Vulnerability Summary for the Week of May 21, 2018

Released
May 28, 2018
Document ID
SB18-148

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no medium vulnerabilities recorded this week.

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
abb -- srea-01
 
In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP request which refers to files using ../../ relative paths. Once the internal password file is retrieved, the password hash can be identified using a brute force attack. There is also an exploit allowing running of commands after authorization.2018-05-24not yet calculatedCVE-2017-9664
BID
MISC
accellion -- kitewords
 
Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token.2018-05-24not yet calculatedCVE-2017-9421
MISC
adobe -- acrobat_and_reader
 
Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4918
BID
SECTRACK
MISC
adobe -- acrobat_and_reader
 
Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4917
BID
SECTRACK
MISC
adobe -- coldfusion
 
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4941
BID
MISC
adobe -- coldfusion
 
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading vulnerability. Successful exploitation could lead to local privilege escalation.2018-05-19not yet calculatedCVE-2018-4938
BID
MISC
adobe -- coldfusion
 
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4942
BID
MISC
adobe -- coldfusion
 
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4940
BID
MISC
adobe -- coldfusion
 
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution.2018-05-19not yet calculatedCVE-2018-4939
BID
MISC
adobe -- connect
 
Adobe Connect versions 9.7 and earlier have an exploitable OS Command Injection. Successful exploitation could lead to arbitrary file deletion.2018-05-19not yet calculatedCVE-2018-4923
BID
SECTRACK
MISC
adobe -- connect
 
Adobe Connect versions 9.7.5 and earlier have an exploitable Authentication Bypass vulnerability. Successful exploitation could lead to sensitive information disclosure.2018-05-19not yet calculatedCVE-2018-4994
BID
SECTRACK
MISC
adobe -- connect
 
Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4921
BID
SECTRACK
MISC
adobe -- creative_cloud_desktop_applicationAdobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Unquoted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.2018-05-19not yet calculatedCVE-2018-4873
BID
SECTRACK
MISC
adobe -- creative_cloud_desktop_application
 
Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper certificate validation vulnerability. Successful exploitation could lead to a security bypass.2018-05-19not yet calculatedCVE-2018-4991
BID
SECTRACK
MISC
adobe -- creative_cloud_desktop_application
 
Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper input validation vulnerability. Successful exploitation could lead to local privilege escalation.2018-05-19not yet calculatedCVE-2018-4992
BID
SECTRACK
MISC
adobe -- digital_editions
 
Adobe Digital Editions versions 4.5.7 and below have an exploitable Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4925
BID
MISC
adobe -- digital_editions
 
Adobe Digital Editions versions 4.5.7 and below have an exploitable Stack Overflow vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4926
BID
MISC
adobe -- dreamweaver_cc
 
Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4924
BID
SECTRACK
MISC
adobe -- experience_manager
 
Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.2018-05-19not yet calculatedCVE-2018-4930
BID
MISC
adobe -- experience_manager
 
Adobe Experience Manager versions 6.1 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.2018-05-19not yet calculatedCVE-2018-4931
BID
MISC
adobe -- experience_manager
 
Adobe Experience Manager versions 6.2 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.2018-05-19not yet calculatedCVE-2018-4929
BID
MISC
adobe -- flash_playerAdobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4936
BID
SECTRACK
REDHAT
MISC
EXPLOIT-DB
adobe -- flash_player
 
Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4920
BID
SECTRACK
REDHAT
MISC
adobe -- flash_player
 
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4933
BID
SECTRACK
REDHAT
MISC
adobe -- flash_player
 
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-05-19not yet calculatedCVE-2018-4934
BID
SECTRACK
REDHAT
MISC
EXPLOIT-DB
adobe -- flash_player
 
Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4919
BID
SECTRACK
REDHAT
MISC
adobe -- flash_player
 
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4937
BID
SECTRACK
REDHAT
MISC
EXPLOIT-DB
adobe -- flash_player
 
Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4944
BID
SECTRACK
REDHAT
MISC
adobe -- flash_player
 
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4932
BID
SECTRACK
REDHAT
MISC
adobe -- flash_player
 
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4935
BID
SECTRACK
REDHAT
MISC
EXPLOIT-DB
adobe -- indesign
 
Adobe InDesign versions 13.0 and below have an exploitable Untrusted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.2018-05-19not yet calculatedCVE-2018-4927
BID
MISC
adobe -- indesign
 
Adobe InDesign versions 13.0 and below have an exploitable Memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-05-19not yet calculatedCVE-2018-4928
BID
MISC
adobe -- phonegap_push_plugin
 
Adobe PhoneGap Push Plugin versions 1.8.0 and earlier have an exploitable Same-Origin Method Execution vulnerability. Successful exploitation could lead to JavaScript code execution in the context of the PhoneGap app.2018-05-19not yet calculatedCVE-2018-4943
BID
MISC
apache -- batik
 
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.2018-05-24not yet calculatedCVE-2018-8013
BID
MLIST
MLIST
CONFIRM
apache -- nifi
 
Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution. The fix to disable external general entity parsing and disallow doctype declarations was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.2018-05-23not yet calculatedCVE-2018-1309
CONFIRM
apache -- nifi
 
Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. See ActiveMQ CVE-2015-5254 announcement for more information. The fix to upgrade the activemq-client library to 5.15.3 was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.2018-05-23not yet calculatedCVE-2018-1310
CONFIRM
apache -- orc
 
In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the stack.2018-05-18not yet calculatedCVE-2018-8015
BID
CONFIRM
apache -- solr
 
This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. Users are advised to upgrade to either Solr 6.6.4 or Solr 7.3.1 releases both of which address the vulnerability. Once upgrade is complete, no other steps are required. Those releases only allow external entities and Xincludes that refer to local files / zookeeper resources below the Solr instance directory (using Solr's ResourceLoader); usage of absolute URLs is denied. Keep in mind, that external entities and XInclude are explicitly supported to better structure config files in large installations. Before Solr 6 this was no problem, as config files were not accessible through the APIs.2018-05-21not yet calculatedCVE-2018-8010
BID
MISC
apache -- zookeeper
 
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.2018-05-21not yet calculatedCVE-2018-8012
BID
SECTRACK
MISC
appnitro_software -- machform
 
An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.2018-05-26not yet calculatedCVE-2018-6411
MISC
MISC
appnitro_software -- machform
 
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.2018-05-26not yet calculatedCVE-2018-6410
MISC
MISC
appnitro_software -- machform
 
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.2018-05-26not yet calculatedCVE-2018-6409
MISC
MISC
asustor -- as6202t_adm
 
An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed.2018-05-21not yet calculatedCVE-2018-11340
MISC
asustor -- as6202t_adm
 
An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter.2018-05-21not yet calculatedCVE-2018-11346
MISC
asustor -- as6202t_adm
 
A persistent cross site scripting vulnerability in playlistmanger.cgi in the ASUSTOR SoundsGood application allows attackers to store cross site scripting payloads via the 'playlist' POST parameter.2018-05-21not yet calculatedCVE-2018-11343
MISC
asustor -- as6202t_adm
 
An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. This can be used to place attacker controlled code on the file system that can then be executed. Further, the filename parameter is vulnerable to path traversal and allows the attacker to place the file anywhere on the system.2018-05-21not yet calculatedCVE-2018-11345
MISC
asustor -- as6202t_adm
 
Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter.2018-05-21not yet calculatedCVE-2018-11341
MISC
asustor -- as6202t_adm
 
A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the dest_folder parameter.2018-05-21not yet calculatedCVE-2018-11342
MISC
asustor -- as6202t_adm
 
A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter.2018-05-21not yet calculatedCVE-2018-11344
MISC
ati_systems -- emergency_mass_notification_systems
 
In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.2018-05-25not yet calculatedCVE-2018-8862
BID
MISC
ati_systems -- emergency_mass_notification_systems
 
In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.2018-05-25not yet calculatedCVE-2018-8864
BID
MISC
beaconmedaes -- scroll_medical_air_systems
 
In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access information in the application without authenticating.2018-05-24not yet calculatedCVE-2018-7526
MISC
beaconmedaes -- scroll_medical_air_systems
 
In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, an attacker with network access to the integrated web server could retrieve default or user defined credentials stored and transmitted in an insecure manner.2018-05-24not yet calculatedCVE-2018-7518
MISC
bearadmin -- bearadmin
 
An issue was discovered in BearAdmin 0.5. Remote attackers can download arbitrary files via /admin/databack/download.html?name= directory traversal sequences, as demonstrated by name=../application/database.php to read the MySQL credentials in the configuration.2018-05-24not yet calculatedCVE-2018-11413
MISC
bearadmin -- bearadmin
 
An issue was discovered in BearAdmin 0.5. There is admin/admin_log/index.html?user_id= SQL injection because admin\controller\AdminLog.php constructs a MySQL query improperly.2018-05-24not yet calculatedCVE-2018-11414
MISC
becton_dickinson_and_company -- bd_kiestra_inoquia_systems
 
A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption.2018-05-24not yet calculatedCVE-2018-10593
MISC
CONFIRM
becton_dickinson_and_company -- bd_kiestra_systems
 
A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data.2018-05-24not yet calculatedCVE-2018-10595
MISC
CONFIRM
bitdroid -- werewolf_online_app_android
 
The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.2018-05-26not yet calculatedCVE-2018-11505
MISC
citrix -- xenmobile_server
 
There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.2018-05-23not yet calculatedCVE-2018-10653
CONFIRM
citrix -- xenmobile_server
 
There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3.2018-05-23not yet calculatedCVE-2018-10652
CONFIRM
citrix -- xenmobile_server
 
There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.2018-05-23not yet calculatedCVE-2018-10654
CONFIRM
citrix -- xenmobile_server
 
There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.2018-05-23not yet calculatedCVE-2018-10648
CONFIRM
citrix -- xenmobile_server
 
There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.2018-05-23not yet calculatedCVE-2018-10650
CONFIRM
citrix -- xenmobile_server
 
There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3.2018-05-23not yet calculatedCVE-2018-10649
CONFIRM
citrix -- xenmobile_server
 
There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.2018-05-23not yet calculatedCVE-2018-10651
CONFIRM
ckeditor_5 -- ckeditor_5
 
Cross-site scripting (XSS) vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link (A) element.2018-05-22not yet calculatedCVE-2018-11093
CONFIRM
CONFIRM
clippercms -- clippercms
 
Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file.2018-05-24not yet calculatedCVE-2018-11332
MISC
cloudera -- hue
 
Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter.2018-05-22not yet calculatedCVE-2015-8094
CONFIRM
CONFIRM
CONFIRM
MISC
cloudfoundry -- cloudfoundry
 
Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.2018-05-23not yet calculatedCVE-2018-1193
CONFIRM
cockpit_project -- cockpit
 
Cockpit 0.5.5 has XSS via a collection, form, or region.2018-05-25not yet calculatedCVE-2018-11471
MISC
codecanyon.net -- easyservice_billing
 
A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role.2018-05-25not yet calculatedCVE-2018-11445
MISC
codecanyon.net -- easyservice_billing
 
A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0.2018-05-25not yet calculatedCVE-2018-11444
MISC

codecanyon.net -- easyservice_billing

 

A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation.2018-05-25not yet calculatedCVE-2018-11442
MISC
codecanyon.net -- easyservice_billing
 
The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0.2018-05-25not yet calculatedCVE-2018-11443
MISC

codecanyon.net -- horse_market_sell_and_rent_portal_script

 

Horse Market Sell & Rent Portal Script 1.5.7 has a CSRF vulnerability through which an attacker can change all of the target's account information remotely.2018-05-21not yet calculatedCVE-2018-11096
EXPLOIT-DB
cppcms -- cppcms
 
An issue was discovered in CppCMS before 1.2.1. There is a denial of service in the JSON parser module.2018-05-22not yet calculatedCVE-2018-11367
MISC
curl -- curl
 
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.2018-05-24not yet calculatedCVE-2018-1000301
BID
SECTRACK
CONFIRM
MLIST
UBUNTU
UBUNTU
DEBIAN
curl -- curl
 
curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0.2018-05-24not yet calculatedCVE-2018-1000300
BID
SECTRACK
CONFIRM
UBUNTU
d-link -- dsl-3782_router
 
A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated attackers to perform arbitrary modification (read, write) to passwords and configurations meanwhile an administrator is logged into the web panel.2018-05-23not yet calculatedCVE-2018-8898
MISC
EXPLOIT-DB
dahua_technology-- ip_devices
 
Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device.2018-05-23not yet calculatedCVE-2017-9317
CONFIRM
delta_electronics -- industrial_automation_tpeditor
 
In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution.2018-05-25not yet calculatedCVE-2018-8871
MISC
discount -- discount
 
The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.2018-05-25not yet calculatedCVE-2018-11468
MISC
discount -- discount
 
The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.2018-05-26not yet calculatedCVE-2018-11503
MISC
discount -- discount
 
The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.2018-05-26not yet calculatedCVE-2018-11504
MISC
dolibarr -- dolibarr
 
The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.2018-05-22not yet calculatedCVE-2018-10092
MLIST
CONFIRM
CONFIRM
MISC
dolibarr -- dolibarr
 
SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes.2018-05-22not yet calculatedCVE-2018-10094
MLIST
CONFIRM
CONFIRM
MISC
dolibarr -- dolibarr
 
SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php.2018-05-22not yet calculatedCVE-2018-9019
CONFIRM
CONFIRM
dolibarr -- dolibarr
 
Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.2018-05-22not yet calculatedCVE-2018-10095
MLIST
CONFIRM
CONFIRM
MISC
domainmod -- domainmod
 
DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter.2018-05-24not yet calculatedCVE-2018-11404
MISC
domainmod -- domainmod
 
DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter.2018-05-24not yet calculatedCVE-2018-11403
MISC
ethereum -- dimoncoin_token
 
The transferFrom function of a smart contract implementation for DimonCoin (FUD), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect.2018-05-24not yet calculatedCVE-2018-11411
MISC
ethereum -- ether_cartel
 
The DrugDealer function of a smart contract implementation for Ether Cartel, an Ethereum game, allows attackers to take over the contract's ownership, aka ceoAnyone. After that, all the digital assets (including Ether balance and tokens) might be manipulated by the attackers, as exploited in the wild in May 2018.2018-05-22not yet calculatedCVE-2018-11329
MISC
fortinet -- fortios
 
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.2018-05-24not yet calculatedCVE-2017-14187
SECTRACK
CONFIRM
fortinet -- fortios
 
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal.2018-05-25not yet calculatedCVE-2017-14185
CONFIRM
foxit -- foxit_reader
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process, a different vulnerability than CVE-2018-5677 and CVE-2018-5680.2018-05-24not yet calculatedCVE-2018-5679
MISC
CONFIRM
foxit -- foxit_reader
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process, a different vulnerability than CVE-2018-5674 and CVE-2018-5678.2018-05-24not yet calculatedCVE-2018-5676
MISC
CONFIRM
foxit -- foxit_reader
 
An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the u3d images inside of a pdf. The issue results from the lack of proper validation of user-supplied data, which can result in an array indexing issue. An attacker can leverage this to execute code in the context of the current process.2018-05-24not yet calculatedCVE-2018-7406
MISC
CONFIRM
foxit -- foxit_reader
 
An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when rendering U3D images inside of pdf files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process.2018-05-24not yet calculatedCVE-2018-7407
MISC
CONFIRM
foxit -- foxit_reader
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process, a different vulnerability than CVE-2018-5676 and CVE-2018-5678.2018-05-24not yet calculatedCVE-2018-5674
MISC
CONFIRM
foxit -- foxit_reader
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process, a different vulnerability than CVE-2018-5677 and CVE-2018-5679.2018-05-24not yet calculatedCVE-2018-5680
MISC
CONFIRM
foxit -- foxit_reader
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process, a different vulnerability than CVE-2018-5679 and CVE-2018-5680.2018-05-24not yet calculatedCVE-2018-5677
MISC
CONFIRM
foxit -- foxit_reader
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an out-of-bounds write on a buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.2018-05-24not yet calculatedCVE-2018-5675
MISC
CONFIRM
foxit -- foxit_reader
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process, a different vulnerability than CVE-2018-5674 and CVE-2018-5676.2018-05-24not yet calculatedCVE-2018-5678
MISC
CONFIRM
frappe_technologies -- erpnext
 
An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment.2018-05-21not yet calculatedCVE-2018-11339
MISC
MISC
EXPLOIT-DB
ge_automation -- pacssystems
 
In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable.2018-05-18not yet calculatedCVE-2018-8867
BID
MISC
giflib -- giflib
 
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact.2018-05-26not yet calculatedCVE-2018-11489
MISC
giflib -- giflib
 
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.2018-05-26not yet calculatedCVE-2018-11490
MISC
gnome_project -- gnome_web
 
ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.2018-05-23not yet calculatedCVE-2018-11396
CONFIRM
gnu -- gnu_c_library
 
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.2018-05-18not yet calculatedCVE-2018-11237
BID
MISC
EXPLOIT-DB
gnu -- gnu_c_library
 
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.2018-05-18not yet calculatedCVE-2018-11236
BID
MISC
MISC
haproxy -- haproxy
 
Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.2018-05-25not yet calculatedCVE-2018-11469
CONFIRM
hawtio -- hawtio
 
hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed.2018-05-22not yet calculatedCVE-2017-2617
BID
REDHAT
CONFIRM
hp -- network_operations_management_ultimate
 
SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection.2018-05-22not yet calculatedCVE-2018-6493
BID
SECTRACK
CONFIRM
hp -- network_operations_management_ultimate
 
Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent cross-site scripting, and non-persistent HTML Injection.2018-05-22not yet calculatedCVE-2018-6492
BID
SECTRACK
CONFIRM
hp -- service_manager_software_web_tier
 
Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data.2018-05-22not yet calculatedCVE-2018-6494
BID
SECTRACK
CONFIRM
huawei -- 1288h_and_288H
 
Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system.2018-05-24not yet calculatedCVE-2018-7902
CONFIRM
huawei -- 1288h_and_288H
 
Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system.2018-05-24not yet calculatedCVE-2018-7903
CONFIRM
huawei -- 1288h_and_288H
 
Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system.2018-05-24not yet calculatedCVE-2018-7904
CONFIRM
huawei -- ibmc
 
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak.2018-05-24not yet calculatedCVE-2018-7942
CONFIRM
huawei -- smart_phones
 
Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user's smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure.2018-05-24not yet calculatedCVE-2017-17158
CONFIRM
huwaei -- multiple_products
 
Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have a numeric errors vulnerability. An unauthenticated, remote attacker may send specially crafted SCCP messages to the affected products. Due to the improper validation of the messages, it will cause numeric errors when handling the messages. Successful exploit will cause some services abnormal.2018-05-24not yet calculatedCVE-2017-17315
CONFIRM
ibm -- db2
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140047.2018-05-25not yet calculatedCVE-2018-1452
CONFIRM
XF
ibm -- db2
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 142648.2018-05-25not yet calculatedCVE-2018-1544
CONFIRM
SECTRACK
XF
ibm -- db2
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 140973.2018-05-25not yet calculatedCVE-2018-1488
CONFIRM
SECTRACK
XF
ibm -- db2
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 143022.2018-05-25not yet calculatedCVE-2018-1565
CONFIRM
SECTRACK
XF
ibm -- db2
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140046.2018-05-25not yet calculatedCVE-2018-1451
CONFIRM
XF
ibm -- db2
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140044.2018-05-25not yet calculatedCVE-2018-1449
CONFIRM
XF
ibm -- db2
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: 140210.2018-05-25not yet calculatedCVE-2018-1459
CONFIRM
XF
ibm -- db2
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 141624.2018-05-25not yet calculatedCVE-2018-1515
CONFIRM
SECTRACK
XF
ibm -- db2
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-ForceID: 140045.2018-05-25not yet calculatedCVE-2018-1450
CONFIRM
XF
ibm -- storediq
 
IBM StoredIQ 7.6 could allow an authenticated attacker to bypass certain security restrictions. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to access and manipulate documents on StoredIQ managed data sources. IBM X-Force ID: 143331.2018-05-22not yet calculatedCVE-2018-1583
CONFIRM
XF
ibm -- storwize_v7000
 
The IBM Storwize V7000 Unified management Web interface 1.6 exposes internal cluster details to unauthenticated users. IBM X-Force ID: 140398.2018-05-25not yet calculatedCVE-2018-1467
CONFIRM
XF
ibm -- tivoli_application_dependency_discovery_manager
 
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361.2018-05-24not yet calculatedCVE-2013-3023
CONFIRM
XF
ibm -- tivoli_application_dependency_discovery_manager
 
The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354.2018-05-24not yet calculatedCVE-2013-3018
CONFIRM
XF
ibm -- urbancode_deploy
 
IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547.2018-05-25not yet calculatedCVE-2017-1752
CONFIRM
XF
ibm -- websphere_application_server
 
IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362.2018-05-24not yet calculatedCVE-2013-3024
CONFIRM
XF
ilias -- ilias
 
ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting.2018-05-23not yet calculatedCVE-2018-10428
MISC
BUGTRAQ
CONFIRM
CONFIRM
CONFIRM
MISC
imagemagick -- imagemagick
 
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call.2018-05-18not yet calculatedCVE-2017-18273
CONFIRM
MLIST
imagemagick -- imagemagick
 
In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file.2018-05-18not yet calculatedCVE-2018-11251
CONFIRM
MLIST
imagemagick -- imagemagick
 
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.2018-05-18not yet calculatedCVE-2017-18271
CONFIRM
MLIST
iscripts -- eswap
 
iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter.2018-05-22not yet calculatedCVE-2018-11372
MISC
iscripts -- eswap
 
iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter.2018-05-22not yet calculatedCVE-2018-11373
MISC
iscripts -- eswap
 
iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel.2018-05-25not yet calculatedCVE-2018-11470
MISC
jboss -- jboss_jbossas
 
Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation.2018-05-22not yet calculatedCVE-2016-8656
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
BID
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
jboss -- undertow_web_server
 
In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.2018-05-21not yet calculatedCVE-2018-1067
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
jenkins -- jenkins
 
Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).2018-05-23not yet calculatedCVE-2017-2598
BID
CONFIRM
CONFIRM
CONFIRM
jenkins -- jenkins
 
jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.2018-05-22not yet calculatedCVE-2017-2609
BID
CONFIRM
CONFIRM
jenkins -- jenkins
 
jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting vulnerability in console notes (SECURITY-382). Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content while the build is running. Malicious Jenkins users, or users with SCM access, could configure jobs or modify build scripts such that they print serialized console notes that perform cross-site scripting attacks on Jenkins users viewing the build logs.2018-05-21not yet calculatedCVE-2017-2607
BID
CONFIRM
jerryscript -- jerryscript
 
An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_utf8 function via a RegExp("[\\u0020") payload, related to re_parse_char_class in parser/regexp/re-parser.c.2018-05-24not yet calculatedCVE-2018-11418
MISC
jerryscript -- jerryscript
 
An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function via a RegExp("[\\u0") payload, related to re_parse_char_class in parser/regexp/re-parser.c.2018-05-24not yet calculatedCVE-2018-11419
MISC
joomla! -- joomla!
 
In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager.2018-05-22not yet calculatedCVE-2018-6378
BID
SECTRACK
MISC
joomla! -- joomla!
 
An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.2018-05-22not yet calculatedCVE-2018-11321
BID
SECTRACK
MISC
joomla! -- joomla!
 
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions.2018-05-22not yet calculatedCVE-2018-11323
BID
SECTRACK
MISC
joomla! -- joomla!
 
An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver.2018-05-22not yet calculatedCVE-2018-11322
BID
SECTRACK
MISC
joomla! -- joomla!
 
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission.2018-05-22not yet calculatedCVE-2018-11327
BID
SECTRACK
MISC
joomla! -- joomla!
 
An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen.2018-05-22not yet calculatedCVE-2018-11325
BID
SECTRACK
MISC
joomla! -- joomla!
 
An issue was discovered in Joomla! Core before 3.8.8. Inadequate input filtering leads to a multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a XSS attack.2018-05-22not yet calculatedCVE-2018-11326
BID
SECTRACK
MISC
joomla! -- joomla!
 
An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability.2018-05-22not yet calculatedCVE-2018-11328
BID
SECTRACK
MISC
joomla! -- joomla!
 
An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated.2018-05-22not yet calculatedCVE-2018-11324
BID
SECTRACK
MISC
jpegoptim -- jpegoptim
 
jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of realloc() and free(), which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.2018-05-24not yet calculatedCVE-2018-11416
MISC
MISC
k2 -- smartforms
 
Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL.2018-05-24not yet calculatedCVE-2018-9920
BUGTRAQ
kemp_technologies -- loadmaster_operating_system_long_term_support
 
A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an unauthenticated, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, etc., thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.2018-05-25not yet calculatedCVE-2018-9091
CONFIRM
kliqqi -- kliqqi
 
Kliqqi 2.0.2 has CSRF in admin/admin_users.php.2018-05-24not yet calculatedCVE-2018-11405
MISC

kubernetes-incubator/cri-o -- kubernetes-incubator/cri-o

 

Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via container execution. This vulnerability appears to have been fixed in 1.9.2018-05-18not yet calculatedCVE-2018-1000400
BID
MISC
liblouis -- liblouis
 
An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.2018-05-24not yet calculatedCVE-2018-11410
MISC
MISC
liblouis -- liblouis
 
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.2018-05-25not yet calculatedCVE-2018-11440
MISC
libsass -- libsass
 
A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.2018-05-26not yet calculatedCVE-2018-11499
MISC
linux -- linux_kernelkernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.2018-05-21not yet calculatedCVE-2018-1108
BID
CONFIRM
DEBIAN
linux -- linux_kernel
 
In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.2018-05-24not yet calculatedCVE-2018-11412
MISC
MISC
linux -- linux_kernel
 
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.2018-05-24not yet calculatedCVE-2018-1000199
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
MLIST
MLIST
UBUNTU
DEBIAN
DEBIAN
linux -- linux_kernel
 
In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.2018-05-18not yet calculatedCVE-2017-18270
CONFIRM
BID
CONFIRM
CONFIRM
lizard -- lizard
 
In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an unchecked buffer size during a memcpy in the Lizard_decompress_LIZv1 function (lib/lizard_decompress_liz.h). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted input file, as well as achieve remote code execution.2018-05-26not yet calculatedCVE-2018-11498
MISC
long_range_zip -- long_range_zip
 
In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation.2018-05-26not yet calculatedCVE-2018-11496
MISC
magnicomp -- sysinfo
 
MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic Automation and other products, contains an information exposure vulnerability in which a local unprivileged user is able to read any root (uid 0) owned file on the system, regardless of the file permissions. Confidential information such as password hashes (/etc/shadow) or other secrets (such as log files or private keys) can be leaked to the attacker. The vulnerability has a confidentiality impact, but has no direct impact on system integrity or availability.2018-05-21not yet calculatedCVE-2018-7268
MISC
BUGTRAQ
MISC
makemytrip.com -- makemytrip_app_android
 
An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.2018-05-20not yet calculatedCVE-2018-11242
MISC
EXPLOIT-DB
mcafee -- data_loss_prevention_endpoint
 
Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility.2018-05-25not yet calculatedCVE-2018-6664
SECTRACK
CONFIRM
mcafee -- network_security_management
 
Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes.2018-05-25not yet calculatedCVE-2017-3961
CONFIRM
mcafee -- virusscan_enterprise
 
Privilege Escalation vulnerability in Microsoft Windows client in McAfee VirusScan Enterprise (VSE) 8.8 allows local users to view configuration information in plain text format via the GUI or GUI terminal commands.2018-05-25not yet calculatedCVE-2018-6674
BID
SECTRACK
CONFIRM
micro_focus -- client_for_oes
 
The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys.2018-05-21not yet calculatedCVE-2018-7687
MISC
MISC
micro_focus -- multiple_products
 
Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS).2018-05-23not yet calculatedCVE-2018-6495
SECTRACK
CONFIRM
microsoft -- office
 
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office.2018-05-23not yet calculatedCVE-2018-8176
BID
SECTRACK
CONFIRM
microsoft -- windows
 
A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1035.2018-05-21not yet calculatedCVE-2018-8142
BID
CONFIRM
monstra -- monstra_cms
 
Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php).2018-05-25not yet calculatedCVE-2018-11472
MISC
MISC
monstra -- monstra_cms
 
Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser.2018-05-25not yet calculatedCVE-2018-11475
MISC
monstra -- monstra_cms
 
Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser.2018-05-25not yet calculatedCVE-2018-11474
MISC
monstra -- monstra_cms
 
Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration).2018-05-25not yet calculatedCVE-2018-11473
MISC
MISC
moodle -- moodle
 
An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.2018-05-25not yet calculatedCVE-2018-1133
CONFIRM
moodle -- moodle
 
An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL.2018-05-25not yet calculatedCVE-2018-1134
CONFIRM
moodle -- moodle
 
An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users.2018-05-25not yet calculatedCVE-2018-1136
CONFIRM
moodle -- moodle
 
An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.2018-05-25not yet calculatedCVE-2018-1137
CONFIRM
moodle -- moodle
 
An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.2018-05-25not yet calculatedCVE-2018-1135
CONFIRM
multiple_vendors -- multiple_products
 
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.2018-05-22not yet calculatedCVE-2018-3639
CONFIRM
BID
SECTRACK
CONFIRM
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CISCO
UBUNTU
UBUNTU
UBUNTU
UBUNTU
UBUNTU
UBUNTU
UBUNTU
DEBIAN
EXPLOIT-DB
CONFIRM
CERT-VN
CONFIRM
CERT
multiple_vendors -- multiple_products
 
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.2018-05-22not yet calculatedCVE-2018-3640
CONFIRM
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CISCO
CONFIRM
CERT-VN
CONFIRM
CERT
mupdf -- mupdfIn MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.2018-05-24not yet calculatedCVE-2018-1000040
CONFIRM
MISC
MISC
MISC
MISC
MISC
mupdf -- mupdf
 
In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.2018-05-24not yet calculatedCVE-2018-1000039
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
MISC
MISC
mupdf -- mupdf
 
In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file.2018-05-24not yet calculatedCVE-2018-1000038
CONFIRM
CONFIRM
MISC
mupdf -- mupdf
 
In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.2018-05-24not yet calculatedCVE-2018-1000036
MISC
mupdf -- mupdf
 
In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file.2018-05-24not yet calculatedCVE-2018-1000037
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
MISC
MISC
MISC
mybb -- mybb
 
An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action.2018-05-21not yet calculatedCVE-2018-11092
CONFIRM
CONFIRM
EXPLOIT-DB
myscada -- mypro
 
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.2018-05-20not yet calculatedCVE-2018-11311
MISC
MISC
EXPLOIT-DB
netapp -- oncommand_unified_manager
 
NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution.2018-05-24not yet calculatedCVE-2018-5487
CONFIRM
netapp -- oncommand_unified_manager
 
NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3 are susceptible to a vulnerability which could lead to a privilege escalation attack.2018-05-24not yet calculatedCVE-2018-5485
CONFIRM
octopus -- deploy
 
In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs.2018-05-21not yet calculatedCVE-2018-11320
CONFIRM
opencart -- opencart
 
In the Divido plugin for OpenCart, there is SQL injection. Attackers can use SQL injection to get some confidential information.2018-05-23not yet calculatedCVE-2018-11231
MISC
opencart -- opencart
 
OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. For example, an attacker can download ../../config.php.2018-05-26not yet calculatedCVE-2018-11495
MISC
opencart -- opencart
 
The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containing 10 random digits) via a directory traversal attack involving language_info['code'].2018-05-26not yet calculatedCVE-2018-11494
MISC
openflow -- openflow
 
OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network Instability. This attack appear to be exploitable via Network connectivity: the attacker must first establish a transport connection with the OpenFlow controller and then initiate the OpenFlow handshake.2018-05-24not yet calculatedCVE-2018-1000155
MISC
osisoft -- pi_coresight
 
PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to the PI system. OSIsoft recommends that users upgrade to PI Vision 2017 or greater to mitigate this vulnerability.2018-05-25not yet calculatedCVE-2017-9641
BID
MISC
CONFIRM
pbootcms -- pbootcms
 
An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection that can get important information from the database via the \apps\home\controller\ParserController.php scode parameter.2018-05-22not yet calculatedCVE-2018-11369
MISC
pdfgen -- pdfgen
 
jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a heap-based buffer over-read.2018-05-22not yet calculatedCVE-2018-11363
MISC
MISC
phpmywind -- phpmywind
 
PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php.2018-05-26not yet calculatedCVE-2018-11487
MISC
phpscriptsmall.com -- website_seller_script
 
PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2.2018-05-26not yet calculatedCVE-2018-11501
MISC
pluck -- pluck
 
An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted.2018-05-21not yet calculatedCVE-2018-11330
MISC
MISC
pluck -- pluck
 
An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess.2018-05-21not yet calculatedCVE-2018-11331
MISC
MISC
procps-ng/procps -- procps-ng/procps
 
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.2018-05-23not yet calculatedCVE-2018-1126
MLIST
BID
REDHAT
CONFIRM
UBUNTU
DEBIAN
MISC
procps-ng/procps -- procps-ng/procps
 
procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.2018-05-23not yet calculatedCVE-2018-1125
MLIST
BID
CONFIRM
UBUNTU
DEBIAN
MISC
procps-ng/procps -- procps-ng/procps
 
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).2018-05-23not yet calculatedCVE-2018-1123
MLIST
BID
CONFIRM
UBUNTU
DEBIAN
MISC
procps-ng/procps -- procps-ng/procps
 
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.2018-05-23not yet calculatedCVE-2018-1122
MLIST
BID
CONFIRM
UBUNTU
DEBIAN
MISC
procps-ng/procps -- procps-ng/procps
 
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.2018-05-23not yet calculatedCVE-2018-1124
MLIST
BID
REDHAT
CONFIRM
UBUNTU
DEBIAN
MISC
publiccms -- publiccms
 
An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account.2018-05-26not yet calculatedCVE-2018-11500
MISC
radare -- radare2
 
The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.2018-05-22not yet calculatedCVE-2018-11384
MISC
MISC
radare -- radare2
 
The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.2018-05-22not yet calculatedCVE-2018-11377
MISC
MISC
MISC
radare -- radare2
 
The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file.2018-05-22not yet calculatedCVE-2018-11378
MISC
MISC
radare -- radare2
 
The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.2018-05-22not yet calculatedCVE-2018-11376
MISC
MISC
radare -- radare2
 
The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.2018-05-22not yet calculatedCVE-2018-11375
MISC
MISC
radare -- radare2
 
The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted Mach-O file.2018-05-22not yet calculatedCVE-2018-11380
MISC
MISC
radare -- radare2
 
The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c.2018-05-22not yet calculatedCVE-2018-11383
MISC
MISC
radare -- radare2
 
The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.2018-05-22not yet calculatedCVE-2018-11381
MISC
MISC
radare -- radare2
 
The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.2018-05-22not yet calculatedCVE-2018-11382
MISC
MISC
radare -- radare2
 
The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file.2018-05-22not yet calculatedCVE-2018-11379
MISC
MISC
radio_thermostat -- ct50_and_ct80
 
The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat t_heat request that accesses a device purchased in the Spring of 2018, and sets a home's target temperature to 95 degrees Fahrenheit. This vulnerability might be described as an addendum to CVE-2013-4860.2018-05-20not yet calculatedCVE-2018-11315
MISC
readstat -- readstat
 
sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 0.1.1 has an infinite loop.2018-05-22not yet calculatedCVE-2018-11365
MISC
readstat -- readstat
 
sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in libreadstat.a in ReadStat 0.1.1 has a memory leak related to an iconv_open call.2018-05-22not yet calculatedCVE-2018-11364
MISC
sap -- internet_transaction_server
 
SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product.2018-05-24not yet calculatedCVE-2018-11415
MISC
EXPLOIT-DB
simplisafe -- simplisafe_original
 
In SimpliSafe Original, the Base Station fails to detect tamper attempts: it does not send a notification if a physically proximate attacker removes the battery and external power.2018-05-24not yet calculatedCVE-2018-11400
MISC
simplisafe -- simplisafe_original
 
SimpliSafe Original has Unencrypted Sensor Transmissions, which allows physically proximate attackers to obtain potentially sensitive information about the specific times when alarm-system events occur.2018-05-24not yet calculatedCVE-2018-11399
MISC
simplisafe -- simplisafe_original
 
SimpliSafe Original has Unencrypted Keypad Transmissions, which allows physically proximate attackers to discover the PIN.2018-05-24not yet calculatedCVE-2018-11402
MISC
simplisafe -- simplisafe_original
 
In SimpliSafe Original, RF Interference (e.g., an extremely strong 433.92 MHz signal) by a physically proximate attacker does not cause a notification.2018-05-24not yet calculatedCVE-2018-11401
MISC
skycaiji -- skycaiji
 
SkyCaiji 1.2 allows CSRF to add an Administrator user.2018-05-22not yet calculatedCVE-2018-11371
MISC
square_enix -- final_fantasy_xiv
 
ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on Windows is affected by Improper Enforcement of Message Integrity During Transmission in a Communication Channel, allowing a man-in-the-middle attacker to steal user credentials because a session retrieves global.js via http before proceeding to use https. This is fixed in Patch 4.3.2018-05-23not yet calculatedCVE-2018-7295
MISC
trend_micro -- email_encryption_gateway
 
A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formConfiguration class. Authentication is required to exploit this vulnerability.2018-05-23not yet calculatedCVE-2018-10352
CONFIRM
MISC
trend_micro -- email_encryption_gateway
 
An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to recover user passwords on vulnerable installations due to a flaw in the DBCrypto class. An attacker must first obtain access to the user database on the target system in order to exploit this vulnerability.2018-05-23not yet calculatedCVE-2018-10355
CONFIRM
MISC
trend_micro -- email_encryption_gateway
 
A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the LauncherServer. Authentication is required to exploit this vulnerability.2018-05-23not yet calculatedCVE-2018-10354
CONFIRM
MISC
trend_micro -- email_encryption_gateway
 
A SQL injection information disclosure vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to disclose sensitive information on vulnerable installations due to a flaw in the formChangePass class. Authentication is required to exploit this vulnerability.2018-05-23not yet calculatedCVE-2018-10353
CONFIRM
MISC
trend_micro -- email_encryption_gateway
 
A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Authentication is required to exploit this vulnerability.2018-05-23not yet calculatedCVE-2018-10351
CONFIRM
MISC
trend_micro -- email_encryption_gateway
 
A SQL injection remote code execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRequestDomains class. Authentication is required to exploit this vulnerability.2018-05-23not yet calculatedCVE-2018-10356
CONFIRM
MISC
trend_micro -- endpoint_application_control
 
A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. Authentication is required to exploit this vulnerability.2018-05-23not yet calculatedCVE-2018-10357
CONFIRM
MISC
trend_micro -- maximum_security
 
An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2018-05-25not yet calculatedCVE-2018-6235
CONFIRM
MISC
trend_micro -- maximum_security
 
A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222813 by the tmusa driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2018-05-25not yet calculatedCVE-2018-6236
CONFIRM
MISC
trend_micro -- maximum_security
 
A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222060 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2018-05-25not yet calculatedCVE-2018-6233
CONFIRM
MISC
trend_micro -- maximum_security
 
A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x22205C by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2018-05-25not yet calculatedCVE-2018-6232
CONFIRM
MISC
trend_micro -- maximum_security
 
An Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2018-05-25not yet calculatedCVE-2018-6234
CONFIRM
MISC
trend_micro -- smart_protection_server
 
A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation.2018-05-25not yet calculatedCVE-2018-6237
CONFIRM
MISC
trend_micro -- smart_protection_server
 
A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\_bwlists\_handler.php. Authentication is required in order to exploit this vulnerability.2018-05-25not yet calculatedCVE-2018-10350
CONFIRM
MISC

vim-syntastic/syntastic -- vim-syntastic/syntastic

 

Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a directory that is a parent of the base directory of the project being checked. NOTE: exploitation is more difficult after 3.8.0 because filename prediction may be needed.2018-05-20not yet calculatedCVE-2018-11319
MISC
MISC
MISC
vmware -- fusion
 
VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation.2018-05-22not yet calculatedCVE-2018-6962
BID
SECTRACK
CONFIRM
vmware -- workstation
 
VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine.2018-05-22not yet calculatedCVE-2018-6963
BID
SECTRACK
CONFIRM
windscribe -- windscribe
 
The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \\.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processes (like taskkill, etc.). There is no validation of the program name before constructing the lpCommandLine argument for a CreateProcess call. An attacker can run any malicious process with SYSTEM privileges through this named pipe.2018-05-25not yet calculatedCVE-2018-11479
MISC
windscribe -- windscribe
 
Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \\.\pipe\WindscribeService.2018-05-23not yet calculatedCVE-2018-11334
MISC
wireshark -- wireshark
 
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup.2018-05-22not yet calculatedCVE-2018-11358
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.2018-05-22not yet calculatedCVE-2018-11356
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.2018-05-22not yet calculatedCVE-2018-11357
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks.2018-05-22not yet calculatedCVE-2018-11355
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character.2018-05-22not yet calculatedCVE-2018-11362
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow.2018-05-22not yet calculatedCVE-2018-11360
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference.2018-05-22not yet calculatedCVE-2018-11359
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey.2018-05-22not yet calculatedCVE-2018-11361
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 
In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling.2018-05-22not yet calculatedCVE-2018-11354
CONFIRM
CONFIRM
CONFIRM
wordpress -- wordpress
 
init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting (XSS) because logging is mishandled. This is fixed in 1.4.0.2018-05-22not yet calculatedCVE-2018-11366
MISC
MISC
MISC
MISC
wuzhi_cms -- wuzhi_cms
 
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add.2018-05-26not yet calculatedCVE-2018-11493
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.