SB18-309: Vulnerability Summary for the Week of October 29, 2018

Original release date: November 05, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no medium vulnerabilities recorded this week.

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
vecna — vgo_robotIf an attacker has access to the firmware from the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to extract credentials.2018-10-30not yet calculatedCVE-2018-8858
MISC
spray-json — spray-json
 
Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of a field composed of many decimal digits.2018-10-31not yet calculatedCVE-2018-18853
MISC
libiec61850 — libiec61850
 
An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c.2018-10-30not yet calculatedCVE-2018-18834
MISC
MISC
doccms_2016 — doccms_2016
 
upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file.2018-10-30not yet calculatedCVE-2018-18835
MISC
semcms — semcms
 
XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexmetatit parameter.2018-10-30not yet calculatedCVE-2018-18840
MISC
semcms — semcmsXSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexkey parameter.2018-10-30not yet calculatedCVE-2018-18841
MISC
z-blogphp — z-blogphp
 
CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code.2018-10-30not yet calculatedCVE-2018-18842
MISC
MISC
acme_labs — mini_httpd
 
ACME mini_httpd before 1.30 lets remote users read arbitrary files.2018-10-29not yet calculatedCVE-2018-18778
MISC
octopus — deploy
 
In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes could upload a maliciously crafted YAML configuration, potentially allowing for remote execution of arbitrary code, running in the same context as the Octopus Server (for self-hosted installations by default, SYSTEM).2018-10-30not yet calculatedCVE-2018-18850
MISC
spray-json — spray-json
 
Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of many JSON object fields (with keys that have the same hash code).2018-10-31not yet calculatedCVE-2018-18854
MISC
mingsoft — mcms
 
An issue was discovered in commingsoftcmsactionGeneraterAction.java in MCMS 4.6.5. An attacker can write a .jsp file (in the position parameter) to an arbitrary directory via a ../ Directory Traversal in the url parameter.2018-10-30not yet calculatedCVE-2018-18831
MISC
tecrail — responsive_filemanager
 
An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495.2018-10-31not yet calculatedCVE-2018-18867
MISC
no-cms — no-cms
 
No-CMS 1.1.3 is prone to Persistent XSS via a contact_us name parameter, as demonstrated by the VG48Z5PqVWname parameter.2018-10-31not yet calculatedCVE-2018-18868
MISC
empirecms — empirecms
 
EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter.2018-10-31not yet calculatedCVE-2018-18869
MISC
jasper — jasper
 
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.2018-10-31not yet calculatedCVE-2018-18873
MISC
nc-cms — nc-cms
 
nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the “Upload File or Image” feature, with a .php filename and “Content-Type: application/octet-stream” to the index.php?action=file_manager_upload URI.2018-10-31not yet calculatedCVE-2018-18874
MISC
xen — xen
 
An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is not properly restricted.2018-10-31not yet calculatedCVE-2018-18883
SECTRACK
MISC
s-cms — s-cms
 
S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field).2018-10-31not yet calculatedCVE-2018-18887
MISC
dkcms — dkcms
 
admin/check.asp in DKCMS 9.4 allows SQL Injection via an ASPSESSIONID cookie to admin/admin.asp.2018-10-30not yet calculatedCVE-2018-18832
MISC
MISC
mcms — mcms
 
An issue was discovered in commingsoftbasicactionwebFileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercept the data packet. In the name parameter, change the suffix to jsp. In the response, the server returns the storage path of the file, which can be accessed to execute arbitrary JSP code.2018-10-30not yet calculatedCVE-2018-18830
MISC
minicms — minicms
 
MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename.2018-10-31not yet calculatedCVE-2018-18890
MISC
MISC
zzcms — zzcms
 
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.)2018-10-29not yet calculatedCVE-2018-18790
MISC
grapixel — new_mediaGrapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter.2018-10-30not yet calculatedCVE-2018-18822
EXPLOIT-DB
leostream — agentThe Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API.2018-10-29not yet calculatedCVE-2018-18817
MISC
zzcms — zzcms
 
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie.2018-10-29not yet calculatedCVE-2018-18792
MISC
libav — libav
 
There exists a heap-based buffer over-read in ff_vc1_pred_dc in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.2018-10-30not yet calculatedCVE-2018-18827
MISC
libav — libavThere exists a heap-based buffer overflow in vc1_decode_i_block_adv in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.2018-10-30not yet calculatedCVE-2018-18828
MISC
libav — libavThere exists a NULL pointer dereference in ff_vc1_parse_frame_header_adv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafted aac file.2018-10-30not yet calculatedCVE-2018-18829
MISC
zzcms — zzcmsAn issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie.2018-10-29not yet calculatedCVE-2018-18791
MISC
zzcms — zzcmsAn issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php.2018-10-29not yet calculatedCVE-2018-18789
MISC
ibm — robotic_process_automation_with_automation_anywhere
 
IBM Robotic Process Automation with Automation Anywhere 11 could disclose sensitive information in a web request that could aid in future attacks against the system. IBM X-Force ID: 151714.2018-11-02not yet calculatedCVE-2018-1878
XF
CONFIRM
zzcms — zzcmsAn issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.)2018-10-29not yet calculatedCVE-2018-18788
MISC
zzcms — zzcmsAn issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie.2018-10-29not yet calculatedCVE-2018-18787
MISC
zzcms — zzcmsAn issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie.2018-10-29not yet calculatedCVE-2018-18786
MISC
zzcms — zzcmsAn issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php.2018-10-29not yet calculatedCVE-2018-18785
MISC
zzcms — zzcmsAn issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.)2018-10-29not yet calculatedCVE-2018-18784
MISC
semcms — semcms
 
XSS was discovered in SEMCMS V3.4 via the semcms_remail.php?type=ok umail parameter.2018-10-29not yet calculatedCVE-2018-18783
MISC
dedecms — dedecms
 
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter.2018-10-29not yet calculatedCVE-2018-18782
MISC
dedecms — dedecmsDedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter.2018-10-29not yet calculatedCVE-2018-18781
MISC
laravelcms — laravelcms 
 
An issue was discovered in laravelCMS through 2018-04-02. appHttpControllersBackendProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed.2018-10-31not yet calculatedCVE-2018-18888
MISC
minicms — minicms
 
MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late.2018-10-31not yet calculatedCVE-2018-18891
MISC
MISC
pagoda — linux_panel
 
Pagoda Linux panel V6.0 has XSS via the verification code associated with an invalid account login. A crafted code is mishandled during rendering of the login log.2018-10-30not yet calculatedCVE-2018-18825
MISC
webiness — inventory
 
Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter.2018-10-29not yet calculatedCVE-2018-18752
MISC
lulu — cms
 
An issue was discovered in LuLu CMS through 2015-05-14. backendmodulesfilemanagercontrollersDefaultController.php allows arbitrary file upload by entering a filename, directory name, and PHP code into the three text input fields.2018-10-29not yet calculatedCVE-2018-18771
MISC
ibm — robotic_process_automation_with_automation_anywhereIBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. IBM X-Force ID: 151713.2018-11-02not yet calculatedCVE-2018-1877
CONFIRM
XF
cesanta — mongooseAn exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.2018-10-29not yet calculatedCVE-2018-18765
MISC
cesanta — mongooseAn exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in a parse_mqtt getu16 call. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.2018-10-29not yet calculatedCVE-2018-18764
MISC
MISC
ibm — robotic_process_automation_with_automation_anywhereIBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control Room log file after installation. IBM X-Force ID: 151707.2018-11-02not yet calculatedCVE-2018-1876
XF
CONFIRM
zyxel — vmg3312-b10b_devices
 
ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file.2018-10-29not yet calculatedCVE-2018-18754
MISC
typecho — typecho
 
Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF.2018-10-29not yet calculatedCVE-2018-18753
MISC
green_electronics — rainmachine_mini-8
 
The ‘Weather Service’ feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an attacker to inject arbitrary Python code via the ‘Add new weather data source’ upload function.2018-11-01not yet calculatedCVE-2018-6012
MISC
minicms — minicms
 
MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php.2018-10-31not yet calculatedCVE-2018-18892
MISC
MISC
linux — kernel
 
The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace.2018-10-26not yet calculatedCVE-2018-6559
BID
CONFIRM
CONFIRM
CONFIRM
green_electronics — rainmachine_mini-8A persistent Cross Site Scripting (XSS) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API.2018-11-01not yet calculatedCVE-2018-6906
MISC
green_electronics — rainmachine_mini-8A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API.2018-11-01not yet calculatedCVE-2018-6907
MISC
green_electronics — rainmachine_mini-8An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP ‘Host’ header, as demonstrated by retrieving credentials.2018-11-01not yet calculatedCVE-2018-6908
MISC
green_electronics — rainmachine_mini-8A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request.2018-11-01not yet calculatedCVE-2018-6909
MISC
zte — zxr10_8905e
 
All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attackers to spoof connections.2018-11-01not yet calculatedCVE-2018-7356
CONFIRM
schneider_electric — modicon_m221
 
A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device.2018-11-02not yet calculatedCVE-2018-7798
CONFIRM
schneider_electric — schneider_electric_software_updateA DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file.2018-11-02not yet calculatedCVE-2018-7799
MISC
CONFIRM
green_electronics — rainmachine_mini-8The time-based one-time-password (TOTP) function in the application logic of the Green Electronics RainMachine Mini-8 (2nd generation) uses the administrator’s password hash to generate a 6-digit temporary passcode that can be used for remote and local access, aka a “Use of Password Hash Instead of Password for Authentication” issue. This is exploitable by an attacker who discovers a hash value in the rainmachine-settings.sqlite file.2018-11-01not yet calculatedCVE-2018-6011
MISC
libsdl — sdl_image
 
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.2018-11-01not yet calculatedCVE-2018-3977
MISC
microstrategy — web
 
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product.2018-11-01not yet calculatedCVE-2018-18775
MISC
EXPLOIT-DB
yi — home_camera_27us
 
An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return address from the password_dst field2018-11-02not yet calculatedCVE-2018-3899
MISC
poppler — poppler
 
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.2018-11-02not yet calculatedCVE-2018-18897
MISC
vanilla — vanilla
 
Vanilla 2.6.x before 2.6.4 allows remote code execution.2018-11-03not yet calculatedCVE-2018-18903
MISC
MISC
xheditor — xheditor
 
xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor’s source-code view.2018-11-03not yet calculatedCVE-2018-18909
MISC
exiv2 — exiv2
 
There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack.2018-11-03not yet calculatedCVE-2018-18915
MISC
yi — home_camera_27usAn exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw and command injection, resulting in code execution. An attacker can insert an SD card to trigger this vulnerability.2018-11-02not yet calculatedCVE-2018-3890
MISC
yi — home_camera_27usAn exploitable firmware downgrade vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw, resulting in a firmware downgrade. An attacker can insert an SD card to trigger this vulnerability.2018-11-02not yet calculatedCVE-2018-3891
MISC
yi — home_camera_27usAn exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can intercept and alter network traffic to trigger this vulnerability.2018-11-02not yet calculatedCVE-2018-3892
MISC
yi — home_camera_27usAn exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return address from the ssid_dst field.2018-11-02not yet calculatedCVE-2018-3898
MISC
microstrategy — webDirectory traversal vulnerability in Microstrategy Web, version 7, in “/WebMstr7/servlet/mstrWeb” (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product.2018-11-01not yet calculatedCVE-2018-18777
MISC
EXPLOIT-DB
yi — home_camera_27usAn exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D. An attacker can sniff network traffic to exploit this vulnerability.2018-11-01not yet calculatedCVE-2018-3947
MISC
microstrategy — webMicrostrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product.2018-11-01not yet calculatedCVE-2018-18776
MISC
EXPLOIT-DB
yi — home_camera_27usAn exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. An attacker can make the camera scan a QR code to trigger this vulnerability. Alternatively, a user could be convinced to display a QR code from the internet to their camera, which could exploit this vulnerability.2018-11-01not yet calculatedCVE-2018-3900
MISC
yi — home_camera_27usAn exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted SSID can cause a command injection, resulting in code execution. An attacker can cause a camera to connect to this SSID to trigger this vulnerability. Alternatively, an attacker can convince a user to connect their camera to this SSID.2018-11-01not yet calculatedCVE-2018-3910
MISC
yi — home_camera_27usAn exploitable code execution vulnerability exists in the firmware update functionality of the Yi Home Camera 27US 1.8.7.0D. A specially crafted 7-Zip file can cause a CRC collision, resulting in a firmware update and code execution. An attacker can insert an SDcard to trigger this vulnerability.2018-11-02not yet calculatedCVE-2018-3920
MISC
yi — home_camera_27usAn exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability.2018-11-01not yet calculatedCVE-2018-3928
MISC
yi — home_camera_27usAn exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of packets to trigger this vulnerability.2018-11-02not yet calculatedCVE-2018-3934
MISC
yi — home_camera_27usAn exploitable code execution vulnerability exists in the UDP network functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can allocate unlimited memory, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability.2018-11-02not yet calculatedCVE-2018-3935
MISC
libav — libav
 
There exists a heap-based buffer overflow in vc1_decode_p_mb_intfi in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.2018-10-30not yet calculatedCVE-2018-18826
MISC
advantech — webaccessWebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow condition that allows for arbitrary remote code execution.2018-10-29not yet calculatedCVE-2018-17910
BID
SECTRACK
MISC
advantech — webaccessWADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API.2018-10-31not yet calculatedCVE-2018-15706
MISC
advantech — webaccessAdvantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things.2018-10-31not yet calculatedCVE-2018-15707
MISC
advantech — webaccess
 
WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code.2018-10-29not yet calculatedCVE-2018-17908
BID
SECTRACK
MISC
advantech — webaccess
 
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code.2018-10-31not yet calculatedCVE-2018-15705
MISC
apache — web_server
 
The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.2018-10-31not yet calculatedCVE-2018-11759
MISC
apex-publish-static-files — apex-publish-static-filesA command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument.2018-10-30not yet calculatedCVE-2018-16462
MISC
artifex — mupdf
 
There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool.2018-10-26not yet calculatedCVE-2018-18662
BID
MISC
MISC
bitdefender — gravityzone_vmware
 
Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified vectors.2018-10-30not yet calculatedCVE-2017-8931
CONFIRM
catfish — cmsA CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33.2018-10-29not yet calculatedCVE-2018-18735
MISC
catfish — cmsAn XSS issue was discovered in catfish blog 2.0.33, related to “write source code.”2018-10-29not yet calculatedCVE-2018-18736
MISC
catfish — cmsA CSRF issue was discovered in admin/Index/addmanageuser.html in Catfish CMS 4.8.30.2018-10-29not yet calculatedCVE-2018-18734
MISC
catfish — cms
 
An XSS issue was discovered in Catfish CMS 4.8.30, related to “write source code,” a similar issue to CVE-2018-13999.2018-10-29not yet calculatedCVE-2018-18733
MISC
circontrol — circarlifeCircontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication.2018-11-02not yet calculatedCVE-2018-17922
MISC
circontrol — circarlife
 
Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page.2018-11-02not yet calculatedCVE-2018-17918
MISC
cisco — adaptive_security_appliance_and_firepower_threat_defense_softwareA vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of SIP traffic. An attacker could exploit this vulnerability by sending SIP requests designed to specifically trigger this issue at a high rate across an affected device. Software updates that address this vulnerability are not yet available.2018-11-01not yet calculatedCVE-2018-15454
BID
CISCO
clarkgrubb — data-tools
 
data-tools through 2017-07-26 has an Integer Overflow leading to an incorrect end value for the write_wchars function.2018-10-29not yet calculatedCVE-2018-18749
MISC
curl — curlA heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an ‘easy’ handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.2018-10-31not yet calculatedCVE-2018-16840
SECTRACK
CONFIRM
MISC
CONFIRM
UBUNTU
curl — curlCurl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.2018-10-31not yet calculatedCVE-2018-16842
SECTRACK
CONFIRM
MISC
CONFIRM
UBUNTU
UBUNTU
DEBIAN
curl — curl
 
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.2018-10-31not yet calculatedCVE-2018-16839
SECTRACK
CONFIRM
MISC
CONFIRM
UBUNTU
DEBIAN
douchat — douchat
 
An XXE issue was discovered in Douchat 4.0.4 because Datanotify.php calls simplexml_load_string. This can also be used for SSRF.2018-10-29not yet calculatedCVE-2018-18737
MISC
ee — 4gee_hh70_router
 
An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 devices. Hardcoded root SSH credentials were discovered to be stored within the “core_app” binary utilised by the EE router for networking services. An attacker with knowledge of the default password (oelinux123) could login to the router via SSH as the root user, which could allow for the loss of confidentiality, integrity, and availability of the system. This would also allow for the bypass of the “AP Isolation” mode that is supported by the router, as well as the settings for multiple Wireless networks, which a user may use for guest clients.2018-10-30not yet calculatedCVE-2018-10532
MISC
MISC
eleanor — cms
 
An issue was discovered in Eleanor CMS through 2015-03-19. XSS exists via the ajax.php?direct=admin&file=autocomplete&query=[XSS] URI.2018-10-29not yet calculatedCVE-2018-18717
MISC
f5 — big-ipIn BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, iControl and TMSH usage by authenticated users may leak a small amount of memory when executing commands2018-10-31not yet calculatedCVE-2018-15325
CONFIRM
f5 — big-ipOn BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, undisclosed traffic patterns may lead to denial of service conditions for the BIG-IP system. The configuration which exposes this condition is the BIG-IP self IP address which is part of a VLAN group and has the Port Lockdown setting configured with anything other than “allow-all”.2018-10-31not yet calculatedCVE-2018-15320
CONFIRM
f5 — big-ipOn BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, in certain circumstances, when processing traffic through a Virtual Server with an associated MQTT profile, the TMM process may produce a core file and take the configured HA action.2018-10-31not yet calculatedCVE-2018-15323
CONFIRM
f5 — big-ip_and_enterprise_managerIn BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.2018-10-31not yet calculatedCVE-2018-15327
CONFIRM
f5 — multiple_productsWhen BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place to limit TMSH commands. This is possible with an administrator or resource administrator roles when granted TMSH. Resource administrator roles must have TMSH access in order to perform this attack.2018-10-31not yet calculatedCVE-2018-15321
CONFIRM
f5 — multiple_productsOn BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 a BIG-IP user granted with tmsh access may cause the BIG-IP system to experience denial-of-service (DoS) when the BIG-IP user uses the tmsh utility to run the edit cli preference command and proceeds to save the changes to another filename repeatedly. This action utilises storage space on the /var partition and when performed repeatedly causes the /var partition to be full.2018-10-31not yet calculatedCVE-2018-15322
CONFIRM
f5 — big-ipOn BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.6, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with the non-default “normalize URI” configuration options used in iRules and/or BIG-IP LTM policies.2018-10-31not yet calculatedCVE-2018-15319
CONFIRM
f5 — big-ipIn BIG-IP 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, or 12.1.3.4-12.1.3.6, if an MPTCP connection receives a HUDCTL_ABORT while the initial flow is not the primary flow, the initial flow will remain after the MP_FASTCLOSE procedure is complete. TMM may restart and produce a core file as a result of this condition.2018-10-31not yet calculatedCVE-2018-15318
CONFIRM
f5 — big-ip_apmOn BIG-IP APM 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, TMM may restart when processing a specially crafted request with APM portal access.2018-10-31not yet calculatedCVE-2018-15324
CONFIRM
f5 — big-ip_apmIn some situations on BIG-IP APM 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.2, the CRLDP Auth access policy agent may treat revoked certificates as valid when the BIG-IP APM system fails to download a new Certificate Revocation List.2018-10-31not yet calculatedCVE-2018-15326
CONFIRM
f5 — big-ip
 
In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, an attacker sending specially crafted SSL records to a SSL Virtual Server will cause corruption in the SSL data structures leading to intermittent decrypt BAD_RECORD_MAC errors. Clients will be unable to access the application load balanced by a virtual server with an SSL profile until tmm is restarted.2018-10-31not yet calculatedCVE-2018-15317
CONFIRM
foxit — phantompdf
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF Phantom PDF 9.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within fxhtml2pdf. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6230.2018-10-29not yet calculatedCVE-2018-17706
CONFIRM
MISC
foxit — readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6353.2018-10-29not yet calculatedCVE-2018-17620
CONFIRM
MISC
foxit — readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Validate events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6352.2018-10-29not yet calculatedCVE-2018-17619
CONFIRM
MISC
foxit — readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of onBlur events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6334.2018-10-29not yet calculatedCVE-2018-17616
CONFIRM
MISC
foxit — readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Selection Change events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6336.2018-10-29not yet calculatedCVE-2018-17618
CONFIRM
MISC
foxit — readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Format events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6355.2018-10-29not yet calculatedCVE-2018-17621
CONFIRM
MISC
foxit — readerThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate events. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6354.2018-10-29not yet calculatedCVE-2018-17622
CONFIRM
MISC
foxit — readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Link objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6434.2018-10-29not yet calculatedCVE-2018-17623
CONFIRM
MISC
foxit — readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of onFocus events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6335.2018-10-29not yet calculatedCVE-2018-17617
CONFIRM
MISC
foxit — readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of OCG objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6435.2018-10-29not yet calculatedCVE-2018-17624
CONFIRM
MISC
foxit — reader
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Mouse Exit events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6333.2018-10-29not yet calculatedCVE-2018-17615
CONFIRM
MISC
fr.sauter_ag — case_suite
 
An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when processing parameter entities, which may allow remote file disclosure.2018-11-02not yet calculatedCVE-2018-17912
MISC
gnu — gettext
 
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.2018-10-29not yet calculatedCVE-2018-18751
MISC
MISC
gnu — binutilsAn issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.2018-10-29not yet calculatedCVE-2018-18701
MISC
gnu — binutilsAn issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.2018-10-29not yet calculatedCVE-2018-18700
MISC
qualcomm — snapdragonClientEnv exposes services 0-32 to HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_20162018-10-26not yet calculatedCVE-2017-18310
SECTRACK
CONFIRM
qualcomm — snapdragonModem segments are unlocked after authentication, leaving modem segments open to all in Snapdragon Mobile, Snapdragon Wear in version MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 4302018-10-26not yet calculatedCVE-2017-18308
SECTRACK
CONFIRM
qualcomm — snapdragonA micro-core of QMP transportation may cause a macro-core to read from or write to arbitrary memory in Snapdragon Mobile in version SD 845, SD 850.2018-10-26not yet calculatedCVE-2017-18309
SECTRACK
CONFIRM
qualcomm — snapdragonA bool variable in Video function, which gets typecasted to int before being read could result in an out of bound read access in all Android releases from CAF using the linux kernel2018-10-29not yet calculatedCVE-2017-18281
SECTRACK
CONFIRM
qualcomm — snapdragonWhen a series of FDAL messages are sent to the modem, a Use After Free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20.2018-10-26not yet calculatedCVE-2018-11305
SECTRACK
CONFIRM
gopro — gpmf-parser
 
An issue was discovered in GoPro gpmf-parser 1.2.1. There is an out-of-bounds write in OpenMP4Source in GPMF_mp4reader.c. 2018-10-29not yet calculatedCVE-2018-18699
MISC
gthumb — gthumb
 
An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_themes_from_dir method in dlg-contact-sheet.c because of two successive calls of g_free, each of which frees the same buffer.2018-10-29not yet calculatedCVE-2018-18718
MISC
merge_package — merge_package
 
The merge.recursive function in the merge package v <1.2 can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a denial of service attack.2018-10-30not yet calculatedCVE-2018-16469
MISC
ibm — daeja_viewone
 
IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150514.2018-11-02not yet calculatedCVE-2018-1835
CONFIRM
XF
ibm — infosphere_master_data_management_collaboration_serverIBM InfoSphere Master Data Management Collaboration Server 11.4, 11.5, and 11.6 could allow an authenticated user with CA level access to change change their ca-id to another users and read sensitive information. IBM X-Force ID: 138077.2018-10-29not yet calculatedCVE-2018-1380
XF
CONFIRM
ibm — quality_manager
 
IBM Quality Manager (RQM) 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132929.2018-11-02not yet calculatedCVE-2017-1609
CONFIRM
XF
ibm — rational_engineering_lifecycle_manager
 
IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150945.2018-11-02not yet calculatedCVE-2018-1846
CONFIRM
XF
ibm — robotic_process_automation_with_automation_anywhereIBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be uploaded to the control room. By uploading a malicious file and tricking a victim to run it, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 142889.2018-11-02not yet calculatedCVE-2018-1552
CONFIRM
XF
ibm — spectrum_protect_server
 
IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873.2018-11-02not yet calculatedCVE-2018-1788
CONFIRM
XF
ibm — team_concert
 
IBM Team Concert (RTC) 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148620.2018-10-29not yet calculatedCVE-2018-1766
CONFIRM
XF
ibm — websphere_application_serverIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Cachemonitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148621.2018-10-29not yet calculatedCVE-2018-1767
SECTRACK
XF
CONFIRM
ibm — websphere_application_server_liberty_openid_connect
 
IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit this vulnerability to execute arbitrary code. IBM X-Force ID: 150999.2018-10-31not yet calculatedCVE-2018-1851
XF
CONFIRM
icms — icms
 
spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion.2018-10-29not yet calculatedCVE-2018-18702
MISC
indusoft — web_studioInduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. A remote attacker could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed. If InduSoft Web Studio remote communication security was not enabled, or a password was left blank, a remote user could send a carefully crafted packet to invoke an arbitrary process, with potential for code to be executed. The code would be executed under the privileges of the InduSoft Web Studio or InTouch Edge HMI runtime and could lead to a compromise of the InduSoft Web Studio or InTouch Edge HMI server machine.2018-11-02not yet calculatedCVE-2018-17916
MISC
MISC
indusoft — web_studio
 
InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as that of the InduSoft Web Studio or InTouch Edge HMI (formerly InTouch Machine Edition) runtime.2018-11-02not yet calculatedCVE-2018-17914
MISC
MISC
interactive_advertising_bureau — openrtb
 
The Interactive Advertising Bureau (IAB) OpenRTB 2.3 protocol implementation might allow remote attackers to conceal the status of ad transactions and potentially compromise bid integrity by leveraging failure to limit the time between bid responses and impression notifications, aka the Amnesia Bug.2018-10-30not yet calculatedCVE-2015-7266
MISC
iobit — malware_fighter
 
RegFilter.sys in IOBit Malware Fighter 6.2 and earlier is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E010. This can lead to denial of service (DoS) or code execution with root privileges.2018-11-01not yet calculatedCVE-2018-18714
MISC
jboss — bpm_suite
 
JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder (usually admins) to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of script code within the context of the affected user.2018-10-31not yet calculatedCVE-2016-6343
REDHAT
BID
REDHAT
CONFIRM
libexif — libexif
 
A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications’ private data).2018-10-31not yet calculatedCVE-2016-6328
CONFIRM
libnmapp — libnmapp
 
A command injection vulnerability in libnmapp package for versions <0.4.16 allows arbitrary commands to be executed via arguments to the range options.2018-10-30not yet calculatedCVE-2018-16461
MISC
libtiff — libtiff
 
An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.2018-10-26not yet calculatedCVE-2018-18661
MISC
BID
linux — kernelAn issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658.2018-10-29not yet calculatedCVE-2018-18710
MISC
MISC
linux — kernelIn the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.2018-10-26not yet calculatedCVE-2018-18690
MISC
BID
MISC
MISC
MISC
linux — kernelSince Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19.2018-10-30not yet calculatedCVE-2018-18281
MISC
MLIST
BID
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
python-kdcproxy — python-kdcproxy
 
python-kdcproxy before 0.3.2 allows remote attackers to cause a denial of service via a large POST request.2018-10-30not yet calculatedCVE-2015-5159
CONFIRM
CONFIRM
systemd — systemd
 
A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.2018-10-26not yet calculatedCVE-2018-15687
BID
MISC
GENTOO
EXPLOIT-DB
m2soft — report_designer_viewer
 
M2SOFT Report Designer Viewer 5.0 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via a crafted MRD file.2018-11-01not yet calculatedCVE-2018-18695
MISC
mantisbt — mantisbtA cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.2018-10-30not yet calculatedCVE-2018-17783
CONFIRM
CONFIRM
mantisbt — mantisbt
 
A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.2018-10-30not yet calculatedCVE-2018-17782
CONFIRM
CONFIRM
monstra — cms
 
admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote authenticated administrators to trigger stored XSS via JavaScript content in a file whose name lacks an extension. Such a file is interpreted as text/html in certain cases.2018-10-29not yet calculatedCVE-2018-18694
MISC
netgain — enterprise_managerNetGain Enterprise Manager (EM) is affected by OS Command Injection vulnerabilities in versions before 10.0.57. These vulnerabilities could allow remote authenticated attackers to inject arbitrary code, resulting in remote code execution.2018-11-01not yet calculatedCVE-2018-10587
MISC
netgain — enterprise_manager
 
NetGain Enterprise Manager (EM) is affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities in versions before 10.1.12.2018-11-01not yet calculatedCVE-2018-10586
MISC
nextcloud — serverA missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares.2018-10-30not yet calculatedCVE-2018-16467
MISC
MISC
nextcloud — serverImproper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens.2018-10-30not yet calculatedCVE-2018-16466
MISC
MISC
nextcloud — serverMissing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load.2018-10-30not yet calculatedCVE-2018-16465
MISC
MISC
nextcloud — serverA missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password.2018-10-30not yet calculatedCVE-2018-16464
MISC
MISC
nextcloud — server
 
A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares.2018-10-30not yet calculatedCVE-2018-16463
MISC
MISC
openssl — dsa
 
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a-dev (Affected 1.1.1). Fixed in OpenSSL 1.1.0j-dev (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q-dev (Affected 1.0.2-1.0.2p).2018-10-30not yet calculatedCVE-2018-0734
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
openssl — ecdsa
 
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j-dev (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a-dev (Affected 1.1.1).2018-10-29not yet calculatedCVE-2018-0735
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
openstack-mistral — openstack-mistral
 
A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh private_key_filename can take an absolute path, it can be used to assess whether or not a file exists on the executor’s filesystem.2018-11-02not yet calculatedCVE-2018-16849
CONFIRM
CONFIRM
phptpoint — hospital_management_system
 
PhpTpoint hospital management system suffers from multiple SQL injection vulnerabilities via the index.php user parameter associated with LOGIN.php, or the rno parameter to ALIST.php, DUNDEL.php, PDEL.php, or PUNDEL.php.2018-10-29not yet calculatedCVE-2018-18705
MISC
phptpoint — mailing_server_using_file_handling
 
PhpTpoint Mailing Server Using File Handling 1.0 suffers from multiple Arbitrary File Read vulnerabilities in different sections that allow an attacker to read sensitive files on the system via directory traversal, bypassing the login page, as demonstrated by the Mailserver_filesystem/home.php coninb, consent, contrsh, condrft, or conspam parameter.2018-10-29not yet calculatedCVE-2018-18703
MISC
phptpoint — pharmacy_management_system
 
PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php username parameter.2018-10-29not yet calculatedCVE-2018-18704
EXPLOIT-DB
phpyun — phpyum
 
The function down_sql_action() in /admin/model/database.class.php in PHPYun 4.6 allows remote attackers to read arbitrary files via directory traversal in an m=database&c=down_sql&name=../ URI.2018-10-29not yet calculatedCVE-2018-18713
MISC
MISC
pivotal — operations_manager
 
Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client with administrator privileges for Opsman.2018-11-02not yet calculatedCVE-2018-15762
CONFIRM
playsms — playsms
 
playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse.2018-10-29not yet calculatedCVE-2018-18387
MISC
powerdns — authoritative_server
 
An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary.2018-11-01not yet calculatedCVE-2016-2120
CONFIRM
DEBIAN
projectsend — r582ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php.2018-10-29not yet calculatedCVE-2016-10734
MISC
projectsend — r582ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip-download.php query string.2018-10-29not yet calculatedCVE-2016-10733
MISC
projectsend — r582ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=1, or process-zip-download.php, or add_user_form_* parameters to users-add.php.2018-10-29not yet calculatedCVE-2016-10732
MISC
projectsend — r582
 
ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selected_clients, clients.php with the request parameter status, process-zip-download.php with the request parameter file, or home-log.php with the request parameter action.2018-10-29not yet calculatedCVE-2016-10731
MISC
qemu — qemu
 
An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process.2018-11-02not yet calculatedCVE-2018-16847
CONFIRM
MISC
MLIST
qualcomm — snapdragonIncorrect bound check can lead to potential buffer overwrite in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660.2018-10-29not yet calculatedCVE-2018-11880
CONFIRM
qualcomm — snapdragonImproper input validation leads to buffer overflow while processing network list offload command in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA6602018-10-29not yet calculatedCVE-2018-11884
CONFIRM
qualcomm — snapdragonWhen the buffer length passed is very large, bounds check could be bypassed leading to potential buffer overwrite in Snapdragon Mobile in version SD 8452018-10-29not yet calculatedCVE-2018-11879
CONFIRM
qualcomm — snapdragonWhen the buffer length passed is very large in WLAN, bounds check could be bypassed leading to potential buffer overwrite in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660.2018-10-29not yet calculatedCVE-2018-11877
CONFIRM
qualcomm — snapdragonIncorrect bound check can lead to potential buffer overwrite in WLAN controller in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660.2018-10-29not yet calculatedCVE-2018-11882
CONFIRM
qualcomm — snapdragonBuffer overflow if the length of passphrase is more than 32 when setting up secure NDP connection in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660.2018-10-29not yet calculatedCVE-2018-11874
CONFIRM
qualcomm — snapdragonLack of input validation while copying to buffer in WLAN will lead to a buffer overflow in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660.2018-10-29not yet calculatedCVE-2018-11876
CONFIRM
qualcomm — snapdragonLack of check of buffer size before copying in a WLAN function can lead to a buffer overflow in Snapdragon Mobile in version SD 845, SD 850.2018-10-29not yet calculatedCVE-2018-11875
CONFIRM
qualcomm — snapdragonImproper input validation in WLAN encrypt/decrypt module can lead to a buffer copy in Snapdragon Mobile in version SD 835, SD 845, SD 8502018-10-29not yet calculatedCVE-2018-11857
CONFIRM
qualcomm — snapdragonWhen processing IE set command, buffer overwrite may occur due to lack of input validation of the IE length in Snapdragon Mobile in version SD 835, SD 845, SD 850.2018-10-29not yet calculatedCVE-2018-11858
CONFIRM
qualcomm — snapdragonBuffer overwrite can happen in WLAN due to lack of validation of the input length in Snapdragon Mobile in version SD 845, SD 850.2018-10-29not yet calculatedCVE-2018-11859
CONFIRM
qualcomm — snapdragonBuffer overflow can happen in WLAN function due to lack of validation of the input length in Snapdragon Mobile in version SD 845, SD 850, SDA660.2018-10-29not yet calculatedCVE-2018-11861
CONFIRM
qualcomm — snapdragonBuffer overflow can happen in WLAN module due to lack of validation of the input length in Snapdragon Mobile in version SD 845, SD 850, SDA660.2018-10-29not yet calculatedCVE-2018-11862
CONFIRM
qualcomm — snapdragonInteger overflow may happen when calculating an internal structure size due to lack of validation of the input length in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016.2018-10-29not yet calculatedCVE-2018-11865
CONFIRM
qualcomm — snapdragonInteger overflow may happen in WLAN when calculating an internal structure size due to lack of validation of the input length in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016.2018-10-29not yet calculatedCVE-2018-11866
CONFIRM
qualcomm — snapdragonLack of buffer length check before copying in WLAN function while processing FIPS event, can lead to a buffer overflow in Snapdragon Mobile in version SD 845.2018-10-29not yet calculatedCVE-2018-11867
CONFIRM
qualcomm — snapdragonBuffer overwrite can occur when the legacy rates count received from the host is not checked against the maximum number of legacy rates in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20.2018-10-29not yet calculatedCVE-2018-11870
CONFIRM
qualcomm — snapdragonBuffer overwrite can happen in WLAN function while processing set pdev parameter command due to lack of input validation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016.2018-10-29not yet calculatedCVE-2018-11871
CONFIRM
qualcomm — snapdragonImproper input validation leads to buffer overwrite in the WLAN function that handles WMI commands in Snapdragon Mobile in version SD 845, SD 850, SDA6602018-10-29not yet calculatedCVE-2018-11872
CONFIRM
qualcomm — snapdragonImproper input validation leads to buffer overwrite in the WLAN function that handles WLAN roam buffer in Snapdragon Mobile in version SD 845.2018-10-29not yet calculatedCVE-2018-11873
CONFIRM
qualcomm — snapdragonImproper input validation leads to buffer overwrite in the WLAN function that handles WMI commands in Snapdragon Mobile in version SD 835, SD 845, SD 850. 2018-10-29not yet calculatedCVE-2018-11856
CONFIRM
redhat — cloudforms_management_engine
 
A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as.2018-10-31not yet calculatedCVE-2016-5402
REDHAT
BID
CONFIRM
redhat — glusterfsThe Gluster file system through version 4.1.4 is vulnerable to abuse of the ‘features/index’ translator. A remote attacker with access to mount volumes could exploit this via the ‘GF_XATTROP_ENTRY_IN_KEY’ xattrop to create arbitrary, empty files on the target server.2018-10-31not yet calculatedCVE-2018-14654
REDHAT
REDHAT
CONFIRM
redhat — glusterfsThe Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the ‘features/index’ translator via the code handling the ‘GF_XATTR_CLRLK_CMD’ xattr in the ‘pl_getxattr’ function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service.2018-10-31not yet calculatedCVE-2018-14652
REDHAT
REDHAT
CONFIRM
redhat — glusterfsThe Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the ‘__server_getspec’ function via the ‘gf_getspec_req’ RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact.2018-10-31not yet calculatedCVE-2018-14653
REDHAT
REDHAT
CONFIRM
redhat — glusterfsIt was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service.2018-10-31not yet calculatedCVE-2018-14661
REDHAT
REDHAT
CONFIRM
redhat — glusterfsThe Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the ‘GF_XATTR_IOSTATS_DUMP_KEY’ xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling ‘setxattr(2)’ to trigger a state dump and create an arbitrary number of files in the server’s runtime directory.2018-10-31not yet calculatedCVE-2018-14659
REDHAT
REDHAT
CONFIRM
redhat — glusterfsA flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node.2018-11-01not yet calculatedCVE-2018-14660
REDHAT
REDHAT
CONFIRM
redhat — glusterfs
 
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.2018-10-31not yet calculatedCVE-2018-14651
REDHAT
REDHAT
CONFIRM
redhat — openstack_platform
 
A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information.2018-10-31not yet calculatedCVE-2016-2121
BID
REDHAT
CONFIRM
ruby — loofah_gem
 
In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.2018-10-30not yet calculatedCVE-2018-16468
MISC
samba — sambaIt was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.2018-10-31not yet calculatedCVE-2016-2125
REDHAT
REDHAT
REDHAT
REDHAT
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
samba — samba
 
A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation.2018-11-01not yet calculatedCVE-2016-2123
BID
SECTRACK
CONFIRM
CONFIRM
sandboxie — sandboxie
 
Sandboxie 5.26 allows a Sandbox Escape via an “import os” statement, followed by os.system(“cmd”) or os.system(“powershell”), within a .py file.2018-10-29not yet calculatedCVE-2018-18748
MISC
asrock — driversThe AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.2018-10-30not yet calculatedCVE-2018-10710
EXPLOIT-DB
MISC
asrock — driversThe AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code.2018-10-30not yet calculatedCVE-2018-10711
EXPLOIT-DB
MISC
asrock — driversThe AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.2018-10-30not yet calculatedCVE-2018-10712
EXPLOIT-DB
MISC
asrock — driversThe AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write CR register values. This could be leveraged in a number of ways to ultimately run code with elevated privileges.2018-10-30not yet calculatedCVE-2018-10709
EXPLOIT-DB
MISC
dell_emc — integrated_data_protection_appliance
 
Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named ‘support’ and ‘admin’ that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files.2018-11-02not yet calculatedCVE-2018-11062
BID
FULLDISC
semcms — semcmsAn XSS issue was discovered in SEMCMS 3.4 via the first input field to the admin/SEMCMS_Link.php?lgid=1 URI.2018-10-29not yet calculatedCVE-2018-18740
MISC
semcms — semcmsAn XSS issue was discovered in SEMCMS 3.4 via the second text field to the admin/SEMCMS_Categories.php?pid=1&lgid=1 URI.2018-10-29not yet calculatedCVE-2018-18743
MISC
semcms — semcmsAn XSS issue was discovered in SEMCMS 3.4 via the fifth text box to the admin/SEMCMS_Main.php URI.2018-10-29not yet calculatedCVE-2018-18744
MISC
semcms — semcmsAn XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Menu.php?lgid=1 during editing.2018-10-29not yet calculatedCVE-2018-18745
MISC
semcms — semcmsA CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI.2018-10-29not yet calculatedCVE-2018-18742
MISC
semcms — semcmsAn XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Download.php?lgid=1 during editing.2018-10-29not yet calculatedCVE-2018-18741
MISC
semcms — semcmsAn XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Products.php?lgid=1 Keywords field.2018-10-29not yet calculatedCVE-2018-18739
MISC
semcms — semcms
 
An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Categories.php?pid=1&lgid=1 category_key parameter.2018-10-29not yet calculatedCVE-2018-18738
MISC
synology — diskstation_manager
 
Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter.2018-10-31not yet calculatedCVE-2018-13281
CONFIRM
synology — photo_station
 
Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter.2018-10-31not yet calculatedCVE-2018-13282
CONFIRM
systemd — systemd
 
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.2018-10-26not yet calculatedCVE-2018-15688
BID
MISC
GENTOO
systemd — systemdA vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.2018-10-26not yet calculatedCVE-2018-15686
BID
MISC
GENTOO
EXPLOIT-DB
tenda — multiple_productsAn issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router’s web server — httpd. When processing the “firewallEn” parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function.2018-10-29not yet calculatedCVE-2018-18709
MISC
tenda — multiple_productsAn issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router’s web server — httpd. When processing the “page” parameter of the function “fromAddressNat” for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.2018-10-29not yet calculatedCVE-2018-18708
MISC
tenda — multiple_productsAn issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router’s web server — httpd. When processing the “ssid” parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function.2018-10-29not yet calculatedCVE-2018-18707
MISC
tenda — multiple_productsAn issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router’s web server — httpd. When processing the “page” parameter of the function “fromDhcpListClient” for a request, it is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.2018-10-29not yet calculatedCVE-2018-18706
MISC
tenda — multiple_productsAn issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router’s web server — httpd. While processing the ‘mac’ parameter for a post request, the value is directly used in a strcpy to a variable placed on the heap, which can leak sensitive information or even hijack program control flow.2018-10-29not yet calculatedCVE-2018-18729
MISC
tenda — multiple_productsAn issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router’s web server — httpd. While processing the ‘startIp’ and ‘endIp’ parameters for a post request, each value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.2018-10-29not yet calculatedCVE-2018-18730
MISC
tenda — multiple_productsAn issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. They allow remote code execution via shell metacharacters in the usbName field to the __fastcall function with a POST request.2018-10-29not yet calculatedCVE-2018-18728
MISC
tenda — multiple_productsAn issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router’s web server — httpd. While processing the ‘deviceMac’ parameter for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.2018-10-29not yet calculatedCVE-2018-18731
MISC
tenda — multiple_productsAn issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router’s web server — httpd. While processing the ‘ntpServer’ parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function.2018-10-29not yet calculatedCVE-2018-18732
MISC
tenda — multiple_products
 
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router’s web server — httpd. While processing the ‘deviceList’ parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function.2018-10-29not yet calculatedCVE-2018-18727
MISC
tenda — multiple_products
 
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the “formsetUsbUnload” function executes a dosystemCmd function with untrusted input.2018-10-30not yet calculatedCVE-2018-14558
MISC
vecna — vgo_robotVGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) connected to the VGo XAMPP. User accounts may be able to execute commands that are outside the scope of their privileges and within the scope of an admin account. If an attacker has access to VGo XAMPP Client credentials, they may be able to execute admin commands on the connected robot.2018-10-30not yet calculatedCVE-2018-17933
MISC
vecna — vgo_robotIf an attacker has physical access to the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to alter scripts, which may allow code execution with root privileges.2018-10-30not yet calculatedCVE-2018-17931
MISC
wuzhi — cmsAn issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator’s username via index.php?m=member&f=index&v=edit&uid=1.2018-10-29not yet calculatedCVE-2018-18712
MISC
wuzhi — cms
 
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator’s password via index.php?m=core&f=panel&v=edit_info.2018-10-29not yet calculatedCVE-2018-18711
MISC
yunucms — yunucmsAn XSS issue was discovered in index.php/admin/category/editcategory?id=73 in YUNUCMS 1.1.5.2018-10-29not yet calculatedCVE-2018-18724
MISC
yunucms — yunucmsAn XSS issue was discovered in index.php/admin/area/editarea/id/110000 in YUNUCMS 1.1.5.2018-10-29not yet calculatedCVE-2018-18723
MISC
yunucms — yunucmsAn XSS issue was discovered in admin/content/editcontent?id=29&gopage=1 in YUNUCMS 1.1.5.2018-10-29not yet calculatedCVE-2018-18722
MISC
yunucms — yunucmsAn XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1.5.2018-10-29not yet calculatedCVE-2018-18721
MISC
yunucms — yunucmsAn XSS issue was discovered in admin/sitelink/editsitelink?id=16 in YUNUCMS 1.1.5.2018-10-29not yet calculatedCVE-2018-18726
MISC
yunucms — yunucmsAn XSS issue was discovered in admin/banner/editbanner?id=20 in YUNUCMS 1.1.5.2018-10-29not yet calculatedCVE-2018-18725
MISC
yunucms — yunucms
 
An XSS issue was discovered in index.php/admin/system/basic in YUNUCMS 1.1.5.2018-10-29not yet calculatedCVE-2018-18720
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

This entry was posted in Alerts. Bookmark the permalink.