The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no high vulnerabilities recorded this week. | ||||
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| intel — core_i3 | Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis. | 2018-08-14 | 5.4 | CVE-2018-3615 CONFIRM CONFIRM BID SECTRACK MISC CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CISCO CONFIRM CERT-VN CONFIRM |
| intel — core_i3 | Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. | 2018-08-14 | 4.7 | CVE-2018-3620 CONFIRM CONFIRM BID SECTRACK CONFIRM CONFIRM REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT MISC FEDORA FEDORA CONFIRM FREEBSD CONFIRM CONFIRM CONFIRM CONFIRM CISCO UBUNTU UBUNTU UBUNTU UBUNTU UBUNTU DEBIAN CONFIRM CERT-VN CONFIRM |
| intel — core_i3 | Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. | 2018-08-14 | 4.7 | CVE-2018-3646 CONFIRM CONFIRM BID SECTRACK CONFIRM CONFIRM REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT MISC FEDORA FEDORA CONFIRM FREEBSD CONFIRM CONFIRM CONFIRM CONFIRM CISCO UBUNTU UBUNTU UBUNTU UBUNTU UBUNTU DEBIAN CONFIRM CERT-VN CONFIRM |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no low vulnerabilities recorded this week. | ||||
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 3par — service_processor | A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow cross-site request forgery. | 2018-08-14 | not yet calculated | CVE-2018-7097 CONFIRM |
| 3par — service_processor | A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow disclosure of privileged information. | 2018-08-14 | not yet calculated | CVE-2018-7099 CONFIRM |
| 3par — service_processor | A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow access restriction bypass. | 2018-08-14 | not yet calculated | CVE-2018-7095 CONFIRM |
| 3par — service_processor | A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow directory traversal. | 2018-08-14 | not yet calculated | CVE-2018-7098 CONFIRM |
| 3par — service_processor | A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913(GA). The vulnerability may be exploited locally to allow disclosure of privileged information. | 2018-08-14 | not yet calculated | CVE-2018-7094 CONFIRM |
| 3par — service_processor | A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow code execution. | 2018-08-14 | not yet calculated | CVE-2018-7096 CONFIRM |
| apache — commons_compress | When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17’s ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress’ zip package. | 2018-08-16 | not yet calculated | CVE-2018-11771 SECTRACK MLIST |
|
apache — http_server |
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the “Location” or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31). | 2018-08-14 | not yet calculated | CVE-2016-4975 BID CONFIRM CONFIRM |
| apache — spark | From version 1.3.0 onward, Apache Spark’s standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property ‘spark.authenticate.secret’ establishes a shared secret for authenticating requests to submit jobs via spark-submit. However, the REST API does not use this or any other authentication mechanism, and this is not adequately documented. In this case, a user would be able to run a driver program without authenticating, but not launch executors, using the REST API. This REST API is also used by Mesos, when set up to run in cluster mode (i.e., when also running MesosClusterDispatcher), for job submission. Future versions of Spark will improve documentation on these points, and prohibit setting ‘spark.authenticate.secret’ when running the REST APIs, to make this clear. Future versions will also disable the REST API by default in the standalone master by changing the default value of ‘spark.master.rest.enabled’ to ‘false’. | 2018-08-13 | not yet calculated | CVE-2018-11770 BID MLIST CONFIRM |
| bytedance — musical.ly_app_for_ios | Musical.ly Inc., musical.ly – your video social network, 6.1.6, 2017-10-03, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. | 2018-08-15 | not yet calculated | CVE-2017-13101 CERT-VN |
| uber_technologies — ubereats_app_for_ios | Uber Technologies, Inc. UberEATS: Uber for Food Delivery, 1.108.10001, 2017-11-02, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. | 2018-08-15 | not yet calculated | CVE-2017-13104 CERT-VN |
| pinterest — pinterest_app_for_ios | Pinterest, 6.37, 2017-10-24, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. | 2018-08-15 | not yet calculated | CVE-2017-13103 CERT-VN |
| distinctdev — the_moron_test_app_for_ios | DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. | 2018-08-15 | not yet calculated | CVE-2017-13100 CERT-VN |
| gameloft — asphalt_xtreme_offroad_rally_racing_app_for_ios | Gameloft Asphalt Xtreme: Offroad Rally Racing, 1.6.0, 2017-08-13, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. | 2018-08-15 | not yet calculated | CVE-2017-13102 CERT-VN |
| asustor — adm | ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell. | 2018-08-16 | not yet calculated | CVE-2018-11509 MISC EXPLOIT-DB |
| asustor — adm | The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the ‘album_id’ or ‘scope’ parameter via a photo-gallery/api/album/tree_lists/ URI. | 2018-08-16 | not yet calculated | CVE-2018-11511 MISC EXPLOIT-DB |
| atlassian — confluence_questions | The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability. | 2018-08-15 | not yet calculated | CVE-2018-13394 CONFIRM |
| atlassian — confluence_questions | The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability. | 2018-08-15 | not yet calculated | CVE-2018-13393 CONFIRM |
| atlassian — fisheye_and_crucible | Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys. | 2018-08-13 | not yet calculated | CVE-2018-13392 BID CONFIRM CONFIRM |
| btrfsmaintenance — btrfsmaintenance | An issue was discovered in evaluate_auto_mountpoint in btrfsmaintenance-functions in btrfsmaintenance through 0.4.1. Code execution as root can occur via a specially crafted filesystem label if btrfs-{scrub,balance,trim} are set to auto in /etc/sysconfig/btrfsmaintenance (this is not the default, though). | 2018-08-15 | not yet calculated | CVE-2018-14722 MLIST CONFIRM |
| cisco — asr_9000_series_aggregation_services_router_software | A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input and validation checking on certain Precision Time Protocol (PTP) ingress traffic to an affected device. An attacker could exploit this vulnerability by injecting malformed traffic into an affected device. A successful exploit could allow the attacker to cause services on the device to become unresponsive, resulting in a DoS condition. Cisco Bug IDs: CSCvj22858. | 2018-08-15 | not yet calculated | CVE-2018-0418 CISCO |
|
cisco — asyncos_software_for_cisco_web_security_appliances |
A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability exists because the affected software improperly manages memory resources for TCP connections to a targeted device. An attacker could exploit this vulnerability by establishing a high number of TCP connections to the data interface of an affected device via IPv4 or IPv6. A successful exploit could allow the attacker to exhaust system memory, which could cause the system to stop processing new connections and result in a DoS condition. System recovery may require manual intervention. Cisco Bug IDs: CSCvf36610. | 2018-08-15 | not yet calculated | CVE-2018-0410 BID CISCO |
| qnap– qts | Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application. | 2018-08-13 | not yet calculated | CVE-2018-0714 CONFIRM |
| cisco — email_security_appliances | A vulnerability in certain attachment detection mechanisms of Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected system. The vulnerability is due to the improper detection of content within executable (EXE) files. An attacker could exploit this vulnerability by sending a customized EXE file that is not recognized and blocked by the ESA. A successful exploit could allow an attacker to send email messages that contain malicious executable files to unsuspecting users. Cisco Bug IDs: CSCvh03786. | 2018-08-15 | not yet calculated | CVE-2018-0419 CISCO |
| cisco — ios_software_and_ios_xe_software | A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful exploit could allow the attacker to obtain the encrypted nonces. Cisco Bug IDs: CSCve77140. | 2018-08-14 | not yet calculated | CVE-2018-0131 BID CISCO |
| cisco — multiple_products | A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage for all IM&P users, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious IPv4 or IPv6 packet to an affected device on TCP port 7400. An exploit could allow the attacker to overread a buffer, resulting in a crash and restart of the XCP Router service. Cisco Bug IDs: CSCvg97663, CSCvi55947. | 2018-08-15 | not yet calculated | CVE-2018-0409 BID BID CISCO |
| cisco — registered_envelope_service | A vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. Cisco Bug IDs: CVE-2018-0367. | 2018-08-15 | not yet calculated | CVE-2018-0367 CISCO |
| cisco — small_business_100_and_300_series_wireless_access_points | A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper processing of certain EAPOL frames. An attacker could exploit this vulnerability by sending a stream of crafted EAPOL frames to an affected device. A successful exploit could allow the attacker to force the access point (AP) to disassociate all the associated stations (STAs) and to disallow future, new association requests. Cisco Bug IDs: CSCvj97472. | 2018-08-15 | not yet calculated | CVE-2018-0415 CISCO |
| cisco — small_business_100_and_300_series_wireless_access_points | A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of the encryption algorithm that is used between an authenticator (access point) and a supplicant (Wi-Fi client). The vulnerability is due to the improper processing of certain EAPOL messages that are received during the Wi-Fi handshake process. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between a supplicant and an authenticator and manipulating an EAPOL message exchange to force usage of a WPA-TKIP cipher instead of the more secure AES-CCMP cipher. A successful exploit could allow the attacker to conduct subsequent cryptographic attacks, which could lead to the disclosure of confidential information. Cisco Bug IDs: CSCvj29229. | 2018-08-15 | not yet calculated | CVE-2018-0412 CISCO |
| cisco — unified_communications_domain_manager_software | A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on an affected system. The vulnerability is due to improper validation of input that is passed to the affected software. An attacker could exploit this vulnerability by persuading a user of the affected software to access a malicious URL. A successful exploit could allow the attacker to access sensitive, browser-based information on the affected system or perform arbitrary actions in the affected software in the security context of the user. Cisco Bug IDs: CSCvh49694. | 2018-08-15 | not yet calculated | CVE-2018-0386 CISCO |
| cisco — web_security_appliance | A vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerability is due to improper implementation of access controls. An attacker could exploit this vulnerability by authenticating to the device as a specific user to gain the information needed to elevate privileges to root in a separate login shell. A successful exploit could allow the attacker to escape the CLI subshell and execute system-level commands on the underlying operating system as root. Cisco Bug IDs: CSCvj93548. | 2018-08-15 | not yet calculated | CVE-2018-0428 BID CISCO |
| cisco — web_security_appliance | A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to incorrect input validation of user-supplied data. An attacker could exploit this vulnerability by sending a malicious packet. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. Cisco Bug IDs: CSCvi42263. | 2018-08-15 | not yet calculated | CVE-2018-0427 BID CISCO |
| citrix — xenserver | Citrix XenServer 7.1 and newer allows Directory Traversal. | 2018-08-15 | not yet calculated | CVE-2018-14007 BID CONFIRM CONFIRM |
| clavister — cos_core | The IKEv1 implementation in Clavister cOS Core before 11.00.11, 11.20.xx before 11.20.06, and 12.00.xx before 12.00.09 allows remote attackers to decrypt RSA-encrypted nonces by leveraging a Bleichenbacher attack. | 2018-08-15 | not yet calculated | CVE-2018-8753 MISC CONFIRM |
| crestron — tsw-x60_and_mc3 | Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execute hidden API calls and escape the CTP console sandbox environment with elevated privileges. | 2018-08-10 | not yet calculated | CVE-2018-13341 BID MISC |
| crestron — tsw-x60_and_mc3 | For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open. | 2018-08-10 | not yet calculated | CVE-2018-10630 BID MISC |
| cryo — cryo | A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization. | 2018-08-17 | not yet calculated | CVE-2018-3784 MISC |
| delta_electronics — cncsoft_with_screeneditor | CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remote code execution with administrator privileges if exploited. | 2018-08-13 | not yet calculated | CVE-2018-10636 BID MISC |
| delta_electronics — cncsoft_with_screeneditor | CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has two out-of-bounds read vulnerabilities could cause the software to crash due to lacking user input validation for processing project files. Which may allow an attacker to gain remote code execution with administrator privileges if exploited. | 2018-08-13 | not yet calculated | CVE-2018-10598 BID MISC |
| dojo — toolkit | In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. | 2018-08-17 | not yet calculated | CVE-2018-15494 MISC MISC |
| eclipse — openj9 | In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows, Linux and AIX JVMs and can be disabled using the command line option -Dcom.ibm.tools.attach.enable=no. | 2018-08-14 | not yet calculated | CVE-2018-12539 CONFIRM |
| eclipse — vert.x | In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response. | 2018-08-14 | not yet calculated | CVE-2018-12537 REDHAT CONFIRM CONFIRM CONFIRM CONFIRM MISC |
| edimax — ew-7438rpn_mini | An issue was discovered in Edimax EW-7438RPn Mini v2 before version 1.26. There is XSS in an SSID field. | 2018-08-13 | not yet calculated | CVE-2018-10569 MISC MISC |
| eltex — esp-200_firmware | An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0. | 2018-08-17 | not yet calculated | CVE-2018-15356 MISC |
| eltex — esp-200_firmware | An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0. | 2018-08-17 | not yet calculated | CVE-2018-15360 MISC |
| eltex — esp-200_firmware | An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0. | 2018-08-17 | not yet calculated | CVE-2018-15358 MISC |
| eltex — esp-200_firmware | An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0. | 2018-08-17 | not yet calculated | CVE-2018-15357 MISC |
| eltex — esp-200_firmware | An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0. | 2018-08-17 | not yet calculated | CVE-2018-15359 MISC |
| embedthis — goahead_and_appweb | An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted “Host” header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ‘]’ character in an IPv6 address. | 2018-08-17 | not yet calculated | CVE-2018-15505 MISC MISC MISC |
| embedthis — goahead_and_appweb | An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11. | 2018-08-17 | not yet calculated | CVE-2018-15504 MISC MISC MISC |
| ericsson-lg — ipecs_nms_30m | Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs. | 2018-08-15 | not yet calculated | CVE-2018-15138 EXPLOIT-DB |
| ethereum — all_for_one_game | The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the _seed value can be retrieved with a getStorageAt call. Therefore, it allows attackers to always win and get rewards. | 2018-08-15 | not yet calculated | CVE-2018-12056 MISC |
| ethereum — bitcoin_red_token | An integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red (BTCR), an Ethereum ERC20 token, allows the owner to accomplish an unauthorized increase of digital assets by providing a large address[] array, as exploited in the wild in May 2018, aka the “ownerUnderflow” issue. | 2018-08-15 | not yet calculated | CVE-2018-11687 MISC |
| f5 — big-ip | The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or assume super-user privileges on the local client host. | 2018-08-17 | not yet calculated | CVE-2018-5546 SECTRACK CONFIRM |
| f5 — big-ip | Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature displays a certificate user interface dialog box which contains the link to the certificate policy. By clicking on the link, unprivileged users can open additional dialog boxes and get access to the local machine windows explorer which can be used to get administrator privilege. Windows Logon Integration is vulnerable when the APM client is installed by an administrator on a user machine. Users accessing the local machine can get administrator privileges | 2018-08-17 | not yet calculated | CVE-2018-5547 SECTRACK CONFIRM |
| flintcms — flintcms | A privilege escalation detected in flintcms versions | 2018-08-17 | not yet calculated | CVE-2018-3783 MISC |
| git-dummy-commit — git-dummy-commit | A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter. | 2018-08-17 | not yet calculated | CVE-2018-3785 MISC |
| gnome — display_manager | The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution. | 2018-08-14 | not yet calculated | CVE-2018-14424 CONFIRM UBUNTU DEBIAN |
| ks_mobile– live.me_app_for_android | Live.me – live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. | 2018-08-15 | not yet calculated | CVE-2017-13107 CERT-VN |
| cheetah_mobile– cm_launcher_3d_app_for_android | Cheetahmobile CM Launcher 3D – Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. | 2018-08-15 | not yet calculated | CVE-2017-13106 CERT-VN |
| hawk_mobile_hi_security_labs — hi_security_virus_cleaner_app_for_android | Hi Security Virus Cleaner – Antivirus, Booster, 3.7.1.1329, 2017-09-13, Android application accepts all SSL certificates during SSL communication. This opens the application up to a man-in-the-middle attack having all of its encrypted traffic intercepted and read by an attacker. | 2018-08-15 | not yet calculated | CVE-2017-13105 CERT-VN |
| psafe_tools — dfndr_security_app_for_android | DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. | 2018-08-15 | not yet calculated | CVE-2017-13108 CERT-VN |
| hikvision — ip_cameras | A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices. Due to the insufficient input validation, successful exploit can corrupt memory and lead to arbitrary code execution or crash the process. | 2018-08-13 | not yet calculated | CVE-2018-6414 CONFIRM |
| hp — multiple_inkjet_printers | A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a static buffer overflow, which could allow remote code execution. | 2018-08-13 | not yet calculated | CVE-2018-5925 BID SECTRACK MISC HP |
| hp — multiple_inkjet_printers | A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack buffer overflow, which could allow remote code execution. | 2018-08-13 | not yet calculated | CVE-2018-5924 BID SECTRACK MISC HP |
| hpe — multiple_products | A security vulnerability in HPE Integrated Lights-Out 3 prior to v1.90, iLO 4 prior to v2.60, iLO 5 prior to v1.30, Moonshot Chassis Manager firmware prior to v1.58, and Moonshot Component Pack prior to v2.55 could be remotely exploited to create a denial of service. | 2018-08-14 | not yet calculated | CVE-2018-7093 SECTRACK CONFIRM |
| hpe — officeconnect_1810_switch_series | A potential security vulnerability has been identified in HPE OfficeConnect 1810 Switch Series (HP 1810-24G – P.2.22 and previous versions, HP 1810-48G PK.1.34 and previous versions, HP 1810-8 v2 P.2.22 and previous versions). The vulnerability could allow local disclosure of sensitive information. | 2018-08-14 | not yet calculated | CVE-2018-7100 SECTRACK CONFIRM |
| hpe — xp_p9000_command_view_advanced_edition | A security vulnerability in HPE XP P9000 Command View Advanced Edition (CVAE) Device Manager (DevMgr 8.5.0-00 and prior to 8.6.0-00), Configuration Manager (CM 8.5.0-00 and prior to 8.6.0-00) could be exploited to allow local and remote unauthorized access to sensitive information. | 2018-08-14 | not yet calculated | CVE-2018-7077 CONFIRM |
| ibm — api_connect | IBM API Connect’s Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370. | 2018-08-16 | not yet calculated | CVE-2018-1712 XF CONFIRM |
| ibm — maximo_asset_management | IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147003. | 2018-08-16 | not yet calculated | CVE-2018-1715 XF CONFIRM |
| ibm — rational_clearquest | IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353. | 2018-08-13 | not yet calculated | CVE-2016-2922 XF CONFIRM |
| ibm — security_access_manager_for enterprise_single_sign_on | IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 134913. | 2018-08-17 | not yet calculated | CVE-2017-1732 CONFIRM XF |
| ibm — tivoli_application_dependency_discovery_manager | IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 11029. | 2018-08-15 | not yet calculated | CVE-2018-1455 XF CONFIRM |
| ibm — urbancode_deploy | IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter UCD deployments. IBM X-Force ID: 135522. | 2018-08-13 | not yet calculated | CVE-2017-1749 XF CONFIRM |
|
ibm — urbancode_deploy |
Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147. | 2018-08-13 | not yet calculated | CVE-2017-1286 XF CONFIRM |
| intelbras — win_240 | A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login. | 2018-08-15 | not yet calculated | CVE-2018-10369 MISC |
| jetbrains — dotpeek_and_resharper_ultimate | JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data. | 2018-08-13 | not yet calculated | CVE-2018-14878 CONFIRM MISC |
| keycloak — keycloak | It was found that an authenticated user could manipulate user session information to trigger an infinite loop in keycloak. A malicious user could use this flaw to conduct a denial of service attack against the server. | 2018-08-13 | not yet calculated | CVE-2018-10842 CONFIRM |
| kraftway — 24f2xg_router_firmware | Denial of service via crafting malicious link and sending it to a privileged user can cause Denial of Service in Kraftway 24F2XG Router firmware version 3.5.30.1118. | 2018-08-17 | not yet calculated | CVE-2018-15351 MISC |
| kraftway — 24f2xg_router_firmware | An attacker with low privileges can cause denial of service in Kraftway 24F2XG Router firmware version 3.5.30.1118. | 2018-08-17 | not yet calculated | CVE-2018-15352 MISC |
| kraftway — 24f2xg_router_firmware | A Buffer Overflow exploited through web interface by remote attacker can cause remote code execution in Kraftway 24F2XG Router firmware 3.5.30.1118. | 2018-08-17 | not yet calculated | CVE-2018-15353 MISC |
| kraftway — 24f2xg_router_firmware | A Buffer Overflow exploited through web interface by remote attacker can cause denial of service in Kraftway 24F2XG Router firmware 3.5.30.1118. | 2018-08-17 | not yet calculated | CVE-2018-15354 MISC |
| kraftway — 24f2xg_router_firmware | Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote attackers to get privileged access to the router. | 2018-08-17 | not yet calculated | CVE-2018-15350 MISC |
| kraftway — 24f2xg_router_firmware | Usage of SSLv2 and SSLv3 leads to transmitted data decryption in Kraftway 24F2XG Router firmware 3.5.30.1118. | 2018-08-17 | not yet calculated | CVE-2018-15355 MISC |
| lg — android_devices | Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004. | 2018-08-17 | not yet calculated | CVE-2018-14982 CONFIRM |
| lg — android_devices | Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006. | 2018-08-17 | not yet calculated | CVE-2018-15482 CONFIRM |
| lg — android_devices | Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. The LG ID is LVE-SMP-180005. | 2018-08-17 | not yet calculated | CVE-2018-14981 CONFIRM |
| libcgroup — libcgroup | libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. | 2018-08-14 | not yet calculated | CVE-2018-14348 SUSE CONFIRM FEDORA CONFIRM |
| libgit2 — libgit2 | In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol “ng” packet that lacks a ‘�’ byte to trigger an out-of-bounds read that leads to DoS. | 2018-08-17 | not yet calculated | CVE-2018-15501 MISC MISC MISC MISC MISC MISC |
| libxml2 — libxml2 | libxml2 2.9.8, if –with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. | 2018-08-16 | not yet calculated | CVE-2018-14567 CONFIRM UBUNTU |
| litecart — litecart | admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods&doc=vqmods request. | 2018-08-16 | not yet calculated | CVE-2018-12256 CONFIRM CONFIRM |
| man-cgi — man-cgi | man-cgi before 1.16 allows Local File Inclusion via absolute path traversal, as demonstrated by a cgi-bin/man-cgi?/etc/passwd URI. | 2018-08-14 | not yet calculated | CVE-2018-14429 MISC BUGTRAQ |
| medtronic — minimed_508_insulin_pump | Medtronic MMT 508 MiniMed insulin pump, 522 / MMT – 722 Paradigm REAL-TIME, 523 / MMT – 723 Paradigm Revel, 523K / MMT – 723K Paradigm Revel, and 551 / MMT – 751 MiniMed 530G The models identified above, when paired with a remote controller and having the “easy bolus” and “remote bolus” options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery. | 2018-08-13 | not yet calculated | CVE-2018-14781 BID MISC |
| medtronic — minimed_508_insulin_pump | Medtronic MMT 508 MiniMed insulin pump, 522 / MMT – 722 Paradigm REAL-TIME, 523 / MMT – 723 Paradigm Revel, 523K / MMT – 723K Paradigm Revel, and 551 / MMT – 751 MiniMed 530G communications between the pump and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers. | 2018-08-13 | not yet calculated | CVE-2018-10634 BID MISC |
| microsoft — .net_framework | An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments, aka “.NET Framework Information Disclosure Vulnerability.” This affects Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2. | 2018-08-15 | not yet calculated | CVE-2018-8360 BID SECTRACK CONFIRM |
| microsoft — chakracore | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka “Chakra Scripting Engine Memory Corruption Vulnerability.” This affects ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8381. | 2018-08-15 | not yet calculated | CVE-2018-8384 BID CONFIRM |
| microsoft — chakracore | A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability.” This affects ChakraCore. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. | 2018-08-15 | not yet calculated | CVE-2018-8359 BID SECTRACK CONFIRM |
| microsoft — chakracore_and_edge | A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389. | 2018-08-15 | not yet calculated | CVE-2018-8390 BID SECTRACK CONFIRM |
| microsoft — chakracore_and_edge | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka “Chakra Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8384. | 2018-08-15 | not yet calculated | CVE-2018-8381 BID SECTRACK CONFIRM |
| microsoft — chakracore_and_edge | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka “Chakra Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8381, CVE-2018-8384. | 2018-08-15 | not yet calculated | CVE-2018-8380 BID SECTRACK CONFIRM |
| microsoft — multiple_products | A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka “Scripting Engine Memory Corruption Vulnerability.” This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. | 2018-08-15 | not yet calculated | CVE-2018-8355 BID SECTRACK CONFIRM |
| microsoft — multiple_products | A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka “Scripting Engine Memory Corruption Vulnerability.” This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. | 2018-08-15 | not yet calculated | CVE-2018-8372 BID SECTRACK CONFIRM |
| microsoft — edge | A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka “Microsoft Edge Memory Corruption Vulnerability.” This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8387. | 2018-08-15 | not yet calculated | CVE-2018-8377 BID CONFIRM |
| microsoft — edge | A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests, aka “Microsoft Edge Security Feature Bypass Vulnerability.” This affects Microsoft Edge. | 2018-08-15 | not yet calculated | CVE-2018-8358 BID SECTRACK CONFIRM |
| microsoft — edge | A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka “Microsoft Edge Spoofing Vulnerability.” This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8383. | 2018-08-15 | not yet calculated | CVE-2018-8388 BID SECTRACK CONFIRM |
| microsoft — edge | A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka “Microsoft Edge Spoofing Vulnerability.” This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8388. | 2018-08-15 | not yet calculated | CVE-2018-8383 BID SECTRACK CONFIRM |
| microsoft — edge | A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka “Microsoft Edge Memory Corruption Vulnerability.” This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8377. | 2018-08-15 | not yet calculated | CVE-2018-8387 BID CONFIRM |
| microsoft — edge | A information disclosure vulnerability exists when WebAudio Library improperly handles audio requests, aka “Microsoft Edge Information Disclosure Vulnerability.” This affects Microsoft Edge. | 2018-08-15 | not yet calculated | CVE-2018-8370 BID SECTRACK CONFIRM |
| microsoft — edge_and_chakracore | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka “Chakra Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8380, CVE-2018-8381, CVE-2018-8384. | 2018-08-15 | not yet calculated | CVE-2018-8266 BID SECTRACK CONFIRM |
| microsoft — excel | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka “Microsoft Excel Remote Code Execution Vulnerability.” This affects Microsoft Excel. This CVE ID is unique from CVE-2018-8375. | 2018-08-15 | not yet calculated | CVE-2018-8379 BID SECTRACK CONFIRM |
| microsoft — multiple_products | An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka “Microsoft Excel Information Disclosure Vulnerability.” This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. | 2018-08-15 | not yet calculated | CVE-2018-8382 BID SECTRACK CONFIRM |
| microsoft — multiple_products | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka “Microsoft Excel Remote Code Execution Vulnerability.” This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8379. | 2018-08-15 | not yet calculated | CVE-2018-8375 BID SECTRACK CONFIRM |
| microsoft — exchange_server | A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka “Microsoft Exchange Server Tampering Vulnerability.” This affects Microsoft Exchange Server. | 2018-08-15 | not yet calculated | CVE-2018-8374 BID SECTRACK CONFIRM |
| microsoft — exchange_server | A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka “Microsoft Exchange Memory Corruption Vulnerability.” This affects Microsoft Exchange Server. | 2018-08-15 | not yet calculated | CVE-2018-8302 BID SECTRACK CONFIRM |
| microsoft — internet_explorer | A remote code execution vulnerability exists when Internet Explorer improperly validates hyperlinks before loading executable libraries, aka “Internet Explorer Remote Code Execution Vulnerability.” This affects Internet Explorer 11, Internet Explorer 10. | 2018-08-15 | not yet calculated | CVE-2018-8316 BID SECTRACK CONFIRM |
| microsoft — internet_explorer_and_edge | An elevation of privilege vulnerability exists in Microsoft browsers allowing sandbox escape, aka “Microsoft Browser Elevation of Privilege Vulnerability.” This affects Internet Explorer 11, Microsoft Edge. | 2018-08-15 | not yet calculated | CVE-2018-8357 BID SECTRACK CONFIRM |
| microsoft — multiple_products | A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka “Microsoft Browser Memory Corruption Vulnerability.” This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10. | 2018-08-15 | not yet calculated | CVE-2018-8403 BID SECTRACK CONFIRM |
| microsoft — internet_explorer | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. | 2018-08-15 | not yet calculated | CVE-2018-8371 BID SECTRACK CONFIRM |
| microsoft — internet_explorer | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8390. | 2018-08-15 | not yet calculated | CVE-2018-8389 BID SECTRACK CONFIRM |
| microsoft — internet_explorer | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. | 2018-08-15 | not yet calculated | CVE-2018-8353 BID SECTRACK CONFIRM |
| microsoft — internet_explorer | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. | 2018-08-15 | not yet calculated | CVE-2018-8373 BID SECTRACK CONFIRM |
| microsoft — multiple_products | An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka “Windows NDIS Elevation of Privilege Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8342. | 2018-08-15 | not yet calculated | CVE-2018-8343 BID SECTRACK CONFIRM |
| microsoft — multiple_products | A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka “LNK Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8346. | 2018-08-15 | not yet calculated | CVE-2018-8345 BID SECTRACK CONFIRM |
| microsoft — multiple_products | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka “Win32k Elevation of Privilege Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8399. | 2018-08-15 | not yet calculated | CVE-2018-8404 BID SECTRACK CONFIRM |
| microsoft — multiple_products | A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka “Microsoft Graphics Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-08-15 | not yet calculated | CVE-2018-8344 BID SECTRACK CONFIRM |
| microsoft — multiple_products | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka “Windows GDI Information Disclosure Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8396, CVE-2018-8398. | 2018-08-15 | not yet calculated | CVE-2018-8394 BID SECTRACK CONFIRM |
| microsoft — multiple_products | An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka “DirectX Graphics Kernel Elevation of Privilege Vulnerability.” This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8406. | 2018-08-15 | not yet calculated | CVE-2018-8405 BID SECTRACK CONFIRM |
| microsoft — multiple_products | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka “Windows Kernel Information Disclosure Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8348. | 2018-08-15 | not yet calculated | CVE-2018-8341 BID CONFIRM |
| microsoft — multiple_products | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka “Windows Kernel Information Disclosure Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8341. | 2018-08-15 | not yet calculated | CVE-2018-8348 BID CONFIRM |
| microsoft — multiple_products | An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka “Microsoft Office Information Disclosure Vulnerability.” This affects Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint, Microsoft Office. | 2018-08-15 | not yet calculated | CVE-2018-8378 BID CONFIRM |
| microsoft — multiple_products | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka “Windows GDI Information Disclosure Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8394, CVE-2018-8396. | 2018-08-15 | not yet calculated | CVE-2018-8398 BID SECTRACK CONFIRM |
| microsoft — multiple_products | An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior, aka “Windows Installer Elevation of Privilege Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-08-15 | not yet calculated | CVE-2018-8339 BID SECTRACK CONFIRM |
| microsoft — multiple_products | A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Internet Explorer 9, ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8389, CVE-2018-8390. | 2018-08-15 | not yet calculated | CVE-2018-8385 BID SECTRACK CONFIRM |
| microsoft — multiple_products | A remote code execution vulnerability exists in “Microsoft COM for Windows” when it fails to properly handle serialized objects, aka “Microsoft COM for Windows Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-08-15 | not yet calculated | CVE-2018-8349 BID SECTRACK CONFIRM |
| microsoft — office | An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka “Microsoft (MAU) Office Elevation of Privilege Vulnerability.” This affects Microsoft Office. | 2018-08-15 | not yet calculated | CVE-2018-8412 BID SECTRACK CONFIRM |
| microsoft — powerpoint | A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka “Microsoft PowerPoint Remote Code Execution Vulnerability.” This affects Microsoft PowerPoint. | 2018-08-15 | not yet calculated | CVE-2018-8376 BID SECTRACK CONFIRM |
| microsoft — sql_server | A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system, aka “Microsoft SQL Server Remote Code Execution Vulnerability.” This affects Microsoft SQL Server. | 2018-08-15 | not yet calculated | CVE-2018-8273 BID SECTRACK CONFIRM |
| microsoft — windows_10_servers_and_windows_10 | A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory, aka “Windows PDF Remote Code Execution Vulnerability.” This affects Windows 10 Servers, Windows 10. | 2018-08-15 | not yet calculated | CVE-2018-8350 BID SECTRACK CONFIRM |
| microsoft — multiple_products | An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction, aka “Microsoft Browser Information Disclosure Vulnerability.” This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10. | 2018-08-15 | not yet calculated | CVE-2018-8351 BID SECTRACK CONFIRM |
| microsoft — windows_10_servers_and_windows_10 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka “Win32k Elevation of Privilege Vulnerability.” This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8404. | 2018-08-15 | not yet calculated | CVE-2018-8399 BID SECTRACK CONFIRM |
| microsoft — windows_10_servers_and_windows_10 | A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka “Windows Shell Remote Code Execution Vulnerability.” This affects Windows 10 Servers, Windows 10. | 2018-08-15 | not yet calculated | CVE-2018-8414 BID SECTRACK CONFIRM |
| microsoft — windows_10_servers_and_windows_10 | An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka “DirectX Graphics Kernel Elevation of Privilege Vulnerability.” This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8401, CVE-2018-8405, CVE-2018-8406. | 2018-08-15 | not yet calculated | CVE-2018-8400 BID SECTRACK CONFIRM |
| microsoft — windows_7_and_windows_server_2008_r2 | An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka “Windows NDIS Elevation of Privilege Vulnerability.” This affects Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8343. | 2018-08-15 | not yet calculated | CVE-2018-8342 BID SECTRACK CONFIRM |
| microsoft — multiple_products | A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka “LNK Remote Code Execution Vulnerability.” This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8345. | 2018-08-15 | not yet calculated | CVE-2018-8346 BID SECTRACK CONFIRM |
| microsoft — multiple_products | A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka “GDI+ Remote Code Execution Vulnerability.” This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. | 2018-08-15 | not yet calculated | CVE-2018-8397 BID SECTRACK CONFIRM |
| microsoft — multiple_products | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka “Windows GDI Information Disclosure Vulnerability.” This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8394, CVE-2018-8398. | 2018-08-15 | not yet calculated | CVE-2018-8396 BID SECTRACK CONFIRM |
| microsoft — windows_server_2016_and_windows_10 | An elevation of privilege vulnerability exists when Microsoft Cortana allows arbitrary website browsing on the lockscreen, aka “Microsoft Cortana Elevation of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10. | 2018-08-15 | not yet calculated | CVE-2018-8253 BID SECTRACK CONFIRM |
| microsoft — multiple_products | A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka “Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.” This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8204. | 2018-08-15 | not yet calculated | CVE-2018-8200 BID SECTRACK CONFIRM |
| microsoft — multiple_products | A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka “Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.” This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8200. | 2018-08-15 | not yet calculated | CVE-2018-8204 BID SECTRACK CONFIRM |
| microsoft — multiple_products | An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links, aka “Windows Kernel Elevation of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 2018-08-15 | not yet calculated | CVE-2018-8347 BID CONFIRM |
| microsoft — multiple_products | An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka “DirectX Graphics Kernel Elevation of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8405, CVE-2018-8406. | 2018-08-15 | not yet calculated | CVE-2018-8401 BID SECTRACK CONFIRM |
| microsoft — multiple_products | An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka “DirectX Graphics Kernel Elevation of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8405. | 2018-08-15 | not yet calculated | CVE-2018-8406 BID SECTRACK CONFIRM |
| microsoft — multiple_products | A security feature bypass vulnerability exists when Active Directory Federation Services (AD FS) improperly handles multi-factor authentication requests, aka “AD FS Security Feature Bypass Vulnerability.” This affects Windows Server 2016, Windows Server 2012 R2, Windows 10 Servers. | 2018-08-15 | not yet calculated | CVE-2018-8340 BID SECTRACK CONFIRM |
| microsoft – multiple_products | An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka “Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10, Microsoft Visual Studio, Windows 10 Servers. | 2018-08-15 | not yet calculated | CVE-2018-0952 BID SECTRACK CONFIRM |
| monstra — cms | Multiple cross-site scripting (XSS) vulnerabilities in Monstra CMS 3.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name field in the edit profile page. | 2018-08-14 | not yet calculated | CVE-2018-14922 MISC MISC EXPLOIT-DB |
| multiple_vendors — bios_firmware | An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can clear TPM 2.0. It allows local users to overwrite static PCRs of TPM and neutralize the security features of it, such as seal/unseal and remote attestation. | 2018-08-17 | not yet calculated | CVE-2018-6622 MISC |
| multiple_vendors — multiple_products | mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the “Dynamic base” PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are vulnerable to return-oriented programming (ROP) attacks. Windows executables generated by mingw-w64 claim to be ASLR compatible, but are not. Vulnerabilities in such executables are more easily exploitable as a result. | 2018-08-14 | not yet calculated | CVE-2018-5392 CERT-VN |
| mybb — mybb | inc/plugins/thankyoulike.php in the Eldenroot Thank You/Like plugin before 3.1.0 for MyBB allows XSS via a post or thread subject. | 2018-08-14 | not yet calculated | CVE-2018-14888 MISC CONFIRM CONFIRM EXPLOIT-DB |
| nasdaq — bwise | The JMX/RMI interface in Nasdaq BWise 5.0 does not require authentication for an SAP BO Component, which allows remote attackers to execute arbitrary code via a session on port 81. | 2018-08-15 | not yet calculated | CVE-2018-11247 FULLDISC |
| netcomm_wireless — g_lte_light_industrial_m2m_router | NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device allows access to configuration files and profiles without authenticating the user. | 2018-08-10 | not yet calculated | CVE-2018-14782 BID MISC |
| netcomm_wireless — g_lte_light_industrial_m2m_router | NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device is vulnerable to several cross-site scripting attacks, allowing a remote attacker to run arbitrary code on the device. | 2018-08-10 | not yet calculated | CVE-2018-14784 BID MISC |
| netcomm_wireless — g_lte_light_industrial_m2m_router | NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The directory of the device is listed openly without authentication. | 2018-08-10 | not yet calculated | CVE-2018-14785 BID MISC |
| netcomm_wireless — g_lte_light_industrial_m2m_router | NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. A cross-site request forgery condition can occur, allowing an attacker to change passwords of the device remotely. | 2018-08-10 | not yet calculated | CVE-2018-14783 BID MISC |
| nextcloud — server | A missing sanitization of search results for an autocomplete field in NextCloud Server | 2018-08-13 | not yet calculated | CVE-2018-3780 MISC CONFIRM |
| nextcloud — server | Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication. | 2018-08-12 | not yet calculated | CVE-2018-3775 MISC CONFIRM |
| nextcloud — server | Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker’s actions not being logged in the audit log. | 2018-08-12 | not yet calculated | CVE-2018-3776 MISC CONFIRM |
| nextcloud — talk | A missing sanitization of search results for an autocomplete field in NextCloud Talk | 2018-08-13 | not yet calculated | CVE-2018-3781 MISC CONFIRM |
| openemr — openemr | SQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the ‘text’ parameter. | 2018-08-15 | not yet calculated | CVE-2018-15148 CONFIRM MISC MISC CONFIRM |
| openemr — openemr | Multiple SQL injection vulnerabilities in portal/find_appt_popup_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) catid or (2) providerid parameter. | 2018-08-13 | not yet calculated | CVE-2018-15143 CONFIRM MISC |
| openemr — openemr | Multiple SQL injection vulnerabilities in portal/add_edit_event_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) eid, (2) userid, or (3) pid parameter. | 2018-08-13 | not yet calculated | CVE-2018-15145 CONFIRM MISC |
| openemr — openemr | SQL injection vulnerability in interface/de_identification_forms/de_identification_screen2.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the ‘temporary_files_dir’ variable in interface/super/edit_globals.php. | 2018-08-15 | not yet calculated | CVE-2018-15150 CONFIRM MISC MISC CONFIRM |
| openemr — openemr | SQL injection vulnerability in interface/forms/eye_mag/php/Anything_simple.php from library/forms.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the ‘encounter’ parameter. | 2018-08-15 | not yet calculated | CVE-2018-15149 CONFIRM MISC MISC CONFIRM |
| openemr — openemr | Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory. | 2018-08-13 | not yet calculated | CVE-2018-15139 CONFIRM MISC |
| openemr — openemr | SQL injection vulnerability in interface/de_identification_forms/find_immunization_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the ‘search_term’ parameter. | 2018-08-15 | not yet calculated | CVE-2018-15146 CONFIRM MISC MISC CONFIRM |
| openemr — openemr | SQL injection vulnerability in interface/forms_admin/forms_admin.php from library/registry.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the ‘id’ parameter. | 2018-08-15 | not yet calculated | CVE-2018-15147 CONFIRM MISC MISC CONFIRM |
| openemr — openemr | Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the “docid” and “content” parameters and accessing it in the traversed directory. | 2018-08-13 | not yet calculated | CVE-2018-15142 CONFIRM MISC EXPLOIT-DB |
| openemr — openemr | Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php, (5) portal/get_lab_results.php, (6) portal/get_medications.php, (7) portal/get_patient_documents.php, (8) portal/get_problems.php, (9) portal/get_profile.php, (10) portal/portal_payment.php, (11) portal/messaging/messages.php, (12) portal/messaging/secure_chat.php, (13) portal/report/pat_ledger.php, (14) portal/report/portal_custom_report.php, or (15) portal/report/portal_patient_report.php without authenticating as a patient. | 2018-08-15 | not yet calculated | CVE-2018-15152 CONFIRM MISC MISC CONFIRM |
| openemr — openemr | SQL injection vulnerability in interface/de_identification_forms/find_drug_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the search_term parameter. | 2018-08-13 | not yet calculated | CVE-2018-15144 CONFIRM MISC |
| openemr — openemr | SQL injection vulnerability in interface/de_identification_forms/find_code_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the ‘search_term’ parameter. | 2018-08-15 | not yet calculated | CVE-2018-15151 CONFIRM MISC MISC CONFIRM |
| openemr — openemr | OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/fax_dispatch.php after modifying the “hylafax_enscript” global variable in interface/super/edit_globals.php. | 2018-08-15 | not yet calculated | CVE-2018-15155 CONFIRM MISC MISC CONFIRM |
| openemr — openemr | OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/billing/sl_eob_search.php after modifying the “print_command” global variable in interface/super/edit_globals.php. | 2018-08-15 | not yet calculated | CVE-2018-15154 CONFIRM MISC MISC CONFIRM |
| openemr — openemr | OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/main/daemon_frame.php after modifying the “hylafax_server” global variable in interface/super/edit_globals.php. | 2018-08-15 | not yet calculated | CVE-2018-15153 CONFIRM MISC MISC EXPLOIT-DB CONFIRM |
| openemr — openemr | OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/faxq.php after modifying the “hylafax_server” global variable in interface/super/edit_globals.php. | 2018-08-15 | not yet calculated | CVE-2018-15156 CONFIRM MISC MISC CONFIRM |
| openemr — openemr | Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the “docid” parameter when the mode is set to get. | 2018-08-13 | not yet calculated | CVE-2018-15140 CONFIRM MISC EXPLOIT-DB |
| openemr — openemr | Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the “docid” parameter when the mode is set to delete. | 2018-08-13 | not yet calculated | CVE-2018-15141 CONFIRM MISC EXPLOIT-DB |
| openssh — openssh | OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. | 2018-08-17 | not yet calculated | CVE-2018-15473 MISC SECTRACK MISC MISC |
| oracle — database_server | A vulnerability was discovered in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | 2018-08-10 | not yet calculated | CVE-2018-3110 CONFIRM BID |
| palo_alto_networks — pan-os | The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. PAN-OS 6.1, PAN-OS 7.1 and PAN-OS 8.0 are NOT affected. | 2018-08-16 | not yet calculated | CVE-2018-10140 BID CONFIRM |
| palo_alto_networks — pan-os | The PAN-OS response page for GlobalProtect in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT affected. | 2018-08-16 | not yet calculated | CVE-2018-10139 BID CONFIRM |
| pimcore — pimcore | Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the “Settings > Users / Roles” function. | 2018-08-17 | not yet calculated | CVE-2018-14057 MISC FULLDISC EXPLOIT-DB MISC |
| pimcore — pimcore | Pimcore before 5.3.0 allows SQL Injection via the REST web service API. | 2018-08-17 | not yet calculated | CVE-2018-14058 MISC FULLDISC EXPLOIT-DB MISC |
| plex — media_server | In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running Plex, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains. | 2018-08-13 | not yet calculated | CVE-2018-13415 FULLDISC EXPLOIT-DB |
| progress — telerik_justassembly | An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or EXE) with an embedded resource file by clicking on the resource. | 2018-08-16 | not yet calculated | CVE-2018-15122 CONFIRM CONFIRM |
|
pulp — pulp |
pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the ‘apache’ user. This may lead to overwrite of published content on other iso repositories. | 2018-08-15 | not yet calculated | CVE-2018-10917 CONFIRM |
| red_hat — jboss_core_services | libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483. | 2018-08-16 | not yet calculated | CVE-2016-9598 REDHAT CONFIRM |
|
red_hat — jboss_core_services |
libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627. | 2018-08-16 | not yet calculated | CVE-2016-9596 CONFIRM |
| red_hat — openshift_enterprise | The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens. | 2018-08-13 | not yet calculated | CVE-2017-15138 REDHAT CONFIRM |
| redhat — red_hat_certification | An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be opened and never closed, possibly producing a Denial of Service. | 2018-08-13 | not yet calculated | CVE-2018-10864 REDHAT CONFIRM |
| responsive_filemanager — responsive_filemanager | /filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value. | 2018-08-17 | not yet calculated | CVE-2018-15495 MISC MISC |
| rpm-software-management — rpm | It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege. | 2018-08-13 | not yet calculated | CVE-2017-7500 CONFIRM CONFIRM CONFIRM |
| sap — businessobjects_business_intelligence | In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid. | 2018-08-14 | not yet calculated | CVE-2018-2442 BID MISC CONFIRM |
| sap — businessobjects_business_intelligence | AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability. | 2018-08-14 | not yet calculated | CVE-2018-2445 BID MISC CONFIRM |
| sap — businessobjects_business_intelligence | Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure. | 2018-08-14 | not yet calculated | CVE-2018-2446 BID MISC CONFIRM |
| sap — businessobjects_business_intelligence | SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), version 4.2, allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database. | 2018-08-14 | not yet calculated | CVE-2018-2447 BID MISC CONFIRM |
| sap — businessobjects_business_intelligence | Admin tools in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, allows an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure. | 2018-08-14 | not yet calculated | CVE-2018-2448 BID MISC CONFIRM |
| sap — businessobjects_financial_consolidation | SAP BusinessObjects Financial Consolidation, versions 10.0, 10.1, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 2018-08-14 | not yet calculated | CVE-2018-2444 BID MISC CONFIRM |
| sap — change_and_transport_system_and_kernel | Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted. | 2018-08-14 | not yet calculated | CVE-2018-2441 BID MISC CONFIRM |
| sap — hana_extended_application_services | XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding authorizations have been revoked meanwhile by an administrator user. Similarly, an attacker who managed to gain access to the platform user’s session might misuse the session token even after the session has been closed. | 2018-08-14 | not yet calculated | CVE-2018-2451 BID MISC CONFIRM |
| sap — maxdb | SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who gets DBM operator privileges to execute crafted database queries and therefore read, modify or delete sensitive data from database. | 2018-08-14 | not yet calculated | CVE-2018-2450 BID MISC CONFIRM |
| sap — srm_mdm_catalog | SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) – import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying. | 2018-08-14 | not yet calculated | CVE-2018-2449 BID MISC CONFIRM |
| sentinel — license_manager | A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification. | 2018-08-17 | not yet calculated | CVE-2018-15492 MISC MISC |
| sony — ipela_e_series_camera_g5_firmware | An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST request to trigger this vulnerability. | 2018-08-14 | not yet calculated | CVE-2018-3938 MISC |
| sony — ipela_e_series_network_camera_g5_firmware | An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability. | 2018-08-14 | not yet calculated | CVE-2018-3937 MISC |
| spice — spice | A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. | 2018-08-17 | not yet calculated | CVE-2018-10873 CONFIRM CONFIRM |
| swoole — swoole | The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV. | 2018-08-17 | not yet calculated | CVE-2018-15503 MISC MISC |
| tiki — tiki | Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image. | 2018-08-13 | not yet calculated | CVE-2018-14850 MLIST MLIST CONFIRM |
| tiki — tiki | Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php. | 2018-08-13 | not yet calculated | CVE-2018-14849 MLIST MLIST CONFIRM |
| tp-link — wr840n_devices | TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header. | 2018-08-15 | not yet calculated | CVE-2018-15172 MISC EXPLOIT-DB |
| trend_micro — control_manager | A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS). | 2018-08-15 | not yet calculated | CVE-2018-10512 CONFIRM |
| trend_micro — control_manager | A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations. | 2018-08-15 | not yet calculated | CVE-2018-10511 CONFIRM |
| trend_micro — control_manager | A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations. | 2018-08-15 | not yet calculated | CVE-2018-10510 CONFIRM |
| unshiftio — url-parse | Incorrect parsing in url-parse | 2018-08-12 | not yet calculated | CVE-2018-3774 CONFIRM CONFIRM MISC |
| valeuraddons — german_spelling_dictionary | A cross-site scripting (XSS) vulnerability was found in valeuraddons German Spelling Dictionary v1.3 (an Opera Browser add-on). Instead of providing text for a spelling check, remote attackers may inject arbitrary web script or HTML via the ajax query parameter in the URL Address Bar. | 2018-08-13 | not yet calculated | CVE-2018-12587 MISC MISC |
| vmware — horizon_and_horizon_client | VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesn’t apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems. | 2018-08-13 | not yet calculated | CVE-2018-6970 BID SECTRACK CONFIRM |
| vmware — workstation_and_fusion | VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host. | 2018-08-15 | not yet calculated | CVE-2018-6973 BID SECTRACK CONFIRM |
| vuze — bittorrent_client | In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running Vuze, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains. | 2018-08-13 | not yet calculated | CVE-2018-13417 FULLDISC EXPLOIT-DB |
| wordpress — wordpress | In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then execute the file. This represents a security risk in limited scenarios where an attacker (who does have the required capabilities for plugin uploads) cannot simply place arbitrary PHP code into a valid plugin ZIP file and upload that plugin, because a machine’s wp-content/plugins directory permissions were set up to block all new plugins. | 2018-08-10 | not yet calculated | CVE-2018-14028 BID MISC MISC MISC |
| xen — xen | An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service. | 2018-08-17 | not yet calculated | CVE-2018-15468 MISC |
| xen — xen | An issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting in subsequent grant-related hypercalls hitting BUG() checks. An unprivileged guest can cause a BUG() check in the hypervisor, resulting in a denial-of-service (crash). | 2018-08-17 | not yet calculated | CVE-2018-15469 MISC |
| xen — xen | An issue was discovered in Xen through 4.11.x. The logic in oxenstored for handling writes depended on the order of evaluation of expressions making up a tuple. As indicated in section 7.7.3 “Operations on data structures” of the OCaml manual, the order of evaluation of subexpressions is not specified. In practice, different implementations behave differently. Thus, oxenstored may not enforce the configured quota-maxentity. This allows a malicious or buggy guest to write as many xenstore entries as it wishes, causing unbounded memory usage in oxenstored. This can lead to a system-wide DoS. | 2018-08-17 | not yet calculated | CVE-2018-15470 MISC |
| xen — xen | An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks. | 2018-08-17 | not yet calculated | CVE-2018-15471 MISC MISC |
| yubico — piv | An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} — in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer. | 2018-08-15 | not yet calculated | CVE-2018-14780 MLIST MISC CONFIRM |
| yubico — piv | A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len – 2 > max_out) { fprintf(stderr, “Output buffer to small, wanted to write %lu, max was %lu.”, *out_len + recv_len – 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len – 2); out_data += recv_len – 2; *out_len += recv_len – 2; } {% endhighlight %} — it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy()`, but no error handling happens to avoid the `memcpy()` in such cases. This code path can be triggered with malicious data coming from a smartcard. | 2018-08-15 | not yet calculated | CVE-2018-14779 MLIST MISC CONFIRM |
| zemana — anti-logger | A vulnerability in the permission and encryption implementation of Zemana Anti-Logger 1.9.3.527 and prior (fixed in 1.9.3.602) allows an attacker to take control of the whitelisting feature (MyRules2.ini under %LOCALAPPDATA%ZemanaZALSDK) to permit execution of unauthorized applications (such as ones that record keystrokes). | 2018-08-17 | not yet calculated | CVE-2018-15491 MISC |
| zipato — zipabox | Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV – 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device. | 2018-08-13 | not yet calculated | CVE-2018-15124 MISC |
| zipato — zipabox | Insecure configuration storage in Zipato Zipabox Smart Home Controller BOARD REV – 1 with System Version -118 allows remote attacker perform new attack vectors and take under control device and smart home. | 2018-08-13 | not yet calculated | CVE-2018-15123 MISC |
| zipato — zipabox | Sensitive Information Disclosure in Zipato Zipabox Smart Home Controller allows remote attacker get sensitive information that expands attack surface. | 2018-08-13 | not yet calculated | CVE-2018-15125 MISC |
| zyxel — zywall/usg_series_devices | ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections. | 2018-08-15 | not yet calculated | CVE-2018-9129 CONFIRM MISC CONFIRM |