Vulnerability Summary for the Week of August 13, 2018

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
intel — core_i3 Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis. 2018-08-14 5.4 CVE-2018-3615
CONFIRM
CONFIRM
BID
SECTRACK
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CISCO
CONFIRM
CERT-VN
CONFIRM
intel — core_i3 Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. 2018-08-14 4.7 CVE-2018-3620
CONFIRM
CONFIRM
BID
SECTRACK
CONFIRM
CONFIRM
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
MISC
FEDORA
FEDORA
CONFIRM
FREEBSD
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CISCO
UBUNTU
UBUNTU
UBUNTU
UBUNTU
UBUNTU
DEBIAN
CONFIRM
CERT-VN
CONFIRM
intel — core_i3 Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. 2018-08-14 4.7 CVE-2018-3646
CONFIRM
CONFIRM
BID
SECTRACK
CONFIRM
CONFIRM
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
MISC
FEDORA
FEDORA
CONFIRM
FREEBSD
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CISCO
UBUNTU
UBUNTU
UBUNTU
UBUNTU
UBUNTU
DEBIAN
CONFIRM
CERT-VN
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
3par — service_processor A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow cross-site request forgery. 2018-08-14 not yet calculated CVE-2018-7097
CONFIRM
3par — service_processor A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow disclosure of privileged information. 2018-08-14 not yet calculated CVE-2018-7099
CONFIRM
3par — service_processor A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow access restriction bypass. 2018-08-14 not yet calculated CVE-2018-7095
CONFIRM
3par — service_processor A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow directory traversal. 2018-08-14 not yet calculated CVE-2018-7098
CONFIRM
3par — service_processor A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913(GA). The vulnerability may be exploited locally to allow disclosure of privileged information. 2018-08-14 not yet calculated CVE-2018-7094
CONFIRM
3par — service_processor A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow code execution. 2018-08-14 not yet calculated CVE-2018-7096
CONFIRM
apache — commons_compress When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17’s ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress’ zip package. 2018-08-16 not yet calculated CVE-2018-11771
SECTRACK
MLIST

apache — http_server

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the “Location” or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31). 2018-08-14 not yet calculated CVE-2016-4975
BID
CONFIRM
CONFIRM
apache — spark From version 1.3.0 onward, Apache Spark’s standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property ‘spark.authenticate.secret’ establishes a shared secret for authenticating requests to submit jobs via spark-submit. However, the REST API does not use this or any other authentication mechanism, and this is not adequately documented. In this case, a user would be able to run a driver program without authenticating, but not launch executors, using the REST API. This REST API is also used by Mesos, when set up to run in cluster mode (i.e., when also running MesosClusterDispatcher), for job submission. Future versions of Spark will improve documentation on these points, and prohibit setting ‘spark.authenticate.secret’ when running the REST APIs, to make this clear. Future versions will also disable the REST API by default in the standalone master by changing the default value of ‘spark.master.rest.enabled’ to ‘false’. 2018-08-13 not yet calculated CVE-2018-11770
BID
MLIST
CONFIRM
bytedance — musical.ly_app_for_ios Musical.ly Inc., musical.ly – your video social network, 6.1.6, 2017-10-03, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. 2018-08-15 not yet calculated CVE-2017-13101
CERT-VN
uber_technologies — ubereats_app_for_ios Uber Technologies, Inc. UberEATS: Uber for Food Delivery, 1.108.10001, 2017-11-02, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. 2018-08-15 not yet calculated CVE-2017-13104
CERT-VN
pinterest — pinterest_app_for_ios Pinterest, 6.37, 2017-10-24, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. 2018-08-15 not yet calculated CVE-2017-13103
CERT-VN
distinctdev — the_moron_test_app_for_ios DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. 2018-08-15 not yet calculated CVE-2017-13100
CERT-VN
gameloft — asphalt_xtreme_offroad_rally_racing_app_for_ios Gameloft Asphalt Xtreme: Offroad Rally Racing, 1.6.0, 2017-08-13, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. 2018-08-15 not yet calculated CVE-2017-13102
CERT-VN
asustor — adm ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell. 2018-08-16 not yet calculated CVE-2018-11509
MISC
EXPLOIT-DB
asustor — adm The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the ‘album_id’ or ‘scope’ parameter via a photo-gallery/api/album/tree_lists/ URI. 2018-08-16 not yet calculated CVE-2018-11511
MISC
EXPLOIT-DB
atlassian — confluence_questions The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability. 2018-08-15 not yet calculated CVE-2018-13394
CONFIRM
atlassian — confluence_questions The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability. 2018-08-15 not yet calculated CVE-2018-13393
CONFIRM
atlassian — fisheye_and_crucible Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys. 2018-08-13 not yet calculated CVE-2018-13392
BID
CONFIRM
CONFIRM
btrfsmaintenance — btrfsmaintenance An issue was discovered in evaluate_auto_mountpoint in btrfsmaintenance-functions in btrfsmaintenance through 0.4.1. Code execution as root can occur via a specially crafted filesystem label if btrfs-{scrub,balance,trim} are set to auto in /etc/sysconfig/btrfsmaintenance (this is not the default, though). 2018-08-15 not yet calculated CVE-2018-14722
MLIST
CONFIRM
cisco — asr_9000_series_aggregation_services_router_software A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input and validation checking on certain Precision Time Protocol (PTP) ingress traffic to an affected device. An attacker could exploit this vulnerability by injecting malformed traffic into an affected device. A successful exploit could allow the attacker to cause services on the device to become unresponsive, resulting in a DoS condition. Cisco Bug IDs: CSCvj22858. 2018-08-15 not yet calculated CVE-2018-0418
CISCO

cisco — asyncos_software_for_cisco_web_security_appliances

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability exists because the affected software improperly manages memory resources for TCP connections to a targeted device. An attacker could exploit this vulnerability by establishing a high number of TCP connections to the data interface of an affected device via IPv4 or IPv6. A successful exploit could allow the attacker to exhaust system memory, which could cause the system to stop processing new connections and result in a DoS condition. System recovery may require manual intervention. Cisco Bug IDs: CSCvf36610. 2018-08-15 not yet calculated CVE-2018-0410
BID
CISCO
qnap– qts Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application. 2018-08-13 not yet calculated CVE-2018-0714
CONFIRM
cisco — email_security_appliances A vulnerability in certain attachment detection mechanisms of Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected system. The vulnerability is due to the improper detection of content within executable (EXE) files. An attacker could exploit this vulnerability by sending a customized EXE file that is not recognized and blocked by the ESA. A successful exploit could allow an attacker to send email messages that contain malicious executable files to unsuspecting users. Cisco Bug IDs: CSCvh03786. 2018-08-15 not yet calculated CVE-2018-0419
CISCO
cisco — ios_software_and_ios_xe_software A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful exploit could allow the attacker to obtain the encrypted nonces. Cisco Bug IDs: CSCve77140. 2018-08-14 not yet calculated CVE-2018-0131
BID
CISCO
cisco — multiple_products A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage for all IM&P users, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious IPv4 or IPv6 packet to an affected device on TCP port 7400. An exploit could allow the attacker to overread a buffer, resulting in a crash and restart of the XCP Router service. Cisco Bug IDs: CSCvg97663, CSCvi55947. 2018-08-15 not yet calculated CVE-2018-0409
BID
BID
CISCO
cisco — registered_envelope_service A vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. Cisco Bug IDs: CVE-2018-0367. 2018-08-15 not yet calculated CVE-2018-0367
CISCO
cisco — small_business_100_and_300_series_wireless_access_points A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper processing of certain EAPOL frames. An attacker could exploit this vulnerability by sending a stream of crafted EAPOL frames to an affected device. A successful exploit could allow the attacker to force the access point (AP) to disassociate all the associated stations (STAs) and to disallow future, new association requests. Cisco Bug IDs: CSCvj97472. 2018-08-15 not yet calculated CVE-2018-0415
CISCO
cisco — small_business_100_and_300_series_wireless_access_points A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of the encryption algorithm that is used between an authenticator (access point) and a supplicant (Wi-Fi client). The vulnerability is due to the improper processing of certain EAPOL messages that are received during the Wi-Fi handshake process. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between a supplicant and an authenticator and manipulating an EAPOL message exchange to force usage of a WPA-TKIP cipher instead of the more secure AES-CCMP cipher. A successful exploit could allow the attacker to conduct subsequent cryptographic attacks, which could lead to the disclosure of confidential information. Cisco Bug IDs: CSCvj29229. 2018-08-15 not yet calculated CVE-2018-0412
CISCO
cisco — unified_communications_domain_manager_software A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on an affected system. The vulnerability is due to improper validation of input that is passed to the affected software. An attacker could exploit this vulnerability by persuading a user of the affected software to access a malicious URL. A successful exploit could allow the attacker to access sensitive, browser-based information on the affected system or perform arbitrary actions in the affected software in the security context of the user. Cisco Bug IDs: CSCvh49694. 2018-08-15 not yet calculated CVE-2018-0386
CISCO
cisco — web_security_appliance A vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerability is due to improper implementation of access controls. An attacker could exploit this vulnerability by authenticating to the device as a specific user to gain the information needed to elevate privileges to root in a separate login shell. A successful exploit could allow the attacker to escape the CLI subshell and execute system-level commands on the underlying operating system as root. Cisco Bug IDs: CSCvj93548. 2018-08-15 not yet calculated CVE-2018-0428
BID
CISCO
cisco — web_security_appliance A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to incorrect input validation of user-supplied data. An attacker could exploit this vulnerability by sending a malicious packet. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. Cisco Bug IDs: CSCvi42263. 2018-08-15 not yet calculated CVE-2018-0427
BID
CISCO
citrix — xenserver Citrix XenServer 7.1 and newer allows Directory Traversal. 2018-08-15 not yet calculated CVE-2018-14007
BID
CONFIRM
CONFIRM
clavister — cos_core The IKEv1 implementation in Clavister cOS Core before 11.00.11, 11.20.xx before 11.20.06, and 12.00.xx before 12.00.09 allows remote attackers to decrypt RSA-encrypted nonces by leveraging a Bleichenbacher attack. 2018-08-15 not yet calculated CVE-2018-8753
MISC
CONFIRM
crestron — tsw-x60_and_mc3 Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execute hidden API calls and escape the CTP console sandbox environment with elevated privileges. 2018-08-10 not yet calculated CVE-2018-13341
BID
MISC
crestron — tsw-x60_and_mc3 For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open. 2018-08-10 not yet calculated CVE-2018-10630
BID
MISC
cryo — cryo A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization. 2018-08-17 not yet calculated CVE-2018-3784
MISC
delta_electronics — cncsoft_with_screeneditor CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remote code execution with administrator privileges if exploited. 2018-08-13 not yet calculated CVE-2018-10636
BID
MISC
delta_electronics — cncsoft_with_screeneditor CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has two out-of-bounds read vulnerabilities could cause the software to crash due to lacking user input validation for processing project files. Which may allow an attacker to gain remote code execution with administrator privileges if exploited. 2018-08-13 not yet calculated CVE-2018-10598
BID
MISC
dojo — toolkit In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. 2018-08-17 not yet calculated CVE-2018-15494
MISC
MISC
eclipse — openj9 In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows, Linux and AIX JVMs and can be disabled using the command line option -Dcom.ibm.tools.attach.enable=no. 2018-08-14 not yet calculated CVE-2018-12539
CONFIRM
eclipse — vert.x In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response. 2018-08-14 not yet calculated CVE-2018-12537
REDHAT
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
edimax — ew-7438rpn_mini An issue was discovered in Edimax EW-7438RPn Mini v2 before version 1.26. There is XSS in an SSID field. 2018-08-13 not yet calculated CVE-2018-10569
MISC
MISC
eltex — esp-200_firmware An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0. 2018-08-17 not yet calculated CVE-2018-15356
MISC
eltex — esp-200_firmware An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0. 2018-08-17 not yet calculated CVE-2018-15360
MISC
eltex — esp-200_firmware An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0. 2018-08-17 not yet calculated CVE-2018-15358
MISC
eltex — esp-200_firmware An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0. 2018-08-17 not yet calculated CVE-2018-15357
MISC
eltex — esp-200_firmware An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0. 2018-08-17 not yet calculated CVE-2018-15359
MISC
embedthis — goahead_and_appweb An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted “Host” header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ‘]’ character in an IPv6 address. 2018-08-17 not yet calculated CVE-2018-15505
MISC
MISC
MISC
embedthis — goahead_and_appweb An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11. 2018-08-17 not yet calculated CVE-2018-15504
MISC
MISC
MISC
ericsson-lg — ipecs_nms_30m Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs. 2018-08-15 not yet calculated CVE-2018-15138
EXPLOIT-DB
ethereum — all_for_one_game The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the _seed value can be retrieved with a getStorageAt call. Therefore, it allows attackers to always win and get rewards. 2018-08-15 not yet calculated CVE-2018-12056
MISC
ethereum — bitcoin_red_token An integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red (BTCR), an Ethereum ERC20 token, allows the owner to accomplish an unauthorized increase of digital assets by providing a large address[] array, as exploited in the wild in May 2018, aka the “ownerUnderflow” issue. 2018-08-15 not yet calculated CVE-2018-11687
MISC
f5 — big-ip The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or assume super-user privileges on the local client host. 2018-08-17 not yet calculated CVE-2018-5546
SECTRACK
CONFIRM
f5 — big-ip Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature displays a certificate user interface dialog box which contains the link to the certificate policy. By clicking on the link, unprivileged users can open additional dialog boxes and get access to the local machine windows explorer which can be used to get administrator privilege. Windows Logon Integration is vulnerable when the APM client is installed by an administrator on a user machine. Users accessing the local machine can get administrator privileges 2018-08-17 not yet calculated CVE-2018-5547
SECTRACK
CONFIRM
flintcms — flintcms A privilege escalation detected in flintcms versions 2018-08-17 not yet calculated CVE-2018-3783
MISC
git-dummy-commit — git-dummy-commit A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter. 2018-08-17 not yet calculated CVE-2018-3785
MISC
gnome — display_manager The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution. 2018-08-14 not yet calculated CVE-2018-14424
CONFIRM
UBUNTU
DEBIAN
ks_mobile– live.me_app_for_android Live.me – live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. 2018-08-15 not yet calculated CVE-2017-13107
CERT-VN
cheetah_mobile– cm_launcher_3d_app_for_android Cheetahmobile CM Launcher 3D – Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. 2018-08-15 not yet calculated CVE-2017-13106
CERT-VN
hawk_mobile_hi_security_labs — hi_security_virus_cleaner_app_for_android Hi Security Virus Cleaner – Antivirus, Booster, 3.7.1.1329, 2017-09-13, Android application accepts all SSL certificates during SSL communication. This opens the application up to a man-in-the-middle attack having all of its encrypted traffic intercepted and read by an attacker. 2018-08-15 not yet calculated CVE-2017-13105
CERT-VN
psafe_tools — dfndr_security_app_for_android DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. 2018-08-15 not yet calculated CVE-2017-13108
CERT-VN
hikvision — ip_cameras A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices. Due to the insufficient input validation, successful exploit can corrupt memory and lead to arbitrary code execution or crash the process. 2018-08-13 not yet calculated CVE-2018-6414
CONFIRM
hp — multiple_inkjet_printers A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a static buffer overflow, which could allow remote code execution. 2018-08-13 not yet calculated CVE-2018-5925
BID
SECTRACK
MISC
HP
hp — multiple_inkjet_printers A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack buffer overflow, which could allow remote code execution. 2018-08-13 not yet calculated CVE-2018-5924
BID
SECTRACK
MISC
HP
hpe — multiple_products A security vulnerability in HPE Integrated Lights-Out 3 prior to v1.90, iLO 4 prior to v2.60, iLO 5 prior to v1.30, Moonshot Chassis Manager firmware prior to v1.58, and Moonshot Component Pack prior to v2.55 could be remotely exploited to create a denial of service. 2018-08-14 not yet calculated CVE-2018-7093
SECTRACK
CONFIRM
hpe — officeconnect_1810_switch_series A potential security vulnerability has been identified in HPE OfficeConnect 1810 Switch Series (HP 1810-24G – P.2.22 and previous versions, HP 1810-48G PK.1.34 and previous versions, HP 1810-8 v2 P.2.22 and previous versions). The vulnerability could allow local disclosure of sensitive information. 2018-08-14 not yet calculated CVE-2018-7100
SECTRACK
CONFIRM
hpe — xp_p9000_command_view_advanced_edition A security vulnerability in HPE XP P9000 Command View Advanced Edition (CVAE) Device Manager (DevMgr 8.5.0-00 and prior to 8.6.0-00), Configuration Manager (CM 8.5.0-00 and prior to 8.6.0-00) could be exploited to allow local and remote unauthorized access to sensitive information. 2018-08-14 not yet calculated CVE-2018-7077
CONFIRM
ibm — api_connect IBM API Connect’s Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370. 2018-08-16 not yet calculated CVE-2018-1712
XF
CONFIRM
ibm — maximo_asset_management IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147003. 2018-08-16 not yet calculated CVE-2018-1715
XF
CONFIRM
ibm — rational_clearquest IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353. 2018-08-13 not yet calculated CVE-2016-2922
XF
CONFIRM
ibm — security_access_manager_for enterprise_single_sign_on IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 134913. 2018-08-17 not yet calculated CVE-2017-1732
CONFIRM
XF
ibm — tivoli_application_dependency_discovery_manager IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 11029. 2018-08-15 not yet calculated CVE-2018-1455
XF
CONFIRM
ibm — urbancode_deploy IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter UCD deployments. IBM X-Force ID: 135522. 2018-08-13 not yet calculated CVE-2017-1749
XF
CONFIRM

ibm — urbancode_deploy

Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147. 2018-08-13 not yet calculated CVE-2017-1286
XF
CONFIRM
intelbras — win_240 A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login. 2018-08-15 not yet calculated CVE-2018-10369
MISC
jetbrains — dotpeek_and_resharper_ultimate JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data. 2018-08-13 not yet calculated CVE-2018-14878
CONFIRM
MISC
keycloak — keycloak It was found that an authenticated user could manipulate user session information to trigger an infinite loop in keycloak. A malicious user could use this flaw to conduct a denial of service attack against the server. 2018-08-13 not yet calculated CVE-2018-10842
CONFIRM
kraftway — 24f2xg_router_firmware Denial of service via crafting malicious link and sending it to a privileged user can cause Denial of Service in Kraftway 24F2XG Router firmware version 3.5.30.1118. 2018-08-17 not yet calculated CVE-2018-15351
MISC
kraftway — 24f2xg_router_firmware An attacker with low privileges can cause denial of service in Kraftway 24F2XG Router firmware version 3.5.30.1118. 2018-08-17 not yet calculated CVE-2018-15352
MISC
kraftway — 24f2xg_router_firmware A Buffer Overflow exploited through web interface by remote attacker can cause remote code execution in Kraftway 24F2XG Router firmware 3.5.30.1118. 2018-08-17 not yet calculated CVE-2018-15353
MISC
kraftway — 24f2xg_router_firmware A Buffer Overflow exploited through web interface by remote attacker can cause denial of service in Kraftway 24F2XG Router firmware 3.5.30.1118. 2018-08-17 not yet calculated CVE-2018-15354
MISC
kraftway — 24f2xg_router_firmware Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote attackers to get privileged access to the router. 2018-08-17 not yet calculated CVE-2018-15350
MISC
kraftway — 24f2xg_router_firmware Usage of SSLv2 and SSLv3 leads to transmitted data decryption in Kraftway 24F2XG Router firmware 3.5.30.1118. 2018-08-17 not yet calculated CVE-2018-15355
MISC
lg — android_devices Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004. 2018-08-17 not yet calculated CVE-2018-14982
CONFIRM
lg — android_devices Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006. 2018-08-17 not yet calculated CVE-2018-15482
CONFIRM
lg — android_devices Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. The LG ID is LVE-SMP-180005. 2018-08-17 not yet calculated CVE-2018-14981
CONFIRM
libcgroup — libcgroup libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. 2018-08-14 not yet calculated CVE-2018-14348
SUSE
CONFIRM
FEDORA
CONFIRM
libgit2 — libgit2 In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol “ng” packet that lacks a ‘’ byte to trigger an out-of-bounds read that leads to DoS. 2018-08-17 not yet calculated CVE-2018-15501
MISC
MISC
MISC
MISC
MISC
MISC
libxml2 — libxml2 libxml2 2.9.8, if –with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. 2018-08-16 not yet calculated CVE-2018-14567
CONFIRM
UBUNTU
litecart — litecart admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods&doc=vqmods request. 2018-08-16 not yet calculated CVE-2018-12256
CONFIRM
CONFIRM
man-cgi — man-cgi man-cgi before 1.16 allows Local File Inclusion via absolute path traversal, as demonstrated by a cgi-bin/man-cgi?/etc/passwd URI. 2018-08-14 not yet calculated CVE-2018-14429
MISC
BUGTRAQ
medtronic — minimed_508_insulin_pump Medtronic MMT 508 MiniMed insulin pump, 522 / MMT – 722 Paradigm REAL-TIME, 523 / MMT – 723 Paradigm Revel, 523K / MMT – 723K Paradigm Revel, and 551 / MMT – 751 MiniMed 530G The models identified above, when paired with a remote controller and having the “easy bolus” and “remote bolus” options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery. 2018-08-13 not yet calculated CVE-2018-14781
BID
MISC
medtronic — minimed_508_insulin_pump Medtronic MMT 508 MiniMed insulin pump, 522 / MMT – 722 Paradigm REAL-TIME, 523 / MMT – 723 Paradigm Revel, 523K / MMT – 723K Paradigm Revel, and 551 / MMT – 751 MiniMed 530G communications between the pump and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers. 2018-08-13 not yet calculated CVE-2018-10634
BID
MISC
microsoft — .net_framework An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments, aka “.NET Framework Information Disclosure Vulnerability.” This affects Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2. 2018-08-15 not yet calculated CVE-2018-8360
BID
SECTRACK
CONFIRM
microsoft — chakracore A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka “Chakra Scripting Engine Memory Corruption Vulnerability.” This affects ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8381. 2018-08-15 not yet calculated CVE-2018-8384
BID
CONFIRM
microsoft — chakracore A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability.” This affects ChakraCore. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. 2018-08-15 not yet calculated CVE-2018-8359
BID
SECTRACK
CONFIRM
microsoft — chakracore_and_edge A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389. 2018-08-15 not yet calculated CVE-2018-8390
BID
SECTRACK
CONFIRM
microsoft — chakracore_and_edge A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka “Chakra Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8384. 2018-08-15 not yet calculated CVE-2018-8381
BID
SECTRACK
CONFIRM
microsoft — chakracore_and_edge A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka “Chakra Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8381, CVE-2018-8384. 2018-08-15 not yet calculated CVE-2018-8380
BID
SECTRACK
CONFIRM
microsoft — multiple_products A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka “Scripting Engine Memory Corruption Vulnerability.” This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. 2018-08-15 not yet calculated CVE-2018-8355
BID
SECTRACK
CONFIRM
microsoft — multiple_products A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka “Scripting Engine Memory Corruption Vulnerability.” This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. 2018-08-15 not yet calculated CVE-2018-8372
BID
SECTRACK
CONFIRM
microsoft — edge A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka “Microsoft Edge Memory Corruption Vulnerability.” This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8387. 2018-08-15 not yet calculated CVE-2018-8377
BID
CONFIRM
microsoft — edge A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests, aka “Microsoft Edge Security Feature Bypass Vulnerability.” This affects Microsoft Edge. 2018-08-15 not yet calculated CVE-2018-8358
BID
SECTRACK
CONFIRM
microsoft — edge A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka “Microsoft Edge Spoofing Vulnerability.” This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8383. 2018-08-15 not yet calculated CVE-2018-8388
BID
SECTRACK
CONFIRM
microsoft — edge A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka “Microsoft Edge Spoofing Vulnerability.” This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8388. 2018-08-15 not yet calculated CVE-2018-8383
BID
SECTRACK
CONFIRM
microsoft — edge A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka “Microsoft Edge Memory Corruption Vulnerability.” This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8377. 2018-08-15 not yet calculated CVE-2018-8387
BID
CONFIRM
microsoft — edge A information disclosure vulnerability exists when WebAudio Library improperly handles audio requests, aka “Microsoft Edge Information Disclosure Vulnerability.” This affects Microsoft Edge. 2018-08-15 not yet calculated CVE-2018-8370
BID
SECTRACK
CONFIRM
microsoft — edge_and_chakracore A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka “Chakra Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8380, CVE-2018-8381, CVE-2018-8384. 2018-08-15 not yet calculated CVE-2018-8266
BID
SECTRACK
CONFIRM
microsoft — excel A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka “Microsoft Excel Remote Code Execution Vulnerability.” This affects Microsoft Excel. This CVE ID is unique from CVE-2018-8375. 2018-08-15 not yet calculated CVE-2018-8379
BID
SECTRACK
CONFIRM
microsoft — multiple_products An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka “Microsoft Excel Information Disclosure Vulnerability.” This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. 2018-08-15 not yet calculated CVE-2018-8382
BID
SECTRACK
CONFIRM
microsoft — multiple_products A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka “Microsoft Excel Remote Code Execution Vulnerability.” This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8379. 2018-08-15 not yet calculated CVE-2018-8375
BID
SECTRACK
CONFIRM
microsoft — exchange_server A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka “Microsoft Exchange Server Tampering Vulnerability.” This affects Microsoft Exchange Server. 2018-08-15 not yet calculated CVE-2018-8374
BID
SECTRACK
CONFIRM
microsoft — exchange_server A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka “Microsoft Exchange Memory Corruption Vulnerability.” This affects Microsoft Exchange Server. 2018-08-15 not yet calculated CVE-2018-8302
BID
SECTRACK
CONFIRM
microsoft — internet_explorer A remote code execution vulnerability exists when Internet Explorer improperly validates hyperlinks before loading executable libraries, aka “Internet Explorer Remote Code Execution Vulnerability.” This affects Internet Explorer 11, Internet Explorer 10. 2018-08-15 not yet calculated CVE-2018-8316
BID
SECTRACK
CONFIRM
microsoft — internet_explorer_and_edge An elevation of privilege vulnerability exists in Microsoft browsers allowing sandbox escape, aka “Microsoft Browser Elevation of Privilege Vulnerability.” This affects Internet Explorer 11, Microsoft Edge. 2018-08-15 not yet calculated CVE-2018-8357
BID
SECTRACK
CONFIRM
microsoft — multiple_products A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka “Microsoft Browser Memory Corruption Vulnerability.” This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10. 2018-08-15 not yet calculated CVE-2018-8403
BID
SECTRACK
CONFIRM
microsoft — internet_explorer A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. 2018-08-15 not yet calculated CVE-2018-8371
BID
SECTRACK
CONFIRM
microsoft — internet_explorer A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8390. 2018-08-15 not yet calculated CVE-2018-8389
BID
SECTRACK
CONFIRM
microsoft — internet_explorer A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. 2018-08-15 not yet calculated CVE-2018-8353
BID
SECTRACK
CONFIRM
microsoft — internet_explorer A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. 2018-08-15 not yet calculated CVE-2018-8373
BID
SECTRACK
CONFIRM
microsoft — multiple_products An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka “Windows NDIS Elevation of Privilege Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8342. 2018-08-15 not yet calculated CVE-2018-8343
BID
SECTRACK
CONFIRM
microsoft — multiple_products A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka “LNK Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8346. 2018-08-15 not yet calculated CVE-2018-8345
BID
SECTRACK
CONFIRM
microsoft — multiple_products An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka “Win32k Elevation of Privilege Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8399. 2018-08-15 not yet calculated CVE-2018-8404
BID
SECTRACK
CONFIRM
microsoft — multiple_products A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka “Microsoft Graphics Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. 2018-08-15 not yet calculated CVE-2018-8344
BID
SECTRACK
CONFIRM
microsoft — multiple_products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka “Windows GDI Information Disclosure Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8396, CVE-2018-8398. 2018-08-15 not yet calculated CVE-2018-8394
BID
SECTRACK
CONFIRM
microsoft — multiple_products An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka “DirectX Graphics Kernel Elevation of Privilege Vulnerability.” This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8406. 2018-08-15 not yet calculated CVE-2018-8405
BID
SECTRACK
CONFIRM
microsoft — multiple_products An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka “Windows Kernel Information Disclosure Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8348. 2018-08-15 not yet calculated CVE-2018-8341
BID
CONFIRM
microsoft — multiple_products An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka “Windows Kernel Information Disclosure Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8341. 2018-08-15 not yet calculated CVE-2018-8348
BID
CONFIRM
microsoft — multiple_products An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka “Microsoft Office Information Disclosure Vulnerability.” This affects Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint, Microsoft Office. 2018-08-15 not yet calculated CVE-2018-8378
BID
CONFIRM
microsoft — multiple_products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka “Windows GDI Information Disclosure Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8394, CVE-2018-8396. 2018-08-15 not yet calculated CVE-2018-8398
BID
SECTRACK
CONFIRM
microsoft — multiple_products An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior, aka “Windows Installer Elevation of Privilege Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. 2018-08-15 not yet calculated CVE-2018-8339
BID
SECTRACK
CONFIRM
microsoft — multiple_products A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Internet Explorer 9, ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8389, CVE-2018-8390. 2018-08-15 not yet calculated CVE-2018-8385
BID
SECTRACK
CONFIRM
microsoft — multiple_products  A remote code execution vulnerability exists in “Microsoft COM for Windows” when it fails to properly handle serialized objects, aka “Microsoft COM for Windows Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. 2018-08-15 not yet calculated CVE-2018-8349
BID
SECTRACK
CONFIRM
microsoft — office An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka “Microsoft (MAU) Office Elevation of Privilege Vulnerability.” This affects Microsoft Office. 2018-08-15 not yet calculated CVE-2018-8412
BID
SECTRACK
CONFIRM
microsoft — powerpoint A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka “Microsoft PowerPoint Remote Code Execution Vulnerability.” This affects Microsoft PowerPoint. 2018-08-15 not yet calculated CVE-2018-8376
BID
SECTRACK
CONFIRM
microsoft — sql_server A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system, aka “Microsoft SQL Server Remote Code Execution Vulnerability.” This affects Microsoft SQL Server. 2018-08-15 not yet calculated CVE-2018-8273
BID
SECTRACK
CONFIRM
microsoft — windows_10_servers_and_windows_10 A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory, aka “Windows PDF Remote Code Execution Vulnerability.” This affects Windows 10 Servers, Windows 10. 2018-08-15 not yet calculated CVE-2018-8350
BID
SECTRACK
CONFIRM
microsoft — multiple_products An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction, aka “Microsoft Browser Information Disclosure Vulnerability.” This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10. 2018-08-15 not yet calculated CVE-2018-8351
BID
SECTRACK
CONFIRM
microsoft — windows_10_servers_and_windows_10 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka “Win32k Elevation of Privilege Vulnerability.” This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8404. 2018-08-15 not yet calculated CVE-2018-8399
BID
SECTRACK
CONFIRM
microsoft — windows_10_servers_and_windows_10 A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka “Windows Shell Remote Code Execution Vulnerability.” This affects Windows 10 Servers, Windows 10. 2018-08-15 not yet calculated CVE-2018-8414
BID
SECTRACK
CONFIRM
microsoft — windows_10_servers_and_windows_10 An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka “DirectX Graphics Kernel Elevation of Privilege Vulnerability.” This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8401, CVE-2018-8405, CVE-2018-8406. 2018-08-15 not yet calculated CVE-2018-8400
BID
SECTRACK
CONFIRM
microsoft — windows_7_and_windows_server_2008_r2 An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka “Windows NDIS Elevation of Privilege Vulnerability.” This affects Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8343. 2018-08-15 not yet calculated CVE-2018-8342
BID
SECTRACK
CONFIRM
microsoft — multiple_products A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka “LNK Remote Code Execution Vulnerability.” This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8345. 2018-08-15 not yet calculated CVE-2018-8346
BID
SECTRACK
CONFIRM
microsoft — multiple_products A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka “GDI+ Remote Code Execution Vulnerability.” This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. 2018-08-15 not yet calculated CVE-2018-8397
BID
SECTRACK
CONFIRM
microsoft — multiple_products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka “Windows GDI Information Disclosure Vulnerability.” This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8394, CVE-2018-8398. 2018-08-15 not yet calculated CVE-2018-8396
BID
SECTRACK
CONFIRM
microsoft — windows_server_2016_and_windows_10 An elevation of privilege vulnerability exists when Microsoft Cortana allows arbitrary website browsing on the lockscreen, aka “Microsoft Cortana Elevation of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10. 2018-08-15 not yet calculated CVE-2018-8253
BID
SECTRACK
CONFIRM
microsoft — multiple_products A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka “Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.” This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8204. 2018-08-15 not yet calculated CVE-2018-8200
BID
SECTRACK
CONFIRM
microsoft — multiple_products A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka “Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.” This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8200. 2018-08-15 not yet calculated CVE-2018-8204
BID
SECTRACK
CONFIRM
microsoft — multiple_products An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links, aka “Windows Kernel Elevation of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10, Windows 10 Servers. 2018-08-15 not yet calculated CVE-2018-8347
BID
CONFIRM
microsoft — multiple_products An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka “DirectX Graphics Kernel Elevation of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8405, CVE-2018-8406. 2018-08-15 not yet calculated CVE-2018-8401
BID
SECTRACK
CONFIRM
microsoft — multiple_products An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka “DirectX Graphics Kernel Elevation of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8405. 2018-08-15 not yet calculated CVE-2018-8406
BID
SECTRACK
CONFIRM
microsoft — multiple_products A security feature bypass vulnerability exists when Active Directory Federation Services (AD FS) improperly handles multi-factor authentication requests, aka “AD FS Security Feature Bypass Vulnerability.” This affects Windows Server 2016, Windows Server 2012 R2, Windows 10 Servers. 2018-08-15 not yet calculated CVE-2018-8340
BID
SECTRACK
CONFIRM
microsoft – multiple_products An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka “Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10, Microsoft Visual Studio, Windows 10 Servers. 2018-08-15 not yet calculated CVE-2018-0952
BID
SECTRACK
CONFIRM
monstra — cms Multiple cross-site scripting (XSS) vulnerabilities in Monstra CMS 3.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name field in the edit profile page. 2018-08-14 not yet calculated CVE-2018-14922
MISC
MISC
EXPLOIT-DB
multiple_vendors — bios_firmware An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can clear TPM 2.0. It allows local users to overwrite static PCRs of TPM and neutralize the security features of it, such as seal/unseal and remote attestation. 2018-08-17 not yet calculated CVE-2018-6622
MISC
multiple_vendors — multiple_products mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the “Dynamic base” PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are vulnerable to return-oriented programming (ROP) attacks. Windows executables generated by mingw-w64 claim to be ASLR compatible, but are not. Vulnerabilities in such executables are more easily exploitable as a result. 2018-08-14 not yet calculated CVE-2018-5392
CERT-VN
mybb — mybb inc/plugins/thankyoulike.php in the Eldenroot Thank You/Like plugin before 3.1.0 for MyBB allows XSS via a post or thread subject. 2018-08-14 not yet calculated CVE-2018-14888
MISC
CONFIRM
CONFIRM
EXPLOIT-DB
nasdaq — bwise The JMX/RMI interface in Nasdaq BWise 5.0 does not require authentication for an SAP BO Component, which allows remote attackers to execute arbitrary code via a session on port 81. 2018-08-15 not yet calculated CVE-2018-11247
FULLDISC
netcomm_wireless — g_lte_light_industrial_m2m_router NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device allows access to configuration files and profiles without authenticating the user. 2018-08-10 not yet calculated CVE-2018-14782
BID
MISC
netcomm_wireless — g_lte_light_industrial_m2m_router NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device is vulnerable to several cross-site scripting attacks, allowing a remote attacker to run arbitrary code on the device. 2018-08-10 not yet calculated CVE-2018-14784
BID
MISC
netcomm_wireless — g_lte_light_industrial_m2m_router NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The directory of the device is listed openly without authentication. 2018-08-10 not yet calculated CVE-2018-14785
BID
MISC
netcomm_wireless — g_lte_light_industrial_m2m_router NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. A cross-site request forgery condition can occur, allowing an attacker to change passwords of the device remotely. 2018-08-10 not yet calculated CVE-2018-14783
BID
MISC
nextcloud — server A missing sanitization of search results for an autocomplete field in NextCloud Server 2018-08-13 not yet calculated CVE-2018-3780
MISC
CONFIRM
nextcloud — server Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication. 2018-08-12 not yet calculated CVE-2018-3775
MISC
CONFIRM
nextcloud — server Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker’s actions not being logged in the audit log. 2018-08-12 not yet calculated CVE-2018-3776
MISC
CONFIRM
nextcloud — talk A missing sanitization of search results for an autocomplete field in NextCloud Talk 2018-08-13 not yet calculated CVE-2018-3781
MISC
CONFIRM
openemr — openemr SQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the ‘text’ parameter. 2018-08-15 not yet calculated CVE-2018-15148
CONFIRM
MISC
MISC
CONFIRM
openemr — openemr Multiple SQL injection vulnerabilities in portal/find_appt_popup_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) catid or (2) providerid parameter. 2018-08-13 not yet calculated CVE-2018-15143
CONFIRM
MISC
openemr — openemr Multiple SQL injection vulnerabilities in portal/add_edit_event_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) eid, (2) userid, or (3) pid parameter. 2018-08-13 not yet calculated CVE-2018-15145
CONFIRM
MISC
openemr — openemr SQL injection vulnerability in interface/de_identification_forms/de_identification_screen2.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the ‘temporary_files_dir’ variable in interface/super/edit_globals.php. 2018-08-15 not yet calculated CVE-2018-15150
CONFIRM
MISC
MISC
CONFIRM
openemr — openemr SQL injection vulnerability in interface/forms/eye_mag/php/Anything_simple.php from library/forms.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the ‘encounter’ parameter. 2018-08-15 not yet calculated CVE-2018-15149
CONFIRM
MISC
MISC
CONFIRM
openemr — openemr Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory. 2018-08-13 not yet calculated CVE-2018-15139
CONFIRM
MISC
openemr — openemr SQL injection vulnerability in interface/de_identification_forms/find_immunization_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the ‘search_term’ parameter. 2018-08-15 not yet calculated CVE-2018-15146
CONFIRM
MISC
MISC
CONFIRM
openemr — openemr SQL injection vulnerability in interface/forms_admin/forms_admin.php from library/registry.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the ‘id’ parameter. 2018-08-15 not yet calculated CVE-2018-15147
CONFIRM
MISC
MISC
CONFIRM
openemr — openemr Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the “docid” and “content” parameters and accessing it in the traversed directory. 2018-08-13 not yet calculated CVE-2018-15142
CONFIRM
MISC
EXPLOIT-DB
openemr — openemr Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php, (5) portal/get_lab_results.php, (6) portal/get_medications.php, (7) portal/get_patient_documents.php, (8) portal/get_problems.php, (9) portal/get_profile.php, (10) portal/portal_payment.php, (11) portal/messaging/messages.php, (12) portal/messaging/secure_chat.php, (13) portal/report/pat_ledger.php, (14) portal/report/portal_custom_report.php, or (15) portal/report/portal_patient_report.php without authenticating as a patient. 2018-08-15 not yet calculated CVE-2018-15152
CONFIRM
MISC
MISC
CONFIRM
openemr — openemr SQL injection vulnerability in interface/de_identification_forms/find_drug_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the search_term parameter. 2018-08-13 not yet calculated CVE-2018-15144
CONFIRM
MISC
openemr — openemr SQL injection vulnerability in interface/de_identification_forms/find_code_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the ‘search_term’ parameter. 2018-08-15 not yet calculated CVE-2018-15151
CONFIRM
MISC
MISC
CONFIRM
openemr — openemr OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/fax_dispatch.php after modifying the “hylafax_enscript” global variable in interface/super/edit_globals.php. 2018-08-15 not yet calculated CVE-2018-15155
CONFIRM
MISC
MISC
CONFIRM
openemr — openemr OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/billing/sl_eob_search.php after modifying the “print_command” global variable in interface/super/edit_globals.php. 2018-08-15 not yet calculated CVE-2018-15154
CONFIRM
MISC
MISC
CONFIRM
openemr — openemr OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/main/daemon_frame.php after modifying the “hylafax_server” global variable in interface/super/edit_globals.php. 2018-08-15 not yet calculated CVE-2018-15153
CONFIRM
MISC
MISC
EXPLOIT-DB
CONFIRM
openemr — openemr OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/faxq.php after modifying the “hylafax_server” global variable in interface/super/edit_globals.php. 2018-08-15 not yet calculated CVE-2018-15156
CONFIRM
MISC
MISC
CONFIRM
openemr — openemr Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the “docid” parameter when the mode is set to get. 2018-08-13 not yet calculated CVE-2018-15140
CONFIRM
MISC
EXPLOIT-DB
openemr — openemr Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the “docid” parameter when the mode is set to delete. 2018-08-13 not yet calculated CVE-2018-15141
CONFIRM
MISC
EXPLOIT-DB
openssh — openssh OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. 2018-08-17 not yet calculated CVE-2018-15473
MISC
SECTRACK
MISC
MISC
oracle — database_server A vulnerability was discovered in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). 2018-08-10 not yet calculated CVE-2018-3110
CONFIRM
BID
palo_alto_networks — pan-os The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. PAN-OS 6.1, PAN-OS 7.1 and PAN-OS 8.0 are NOT affected. 2018-08-16 not yet calculated CVE-2018-10140
BID
CONFIRM
palo_alto_networks — pan-os The PAN-OS response page for GlobalProtect in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT affected. 2018-08-16 not yet calculated CVE-2018-10139
BID
CONFIRM
pimcore — pimcore Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the “Settings > Users / Roles” function. 2018-08-17 not yet calculated CVE-2018-14057
MISC
FULLDISC
EXPLOIT-DB
MISC
pimcore — pimcore Pimcore before 5.3.0 allows SQL Injection via the REST web service API. 2018-08-17 not yet calculated CVE-2018-14058
MISC
FULLDISC
EXPLOIT-DB
MISC
plex — media_server In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running Plex, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains. 2018-08-13 not yet calculated CVE-2018-13415
FULLDISC
EXPLOIT-DB
progress — telerik_justassembly An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or EXE) with an embedded resource file by clicking on the resource. 2018-08-16 not yet calculated CVE-2018-15122
CONFIRM
CONFIRM

pulp — pulp

pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the ‘apache’ user. This may lead to overwrite of published content on other iso repositories. 2018-08-15 not yet calculated CVE-2018-10917
CONFIRM
red_hat — jboss_core_services libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483. 2018-08-16 not yet calculated CVE-2016-9598
REDHAT
CONFIRM

red_hat — jboss_core_services

libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627. 2018-08-16 not yet calculated CVE-2016-9596
CONFIRM
red_hat — openshift_enterprise The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens. 2018-08-13 not yet calculated CVE-2017-15138
REDHAT
CONFIRM
redhat — red_hat_certification An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be opened and never closed, possibly producing a Denial of Service. 2018-08-13 not yet calculated CVE-2018-10864
REDHAT
CONFIRM
responsive_filemanager — responsive_filemanager /filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value. 2018-08-17 not yet calculated CVE-2018-15495
MISC
MISC
rpm-software-management — rpm It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege. 2018-08-13 not yet calculated CVE-2017-7500
CONFIRM
CONFIRM
CONFIRM
sap — businessobjects_business_intelligence In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid. 2018-08-14 not yet calculated CVE-2018-2442
BID
MISC
CONFIRM
sap — businessobjects_business_intelligence AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability. 2018-08-14 not yet calculated CVE-2018-2445
BID
MISC
CONFIRM
sap — businessobjects_business_intelligence Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure. 2018-08-14 not yet calculated CVE-2018-2446
BID
MISC
CONFIRM
sap — businessobjects_business_intelligence SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), version 4.2, allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database. 2018-08-14 not yet calculated CVE-2018-2447
BID
MISC
CONFIRM
sap — businessobjects_business_intelligence Admin tools in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, allows an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure. 2018-08-14 not yet calculated CVE-2018-2448
BID
MISC
CONFIRM
sap — businessobjects_financial_consolidation SAP BusinessObjects Financial Consolidation, versions 10.0, 10.1, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. 2018-08-14 not yet calculated CVE-2018-2444
BID
MISC
CONFIRM
sap — change_and_transport_system_and_kernel Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted. 2018-08-14 not yet calculated CVE-2018-2441
BID
MISC
CONFIRM
sap — hana_extended_application_services XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding authorizations have been revoked meanwhile by an administrator user. Similarly, an attacker who managed to gain access to the platform user’s session might misuse the session token even after the session has been closed. 2018-08-14 not yet calculated CVE-2018-2451
BID
MISC
CONFIRM
sap — maxdb SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who gets DBM operator privileges to execute crafted database queries and therefore read, modify or delete sensitive data from database. 2018-08-14 not yet calculated CVE-2018-2450
BID
MISC
CONFIRM
sap — srm_mdm_catalog SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) – import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying. 2018-08-14 not yet calculated CVE-2018-2449
BID
MISC
CONFIRM
sentinel — license_manager A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification. 2018-08-17 not yet calculated CVE-2018-15492
MISC
MISC
sony — ipela_e_series_camera_g5_firmware An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST request to trigger this vulnerability. 2018-08-14 not yet calculated CVE-2018-3938
MISC
sony — ipela_e_series_network_camera_g5_firmware An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability. 2018-08-14 not yet calculated CVE-2018-3937
MISC
spice — spice A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. 2018-08-17 not yet calculated CVE-2018-10873
CONFIRM
CONFIRM
swoole — swoole The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV. 2018-08-17 not yet calculated CVE-2018-15503
MISC
MISC
tiki — tiki Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image. 2018-08-13 not yet calculated CVE-2018-14850
MLIST
MLIST
CONFIRM
tiki — tiki Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php. 2018-08-13 not yet calculated CVE-2018-14849
MLIST
MLIST
CONFIRM
tp-link — wr840n_devices TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header. 2018-08-15 not yet calculated CVE-2018-15172
MISC
EXPLOIT-DB
trend_micro — control_manager A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS). 2018-08-15 not yet calculated CVE-2018-10512
CONFIRM
trend_micro — control_manager A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations. 2018-08-15 not yet calculated CVE-2018-10511
CONFIRM
trend_micro — control_manager A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations. 2018-08-15 not yet calculated CVE-2018-10510
CONFIRM
unshiftio — url-parse Incorrect parsing in url-parse 2018-08-12 not yet calculated CVE-2018-3774
CONFIRM
CONFIRM
MISC
valeuraddons — german_spelling_dictionary A cross-site scripting (XSS) vulnerability was found in valeuraddons German Spelling Dictionary v1.3 (an Opera Browser add-on). Instead of providing text for a spelling check, remote attackers may inject arbitrary web script or HTML via the ajax query parameter in the URL Address Bar. 2018-08-13 not yet calculated CVE-2018-12587
MISC
MISC
vmware — horizon_and_horizon_client VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesn’t apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems. 2018-08-13 not yet calculated CVE-2018-6970
BID
SECTRACK
CONFIRM
vmware — workstation_and_fusion VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host. 2018-08-15 not yet calculated CVE-2018-6973
BID
SECTRACK
CONFIRM
vuze — bittorrent_client In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running Vuze, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains. 2018-08-13 not yet calculated CVE-2018-13417
FULLDISC
EXPLOIT-DB
wordpress — wordpress In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then execute the file. This represents a security risk in limited scenarios where an attacker (who does have the required capabilities for plugin uploads) cannot simply place arbitrary PHP code into a valid plugin ZIP file and upload that plugin, because a machine’s wp-content/plugins directory permissions were set up to block all new plugins. 2018-08-10 not yet calculated CVE-2018-14028
BID
MISC
MISC
MISC
xen — xen An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service. 2018-08-17 not yet calculated CVE-2018-15468
MISC
xen — xen An issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting in subsequent grant-related hypercalls hitting BUG() checks. An unprivileged guest can cause a BUG() check in the hypervisor, resulting in a denial-of-service (crash). 2018-08-17 not yet calculated CVE-2018-15469
MISC
xen — xen An issue was discovered in Xen through 4.11.x. The logic in oxenstored for handling writes depended on the order of evaluation of expressions making up a tuple. As indicated in section 7.7.3 “Operations on data structures” of the OCaml manual, the order of evaluation of subexpressions is not specified. In practice, different implementations behave differently. Thus, oxenstored may not enforce the configured quota-maxentity. This allows a malicious or buggy guest to write as many xenstore entries as it wishes, causing unbounded memory usage in oxenstored. This can lead to a system-wide DoS. 2018-08-17 not yet calculated CVE-2018-15470
MISC
xen — xen An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks. 2018-08-17 not yet calculated CVE-2018-15471
MISC
MISC
yubico — piv An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} — in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer. 2018-08-15 not yet calculated CVE-2018-14780
MLIST
MISC
CONFIRM
yubico — piv A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len – 2 > max_out) { fprintf(stderr, “Output buffer to small, wanted to write %lu, max was %lu.”, *out_len + recv_len – 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len – 2); out_data += recv_len – 2; *out_len += recv_len – 2; } {% endhighlight %} — it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy()`, but no error handling happens to avoid the `memcpy()` in such cases. This code path can be triggered with malicious data coming from a smartcard. 2018-08-15 not yet calculated CVE-2018-14779
MLIST
MISC
CONFIRM
zemana — anti-logger A vulnerability in the permission and encryption implementation of Zemana Anti-Logger 1.9.3.527 and prior (fixed in 1.9.3.602) allows an attacker to take control of the whitelisting feature (MyRules2.ini under %LOCALAPPDATA%ZemanaZALSDK) to permit execution of unauthorized applications (such as ones that record keystrokes). 2018-08-17 not yet calculated CVE-2018-15491
MISC
zipato — zipabox Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV – 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device. 2018-08-13 not yet calculated CVE-2018-15124
MISC
zipato — zipabox Insecure configuration storage in Zipato Zipabox Smart Home Controller BOARD REV – 1 with System Version -118 allows remote attacker perform new attack vectors and take under control device and smart home. 2018-08-13 not yet calculated CVE-2018-15123
MISC
zipato — zipabox Sensitive Information Disclosure in Zipato Zipabox Smart Home Controller allows remote attacker get sensitive information that expands attack surface. 2018-08-13 not yet calculated CVE-2018-15125
MISC
zyxel — zywall/usg_series_devices ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections. 2018-08-15 not yet calculated CVE-2018-9129
CONFIRM
MISC
CONFIRM

Back to top