hdf — hdf5
 
A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.2018-09-24not yet calculatedCVE-2018-17432
MISC
honeywell — mobile_computersOn Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40 running Android OS 7.1, CK75 running Android OS 6.0, CN75 running Android OS 6.0, CN75e running Android OS 6.0, CT50 running Android OS 6.0, D75e running Android OS 6.0, CT50 running Android OS 4.4, D75e running Android OS 4.4, CN51 running Android OS 6.0, EDA50k running Android 4.4, EDA50 running Android OS 7.1, EDA50k running Android OS 7.1, EDA70 running Android OS 7.1, EDA60k running Android OS 7.1, and EDA51 running Android OS 8.1), a skilled attacker with advanced knowledge of the target system could exploit this vulnerability by creating an application that would successfully bind to the service and gain elevated system privileges. This could enable the attacker to obtain access to keystrokes, passwords, personal identifiable information, photos, emails, or business-critical documents.2018-09-24not yet calculatedCVE-2018-14825
MISC
hotus — cms
 
Horus CMS allows SQL Injection, as demonstrated by a request to the /busca or /home URI.2018-09-26not yet calculatedCVE-2018-17410
MISC
hpe — device_entitlement_gateway
 
A potential security vulnerability has been identified in HPE Device Entitlement Gateway (DEG) v3.2.4, v3.3 and v3.3.1. The vulnerability could be remotely exploited to allow local SQL injection and elevation of privilege.2018-09-27not yet calculatedCVE-2018-7107
CONFIRM
hpe — enhanced_internet_usage_manager
 
HPE has addressed a remote arbitrary file modification vulnerability in HPE enhanced Internet Usage Manager (eIUM) v9.0FP1 with the cumulative patch for v9.0FP1 – eIUM90FP01XXX.YYYYMMDD-HHMM.2018-09-27not yet calculatedCVE-2018-7109
CONFIRM
hpe — integrated_lights-out_5
 
A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90 could be remotely exploited to execute arbitrary code.2018-09-27not yet calculatedCVE-2018-7105
SECTRACK
CONFIRM
hpe — integrated_lights-out_5
 
A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90 could be remotely exploited to disclose sensitive information.2018-09-27not yet calculatedCVE-2018-7106
SECTRACK
CONFIRM
hpe — integrated_lights_out_4
 
A potential remote denial of service security vulnerability has been identified in HPE Integrated Lights Out 4 prior to v2.60 and iLO 5 for Gen 10 servers prior to v1.30.2018-09-27not yet calculatedCVE-2018-7101
SECTRACK
CONFIRM
hpe — intelligent_management_center_wireless-services_manager_software
 
A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02.2018-09-27not yet calculatedCVE-2018-7104
CONFIRM
hpe — intelligent_management_center_wireless_services_manager_software
 
A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02.2018-09-27not yet calculatedCVE-2018-7103
CONFIRM
hpe — intelligent_management_center
 
A security vulnerability in HPE Intelligent Management Center (iMC) PLAT E0506P09, createFabricAutoCfgFile could be remotely exploited via directory traversal to allow remote arbitrary file modification.2018-09-27not yet calculatedCVE-2018-7102
CONFIRM
hpe — storageworks_xp7_automation_director
 
HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to earlier than 8.6.1-00 has a local and remote authentication bypass vulnerability that exposed the user authentication information of the storage system. This problem sometimes occurred under specific conditions when running a service template.2018-09-27not yet calculatedCVE-2018-7108
SECTRACK
CONFIRM
huawei — multiple_products
 
Some Huawei products Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C170B253CUSTC170D001, AGS-L09C199B251CUSTC199D001, AGS-L09C229B003CUSTC229D001, Agassi-W09 AGS-W09C100B257CUSTC100D001, AGS-W09C128B252CUSTC128D001, AGS-W09C170B252CUSTC170D001, AGS-W09C229B251CUSTC229D001, AGS-W09C331B003CUSTC331D001, AGS-W09C794B001CUSTC794D001, Baggio2-U01A BG2-U01C100B160CUSTC100D001, BG2-U01C170B160CUSTC170D001, BG2-U01C199B162CUSTC199D001, BG2-U01C209B160CUSTC209D001, BG2-U01C333B160CUSTC333D001, Bond-AL00C Bond-AL00CC00B201, Bond-AL10B Bond-AL10BC00B201, Bond-TL10B Bond-TL10BC01B201, Bond-TL10C Bond-TL10CC01B131, Haydn-L1JB HDN-L1JC137B068, Kobe-L09A KOB-L09C100B252CUSTC100D001, KOB-L09C209B002CUSTC209D001, KOB-L09C362B001CUSTC362D001, Kobe-L09AHN KOB-L09C233B226, Kobe-W09C KOB-W09C128B251CUSTC128D001, LelandP-L22C 8.0.0.101(C675CUSTC675D2), LelandP-L22D 8.0.0.101(C675CUSTC675D2), Rhone-AL00 Rhone-AL00C00B186, Selina-L02 Selina-L02C432B153, Stanford-L09S Stanford-L09SC432B183, Toronto-AL00 Toronto-AL00C00B223, Toronto-AL00A Toronto-AL00AC00B223, Toronto-TL10 Toronto-TL10C01B223 have a sensitive information leak vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the input, successful exploitation can cause sensitive information leak.2018-09-26not yet calculatedCVE-2018-7907
CONFIRM
hylafax — hylafax
 
HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file.2018-09-21not yet calculatedCVE-2018-17141
CONFIRM
MLIST
MLIST
BUGTRAQ
DEBIAN
MISC
ibm — datapower_gateway
 
IBM DataPower Gateway 7.1.0.0 – 7.1.0.23, 7.2.0.0 – 7.2.0.21, 7.5.0.0 – 7.5.0.16, 7.5.1.0 – 7.5.1.15, 7.5.2.0 – 7.5.2.15, and 7.6.0.0 – 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 – 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 144950.2018-09-25not yet calculatedCVE-2018-1669
XF
CONFIRM
ibm — datapower_gateway
 
IBM DataPower Gateway 7.1.0.0 – 7.1.0.23, 7.2.0.0 – 7.2.0.21, 7.5.0.0 – 7.5.0.16, 7.5.1.0 – 7.5.1.15, 7.5.2.0 – 7.5.2.15, and 7.6.0.0 – 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 – 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. IBM X-Force ID: 144890.2018-09-25not yet calculatedCVE-2018-1664
XF
CONFIRM
ibm — db2_for_linux_unix_and_windows
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability in db2cacpy that could allow a local user to read any file on the system. IBM X-Force ID: 145502.2018-09-21not yet calculatedCVE-2018-1685
BID
SECTRACK
XF
CONFIRM
ibm — db2_for_linux_unix_and_windows
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 146369.2018-09-21not yet calculatedCVE-2018-1711
BID
XF
CONFIRM
ibm — db2_for_linux_unix_and_windows
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 146364.2018-09-21not yet calculatedCVE-2018-1710
BID
XF
CONFIRM
ibm — jazz_foundation_lifecycle_manager
 
IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 143501.2018-09-25not yet calculatedCVE-2018-1588
XF
CONFIRM
ibm — platform_symphony_and_spectrum_symphony
 
IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 146339.2018-09-28not yet calculatedCVE-2018-1704
XF
CONFIRM
ibm — platform_symphony_and_spectrum_symphony
 
IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 146189.2018-09-28not yet calculatedCVE-2018-1702
XF
CONFIRM
ibm — rational_doors_next_generation
 
IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143931.2018-09-26not yet calculatedCVE-2018-1610
CONFIRM
XF
ibm — rational_engineering_lifecycle_manager
 
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. IBM X-Force ID: 142561.2018-09-25not yet calculatedCVE-2018-1539
XF
CONFIRM
ibm — rational_engineering_lifecycle_manager
 
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144885.2018-09-25not yet calculatedCVE-2018-1659
XF
CONFIRM
ibm — rational_engineering_lifecycle_manager
 
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 143797.2018-09-25not yet calculatedCVE-2018-1607
XF
CONFIRM
ibm — rational_engineering_lifecycler_manager
 
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142958.2018-09-25not yet calculatedCVE-2018-1560
XF
CONFIRM
ibm — spectrum_protect_plus
 
IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622.2018-09-26not yet calculatedCVE-2018-1768
CONFIRM
SECTRACK
XF
ibm — spectrum_protect
 
IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. IBM X-Force ID: 142696.2018-09-26not yet calculatedCVE-2018-1550
CONFIRM
XF
ibm — tivoli_storage_manager
 
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 148870.2018-09-26not yet calculatedCVE-2018-1785
CONFIRM
SECTRACK
XF
ibm — tivoli_storage_manager
 
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 142649.2018-09-26not yet calculatedCVE-2018-1545
CONFIRM
XF
ibm — websphere_application_server_liberty
 
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to encrypt ORB communication. IBM X-Force ID: 145455.2018-09-26not yet calculatedCVE-2018-1683
SECTRACK
XF
CONFIRM
ibm — websphere_portal
 
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144886.2018-09-27not yet calculatedCVE-2018-1660
XF
CONFIRM
ibm — websphere_portal
 
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906.2018-09-27not yet calculatedCVE-2018-1736
XF
CONFIRM
ibm — websphere_portal
 
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164.2018-09-27not yet calculatedCVE-2018-1716
XF
CONFIRM
ibm — websphere_portal
 
IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096.2018-09-27not yet calculatedCVE-2018-1820
XF
CONFIRM
inedo — proget
 
Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings.2018-09-26not yet calculatedCVE-2017-15608
CONFIRM
CONFIRM
intel — core_processor
 
Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication.2018-09-21not yet calculatedCVE-2018-12169
BID
CONFIRM
CONFIRM
iobit — advanced_systemcare
 
IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send a specially crafted IOCTL 0x9C406104 to read physical memory.2018-09-26not yet calculatedCVE-2018-16712
MISC
iobit — advanced_systemcare
 
IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402088) with a buffer containing user defined content. The driver’s subroutine will execute a wrmsr instruction with the user’s buffer for input.2018-09-26not yet calculatedCVE-2018-16711
MISC
iobit — advanced_systemcare
 
IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402084) with a buffer containing user defined content. The driver’s subroutine will execute a rdmsr instruction with the user’s buffer for input, and provide output from the instruction.2018-09-26not yet calculatedCVE-2018-16713
MISC

isweb — cms_isweb

CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information.2018-09-27not yet calculatedCVE-2018-14956
MISC
MISC
MISC
isweb — cms_isweb
 
CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggetto_documenti/../.././inc/config.php (one can take the control of the application because credentials are present in that config.php file).2018-09-27not yet calculatedCVE-2018-14957
MISC
iway — data_quality_suite_web_console
 
An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20.2018-09-26not yet calculatedCVE-2018-17411
MISC
javamelody — javamelody
 
JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.2018-09-26not yet calculatedCVE-2018-15531
MLIST
CONFIRM
CONFIRM
CONFIRM
jekyll — jekyll
 
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the “include” key in the “_config.yml” file.2018-09-27not yet calculatedCVE-2018-17567
CONFIRM
CONFIRM
joomla! — joomla!
 
SQL Injection exists in the Article Factory Manager 4.3.9 component for Joomla! via the start_date, m_start_date, or m_end_date parameter.2018-09-27not yet calculatedCVE-2018-17380
MISC
EXPLOIT-DB
joomla! — joomla!
 
SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla! via the eid parameter.2018-09-27not yet calculatedCVE-2018-17394
MISC
EXPLOIT-DB
joomla! — joomla!
 
SQL Injection exists in the Collection Factory 4.1.9 component for Joomla! via the filter_order or filter_order_Dir parameter.2018-09-27not yet calculatedCVE-2018-17383
MISC
EXPLOIT-DB
joomla! — joomla!
 
SQL Injection exists in the Penny Auction Factory 2.0.4 component for Joomla! via the filter_order_Dir or filter_order parameter.2018-09-27not yet calculatedCVE-2018-17378
MISC
EXPLOIT-DB
joomla! — joomla!
 
SQL Injection exists in the Swap Factory 2.2.1 component for Joomla! via the filter_order_Dir or filter_order parameter.2018-09-27not yet calculatedCVE-2018-17384
MISC
EXPLOIT-DB
joomla! — joomla!
 
SQL Injection exists in the Reverse Auction Factory 4.3.8 component for Joomla! via the filter_order_Dir, cat, or filter_letter parameter.2018-09-27not yet calculatedCVE-2018-17376
MISC
EXPLOIT-DB
joomla! — joomla!
 
SQL Injection exists in the Social Factory 3.8.3 component for Joomla! via the radius[lat], radius[lng], or radius[radius] parameter.2018-09-27not yet calculatedCVE-2018-17385
MISC
EXPLOIT-DB
joomla! — joomla!
 
SQL Injection exists in the Questions 1.4.3 component for Joomla! via the term, userid, users, or groups parameter.2018-09-27not yet calculatedCVE-2018-17377
MISC
EXPLOIT-DB
joomla! — joomla!
 
SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for Joomla! via the letter parameter.2018-09-27not yet calculatedCVE-2018-17397
MISC
EXPLOIT-DB
joomla! — joomla!
 
SQL Injection exists in the Raffle Factory 3.5.2 component for Joomla! via the filter_order_Dir or filter_order parameter.2018-09-27not yet calculatedCVE-2018-17379
MISC
EXPLOIT-DB
joomla! — joomla!
 
SQL Injection exists in the Music Collection 3.0.3 component for Joomla! via the id parameter.2018-09-27not yet calculatedCVE-2018-17375
MISC
EXPLOIT-DB
joomla! — joomla!
 
SQL Injection exists in the Jobs Factory 2.0.4 component for Joomla! via the filter_letter parameter.2018-09-27not yet calculatedCVE-2018-17382
MISC
EXPLOIT-DB
lenovo — iomega_and_lenovo_and_lenovoemc_nas_devicesFor some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS’s web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie’s value to compromise the user’s session.2018-09-28not yet calculatedCVE-2018-9080
CONFIRM
lenovo — iomega_and_lenovo_and_lenovoemc_nas_devicesFor some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device’s operating system as the root user.2018-09-28not yet calculatedCVE-2018-9074
CONFIRM
lenovo — iomega_and_lenovo_and_lenovoemc_nas_devicesFor some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick ““” characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.2018-09-28not yet calculatedCVE-2018-9077
CONFIRM
lenovo — iomega_and_lenovo_and_lenovoemc_nas_devicesFor some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger.2018-09-28not yet calculatedCVE-2018-9081
CONFIRM
lenovo — iomega_and_lenovo_and_lenovoemc_nas_devicesFor some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user’s current password to set a new one. As a result, attackers with access to the user’s session tokens can change their password and retain access to the user’s account2018-09-28not yet calculatedCVE-2018-9082
CONFIRM
lenovo — iomega_and_lenovo_and_lenovoemc_nas_devicesFor some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the origin of the device.2018-09-28not yet calculatedCVE-2018-9079
CONFIRM
lenovo — iomega_and_lenovo_and_lenovoemc_nas_devicesFor some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device’s origin instead of prompting to download the asset. The application does not prevent the user from uploading SVG images and returns these images within their origin. As a result, malicious users can upload SVG images that contain arbitrary JavaScript that is evaluated when the victim issues a request to download the file.2018-09-28not yet calculatedCVE-2018-9078
CONFIRM
lenovo — iomega_and_lenovo_and_lenovoemc_nas_devicesFor some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick ““” characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.2018-09-28not yet calculatedCVE-2018-9075
CONFIRM
lenovo — iomega_and_lenovo_and_lenovoemc_nas_devicesFor some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick ““” characters in the name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.2018-09-28not yet calculatedCVE-2018-9076
CONFIRM
lg — supersign_cms
 
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.2018-09-21not yet calculatedCVE-2018-17173
MISC
EXPLOIT-DB
linux — linux_kernel
 
An integer overflow flaw was found in the Linux kernel’s create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.2018-09-25not yet calculatedCVE-2018-14634
BID
REDHAT
REDHAT
CONFIRM
MLIST
linux — linux_kernel
 
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target’s code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable.2018-09-24not yet calculatedCVE-2018-14633
BID
CONFIRM
CONFIRM
CONFIRM
MISC
linux — linux_kernel
 
An issue was discovered in the Linux kernel through 4.18.6. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.2018-09-21not yet calculatedCVE-2018-16597
BID
CONFIRM
CONFIRM
mcafee — true_keyCross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site.2018-09-24not yet calculatedCVE-2018-6682
CONFIRM
mcafee — true_key
 
DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware.2018-09-24not yet calculatedCVE-2018-6700
CONFIRM
mcms — mcms
 
An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do.2018-09-23not yet calculatedCVE-2018-17366
MISC
microsoft — exchange_server
 
Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.2018-09-21not yet calculatedCVE-2018-16793
MISC
FULLDISC
BID
BUGTRAQ
microsoft — sql_server
 
An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xp_cmdshell for the further privilege elevation.2018-09-27not yet calculatedCVE-2018-16659
EXPLOIT-DB
modx — revolution
 
MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action.2018-09-26not yet calculatedCVE-2018-17556
MISC
open_ticket_request_system — open_ticket_request_system
 
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a logged in user opens it, the email could cause the browser to load external image or CSS resources.2018-09-27not yet calculatedCVE-2018-16586
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
open_ticket_request_system — open_ticket_request_system
 
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to.2018-09-27not yet calculatedCVE-2018-16587
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
otcms — otcms
 
OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter.2018-09-23not yet calculatedCVE-2018-17364
MISC
pcprotect — anti-virus
 
PCProtect Anti-Virus v4.8.35 has “Everyone: (F)” permission for %PROGRAMFILES(X86)%PCProtect, which allows local users to gain privileges by replacing an executable file with a Trojan horse.2018-09-28not yet calculatedCVE-2018-17776
EXPLOIT-DB
pdfalto — pdfalto
 
An issue has been found in pdfalto through 0.2. It is a heap-based buffer overflow in the function TextPage::dump in XmlAltoOutputDev.cc.2018-09-23not yet calculatedCVE-2018-17338
MISC
MISC
pfsense — pfsense
 
An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense before 2.4.4 due to its passing user input from the $_POST parameters “ifdescr” and “ipv” to a shell without escaping the contents of the variables. This allows an authenticated WebGUI user with privileges for the affected page to execute commands in the context of the root user when submitting a request to relinquish a DHCP lease for an interface which is configured to obtain its address via DHCP.2018-09-26not yet calculatedCVE-2018-16055
CONFIRM
philips — e-alert_unit
 
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The Philips e-Alert contains a banner disclosure vulnerability that could allow attackers to obtain extraneous product information, such as OS and software components, via the HTTP response header that is normally not available to the attacker, but might be useful information in an attack.2018-09-26not yet calculatedCVE-2018-14803
BID
MISC
CONFIRM
philips — e-alert_unit
 
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel is not encrypted which could therefore lead to disclosure of personal contact information and application login credentials from within the same subnet.2018-09-26not yet calculatedCVE-2018-8842
BID
MISC
CONFIRM
philips — e-alert_unit
 
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor.2018-09-26not yet calculatedCVE-2018-8848
BID
MISC
CONFIRM
philips — e-alert_unit
 
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not validate input properly, allowing an attacker to craft the input in a form that is not expected by the rest of the application. This would lead to parts of the unit receiving unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution.2018-09-26not yet calculatedCVE-2018-8850
BID
MISC
CONFIRM
philips — e-alert_unit
 
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. When authenticating a user or otherwise establishing a new user session, the software gives an attacker the opportunity to steal authenticated sessions without invalidating any existing session identifier.2018-09-26not yet calculatedCVE-2018-8852
BID
MISC
CONFIRM
philips — e-alert_unit
 
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.2018-09-26not yet calculatedCVE-2018-8844
BID
MISC
CONFIRM
philips — e-alert_unit
 
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is then served to other users.2018-09-26not yet calculatedCVE-2018-8846
BID
MISC
CONFIRM
philips — e-alert_unit
 
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not properly restrict the size or amount of resources requested or influenced by an actor, which can be used to consume more resources than intended.2018-09-26not yet calculatedCVE-2018-8854
BID
MISC
CONFIRM
philips — ee-alert_unit
 
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data.2018-09-26not yet calculatedCVE-2018-8856
BID
MISC
CONFIRM
postman — postman
 
An information-disclosure issue was discovered in Postman through 6.3.0. It validates a server’s X.509 certificate and presents an error if the certificate is not valid. Unfortunately, the associated HTTPS request data is sent anyway. Only the response is not displayed. Thus, all contained information of the HTTPS request is disclosed to a man-in-the-middle attacker (for example, user credentials).2018-09-26not yet calculatedCVE-2018-17215
BUGTRAQ
MISC
progress — kendo_ui_editor
 
Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If the victim accesses the editor, the payload gets executed. Furthermore, if the payload is reflected at any other resource that does rely on the sanitisation of the editor itself, the JavaScript payload will be executed in the context of the application. This allows attackers (in the worst case) to take over user sessions.2018-09-27not yet calculatedCVE-2018-14037
FULLDISC
FULLDISC
MISC
progress — sitefinity_cms
 
Cross-site scripting (XSS) vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-09-27not yet calculatedCVE-2018-17056
CONFIRM
progress — sitefinity_cms
 
An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads.2018-09-27not yet calculatedCVE-2018-17055
CONFIRM
publiccms — publiccms
 
An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks.2018-09-23not yet calculatedCVE-2018-17368
MISC
python — elemttree_c_accelerator
 
Python’s elementtree C accelerator failed to initialise Expat’s hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat’s internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.2018-09-24not yet calculatedCVE-2018-14647
BID
SECTRACK
MISC
CONFIRM
DEBIAN
DEBIAN
ricoh — aficio_mp_301_printer
 
On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.2018-09-26not yet calculatedCVE-2018-17312
MISC
ricoh — aficio_mp_305+_printer
 
On the RICOH Aficio MP 305+ printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.2018-09-26not yet calculatedCVE-2018-17314
MISC
ricoh — mp_c1803_printerOn the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.2018-09-26not yet calculatedCVE-2018-17310
MISC
ricoh — mp_c2003_printer
 
On the RICOH MP C2003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.2018-09-26not yet calculatedCVE-2018-17315
MISC
ricoh — mp_c307_printer
 
On the RICOH MP C307 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.2018-09-26not yet calculatedCVE-2018-17313
MISC
ricoh — mp_c406z_printer
 
On the RICOH MP C406Z printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.2018-09-26not yet calculatedCVE-2018-17309
MISC
ricoh — mp_c6003_printer
 
On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.2018-09-26not yet calculatedCVE-2018-17316
MISC
ricoh — mp_c6503_printer
 
On the RICOH MP C6503 Plus printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.2018-09-26not yet calculatedCVE-2018-17311
MISC
rsa — authentication_manager
 
RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console. A malicious Operations Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser.2018-09-28not yet calculatedCVE-2018-11073
SECTRACK
FULLDISC
rsa — authentication_manager
 
RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. A remote, unauthenticated malicious user, with the knowledge of a target user’s anti-CSRF token, could potentially exploit this vulnerability by tricking a victim Security Console user to supply malicious HTML or JavaScript code to the vulnerable web application, which code is then executed by the victim’s web browser in the context of the vulnerable web application.2018-09-28not yet calculatedCVE-2018-11075
SECTRACK
FULLDISC
rsa — authentication_manager
 
RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to the browser DOM, which code is then executed by the web browser in the context of the vulnerable web application.2018-09-28not yet calculatedCVE-2018-11074
SECTRACK
FULLDISC
rxtec — rxadmin
 
Multiple SQL injection vulnerabilities in the login page in RXTEC RXAdmin UPDATE 06 / 2012 allow remote attackers to execute arbitrary SQL commands via the (1) loginpassword, (2) loginusername, (3) zusatzlicher, or (4) groupid parameter to index.htm, or the (5) rxtec cookie to index.htm.2018-09-24not yet calculatedCVE-2015-8298
MISC
FULLDISC
MISC
salesagility — suitecrm
 
An XSS issue was discovered in SalesAgility SuiteCRM 7.x before 7.8.21 and 7.10.x before 7.10.8, related to phishing an error message.2018-09-26not yet calculatedCVE-2018-15606
CONFIRM
samsung — email
 
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of EML files. The issue results from the lack of proper validation of user-supplied data, which can allow arbitrary JavaScript to execute. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5328.2018-09-24not yet calculatedCVE-2018-10497
MISC
samsung — email
 
This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of file:/// URIs. The issue lies in the lack of proper validation of user-supplied data, which can allow for reading arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges. Was ZDI-CAN-5329.2018-09-24not yet calculatedCVE-2018-10498
MISC
samsung — galaxy_appsThis vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of URLs. The issue lies in the lack of proper validation of user-supplied data, which can allow arbitrary JavaScript to execute. An attacker can leverage this vulnerability to install applications under the context of the current user. Was ZDI-CAN-5330.2018-09-24not yet calculatedCVE-2018-10499
MISC
samsung — galaxy_appsThis vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 4.2.18.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of a staging mode. The issue lies in the ability to change the configuration based on the presence of a file in an user-controlled location. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5359.2018-09-24not yet calculatedCVE-2018-10502
MISC
samsung — galaxy_appsThis vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of push messages. The issue lies in the ability to start an activity with controlled arguments. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5331.2018-09-24not yet calculatedCVE-2018-10500
MISC
samsung — galaxy_s8This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S8 G950FXXU1AQL5. User interaction is required to exploit this vulnerability in that the target must have their cellular radios enabled. The specific flaw exists within the handling of IPCP headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the baseband processor. Was ZDI-CAN-5368.2018-09-24not yet calculatedCVE-2018-14318
MISC
samsung — internet_browser
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Internet Browser Fixed in version 6.4.0.15. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TypedArray objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5326.2018-09-24not yet calculatedCVE-2018-10496
MISC
samsung — membersThis vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Intents. The issue lies in the ability to send an Intent that would not otherwise be reachable. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5361.2018-09-24not yet calculatedCVE-2018-11614
MISC
samsung –notesThis vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Notes Fixed in version 2.0.02.31. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of ZIP files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5358.2018-09-24not yet calculatedCVE-2018-10501
MISC
sbi — sbibuddy
 
The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow an attacker to sniff private information such as mobile number, PAN number (from a government-issued ID), and date of birth.2018-09-23not yet calculatedCVE-2018-17404
MISC
seacms — seacms
 
SeaCMS 6.64 allows remote attackers to delete arbitrary files via the filedir parameter.2018-09-26not yet calculatedCVE-2018-17365
MISC
seunex — super_cms_blog_pro
 
SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter.2018-09-27not yet calculatedCVE-2018-17391
MISC
EXPLOIT-DB
sosreport — sos-collector
 
It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory.2018-09-27not yet calculatedCVE-2018-14650
CONFIRM
CONFIRM
springboot_authority — springboot_authority
 
An issue was discovered in springboot_authority through 2017-03-06. There is stored XSS via the admin/role/edit roleKey, name, or description parameter.2018-09-23not yet calculatedCVE-2018-17369
MISC
strongswan — strongswan
 
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568.2018-09-26not yet calculatedCVE-2018-16152
MLIST
UBUNTU
DEBIAN
CONFIRM
strongswan — strongswan
 
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication.2018-09-26not yet calculatedCVE-2018-16151
MLIST
UBUNTU
DEBIAN
CONFIRM
suse — linux_enterprise
 
Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). Non-existing intermediate directories are created with mode 0777 during user creation. Given that they are world-writable, local attackers might use this for privilege escalation and other unspecified attacks. NOTE: this would affect non-SUSE users who took useradd.c code from a 2014-04-02 upstream pull request; however, no non-SUSE distribution is known to be affected.2018-09-26not yet calculatedCVE-2018-16588
SUSE
swa — swa.jacad
 
SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter.2018-09-28not yet calculatedCVE-2018-17575
MISC
tcpreplay — tcpreplay
 
tcpreplay v4.3.0 contains a heap-based buffer over-read. The get_next_packet() function in the send_packets.c file uses the memcpy() function unsafely to copy sequences from the source buffer pktdata to the destination (*prev_packet)->pktdata. This will result in a Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a file.2018-09-28not yet calculatedCVE-2018-17582
MISC
MISC
tcpreplay — tcpreplay
 
A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of tcpreplay v4.3. This can lead to Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a crafted pcap file.2018-09-28not yet calculatedCVE-2018-17580
MISC
MISC
telegram — desktop
 
Telegram Desktop (aka tdesktop) 1.3.16 alpha, when “Use proxy” is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol.2018-09-28not yet calculatedCVE-2018-17613
MISC
MISC
telegram — desktop
 
Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, leaks end-user public and private IP addresses during a call because of an unsafe default behavior in which P2P connections are accepted from clients outside of the My Contacts list.2018-09-29not yet calculatedCVE-2018-17780
MISC
tetex — tetex
 
An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex.2018-09-23not yet calculatedCVE-2018-17407
MISC
MISC
DEBIAN
tgstation — tgstation-server
 
In Tgstation tgstation-server 3.2.4.0 through 3.2.1.0 (fixed in 3.2.5.0), active logins would be cached, allowing subsequent logins to succeed with any username or password.2018-09-24not yet calculatedCVE-2018-17107
CONFIRM
thinkphp — thinkphp
 
In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition’s value can be controlled by a user’s request.2018-09-26not yet calculatedCVE-2018-17566
MISC
tp-link — eap_controller
 
The TP-LINK EAP Controller is TP-LINK’s software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode.2018-09-28not yet calculatedCVE-2018-5393
BID
CERT-VN
trend_micro — deep_discovery_inspector
 
A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations. An attacker must be an authenticated user in order to exploit the vulnerability.2018-09-28not yet calculatedCVE-2018-15365
MISC
CONFIRM
ubuntu — udisks
 
UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings.2018-09-22not yet calculatedCVE-2018-17336
MISC
UBUNTU
vanilla — vanilla
 
Vanilla before 2.6.1 allows XSS via the email field of a profile.2018-09-28not yet calculatedCVE-2018-17571
MISC
viabtc — exchange_server
 
network/nw_buf.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption.2018-09-26not yet calculatedCVE-2018-17569
MISC
MISC
viabtc — exchange_server
 
utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption.2018-09-26not yet calculatedCVE-2018-17568
MISC
MISC
viabtc — exchange_server
 
utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption.2018-09-26not yet calculatedCVE-2018-17570
MISC
MISC
weaselcms — weaselcms
 
Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php because $_SERVER[‘PHP_SELF’] is mishandled.2018-09-23not yet calculatedCVE-2018-17361
MISC
wecon_technology — levistudiouWECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files.2018-09-26not yet calculatedCVE-2018-10602
BID
MISC
wecon_technology — levistudiouWECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple heap-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files.2018-09-26not yet calculatedCVE-2018-10606
BID
MISC
wordpress — wordpress
 
The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter.2018-09-24not yet calculatedCVE-2018-16283
FULLDISC
CONFIRM
MISC
EXPLOIT-DB
wordpress — wordpress
 
The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and fckeditor/editor/filemanager/connectors/uploadtest.html.2018-09-28not yet calculatedCVE-2018-17573
MISC
MISC
wordpress — wordpress
 
The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter.2018-09-24not yet calculatedCVE-2018-16299
FULLDISC
MISC
MISC
EXPLOIT-DB
xelerance — openswan
 
In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used. IKEv2 signature verification is affected when RAW RSA keys are used.2018-09-26not yet calculatedCVE-2018-15836
CONFIRM
CONFIRM
MLIST
xwiki — xwiki
 
The Image Import function in XWiki through 10.7 has XSS.2018-09-27not yet calculatedCVE-2018-16277
MISC
ymfe — yapi
 
An issue was discovered in YMFE YApi 1.3.23. There is stored XSS in the name field of a project.2018-09-28not yet calculatedCVE-2018-17574
MISC
zoho — manageengine_applications_manager
 
A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share.2018-09-26not yet calculatedCVE-2018-16364
MISC
zte — mf65
 
All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Due to improper neutralization of input during web page generation, an attacker could exploit this vulnerability to conduct reflected XSS or HTML injection attacks on the devices.2018-09-26not yet calculatedCVE-2018-7355
CONFIRM

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

This entry was posted in Alerts. Bookmark the permalink.