Vulnerability Summary for the Week of November 5, 2018

Nov 12, 2018
Document ID

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.


High Vulnerabilities

Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.

Back to top


Medium Vulnerabilities

Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no medium vulnerabilities recorded this week.

Back to top


Low Vulnerabilities

Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.

Back to top


Severity Not Yet Assigned

Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- hiveIn Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.2018-11-08not yet calculatedCVE-2018-11777
apache -- hiveIn Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics.2018-11-08not yet calculatedCVE-2018-1314
apache -- syncopeAn administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution.2018-11-06not yet calculatedCVE-2018-17186
apache-- supersetVersions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation.2018-11-07not yet calculatedCVE-2018-8021
atlassian -- sourcetree_for_macosThere was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.2018-11-05not yet calculatedCVE-2018-13396
atlassian -- sourcetree_for_windowsThere was an argument injection vulnerability in Sourcetree for Windows from version before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system.2018-11-05not yet calculatedCVE-2018-13397
axtls -- axtlsIn sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification blindly trusts the declared lengths in the ASN.1 structure. Consequently, when small public exponents are being used, a remote attacker can generate purposefully crafted signatures (and put them on X.509 certificates) to induce illegal memory access and crash the verifier.2018-11-07not yet calculatedCVE-2018-16149
axtls -- axtlsIn sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not reject excess data after the hash value. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation through fake X.509 certificates. This is a variant of CVE-2006-4340.2018-11-07not yet calculatedCVE-2018-16150
axtls -- axtlsIn sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not properly verify the ASN.1 metadata. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation through fake X.509 certificates. This is an even more permissive variant of CVE-2006-4790 and CVE-2014-1568.2018-11-07not yet calculatedCVE-2018-16253
bagesoft/bagecms -- bagesoft/bagecmsIn BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges.2018-11-08not yet calculatedCVE-2018-19104
basercms -- basercmsAn issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the data[UploaderCategory][name] parameter to an admin/uploader/uploader_categories/edit URI.2018-11-05not yet calculatedCVE-2018-18943
basercms -- basercmsIn baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter.2018-11-05not yet calculatedCVE-2018-18942
brocade_communication_systems -- fabricA Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.2018-11-08not yet calculatedCVE-2018-6437
brocade_communication_systems -- fabricA Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.2018-11-08not yet calculatedCVE-2018-6436
brocade_communication_systems -- fabricA Vulnerability in the supportsave command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.2018-11-08not yet calculatedCVE-2018-6438
brocade_communication_systems -- fabricA vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote authenticated attackers to execute arbitrary commands.2018-11-08not yet calculatedCVE-2018-6442
brocade_communication_systems -- fabricA vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass the restricted configuration shell.2018-11-08not yet calculatedCVE-2018-6441
brocade_communication_systems -- fabricA Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, and gain root access.2018-11-08not yet calculatedCVE-2018-6435
brocade_communication_systems -- fabricA vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to bypass the export file access restrictions and initiate a file copy from the source to a remote system.2018-11-08not yet calculatedCVE-2018-6433
brocade_communication_systems -- fabricA vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to intercept or manipulate a user's session ID.2018-11-08not yet calculatedCVE-2018-6434
circontrol -- circarlifeCircontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page.2018-11-02not yet calculatedCVE-2018-17918
circontrol -- circarlifeCircontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication.2018-11-02not yet calculatedCVE-2018-17922
cisco -- content_security_management_applianceA vulnerability in the web-based management interface of Cisco Content Security Management Appliance (SMA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.2018-11-08not yet calculatedCVE-2018-15393
cisco -- energy_management_suite_softwareA vulnerability in the web-based management interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user.2018-11-08not yet calculatedCVE-2018-15445
cisco -- energy_management_suite_softwareA vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by convincing a user of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files within the affected application.2018-11-08not yet calculatedCVE-2018-15444
cisco -- firepower_system_softwareA vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured Intrusion Prevention System (IPS) rule that inspects certain types of TCP traffic. The vulnerability is due to incorrect TCP retransmission handling. An attacker could exploit this vulnerability by sending a crafted TCP connection request through an affected device. A successful exploit could allow the attacker to bypass configured IPS rules and allow uninspected traffic onto the network.2018-11-08not yet calculatedCVE-2018-15443
cisco -- immunet_and_advanced_malware_protection_for_endpointsA vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system without being analyzed for threats. The vulnerability is due to improper process resource handling. An attacker could exploit this vulnerability by gaining local access to a system running Microsoft Windows and protected by Cisco Immunet or Cisco AMP for Endpoints and executing a malicious file. A successful exploit could allow the attacker to prevent the scanning services from functioning properly and ultimately prevent the system from being protected from further intrusion.2018-11-08not yet calculatedCVE-2018-15437
cisco -- integrated_management_controller_supervisorA vulnerability in the web framework code of Cisco Integrated Management Controller (IMC) Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application.2018-11-08not yet calculatedCVE-2018-15447
cisco -- meeting_serverA vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper protections on data that is returned from user meeting requests when the Guest access via ID and passcode option is set to Legacy mode. An attacker could exploit this vulnerability by sending meeting requests to an affected system. A successful exploit could allow the attacker to determine the values of meeting room unique identifiers, possibly allowing the attacker to conduct further exploits.2018-11-08not yet calculatedCVE-2018-15446
cisco -- meraki_product_linesA vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the attacker to establish an interactive session to the device with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device that is being exploited.2018-11-08not yet calculatedCVE-2018-0284
cisco -- prime_collaboration_assuranceA vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a specific UI input field to provide a custom path location. A successful exploit could allow the attacker to overwrite files on the file system.2018-11-08not yet calculatedCVE-2018-15450
cisco -- prime_service_catalogA vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.2018-11-08not yet calculatedCVE-2018-15451
cisco -- registered_envelope_serviceA vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to an insecure configuration that allows improper indexing. An attacker could exploit this vulnerability by using a search engine to look for specific data strings. A successful exploit could allow the attacker to discover certain sensitive information about the application, including usernames.2018-11-08not yet calculatedCVE-2018-15448
cisco -- small_business_switchesA vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system. An attacker could exploit this vulnerability by using this account to log in to an affected device and execute commands with full admin rights. Cisco has not released software updates that address this vulnerability. This advisory will be updated with fixed software information once fixed software becomes available. There is a workaround to address this vulnerability.2018-11-08not yet calculatedCVE-2018-15439
cisco -- stealthwatch_management_consoleA vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. The vulnerability is due to an insecure system configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to gain unauthenticated access, resulting in elevated privileges in the SMC.2018-11-08not yet calculatedCVE-2018-15394
cisco -- unity_expressA Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to the listening Java Remote Method Invocation (RMI) service. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges.2018-11-08not yet calculatedCVE-2018-15381
cisco -- video_surveillance_media_serverA vulnerability in the web-based management interface of Cisco Video Surveillance Media Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to cause the web-based management interface to become unreachable, resulting in a DoS condition.2018-11-08not yet calculatedCVE-2018-15449
clippercms -- clippercmsClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an attacker to perform actions for an admin (or any user with the file upload capability). With this vulnerability, one can automatically upload files (by default, it allows html, pdf, xml, zip, and many other file types). A file can be accessed publicly under the "/assets/files" directory.2018-11-10not yet calculatedCVE-2018-19135
cloud_foundry -- bits-service_releaseCloud Foundry Bits-Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the Bits Service storage.2018-11-09not yet calculatedCVE-2018-15796
dedecms -- dedecmsDedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter.2018-11-07not yet calculatedCVE-2018-19061
degrau_publicidade_e_internet_plataforma_de_e-commerce -- busca.aspx.csBusca.aspx.cs in Degrau Publicidade e Internet Plataforma de E-commerce allows SQL Injection via the busca/ URI.2018-11-06not yet calculatedCVE-2018-18963
domainmod -- domainmodDomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter.2018-11-09not yet calculatedCVE-2018-19136
domainmod -- domainmodDomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ipid parameter.2018-11-09not yet calculatedCVE-2018-19137
exiv2 -- exiv2In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.2018-11-08not yet calculatedCVE-2018-19108
exiv2 -- exiv2
In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.2018-11-08not yet calculatedCVE-2018-19107
flarum -- flarum_coreIn Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address.2018-11-09not yet calculatedCVE-2018-19133
foscam -- c2_and_opticam_i5_devicesAn issue was discovered on Foscam C2 devices with System Firmware and Application Firmware, and Opticam i5 devices with System Firmware and Application Firmware The exported device configuration is encrypted with the hardcoded Pxift* password in some cases.2018-11-07not yet calculatedCVE-2018-19066
foscam -- c2_and_opticam_i5_devicesAn issue was discovered on Foscam C2 devices with System Firmware and Application Firmware, and Opticam i5 devices with System Firmware and Application Firmware They allow remote attackers to execute arbitrary OS commands via shell metacharacters in the usrName parameter of a CGIProxy.fcgi addAccount action.2018-11-07not yet calculatedCVE-2018-19070
foscam -- c2_and_opticam_i5_devicesAn issue was discovered on Foscam C2 devices with System Firmware and Application Firmware, and Opticam i5 devices with System Firmware and Application Firmware /mnt/mtd/ has 0777 permissions, allowing local users to control the commands executed at system start-up.2018-11-07not yet calculatedCVE-2018-19071
foscam -- c2_and_opticam_i5_devicesAn issue was discovered on Foscam C2 devices with System Firmware and Application Firmware, and Opticam i5 devices with System Firmware and Application Firmware The exported device configuration is encrypted with the hardcoded BpP+2R9*Q password in some cases.2018-11-07not yet calculatedCVE-2018-19065
foscam -- c2_and_opticam_i5_devicesAn issue was discovered on Foscam C2 devices with System Firmware and Application Firmware, and Opticam i5 devices with System Firmware and Application Firmware The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for the root user with a password of toor.2018-11-07not yet calculatedCVE-2018-19069
foscam -- c2_and_opticam_i5_devicesAn issue was discovered on Foscam C2 devices with System Firmware and Application Firmware, and Opticam i5 devices with System Firmware and Application Firmware The admin account has a blank password.2018-11-07not yet calculatedCVE-2018-19063
foscam -- c2_and_opticam_i5_devicesAn issue was discovered on Foscam C2 devices with System Firmware and Application Firmware, and Opticam i5 devices with System Firmware and Application Firmware The firewall has no effect except for blocking port 443 and partially blocking port 88.2018-11-07not yet calculatedCVE-2018-19074
foscam -- c2_and_opticam_i5_devicesAn issue was discovered on Foscam C2 devices with System Firmware and Application Firmware, and Opticam i5 devices with System Firmware and Application Firmware There is a hardcoded Ak47@99 password for the factory~ account.2018-11-07not yet calculatedCVE-2018-19067
foscam -- c2_and_opticam_i5_devicesAn issue was discovered on Foscam C2 devices with System Firmware and Application Firmware, and Opticam i5 devices with System Firmware and Application Firmware /mnt/mtd/app has 0777 permissions, allowing local users to replace an archive file (within that directory) to control what is extracted to RAM at boot time.2018-11-07not yet calculatedCVE-2018-19072
foscam -- c2_and_opticam_i5_devicesAn issue was discovered on Foscam C2 devices with System Firmware and Application Firmware, and Opticam i5 devices with System Firmware and Application Firmware The FTP and RTSP services make it easier for attackers to conduct brute-force authentication attacks, because failed-authentication limits apply only to HTTP (not FTP or RTSP).2018-11-07not yet calculatedCVE-2018-19076
foscam -- c2_and_opticam_i5_devicesAn issue was discovered on Foscam C2 devices with System Firmware and Application Firmware, and Opticam i5 devices with System Firmware and Application Firmware The ftpuser1 account has a blank password, which cannot be changed.2018-11-07not yet calculatedCVE-2018-19064
foscam -- c2_and_opticam_i5_devicesAn issue was discovered on Foscam C2 devices with System Firmware and Application Firmware, and Opticam i5 devices with System Firmware and Application Firmware The firewall feature makes it easier for remote attackers to ascertain credentials and firewall rules because invalid credentials lead to error -2, whereas rule-based blocking leads to error -8.2018-11-07not yet calculatedCVE-2018-19075
foscam -- c2_and_opticam_i5_devicesAn issue was discovered on Foscam C2 devices with System Firmware and Application Firmware, and Opticam i5 devices with System Firmware and Application Firmware They allow attackers to execute arbitrary OS commands via shell metacharacters in the modelName, by leveraging /mnt/mtd/app/config/ProductConfig.xml write access.2018-11-07not yet calculatedCVE-2018-19073
foscam -- opticam_i5_devicesAn issue was discovered on Foscam Opticam i5 devices with System Firmware and Application Firmware The ONVIF devicemgmt SetDNS method allows remote attackers to conduct stack-based buffer overflow attacks via the IPv4Address field.2018-11-07not yet calculatedCVE-2018-19082
foscam -- opticam_i5_devicesAn issue was discovered on Foscam Opticam i5 devices with System Firmware and Application Firmware The ONVIF devicemgmt SetHostname method allows unauthenticated persistent XSS.2018-11-07not yet calculatedCVE-2018-19080
foscam -- opticam_i5_devicesAn issue was discovered on Foscam Opticam i5 devices with System Firmware and Application Firmware The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for hidden factory credentials.2018-11-07not yet calculatedCVE-2018-19068
foscam -- opticam_i5_devicesAn issue was discovered on Foscam Opticam i5 devices with System Firmware and Application Firmware The response to an ONVIF media GetStreamUri request contains the administrator username and password.2018-11-07not yet calculatedCVE-2018-19078
foscam -- opticam_i5_devicesAn issue was discovered on Foscam Opticam i5 devices with System Firmware and Application Firmware The ONVIF devicemgmt SystemReboot method allows unauthenticated reboot.2018-11-07not yet calculatedCVE-2018-19079
foscam -- opticam_i5_devicesAn issue was discovered on Foscam Opticam i5 devices with System Firmware and Application Firmware The ONVIF devicemgmt SetDNS method allows remote attackers to execute arbitrary OS commands via the IPv4Address field.2018-11-07not yet calculatedCVE-2018-19081
foscam -- opticam_i5_devicesAn issue was discovered on Foscam Opticam i5 devices with System Firmware and Application Firmware RtspServer allows remote attackers to cause a denial of service (daemon hang or restart) via a negative integer in the RTSP Content-Length header.2018-11-07not yet calculatedCVE-2018-19077
foxit_software -- foxit_readerThe u3d plugin (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample.2018-11-05not yet calculatedCVE-2018-18933
fruitywifi -- fruitywifiShell Metacharacter Injection in www/modules/save.php in FruityWifi (aka PatatasFritas/PatataWifi) through 2.4 allows remote attackers to execute arbitrary code with root privileges via a crafted mod_name parameter in a POST request. NOTE: unlike in CVE-2018-17317, the attacker does not need a valid session.2018-11-10not yet calculatedCVE-2018-19168
gitea -- giteaGitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron.2018-11-04not yet calculatedCVE-2018-18926
gogs -- gogsGogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron.2018-11-04not yet calculatedCVE-2018-18925
google -- androidIn the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing restriction. This could lead to a local escalation of privilege, with System privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-110107376.2018-11-06not yet calculatedCVE-2018-9488
google -- androidIn CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-77486542.2018-11-06not yet calculatedCVE-2018-9427
google -- androidIn get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to local escalation of privilege with no additional privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74250718 References: Upstream kernel.2018-11-06not yet calculatedCVE-2018-9422
google -- androidIn driver_override_store and driver_override_show of bus.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69129004 References: Upstream kernel.2018-11-06not yet calculatedCVE-2018-9415
google -- androidIn driver_override_store of bus.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74128061 References: Upstream kernel.2018-11-06not yet calculatedCVE-2018-9385
google -- androidIn processMessagePart of, there is a possible remote denial of service due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-72298611.2018-11-06not yet calculatedCVE-2018-9362
google -- androidIn getstring of ID3.cpp there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78656554.2018-11-06not yet calculatedCVE-2018-9437
google -- androidIn BNEP_Write of, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74947856.2018-11-06not yet calculatedCVE-2018-9357
google -- androidIn the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.2018-11-06not yet calculatedCVE-2018-9363
google -- androidIn gatts_process_attribute_req of, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-73172115.2018-11-06not yet calculatedCVE-2018-9358
google -- androidIn readMetadata of Utils.cpp, there is a possible path traversal bug due to a confused deputy. This could lead to local escalation of privilege when mounting a USB device with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80436257.2018-11-06not yet calculatedCVE-2018-9445
google -- androidIn bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74950468.2018-11-06not yet calculatedCVE-2018-9356
google -- androidWhen wifi is switched, function sendNetworkStateChangeBroadcast of broadcasts an intent including detailed wifi network information. This could lead to information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-77286245.2018-11-06not yet calculatedCVE-2018-9489
google -- androidIn process_l2cap_cmd of, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74201143.2018-11-06not yet calculatedCVE-2018-9360
google -- androidIn bnep_data_ind of, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79164722.2018-11-06not yet calculatedCVE-2018-9436
google -- androidIn hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580.2018-11-06not yet calculatedCVE-2018-9516
google -- androidIn bnep_data_ind of, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78286118.2018-11-06not yet calculatedCVE-2018-9454
google -- androidWhen a device connects only over WiFi VPN, the device may not receive security updates due to some incorrect checks. This could lead to a local denial of service of security updates with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1 Android ID: A-78644887.2018-11-06not yet calculatedCVE-2018-9438
google -- androidIn computeFocusedWindow of, and related functions, there is possible interception of keypresses due to focus being on the wrong window. This could lead to local escalation of privilege revealing the user's keypresses while the screen was locked with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-71786287.2018-11-06not yet calculatedCVE-2018-9458
google -- androidIn avrc_proc_vendor_command of, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79541338.2018-11-06not yet calculatedCVE-2018-9450
google -- androidIn DynamicRefTable::load of ResourceTypes.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79488511.2018-11-06not yet calculatedCVE-2018-9451
google -- androidIn avct_bcb_msg_ind of, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-79944113.2018-11-06not yet calculatedCVE-2018-9448
google -- androidIn avdt_msg_prs_cfg of, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78288378.2018-11-06not yet calculatedCVE-2018-9453
google -- androidIn sdpu_extract_attr_seq of, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78136677.2018-11-06not yet calculatedCVE-2018-9455
google -- androidIn task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69164715 References: Upstream kernel.2018-11-06not yet calculatedCVE-2018-9465
google -- androidIn Attachment of and getFilePath of, there is a possible Elevation of Privilege due to a path traversal error. This could lead to a remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-66230183.2018-11-06not yet calculatedCVE-2018-9459
google -- androidIn process_l2cap_cmd of, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74202041.2018-11-06not yet calculatedCVE-2018-9361
google -- androidIn ih264d_video_decode of ih264d_api.c there is a possible resource exhaustion due to an infinite loop. This could lead to remote temporary device denial of service (remote hang or reboot) with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android ID: A-63521984.2018-11-06not yet calculatedCVE-2018-9444
google -- androidIn process_l2cap_cmd of, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74196706.2018-11-06not yet calculatedCVE-2018-9359
google -- androidIn bta_dm_sdp_result of, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74016921.2018-11-06not yet calculatedCVE-2018-9355
google -- androidIn smp_br_state_machine_event of, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80145946.2018-11-06not yet calculatedCVE-2018-9446
google -- cardboard_application_for_android_and_iosThe Google Cardboard application 1.8 for Android and 1.2 for iOS sends potentially private cleartext information to the Unity 3D Stats web site, as demonstrated by device make, model, and OS.2018-11-08not yet calculatedCVE-2018-19111
hunan_jinyun_network_technology_co -- pbootcmsPbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL general_log_file" statement, followed by a SELECT statement containing this PHP code.2018-11-07not yet calculatedCVE-2018-19053
i18n_gem_for_ruby_on_rails -- i18n_gem_for_ruby_on_railsHash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash.2018-11-06not yet calculatedCVE-2014-10077
ibm -- api_connectIBM API Connect,, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator. IBM X-Force ID: 148692.2018-11-08not yet calculatedCVE-2018-1774
ibm -- campaignIBM Campaign 9.1.0, 9.1.2, 10.0, and 10.1 could allow an authenticated user with access to the local network to bypass security due to lack of input validation. IBM X-Force ID: 120206.2018-11-08not yet calculatedCVE-2016-9749
ibm -- cognos_analyticsIBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902.2018-11-08not yet calculatedCVE-2018-1842
ibm -- db2_for_linux_and_unix_and_windowsIBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. IBM X-Force ID: 150511.2018-11-08not yet calculatedCVE-2018-1834
ibm -- db2_for_linux_and_unix_and_windowsIBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148804.2018-11-08not yet calculatedCVE-2018-1781
ibm -- db2_for_linux_and_unix_and_windowsIBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 149640.2018-11-08not yet calculatedCVE-2018-1802
ibm -- db2_for_linux_and_unix_and_windowsIBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local unprivileged user to overwrite files on the system which could cause damage to the database. IBM X-Force ID: 149429.2018-11-08not yet calculatedCVE-2018-1799
ibm -- db2_for_linux_and_unix_and_windowsIBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow a user to bypass FGAC control and gain access to data they shouldn't be able to see. IBM X-Force ID: 151155.2018-11-08not yet calculatedCVE-2018-1857
ibm -- db2_for_linux_and_unix_and_windowsIBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148803.2018-11-08not yet calculatedCVE-2018-1780
ibm -- marketing_operationsIBM Marketing Operations 9.1.0, 9.1.2, and 10.1 could allow a remote attacker to obtain sensitive information. An attacker could send a specially-crafted request to cause an error message to be returned containing the full root path. An attacker could use this information to launch further attacks against the affected system. IBM X-Force ID: 121171.2018-11-08not yet calculatedCVE-2017-1119
ibm -- maximo_asset_managementIBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151330.2018-11-09not yet calculatedCVE-2018-1872
ibm -- multiple_productsIBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 145609.2018-11-06not yet calculatedCVE-2018-1694
ibm -- multiple_productsIBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow an authenticated user to obtain sensitive information from an error message that could be used in further attacks against the system. IBM X-Force ID: 143796.2018-11-06not yet calculatedCVE-2018-1606
ibm -- spectrum_protect_serverIBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873.2018-11-02not yet calculatedCVE-2018-1788
ibm -- websphere_mqIBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. IBM X-Force ID: 145456.2018-11-08not yet calculatedCVE-2018-1684
international_components_for_unicode -- international_components_for_unicodeInternational Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp.2018-11-04not yet calculatedCVE-2018-18928
iobit -- malware_fighterRegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E040 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges.2018-11-09not yet calculatedCVE-2018-19086
iobit -- malware_fighterRegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E048 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges.2018-11-09not yet calculatedCVE-2018-19085
iobit -- malware_fighterRegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E05C with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges.2018-11-09not yet calculatedCVE-2018-19084
iobit -- malware_fighterRegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E044 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges.2018-11-09not yet calculatedCVE-2018-19087
jasper -- jasperAn issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.2018-11-09not yet calculatedCVE-2018-19139
jeecms -- jeecmsJEECMS 9.3 has XSS via an URI.2018-11-05not yet calculatedCVE-2018-18952
jquery -- jqueryUnauthenticated arbitrary file upload vulnerability in jQuery Picture Cut <= v1.1Beta2018-11-05not yet calculatedCVE-2018-9208
keepalived -- keepalivedkeepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information.2018-11-08not yet calculatedCVE-2018-19045
keepalived -- keepalivedkeepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/ or /tmp/keepalived.stats to /etc/passwd.2018-11-08not yet calculatedCVE-2018-19044
keepalived -- keepalived
keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/ or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information.2018-11-08not yet calculatedCVE-2018-19046
keepalived -- keepalived
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.2018-11-08not yet calculatedCVE-2018-19115
kindeditor -- kindeditorKindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication.2018-11-05not yet calculatedCVE-2018-18950
knightjs -- knightjsA Path Traversal in Knightjs versions <= 0.0.1 allows an attacker to read content of arbitrary files on a remote server.2018-11-06not yet calculatedCVE-2018-16475
libav -- libavIn Libav 12.3, there is a heap-based buffer over-read in decode_frame in libavcodec/lcldec.c that allows an attacker to cause denial-of-service via a crafted avi file.2018-11-09not yet calculatedCVE-2018-19128
libav -- libavIn Libav 12.3, there is an invalid memory access in vc1_decode_frame in libavcodec/vc1dec.c that allows attackers to cause a denial-of-service via a crafted aac file.2018-11-09not yet calculatedCVE-2018-19130
libav -- libavIn Libav 12.3, a NULL pointer dereference (RIP points to zero) issue in ff_mpa_synth_filter_float in libavcodec/mpegaudiodsp_template.c can cause a segmentation fault (application crash) via a crafted mov file.2018-11-09not yet calculatedCVE-2018-19129
libiec61850 -- libiec61850An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in Ethernet_sendPacket in ethernet_bsd.c.2018-11-09not yet calculatedCVE-2018-19122
libiec61850 -- libiec61850An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in ClientDataSet_getValues in client/ied_connection.c.2018-11-05not yet calculatedCVE-2018-18937
libiec61850 -- libiec61850An issue has been found in libIEC61850 v1.3. It is a SEGV in Ethernet_receivePacket in ethernet_bsd.c.2018-11-09not yet calculatedCVE-2018-19121
libiec61850 -- libiec61850
An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c.2018-11-05not yet calculatedCVE-2018-18957
librecad -- librecadLibreCAD 2.1.3 allows remote attackers to cause a denial of service (0x89C04589 write access violation and application crash) or possibly have unspecified other impact via a crafted file.2018-11-08not yet calculatedCVE-2018-19105
light_code_labs -- caddyCaddy through 0.11.0 sends incorrect certificates for certain invalid requests, making it easier for attackers to enumerate hostnames. Specifically, when unable to match a Host header with a vhost in its configuration, it serves the X.509 certificate for a randomly selected vhost in its configuration. Repeated requests (with a nonexistent hostname in the Host header) permit full enumeration of all certificates on the server. This generally permits an attacker to easily and accurately discover the existence of and relationships among hostnames that weren't meant to be public, though this information could likely have been discovered via other methods with additional effort.2018-11-10not yet calculatedCVE-2018-19148
lighttpd -- lighttpdAn issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.2018-11-07not yet calculatedCVE-2018-19052
metinfo -- metinfoMetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter.2018-11-06not yet calculatedCVE-2018-19051
metinfo -- metinfoMetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter.2018-11-06not yet calculatedCVE-2018-19050
micro_focus -- operations_bridgeA potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure.2018-11-07not yet calculatedCVE-2018-18590
mindoc -- mindocAn issue was discovered in MinDoc through v1.0.2. It allows attackers to gain privileges by uploading an image file with contents that represent an admin session, and then sending a Cookie: header with a mindoc_id value containing the relative pathname of this uploaded file. For example, the mindoc_id (aka session ID) could be of the form aa/../../uploads/blog/201811/attach_#.jpg where '#' is a hex value displayed in the upload field of a manage/blogs/edit/ screen.2018-11-08not yet calculatedCVE-2018-19114
nginx - nginxnginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.2018-11-07not yet calculatedCVE-2018-16844
nginx -- nginxnginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.2018-11-07not yet calculatedCVE-2018-16845
nginx -- nginxnginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.2018-11-07not yet calculatedCVE-2018-16843
node.js -- node.jsA path traversal in takeapeek module versions <=0.2.2 allows an attacker to list directory and files.2018-11-06not yet calculatedCVE-2018-16473
node.js -- node.jsA stored xss in tianma-static module versions <=1.0.4 allows an attacker to execute arbitrary javascript.2018-11-06not yet calculatedCVE-2018-16474
node.js -- node.jsA prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype chain causing a DoS attack.2018-11-06not yet calculatedCVE-2018-16472
omron -- cx-supervisorWhen processing project files in Omron CX-Supervisor versions and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under the context of the application.2018-11-05not yet calculatedCVE-2018-17909
omron -- cx-supervisorWhen processing project files in Omron CX-Supervisor versions and prior and tampering with the value of an offset, an attacker can force the application to read a value outside of an array.2018-11-05not yet calculatedCVE-2018-17907
omron -- cx-supervisorA type confusion vulnerability exists when processing project files in Omron CX-Supervisor versions and prior, which may allow an attacker to execute code in the context of the application.2018-11-05not yet calculatedCVE-2018-17913
omron -- cx-supervisorWhen processing project files in Omron CX-Supervisor versions and prior and tampering with a specific byte, memory corruption may occur within a specific object.2018-11-05not yet calculatedCVE-2018-17905
open_information _security _foundation -- suricataThe ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service (segfault and daemon crash) via crafted input to the SMTP parser, as exploited in the wild in November 2018.2018-11-05not yet calculatedCVE-2018-18956
oscommerce -- oscommerceosCommerce has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several extensions in which contained HTML can be executed, such as the svg extension.2018-11-05not yet calculatedCVE-2018-18964
oscommerce -- oscommerceosCommerce has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but Internet Explorer render HTML elements in a .eml file.2018-11-05not yet calculatedCVE-2018-18966
oscommerce -- oscommerceosCommerce has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename).2018-11-05not yet calculatedCVE-2018-18965
pandao -- editor.mdpandao 1.5.0 has DOM XSS via input starting with a "<<" substring, which is mishandled during construction of an A element.2018-11-07not yet calculatedCVE-2018-19056
pdfforge -- pdf_architectMemory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in pdfforge PDF Architect 6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because of a "Data from Faulting Address controls Code Flow" issue.2018-11-10not yet calculatedCVE-2018-19150
pluralsight-- javascriptA malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements edits one of the Entities above via Admin Console, the injected JavaScript code is executed.2018-11-06not yet calculatedCVE-2018-17184
popojicms -- popojicmisAn issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=component&act=addnew URI, as demonstrated by adding a level=1 account.2018-11-05not yet calculatedCVE-2018-18935
popojicms -- popojicmsAn issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code (that is extracted and can be executed). This can also be exploited via CSRF.2018-11-05not yet calculatedCVE-2018-18934
popojicms -- popojicmsAn issue was discovered in PopojiCMS v2.0.1. admin_library.php allows remote attackers to delete arbitrary files via directory traversal in the po-admin/route.php?mod=library&act=delete id parameter.2018-11-05not yet calculatedCVE-2018-18936
poppler -- popplerAn issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/ not validating a filename of an embedded file before constructing a save path.2018-11-07not yet calculatedCVE-2018-19060
poppler -- popplerAn issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in, will lead to denial of service, as demonstrated by utils/ not validating embedded files before save attempts.2018-11-07not yet calculatedCVE-2018-19059
poppler -- popplerPoppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.2018-11-10not yet calculatedCVE-2018-19149
poppler -- popplerAn issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in lacks a stream check before saving an embedded file.2018-11-07not yet calculatedCVE-2018-19058
powerdns -- recursorAn issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail.2018-11-09not yet calculatedCVE-2018-14644
prestashop -- prestashopPrestaShop 1.6.x before and 1.7.x before allows remote attackers to execute arbitrary code via a file upload.2018-11-09not yet calculatedCVE-2018-19126
prestashop -- prestashopPrestaShop 1.6.x before and 1.7.x before on Windows allows remote attackers to write to arbitrary image files.2018-11-09not yet calculatedCVE-2018-19124
prestashop -- prestashopPrestaShop 1.6.x before and 1.7.x before allows remote attackers to delete an image directory.2018-11-09not yet calculatedCVE-2018-19125
projeqtor -- projeqtorThe image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message.2018-11-04not yet calculatedCVE-2018-18924
publiccms -- publiccmsAn issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement.2018-11-04not yet calculatedCVE-2018-18927
qemu -- qemuAn OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process.2018-11-02not yet calculatedCVE-2018-16847
richfaces -- richfacesThe RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.2018-11-06not yet calculatedCVE-2018-14667
s-cms -- s-cmsAn issue was discovered in S-CMS v1.5. There is an XSS vulnerability in search.php via the keyword parameter.2018-11-09not yet calculatedCVE-2018-19145
sauter -- case_suiteAn XXE vulnerability exists in CASE Suite Versions 3.10 and prior when processing parameter entities, which may allow remote file disclosure.2018-11-02not yet calculatedCVE-2018-17912
sennheiser -- headsetupSennheiser HeadSetup 7.3.4903 places Certification Authority (CA) certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software distribution, which allows remote attackers to spoof arbitrary web sites or software publishers for several years, even if the HeadSetup product is uninstalled. NOTE: a vulnerability-assessment approach must check all Windows systems for CA certificates with a CN of or SennComRootCA, and determine whether those certificates are unwanted.2018-11-09not yet calculatedCVE-2018-17612
shanghai_shengda_network_development_co -- phpcmsA code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cache_template/*.tpl.php file along with a "<?php function " substring.2018-11-09not yet calculatedCVE-2018-19127
shangtao_information_technology_co -- wstmartWSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI.2018-11-09not yet calculatedCVE-2018-19138
sparksuite -- simplemdeSimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with [ and ( characters, which is mishandled during construction of an A element.2018-11-07not yet calculatedCVE-2018-19057
squid -- squidSquid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.2018-11-09not yet calculatedCVE-2018-19132
squid -- squid
Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.2018-11-09not yet calculatedCVE-2018-19131
telexy -- qpathAn issue was discovered in Telexy QPath 5.4.462. A low privileged authenticated user supplying a specially crafted serialized request to AdanitDataService.svc may modify user information, including but not limited to email address, username, and password, of other user accounts. The simplest attack approach is for the attacker to intercept their own password-change request and modify the username before the request reaches the server. Also, changing a victim's email address can have a similar account-takeover consequence.2018-11-08not yet calculatedCVE-2018-7718
texas_instruments -- multiple_devicesTexas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices allows remote attackers to execute arbitrary code via a malformed packet that triggers a buffer overflow.2018-11-06not yet calculatedCVE-2018-16986
tianti -- tiantitianti 2.3 has reflected XSS in the user management module via the tianti-module-admin/user/list userName parameter.2018-11-07not yet calculatedCVE-2018-19091
tianti -- tiantitianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list directly to read the column list page or edit a column.2018-11-08not yet calculatedCVE-2018-19109
tianti -- tiantiThe skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/user/skin/list directly because controller\ maps a /skin/list request to the function skinList, and lacks an authorization check.2018-11-08not yet calculatedCVE-2018-19110
tianti -- tiantitianti 2.3 has stored XSS in the article management module via an article title.2018-11-07not yet calculatedCVE-2018-19090
tianti -- tiantitianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role name parameter, which is mishandled in tianti-module-admin\src\main\webapp\WEB-INF\views\user\user_list.jsp.2018-11-07not yet calculatedCVE-2018-19089
tibco -- active_spacesThe administrative daemon (tibdgadmind) of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: 3.3.0; 3.4.0; 3.5.0, TIBCO ActiveSpaces - Developer Edition: 3.0.0; 3.1.0; 3.3.0; 3.4.0; 3.5.0, and TIBCO ActiveSpaces - Enterprise Edition: 3.0.0; 3.1.0; 3.2.0; 3.3.0; 3.4.0; yet calculatedCVE-2018-12411
tibco -- enterprise_messaging_serviceThe Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Messaging Service, TIBCO Enterprise Messaging Service - Community Edition, and TIBCO Enterprise Messaging Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Messaging Service: versions up to and including 8.4.0, TIBCO Enterprise Messaging Service - Community Edition: versions up to and including 8.4.0, and TIBCO Enterprise Messaging Service - Developer Edition versions up to and including yet calculatedCVE-2018-12415
tibco -- ftl
The realm server (tibrealmserver) component of TIBCO Software Inc. TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO FTL - Community Edition: versions up to and including 5.4.0, TIBCO FTL - Developer Edition: versions up to and including 5.4.0, TIBCO FTL - Enterprise Edition: versions up to and including yet calculatedCVE-2018-12412
tibco -- messagingThe Schema repository server (tibschemad) component of TIBCO Software Inc.'s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition: 1.0.0, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition: yet calculatedCVE-2018-12413
tibco -- multiple_productsThe Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.'s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions up to and including 8.4.5, TIBCO Rendezvous Developer Edition: versions up to and including 8.4.5, TIBCO Rendezvous for z/Linux: versions up to and including 8.4.5, TIBCO Rendezvous for z/OS: versions up to and including 8.4.5, TIBCO Rendezvous Network Server: versions up to and including 1.1.2, and TIBCO Substation ES: versions up to and including yet calculatedCVE-2018-12414
vanilla -- vanillaVanilla 2.6.x before 2.6.4 allows remote code execution.2018-11-03not yet calculatedCVE-2018-18903
wecenter -- wecenterWeCenter 3.2.0 through 3.2.2 has XSS in the views/default/question/index.tpl.html htmlspecialchars_decode function via the /?/publish/ajax/publish_question/ question_content parameter.2018-11-07not yet calculatedCVE-2018-19083
wordpress -- wordpressThe WP plugin 10.0.1 for WordPress allows XSS via the comment area.2018-11-04not yet calculatedCVE-2018-18919
wuzhicms -- wuzhicmsAn issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field.2018-11-05not yet calculatedCVE-2018-18938
wuzhicms -- wuzhicmsAn issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field.2018-11-05not yet calculatedCVE-2018-18939
xiph -- icecast
A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution.2018-11-05not yet calculatedCVE-2018-18820
yzmcms -- yzmcmsAn issue was discovered in YzmCMS v5.2. It has XSS via a search/index/archives/pubtime/ query string, as demonstrated by the search/index/archives/pubtime/1526387722/page/1.html URI. NOTE: this does not obtain a user's cookie.2018-11-07not yet calculatedCVE-2018-19092
zoho_manageengine -- network_configuration_manager_and_opmanagerAn XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ GET request. For example, the attacker can trigger the transmission of local files to an arbitrary remote FTP server.2018-11-05not yet calculatedCVE-2018-18980
zoho_manageengine -- opmanagerZoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings.2018-11-05not yet calculatedCVE-2018-18949
zyxel -- zywall_usg_devicesZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS.2018-11-10not yet calculatedCVE-2017-17550

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.