Vulnerability Summary for the Week of October 29, 2018
Released
Nov 05, 2018
Document ID
SB18-309
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no high vulnerabilities recorded this week. | ||||
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no medium vulnerabilities recorded this week. | ||||
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no low vulnerabilities recorded this week. | ||||
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| acme_labs -- mini_httpd | ACME mini_httpd before 1.30 lets remote users read arbitrary files. | 2018-10-29 | not yet calculated | CVE-2018-18778 MISC |
| advantech -- webaccess | WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API. | 2018-10-31 | not yet calculated | CVE-2018-15706 MISC |
| advantech -- webaccess | WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow condition that allows for arbitrary remote code execution. | 2018-10-29 | not yet calculated | CVE-2018-17910 BID SECTRACK MISC |
| advantech -- webaccess | Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things. | 2018-10-31 | not yet calculated | CVE-2018-15707 MISC |
| advantech -- webaccess | WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code. | 2018-10-29 | not yet calculated | CVE-2018-17908 BID SECTRACK MISC |
| advantech -- webaccess | WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code. | 2018-10-31 | not yet calculated | CVE-2018-15705 MISC |
| apache -- web_server | The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical. | 2018-10-31 | not yet calculated | CVE-2018-11759 MISC |
| apex-publish-static-files -- apex-publish-static-files | A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument. | 2018-10-30 | not yet calculated | CVE-2018-16462 MISC |
| artifex -- mupdf | There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool. | 2018-10-26 | not yet calculated | CVE-2018-18662 BID MISC MISC |
| asrock -- drivers | The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code. | 2018-10-30 | not yet calculated | CVE-2018-10711 EXPLOIT-DB MISC |
| asrock -- drivers | The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges. | 2018-10-30 | not yet calculated | CVE-2018-10712 EXPLOIT-DB MISC |
| asrock -- drivers | The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write CR register values. This could be leveraged in a number of ways to ultimately run code with elevated privileges. | 2018-10-30 | not yet calculated | CVE-2018-10709 EXPLOIT-DB MISC |
| asrock -- drivers | The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges. | 2018-10-30 | not yet calculated | CVE-2018-10710 EXPLOIT-DB MISC |
| bitdefender -- gravityzone_vmware | Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified vectors. | 2018-10-30 | not yet calculated | CVE-2017-8931 CONFIRM |
| catfish -- cms | A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33. | 2018-10-29 | not yet calculated | CVE-2018-18735 MISC |
| catfish -- cms | An XSS issue was discovered in catfish blog 2.0.33, related to "write source code." | 2018-10-29 | not yet calculated | CVE-2018-18736 MISC |
| catfish -- cms | A CSRF issue was discovered in admin/Index/addmanageuser.html in Catfish CMS 4.8.30. | 2018-10-29 | not yet calculated | CVE-2018-18734 MISC |
| catfish -- cms | An XSS issue was discovered in Catfish CMS 4.8.30, related to "write source code," a similar issue to CVE-2018-13999. | 2018-10-29 | not yet calculated | CVE-2018-18733 MISC |
| cesanta -- mongoose | An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. | 2018-10-29 | not yet calculated | CVE-2018-18765 MISC |
| cesanta -- mongoose | An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in a parse_mqtt getu16 call. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. | 2018-10-29 | not yet calculated | CVE-2018-18764 MISC MISC |
| circontrol -- circarlife | Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication. | 2018-11-02 | not yet calculated | CVE-2018-17922 MISC |
| circontrol -- circarlife | Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page. | 2018-11-02 | not yet calculated | CVE-2018-17918 MISC |
| cisco -- adaptive_security_appliance_and_firepower_threat_defense_software | A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of SIP traffic. An attacker could exploit this vulnerability by sending SIP requests designed to specifically trigger this issue at a high rate across an affected device. Software updates that address this vulnerability are not yet available. | 2018-11-01 | not yet calculated | CVE-2018-15454 BID CISCO |
| clarkgrubb -- data-tools | data-tools through 2017-07-26 has an Integer Overflow leading to an incorrect end value for the write_wchars function. | 2018-10-29 | not yet calculated | CVE-2018-18749 MISC |
| curl -- curl | Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. | 2018-10-31 | not yet calculated | CVE-2018-16842 SECTRACK CONFIRM MISC CONFIRM UBUNTU UBUNTU DEBIAN |
| curl -- curl | A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct. | 2018-10-31 | not yet calculated | CVE-2018-16840 SECTRACK CONFIRM MISC CONFIRM UBUNTU |
| curl -- curl | Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. | 2018-10-31 | not yet calculated | CVE-2018-16839 SECTRACK CONFIRM MISC CONFIRM UBUNTU DEBIAN |
| dedecms -- dedecms | DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter. | 2018-10-29 | not yet calculated | CVE-2018-18781 MISC |
| dedecms -- dedecms | Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter. | 2018-10-29 | not yet calculated | CVE-2018-18782 MISC |
| dell_emc -- integrated_data_protection_appliance | Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files. | 2018-11-02 | not yet calculated | CVE-2018-11062 BID FULLDISC |
| dkcms -- dkcms | admin/check.asp in DKCMS 9.4 allows SQL Injection via an ASPSESSIONID cookie to admin/admin.asp. | 2018-10-30 | not yet calculated | CVE-2018-18832 MISC MISC |
| doccms_2016 -- doccms_2016 | upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file. | 2018-10-30 | not yet calculated | CVE-2018-18835 MISC |
| douchat -- douchat | An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php calls simplexml_load_string. This can also be used for SSRF. | 2018-10-29 | not yet calculated | CVE-2018-18737 MISC |
| ee -- 4gee_hh70_router | An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 devices. Hardcoded root SSH credentials were discovered to be stored within the "core_app" binary utilised by the EE router for networking services. An attacker with knowledge of the default password (oelinux123) could login to the router via SSH as the root user, which could allow for the loss of confidentiality, integrity, and availability of the system. This would also allow for the bypass of the "AP Isolation" mode that is supported by the router, as well as the settings for multiple Wireless networks, which a user may use for guest clients. | 2018-10-30 | not yet calculated | CVE-2018-10532 MISC MISC |
| eleanor -- cms | An issue was discovered in Eleanor CMS through 2015-03-19. XSS exists via the ajax.php?direct=admin&file=autocomplete&query=[XSS] URI. | 2018-10-29 | not yet calculated | CVE-2018-18717 MISC |
| empirecms -- empirecms | EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter. | 2018-10-31 | not yet calculated | CVE-2018-18869 MISC |
| exiv2 -- exiv2 | There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack. | 2018-11-03 | not yet calculated | CVE-2018-18915 MISC |
| f5 -- big-ip | On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.6, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with the non-default "normalize URI" configuration options used in iRules and/or BIG-IP LTM policies. | 2018-10-31 | not yet calculated | CVE-2018-15319 CONFIRM |
| f5 -- big-ip | On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, in certain circumstances, when processing traffic through a Virtual Server with an associated MQTT profile, the TMM process may produce a core file and take the configured HA action. | 2018-10-31 | not yet calculated | CVE-2018-15323 CONFIRM |
| f5 -- big-ip | In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, iControl and TMSH usage by authenticated users may leak a small amount of memory when executing commands | 2018-10-31 | not yet calculated | CVE-2018-15325 CONFIRM |
| f5 -- big-ip | On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, undisclosed traffic patterns may lead to denial of service conditions for the BIG-IP system. The configuration which exposes this condition is the BIG-IP self IP address which is part of a VLAN group and has the Port Lockdown setting configured with anything other than "allow-all". | 2018-10-31 | not yet calculated | CVE-2018-15320 CONFIRM |
| f5 -- big-ip | In BIG-IP 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, or 12.1.3.4-12.1.3.6, if an MPTCP connection receives a HUDCTL_ABORT while the initial flow is not the primary flow, the initial flow will remain after the MP_FASTCLOSE procedure is complete. TMM may restart and produce a core file as a result of this condition. | 2018-10-31 | not yet calculated | CVE-2018-15318 CONFIRM |
| f5 -- big-ip_and_enterprise_manager | In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. | 2018-10-31 | not yet calculated | CVE-2018-15327 CONFIRM |
| f5 -- big-ip_apm | On BIG-IP APM 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, TMM may restart when processing a specially crafted request with APM portal access. | 2018-10-31 | not yet calculated | CVE-2018-15324 CONFIRM |
| f5 -- big-ip_apm | In some situations on BIG-IP APM 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.2, the CRLDP Auth access policy agent may treat revoked certificates as valid when the BIG-IP APM system fails to download a new Certificate Revocation List. | 2018-10-31 | not yet calculated | CVE-2018-15326 CONFIRM |
| f5 -- big-ip | In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, an attacker sending specially crafted SSL records to a SSL Virtual Server will cause corruption in the SSL data structures leading to intermittent decrypt BAD_RECORD_MAC errors. Clients will be unable to access the application load balanced by a virtual server with an SSL profile until tmm is restarted. | 2018-10-31 | not yet calculated | CVE-2018-15317 CONFIRM |
| f5 -- multiple_products | When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place to limit TMSH commands. This is possible with an administrator or resource administrator roles when granted TMSH. Resource administrator roles must have TMSH access in order to perform this attack. | 2018-10-31 | not yet calculated | CVE-2018-15321 CONFIRM |
| f5 -- multiple_products | On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 a BIG-IP user granted with tmsh access may cause the BIG-IP system to experience denial-of-service (DoS) when the BIG-IP user uses the tmsh utility to run the edit cli preference command and proceeds to save the changes to another filename repeatedly. This action utilises storage space on the /var partition and when performed repeatedly causes the /var partition to be full. | 2018-10-31 | not yet calculated | CVE-2018-15322 CONFIRM |
| foxit -- phantompdf | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF Phantom PDF 9.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within fxhtml2pdf. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6230. | 2018-10-29 | not yet calculated | CVE-2018-17706 CONFIRM MISC |
| foxit -- reader | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of OCG objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6435. | 2018-10-29 | not yet calculated | CVE-2018-17624 CONFIRM MISC |
| foxit -- reader | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of onFocus events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6335. | 2018-10-29 | not yet calculated | CVE-2018-17617 CONFIRM MISC |
| foxit -- reader | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6353. | 2018-10-29 | not yet calculated | CVE-2018-17620 CONFIRM MISC |
| foxit -- reader | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Validate events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6352. | 2018-10-29 | not yet calculated | CVE-2018-17619 CONFIRM MISC |
| foxit -- reader | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of onBlur events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6334. | 2018-10-29 | not yet calculated | CVE-2018-17616 CONFIRM MISC |
| foxit -- reader | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Selection Change events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6336. | 2018-10-29 | not yet calculated | CVE-2018-17618 CONFIRM MISC |
| foxit -- reader | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Format events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6355. | 2018-10-29 | not yet calculated | CVE-2018-17621 CONFIRM MISC |
| foxit -- reader | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate events. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6354. | 2018-10-29 | not yet calculated | CVE-2018-17622 CONFIRM MISC |
| foxit -- reader | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Link objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6434. | 2018-10-29 | not yet calculated | CVE-2018-17623 CONFIRM MISC |
| foxit -- reader | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Mouse Exit events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6333. | 2018-10-29 | not yet calculated | CVE-2018-17615 CONFIRM MISC |
| fr.sauter_ag -- case_suite | An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when processing parameter entities, which may allow remote file disclosure. | 2018-11-02 | not yet calculated | CVE-2018-17912 MISC |
| gnu -- binutils | An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm. | 2018-10-29 | not yet calculated | CVE-2018-18701 MISC |
| gnu -- binutils | An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm. | 2018-10-29 | not yet calculated | CVE-2018-18700 MISC |
| gnu -- gettext | An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt. | 2018-10-29 | not yet calculated | CVE-2018-18751 MISC MISC |
| gopro -- gpmf-parser | An issue was discovered in GoPro gpmf-parser 1.2.1. There is an out-of-bounds write in OpenMP4Source in GPMF_mp4reader.c. | 2018-10-29 | not yet calculated | CVE-2018-18699 MISC |
| grapixel -- new_media | Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter. | 2018-10-30 | not yet calculated | CVE-2018-18822 EXPLOIT-DB |
| green_electronics -- rainmachine_mini-8 | A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API. | 2018-11-01 | not yet calculated | CVE-2018-6907 MISC |
| green_electronics -- rainmachine_mini-8 | The time-based one-time-password (TOTP) function in the application logic of the Green Electronics RainMachine Mini-8 (2nd generation) uses the administrator's password hash to generate a 6-digit temporary passcode that can be used for remote and local access, aka a "Use of Password Hash Instead of Password for Authentication" issue. This is exploitable by an attacker who discovers a hash value in the rainmachine-settings.sqlite file. | 2018-11-01 | not yet calculated | CVE-2018-6011 MISC |
| green_electronics -- rainmachine_mini-8 | An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as demonstrated by retrieving credentials. | 2018-11-01 | not yet calculated | CVE-2018-6908 MISC |
| green_electronics -- rainmachine_mini-8 | A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request. | 2018-11-01 | not yet calculated | CVE-2018-6909 MISC |
| green_electronics -- rainmachine_mini-8 | A persistent Cross Site Scripting (XSS) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API. | 2018-11-01 | not yet calculated | CVE-2018-6906 MISC |
| green_electronics -- rainmachine_mini-8 | The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function. | 2018-11-01 | not yet calculated | CVE-2018-6012 MISC |
| gthumb -- gthumb | An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_themes_from_dir method in dlg-contact-sheet.c because of two successive calls of g_free, each of which frees the same buffer. | 2018-10-29 | not yet calculated | CVE-2018-18718 MISC |
| ibm -- daeja_viewone | IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150514. | 2018-11-02 | not yet calculated | CVE-2018-1835 CONFIRM XF |
| ibm -- infosphere_master_data_management_collaboration_server | IBM InfoSphere Master Data Management Collaboration Server 11.4, 11.5, and 11.6 could allow an authenticated user with CA level access to change change their ca-id to another users and read sensitive information. IBM X-Force ID: 138077. | 2018-10-29 | not yet calculated | CVE-2018-1380 XF CONFIRM |
| ibm -- quality_manager | IBM Quality Manager (RQM) 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132929. | 2018-11-02 | not yet calculated | CVE-2017-1609 CONFIRM XF |
| ibm -- rational_engineering_lifecycle_manager | IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150945. | 2018-11-02 | not yet calculated | CVE-2018-1846 CONFIRM XF |
| ibm -- robotic_process_automation_with_automation_anywhere | IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control Room log file after installation. IBM X-Force ID: 151707. | 2018-11-02 | not yet calculated | CVE-2018-1876 XF CONFIRM |
| ibm -- robotic_process_automation_with_automation_anywhere | IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. IBM X-Force ID: 151713. | 2018-11-02 | not yet calculated | CVE-2018-1877 CONFIRM XF |
| ibm -- robotic_process_automation_with_automation_anywhere | IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be uploaded to the control room. By uploading a malicious file and tricking a victim to run it, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 142889. | 2018-11-02 | not yet calculated | CVE-2018-1552 CONFIRM XF |
| ibm -- robotic_process_automation_with_automation_anywhere | IBM Robotic Process Automation with Automation Anywhere 11 could disclose sensitive information in a web request that could aid in future attacks against the system. IBM X-Force ID: 151714. | 2018-11-02 | not yet calculated | CVE-2018-1878 XF CONFIRM |
| ibm -- spectrum_protect_server | IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873. | 2018-11-02 | not yet calculated | CVE-2018-1788 CONFIRM XF |
| ibm -- team_concert | IBM Team Concert (RTC) 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148620. | 2018-10-29 | not yet calculated | CVE-2018-1766 CONFIRM XF |
| ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Cachemonitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148621. | 2018-10-29 | not yet calculated | CVE-2018-1767 SECTRACK XF CONFIRM |
| ibm -- websphere_application_server_liberty_openid_connect | IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit this vulnerability to execute arbitrary code. IBM X-Force ID: 150999. | 2018-10-31 | not yet calculated | CVE-2018-1851 XF CONFIRM |
| icms -- icms | spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion. | 2018-10-29 | not yet calculated | CVE-2018-18702 MISC |
| indusoft -- web_studio | InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. A remote attacker could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed. If InduSoft Web Studio remote communication security was not enabled, or a password was left blank, a remote user could send a carefully crafted packet to invoke an arbitrary process, with potential for code to be executed. The code would be executed under the privileges of the InduSoft Web Studio or InTouch Edge HMI runtime and could lead to a compromise of the InduSoft Web Studio or InTouch Edge HMI server machine. | 2018-11-02 | not yet calculated | CVE-2018-17916 MISC MISC |
| indusoft -- web_studio | InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as that of the InduSoft Web Studio or InTouch Edge HMI (formerly InTouch Machine Edition) runtime. | 2018-11-02 | not yet calculated | CVE-2018-17914 MISC MISC |
| interactive_advertising_bureau -- openrtb | The Interactive Advertising Bureau (IAB) OpenRTB 2.3 protocol implementation might allow remote attackers to conceal the status of ad transactions and potentially compromise bid integrity by leveraging failure to limit the time between bid responses and impression notifications, aka the Amnesia Bug. | 2018-10-30 | not yet calculated | CVE-2015-7266 MISC |
| iobit -- malware_fighter | RegFilter.sys in IOBit Malware Fighter 6.2 and earlier is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E010. This can lead to denial of service (DoS) or code execution with root privileges. | 2018-11-01 | not yet calculated | CVE-2018-18714 MISC |
| jasper -- jasper | An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c. | 2018-10-31 | not yet calculated | CVE-2018-18873 MISC |
| jboss -- bpm_suite | JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder (usually admins) to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of script code within the context of the affected user. | 2018-10-31 | not yet calculated | CVE-2016-6343 REDHAT BID REDHAT CONFIRM |
| laravelcms -- laravelcms | An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed. | 2018-10-31 | not yet calculated | CVE-2018-18888 MISC |
| leostream -- agent | The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API. | 2018-10-29 | not yet calculated | CVE-2018-18817 MISC |
| libav -- libav | There exists a NULL pointer dereference in ff_vc1_parse_frame_header_adv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafted aac file. | 2018-10-30 | not yet calculated | CVE-2018-18829 MISC |
| libav -- libav | There exists a heap-based buffer overflow in vc1_decode_i_block_adv in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file. | 2018-10-30 | not yet calculated | CVE-2018-18828 MISC |
| libav -- libav | There exists a heap-based buffer over-read in ff_vc1_pred_dc in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file. | 2018-10-30 | not yet calculated | CVE-2018-18827 MISC |
| libav -- libav | There exists a heap-based buffer overflow in vc1_decode_p_mb_intfi in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file. | 2018-10-30 | not yet calculated | CVE-2018-18826 MISC |
| libexif -- libexif | A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data). | 2018-10-31 | not yet calculated | CVE-2016-6328 CONFIRM |
| libiec61850 -- libiec61850 | An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. | 2018-10-30 | not yet calculated | CVE-2018-18834 MISC MISC |
| libnmapp -- libnmapp | A command injection vulnerability in libnmapp package for versions <0.4.16 allows arbitrary commands to be executed via arguments to the range options. | 2018-10-30 | not yet calculated | CVE-2018-16461 MISC |
| libsdl -- sdl_image | An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | 2018-11-01 | not yet calculated | CVE-2018-3977 MISC |
| libtiff -- libtiff | An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c. | 2018-10-26 | not yet calculated | CVE-2018-18661 MISC BID |
| linux -- kernel | Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19. | 2018-10-30 | not yet calculated | CVE-2018-18281 MISC MLIST BID MISC CONFIRM CONFIRM CONFIRM CONFIRM |
| linux -- kernel | In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form. | 2018-10-26 | not yet calculated | CVE-2018-18690 MISC BID MISC MISC MISC |
| linux -- kernel | An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658. | 2018-10-29 | not yet calculated | CVE-2018-18710 MISC MISC |
| linux -- kernel | The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace. | 2018-10-26 | not yet calculated | CVE-2018-6559 BID CONFIRM CONFIRM CONFIRM |
| lulu -- cms | An issue was discovered in LuLu CMS through 2015-05-14. backend\modules\filemanager\controllers\DefaultController.php allows arbitrary file upload by entering a filename, directory name, and PHP code into the three text input fields. | 2018-10-29 | not yet calculated | CVE-2018-18771 MISC |
| m2soft -- report_designer_viewer | M2SOFT Report Designer Viewer 5.0 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via a crafted MRD file. | 2018-11-01 | not yet calculated | CVE-2018-18695 MISC |
| mantisbt -- mantisbt | A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name. | 2018-10-30 | not yet calculated | CVE-2018-17783 CONFIRM CONFIRM |
| mantisbt -- mantisbt | A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name. | 2018-10-30 | not yet calculated | CVE-2018-17782 CONFIRM CONFIRM |
| mcms -- mcms | An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercept the data packet. In the name parameter, change the suffix to jsp. In the response, the server returns the storage path of the file, which can be accessed to execute arbitrary JSP code. | 2018-10-30 | not yet calculated | CVE-2018-18830 MISC |
| merge_package -- merge_package | The merge.recursive function in the merge package v <1.2 can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a denial of service attack. | 2018-10-30 | not yet calculated | CVE-2018-16469 MISC |
| microstrategy -- web | Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product. | 2018-11-01 | not yet calculated | CVE-2018-18777 MISC EXPLOIT-DB |
| microstrategy -- web | Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product. | 2018-11-01 | not yet calculated | CVE-2018-18776 MISC EXPLOIT-DB |
| microstrategy -- web | Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product. | 2018-11-01 | not yet calculated | CVE-2018-18775 MISC EXPLOIT-DB |
| mingsoft -- mcms | An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5. An attacker can write a .jsp file (in the position parameter) to an arbitrary directory via a ../ Directory Traversal in the url parameter. | 2018-10-30 | not yet calculated | CVE-2018-18831 MISC |
| minicms -- minicms | MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php. | 2018-10-31 | not yet calculated | CVE-2018-18892 MISC MISC |
| minicms -- minicms | MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename. | 2018-10-31 | not yet calculated | CVE-2018-18890 MISC MISC |
| minicms -- minicms | MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late. | 2018-10-31 | not yet calculated | CVE-2018-18891 MISC MISC |
| monstra -- cms | admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote authenticated administrators to trigger stored XSS via JavaScript content in a file whose name lacks an extension. Such a file is interpreted as text/html in certain cases. | 2018-10-29 | not yet calculated | CVE-2018-18694 MISC |
| nc-cms -- nc-cms | nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=file_manager_upload URI. | 2018-10-31 | not yet calculated | CVE-2018-18874 MISC |
| netgain -- enterprise_manager | NetGain Enterprise Manager (EM) is affected by OS Command Injection vulnerabilities in versions before 10.0.57. These vulnerabilities could allow remote authenticated attackers to inject arbitrary code, resulting in remote code execution. | 2018-11-01 | not yet calculated | CVE-2018-10587 MISC |
| netgain -- enterprise_manager | NetGain Enterprise Manager (EM) is affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities in versions before 10.1.12. | 2018-11-01 | not yet calculated | CVE-2018-10586 MISC |
| nextcloud -- server | A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password. | 2018-10-30 | not yet calculated | CVE-2018-16464 MISC MISC |
| nextcloud -- server | Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load. | 2018-10-30 | not yet calculated | CVE-2018-16465 MISC MISC |
| nextcloud -- server | A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares. | 2018-10-30 | not yet calculated | CVE-2018-16467 MISC MISC |
| nextcloud -- server | Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens. | 2018-10-30 | not yet calculated | CVE-2018-16466 MISC MISC |
| nextcloud -- server | A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares. | 2018-10-30 | not yet calculated | CVE-2018-16463 MISC MISC |
| no-cms -- no-cms | No-CMS 1.1.3 is prone to Persistent XSS via a contact_us name parameter, as demonstrated by the VG48Z5PqVWname parameter. | 2018-10-31 | not yet calculated | CVE-2018-18868 MISC |
| octopus -- deploy | In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes could upload a maliciously crafted YAML configuration, potentially allowing for remote execution of arbitrary code, running in the same context as the Octopus Server (for self-hosted installations by default, SYSTEM). | 2018-10-30 | not yet calculated | CVE-2018-18850 MISC |
| openssl -- dsa | The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a-dev (Affected 1.1.1). Fixed in OpenSSL 1.1.0j-dev (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q-dev (Affected 1.0.2-1.0.2p). | 2018-10-30 | not yet calculated | CVE-2018-0734 BID CONFIRM CONFIRM CONFIRM CONFIRM |
| openssl -- ecdsa | The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j-dev (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a-dev (Affected 1.1.1). | 2018-10-29 | not yet calculated | CVE-2018-0735 BID SECTRACK CONFIRM CONFIRM CONFIRM |
| openstack-mistral -- openstack-mistral | A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh private_key_filename can take an absolute path, it can be used to assess whether or not a file exists on the executor's filesystem. | 2018-11-02 | not yet calculated | CVE-2018-16849 CONFIRM CONFIRM |
| pagoda -- linux_panel | Pagoda Linux panel V6.0 has XSS via the verification code associated with an invalid account login. A crafted code is mishandled during rendering of the login log. | 2018-10-30 | not yet calculated | CVE-2018-18825 MISC |
| phptpoint -- hospital_management_system | PhpTpoint hospital management system suffers from multiple SQL injection vulnerabilities via the index.php user parameter associated with LOGIN.php, or the rno parameter to ALIST.php, DUNDEL.php, PDEL.php, or PUNDEL.php. | 2018-10-29 | not yet calculated | CVE-2018-18705 MISC |
| phptpoint -- mailing_server_using_file_handling | PhpTpoint Mailing Server Using File Handling 1.0 suffers from multiple Arbitrary File Read vulnerabilities in different sections that allow an attacker to read sensitive files on the system via directory traversal, bypassing the login page, as demonstrated by the Mailserver_filesystem/home.php coninb, consent, contrsh, condrft, or conspam parameter. | 2018-10-29 | not yet calculated | CVE-2018-18703 MISC |
| phptpoint -- pharmacy_management_system | PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php username parameter. | 2018-10-29 | not yet calculated | CVE-2018-18704 EXPLOIT-DB |
| phpyun -- phpyum | The function down_sql_action() in /admin/model/database.class.php in PHPYun 4.6 allows remote attackers to read arbitrary files via directory traversal in an m=database&c=down_sql&name=../ URI. | 2018-10-29 | not yet calculated | CVE-2018-18713 MISC MISC |
| pivotal -- operations_manager | Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client with administrator privileges for Opsman. | 2018-11-02 | not yet calculated | CVE-2018-15762 CONFIRM |
| playsms -- playsms | playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse. | 2018-10-29 | not yet calculated | CVE-2018-18387 MISC |
| poppler -- poppler | An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. | 2018-11-02 | not yet calculated | CVE-2018-18897 MISC |
| powerdns -- authoritative_server | An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary. | 2018-11-01 | not yet calculated | CVE-2016-2120 CONFIRM DEBIAN |
| projectsend -- r582 | ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=1, or process-zip-download.php, or add_user_form_* parameters to users-add.php. | 2018-10-29 | not yet calculated | CVE-2016-10732 MISC |
| projectsend -- r582 | ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip-download.php query string. | 2018-10-29 | not yet calculated | CVE-2016-10733 MISC |
| projectsend -- r582 | ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php. | 2018-10-29 | not yet calculated | CVE-2016-10734 MISC |
| projectsend -- r582 | ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selected_clients, clients.php with the request parameter status, process-zip-download.php with the request parameter file, or home-log.php with the request parameter action. | 2018-10-29 | not yet calculated | CVE-2016-10731 MISC |
| python-kdcproxy -- python-kdcproxy | python-kdcproxy before 0.3.2 allows remote attackers to cause a denial of service via a large POST request. | 2018-10-30 | not yet calculated | CVE-2015-5159 CONFIRM CONFIRM |
| qemu -- qemu | An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process. | 2018-11-02 | not yet calculated | CVE-2018-16847 CONFIRM MISC MLIST |
| qualcomm -- snapdragon | Improper input validation leads to buffer overwrite in the WLAN function that handles WMI commands in Snapdragon Mobile in version SD 835, SD 845, SD 850. | 2018-10-29 | not yet calculated | CVE-2018-11856 CONFIRM |
| qualcomm -- snapdragon | Improper input validation leads to buffer overwrite in the WLAN function that handles WLAN roam buffer in Snapdragon Mobile in version SD 845. | 2018-10-29 | not yet calculated | CVE-2018-11873 CONFIRM |
| qualcomm -- snapdragon | Integer overflow may happen when calculating an internal structure size due to lack of validation of the input length in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016. | 2018-10-29 | not yet calculated | CVE-2018-11865 CONFIRM |
| qualcomm -- snapdragon | Improper input validation leads to buffer overwrite in the WLAN function that handles WMI commands in Snapdragon Mobile in version SD 845, SD 850, SDA660 | 2018-10-29 | not yet calculated | CVE-2018-11872 CONFIRM |
| qualcomm -- snapdragon | Buffer overwrite can happen in WLAN function while processing set pdev parameter command due to lack of input validation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016. | 2018-10-29 | not yet calculated | CVE-2018-11871 CONFIRM |
| qualcomm -- snapdragon | Buffer overwrite can occur when the legacy rates count received from the host is not checked against the maximum number of legacy rates in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20. | 2018-10-29 | not yet calculated | CVE-2018-11870 CONFIRM |
| qualcomm -- snapdragon | Lack of buffer length check before copying in WLAN function while processing FIPS event, can lead to a buffer overflow in Snapdragon Mobile in version SD 845. | 2018-10-29 | not yet calculated | CVE-2018-11867 CONFIRM |
| qualcomm -- snapdragon | Integer overflow may happen in WLAN when calculating an internal structure size due to lack of validation of the input length in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016. | 2018-10-29 | not yet calculated | CVE-2018-11866 CONFIRM |
| qualcomm -- snapdragon | When processing IE set command, buffer overwrite may occur due to lack of input validation of the IE length in Snapdragon Mobile in version SD 835, SD 845, SD 850. | 2018-10-29 | not yet calculated | CVE-2018-11858 CONFIRM |
| qualcomm -- snapdragon | Buffer overflow can happen in WLAN module due to lack of validation of the input length in Snapdragon Mobile in version SD 845, SD 850, SDA660. | 2018-10-29 | not yet calculated | CVE-2018-11862 CONFIRM |
| qualcomm -- snapdragon | Buffer overflow can happen in WLAN function due to lack of validation of the input length in Snapdragon Mobile in version SD 845, SD 850, SDA660. | 2018-10-29 | not yet calculated | CVE-2018-11861 CONFIRM |
| qualcomm -- snapdragon | Buffer overwrite can happen in WLAN due to lack of validation of the input length in Snapdragon Mobile in version SD 845, SD 850. | 2018-10-29 | not yet calculated | CVE-2018-11859 CONFIRM |
| qualcomm -- snapdragon | Improper input validation in WLAN encrypt/decrypt module can lead to a buffer copy in Snapdragon Mobile in version SD 835, SD 845, SD 850 | 2018-10-29 | not yet calculated | CVE-2018-11857 CONFIRM |
| qualcomm -- snapdragon | Lack of check of buffer size before copying in a WLAN function can lead to a buffer overflow in Snapdragon Mobile in version SD 845, SD 850. | 2018-10-29 | not yet calculated | CVE-2018-11875 CONFIRM |
| qualcomm -- snapdragon | Lack of input validation while copying to buffer in WLAN will lead to a buffer overflow in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. | 2018-10-29 | not yet calculated | CVE-2018-11876 CONFIRM |
| qualcomm -- snapdragon | Buffer overflow if the length of passphrase is more than 32 when setting up secure NDP connection in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. | 2018-10-29 | not yet calculated | CVE-2018-11874 CONFIRM |
| qualcomm -- snapdragon | Incorrect bound check can lead to potential buffer overwrite in WLAN controller in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. | 2018-10-29 | not yet calculated | CVE-2018-11882 CONFIRM |
| qualcomm -- snapdragon | When the buffer length passed is very large, bounds check could be bypassed leading to potential buffer overwrite in Snapdragon Mobile in version SD 845 | 2018-10-29 | not yet calculated | CVE-2018-11879 CONFIRM |
| qualcomm -- snapdragon | Improper input validation leads to buffer overflow while processing network list offload command in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660 | 2018-10-29 | not yet calculated | CVE-2018-11884 CONFIRM |
| qualcomm -- snapdragon | Incorrect bound check can lead to potential buffer overwrite in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. | 2018-10-29 | not yet calculated | CVE-2018-11880 CONFIRM |
| qualcomm -- snapdragon | When the buffer length passed is very large in WLAN, bounds check could be bypassed leading to potential buffer overwrite in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. | 2018-10-29 | not yet calculated | CVE-2018-11877 CONFIRM |
| qualcomm -- snapdragon | A micro-core of QMP transportation may cause a macro-core to read from or write to arbitrary memory in Snapdragon Mobile in version SD 845, SD 850. | 2018-10-26 | not yet calculated | CVE-2017-18309 SECTRACK CONFIRM |
| qualcomm -- snapdragon | A bool variable in Video function, which gets typecasted to int before being read could result in an out of bound read access in all Android releases from CAF using the linux kernel | 2018-10-29 | not yet calculated | CVE-2017-18281 SECTRACK CONFIRM |
| qualcomm -- snapdragon | Modem segments are unlocked after authentication, leaving modem segments open to all in Snapdragon Mobile, Snapdragon Wear in version MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430 | 2018-10-26 | not yet calculated | CVE-2017-18308 SECTRACK CONFIRM |
| qualcomm -- snapdragon | ClientEnv exposes services 0-32 to HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016 | 2018-10-26 | not yet calculated | CVE-2017-18310 SECTRACK CONFIRM |
| qualcomm -- snapdragon | When a series of FDAL messages are sent to the modem, a Use After Free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20. | 2018-10-26 | not yet calculated | CVE-2018-11305 SECTRACK CONFIRM |
| redhat -- cloudforms_management_engine | A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as. | 2018-10-31 | not yet calculated | CVE-2016-5402 REDHAT BID CONFIRM |
| redhat -- glusterfs | It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service. | 2018-10-31 | not yet calculated | CVE-2018-14661 REDHAT REDHAT CONFIRM |
| redhat -- glusterfs | A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node. | 2018-11-01 | not yet calculated | CVE-2018-14660 REDHAT REDHAT CONFIRM |
| redhat -- glusterfs | The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory. | 2018-10-31 | not yet calculated | CVE-2018-14659 REDHAT REDHAT CONFIRM |
| redhat -- glusterfs | The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service. | 2018-10-31 | not yet calculated | CVE-2018-14652 REDHAT REDHAT CONFIRM |
| redhat -- glusterfs | The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server. | 2018-10-31 | not yet calculated | CVE-2018-14654 REDHAT REDHAT CONFIRM |
| redhat -- glusterfs | The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact. | 2018-10-31 | not yet calculated | CVE-2018-14653 REDHAT REDHAT CONFIRM |
| redhat -- glusterfs | It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths. | 2018-10-31 | not yet calculated | CVE-2018-14651 REDHAT REDHAT CONFIRM |
| redhat -- openstack_platform | A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information. | 2018-10-31 | not yet calculated | CVE-2016-2121 BID REDHAT CONFIRM |
| ruby -- loofah_gem | In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. | 2018-10-30 | not yet calculated | CVE-2018-16468 MISC |
| s-cms -- s-cms | S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field). | 2018-10-31 | not yet calculated | CVE-2018-18887 MISC |
| samba -- samba | It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. | 2018-10-31 | not yet calculated | CVE-2016-2125 REDHAT REDHAT REDHAT REDHAT BID SECTRACK REDHAT CONFIRM CONFIRM |
| samba -- samba | A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation. | 2018-11-01 | not yet calculated | CVE-2016-2123 BID SECTRACK CONFIRM CONFIRM |
| sandboxie -- sandboxie | Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), within a .py file. | 2018-10-29 | not yet calculated | CVE-2018-18748 MISC |
| schneider_electric -- modicon_m221 | A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device. | 2018-11-02 | not yet calculated | CVE-2018-7798 CONFIRM |
| schneider_electric -- schneider_electric_software_update | A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file. | 2018-11-02 | not yet calculated | CVE-2018-7799 MISC CONFIRM |
| semcms -- semcms | XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexkey parameter. | 2018-10-30 | not yet calculated | CVE-2018-18841 MISC |
| semcms -- semcms | An XSS issue was discovered in SEMCMS 3.4 via the first input field to the admin/SEMCMS_Link.php?lgid=1 URI. | 2018-10-29 | not yet calculated | CVE-2018-18740 MISC |
| semcms -- semcms | An XSS issue was discovered in SEMCMS 3.4 via the second text field to the admin/SEMCMS_Categories.php?pid=1&lgid=1 URI. | 2018-10-29 | not yet calculated | CVE-2018-18743 MISC |
| semcms -- semcms | An XSS issue was discovered in SEMCMS 3.4 via the fifth text box to the admin/SEMCMS_Main.php URI. | 2018-10-29 | not yet calculated | CVE-2018-18744 MISC |
| semcms -- semcms | An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Menu.php?lgid=1 during editing. | 2018-10-29 | not yet calculated | CVE-2018-18745 MISC |
| semcms -- semcms | An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Download.php?lgid=1 during editing. | 2018-10-29 | not yet calculated | CVE-2018-18741 MISC |
| semcms -- semcms | An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Products.php?lgid=1 Keywords field. | 2018-10-29 | not yet calculated | CVE-2018-18739 MISC |
| semcms -- semcms | A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI. | 2018-10-29 | not yet calculated | CVE-2018-18742 MISC |
| semcms -- semcms | XSS was discovered in SEMCMS V3.4 via the semcms_remail.php?type=ok umail parameter. | 2018-10-29 | not yet calculated | CVE-2018-18783 MISC |
| semcms -- semcms | XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexmetatit parameter. | 2018-10-30 | not yet calculated | CVE-2018-18840 MISC |
| semcms -- semcms | An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Categories.php?pid=1&lgid=1 category_key parameter. | 2018-10-29 | not yet calculated | CVE-2018-18738 MISC |
| spray-json -- spray-json | Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of many JSON object fields (with keys that have the same hash code). | 2018-10-31 | not yet calculated | CVE-2018-18854 MISC |
| spray-json -- spray-json | Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of a field composed of many decimal digits. | 2018-10-31 | not yet calculated | CVE-2018-18853 MISC |
| synology -- diskstation_manager | Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter. | 2018-10-31 | not yet calculated | CVE-2018-13281 CONFIRM |
| synology -- photo_station | Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter. | 2018-10-31 | not yet calculated | CVE-2018-13282 CONFIRM |
| systemd -- systemd | A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239. | 2018-10-26 | not yet calculated | CVE-2018-15686 BID MISC GENTOO EXPLOIT-DB |
| systemd -- systemd | A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239. | 2018-10-26 | not yet calculated | CVE-2018-15687 BID MISC GENTOO EXPLOIT-DB |
| systemd -- systemd | A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239. | 2018-10-26 | not yet calculated | CVE-2018-15688 BID MISC GENTOO |
| tecrail -- responsive_filemanager | An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495. | 2018-10-31 | not yet calculated | CVE-2018-18867 MISC |
| tenda -- multiple_products | An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. They allow remote code execution via shell metacharacters in the usbName field to the __fastcall function with a POST request. | 2018-10-29 | not yet calculated | CVE-2018-18728 MISC |
| tenda -- multiple_products | An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "firewallEn" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. | 2018-10-29 | not yet calculated | CVE-2018-18709 MISC |
| tenda -- multiple_products | An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. | 2018-10-29 | not yet calculated | CVE-2018-18732 MISC |
| tenda -- multiple_products | An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceMac' parameter for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. | 2018-10-29 | not yet calculated | CVE-2018-18731 MISC |
| tenda -- multiple_products | An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters for a post request, each value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. | 2018-10-29 | not yet calculated | CVE-2018-18730 MISC |
| tenda -- multiple_products | An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the 'mac' parameter for a post request, the value is directly used in a strcpy to a variable placed on the heap, which can leak sensitive information or even hijack program control flow. | 2018-10-29 | not yet calculated | CVE-2018-18729 MISC |
| tenda -- multiple_products | An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromDhcpListClient" for a request, it is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. | 2018-10-29 | not yet calculated | CVE-2018-18706 MISC |
| tenda -- multiple_products | An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "ssid" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. | 2018-10-29 | not yet calculated | CVE-2018-18707 MISC |
| tenda -- multiple_products | An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromAddressNat" for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. | 2018-10-29 | not yet calculated | CVE-2018-18708 MISC |
| tenda -- multiple_products | An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceList' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. | 2018-10-29 | not yet calculated | CVE-2018-18727 MISC |
| tenda -- multiple_products | An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. | 2018-10-30 | not yet calculated | CVE-2018-14558 MISC |
| typecho -- typecho | Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF. | 2018-10-29 | not yet calculated | CVE-2018-18753 MISC |
| vanilla -- vanilla | Vanilla 2.6.x before 2.6.4 allows remote code execution. | 2018-11-03 | not yet calculated | CVE-2018-18903 MISC MISC |
| vecna -- vgo_robot | VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) connected to the VGo XAMPP. User accounts may be able to execute commands that are outside the scope of their privileges and within the scope of an admin account. If an attacker has access to VGo XAMPP Client credentials, they may be able to execute admin commands on the connected robot. | 2018-10-30 | not yet calculated | CVE-2018-17933 MISC |
| vecna -- vgo_robot | If an attacker has physical access to the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to alter scripts, which may allow code execution with root privileges. | 2018-10-30 | not yet calculated | CVE-2018-17931 MISC |
| vecna -- vgo_robot | If an attacker has access to the firmware from the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to extract credentials. | 2018-10-30 | not yet calculated | CVE-2018-8858 MISC |
| webiness -- inventory | Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter. | 2018-10-29 | not yet calculated | CVE-2018-18752 MISC |
| wuzhi -- cms | An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's username via index.php?m=member&f=index&v=edit&uid=1. | 2018-10-29 | not yet calculated | CVE-2018-18712 MISC |
| wuzhi -- cms | An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's password via index.php?m=core&f=panel&v=edit_info. | 2018-10-29 | not yet calculated | CVE-2018-18711 MISC |
| xen -- xen | An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is not properly restricted. | 2018-10-31 | not yet calculated | CVE-2018-18883 SECTRACK MISC |
| xheditor -- xheditor | xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view. | 2018-11-03 | not yet calculated | CVE-2018-18909 MISC |
| yi -- home_camera_27us | An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. An attacker can make the camera scan a QR code to trigger this vulnerability. Alternatively, a user could be convinced to display a QR code from the internet to their camera, which could exploit this vulnerability. | 2018-11-01 | not yet calculated | CVE-2018-3900 MISC |
| yi -- home_camera_27us | An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D. An attacker can sniff network traffic to exploit this vulnerability. | 2018-11-01 | not yet calculated | CVE-2018-3947 MISC |
| yi -- home_camera_27us | An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability. | 2018-11-01 | not yet calculated | CVE-2018-3928 MISC |
| yi -- home_camera_27us | An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of packets to trigger this vulnerability. | 2018-11-02 | not yet calculated | CVE-2018-3934 MISC |
| yi -- home_camera_27us | An exploitable code execution vulnerability exists in the firmware update functionality of the Yi Home Camera 27US 1.8.7.0D. A specially crafted 7-Zip file can cause a CRC collision, resulting in a firmware update and code execution. An attacker can insert an SDcard to trigger this vulnerability. | 2018-11-02 | not yet calculated | CVE-2018-3920 MISC |
| yi -- home_camera_27us | An exploitable code execution vulnerability exists in the UDP network functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can allocate unlimited memory, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability. | 2018-11-02 | not yet calculated | CVE-2018-3935 MISC |
| yi -- home_camera_27us | An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted SSID can cause a command injection, resulting in code execution. An attacker can cause a camera to connect to this SSID to trigger this vulnerability. Alternatively, an attacker can convince a user to connect their camera to this SSID. | 2018-11-01 | not yet calculated | CVE-2018-3910 MISC |
| yi -- home_camera_27us | An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw and command injection, resulting in code execution. An attacker can insert an SD card to trigger this vulnerability. | 2018-11-02 | not yet calculated | CVE-2018-3890 MISC |
| yi -- home_camera_27us | An exploitable firmware downgrade vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw, resulting in a firmware downgrade. An attacker can insert an SD card to trigger this vulnerability. | 2018-11-02 | not yet calculated | CVE-2018-3891 MISC |
| yi -- home_camera_27us | An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can intercept and alter network traffic to trigger this vulnerability. | 2018-11-02 | not yet calculated | CVE-2018-3892 MISC |
| yi -- home_camera_27us | An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return address from the ssid_dst field. | 2018-11-02 | not yet calculated | CVE-2018-3898 MISC |
| yi -- home_camera_27us | An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return address from the password_dst field | 2018-11-02 | not yet calculated | CVE-2018-3899 MISC |
| yunucms -- yunucms | An XSS issue was discovered in admin/banner/editbanner?id=20 in YUNUCMS 1.1.5. | 2018-10-29 | not yet calculated | CVE-2018-18725 MISC |
| yunucms -- yunucms | An XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1.5. | 2018-10-29 | not yet calculated | CVE-2018-18721 MISC |
| yunucms -- yunucms | An XSS issue was discovered in admin/content/editcontent?id=29&gopage=1 in YUNUCMS 1.1.5. | 2018-10-29 | not yet calculated | CVE-2018-18722 MISC |
| yunucms -- yunucms | An XSS issue was discovered in index.php/admin/area/editarea/id/110000 in YUNUCMS 1.1.5. | 2018-10-29 | not yet calculated | CVE-2018-18723 MISC |
| yunucms -- yunucms | An XSS issue was discovered in index.php/admin/category/editcategory?id=73 in YUNUCMS 1.1.5. | 2018-10-29 | not yet calculated | CVE-2018-18724 MISC |
| yunucms -- yunucms | An XSS issue was discovered in admin/sitelink/editsitelink?id=16 in YUNUCMS 1.1.5. | 2018-10-29 | not yet calculated | CVE-2018-18726 MISC |
| yunucms -- yunucms | An XSS issue was discovered in index.php/admin/system/basic in YUNUCMS 1.1.5. | 2018-10-29 | not yet calculated | CVE-2018-18720 MISC |
| z-blogphp -- z-blogphp | CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code. | 2018-10-30 | not yet calculated | CVE-2018-18842 MISC MISC |
| zte -- zxr10_8905e | All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attackers to spoof connections. | 2018-11-01 | not yet calculated | CVE-2018-7356 CONFIRM |
| zyxel -- vmg3312-b10b_devices | ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file. | 2018-10-29 | not yet calculated | CVE-2018-18754 MISC |
| zzcms -- zzcms | An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie. | 2018-10-29 | not yet calculated | CVE-2018-18791 MISC |
| zzcms -- zzcms | An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php. | 2018-10-29 | not yet calculated | CVE-2018-18789 MISC |
| zzcms -- zzcms | An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.) | 2018-10-29 | not yet calculated | CVE-2018-18788 MISC |
| zzcms -- zzcms | An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie. | 2018-10-29 | not yet calculated | CVE-2018-18787 MISC |
| zzcms -- zzcms | An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php. | 2018-10-29 | not yet calculated | CVE-2018-18785 MISC |
| zzcms -- zzcms | An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.) | 2018-10-29 | not yet calculated | CVE-2018-18784 MISC |
| zzcms -- zzcms | An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie. | 2018-10-29 | not yet calculated | CVE-2018-18786 MISC |
| zzcms -- zzcms | An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.) | 2018-10-29 | not yet calculated | CVE-2018-18790 MISC |
| zzcms -- zzcms | An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie. | 2018-10-29 | not yet calculated | CVE-2018-18792 MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.