Vulnerability Summary for the Week of November 5, 2018

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no medium vulnerabilities recorded this week.

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — hive In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use. 2018-11-08 not yet calculated CVE-2018-11777
MISC
apache — hive In Apache Hive 2.3.3, 3.1.0 and earlier, Hive “EXPLAIN” operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do “EXPLAIN” on arbitrary table or view and expose table metadata and statistics. 2018-11-08 not yet calculated CVE-2018-1314
MISC
apache — syncope An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution. 2018-11-06 not yet calculated CVE-2018-17186
MISC
apache– superset Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation. 2018-11-07 not yet calculated CVE-2018-8021
MISC
atlassian — sourcetree_for_macos There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. 2018-11-05 not yet calculated CVE-2018-13396
CONFIRM
atlassian — sourcetree_for_windows There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. 2018-11-05 not yet calculated CVE-2018-13397
CONFIRM
axtls — axtls In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification blindly trusts the declared lengths in the ASN.1 structure. Consequently, when small public exponents are being used, a remote attacker can generate purposefully crafted signatures (and put them on X.509 certificates) to induce illegal memory access and crash the verifier. 2018-11-07 not yet calculated CVE-2018-16149
CONFIRM
MLIST
axtls — axtls In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not reject excess data after the hash value. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation through fake X.509 certificates. This is a variant of CVE-2006-4340. 2018-11-07 not yet calculated CVE-2018-16150
CONFIRM
MLIST
axtls — axtls In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not properly verify the ASN.1 metadata. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation through fake X.509 certificates. This is an even more permissive variant of CVE-2006-4790 and CVE-2014-1568. 2018-11-07 not yet calculated CVE-2018-16253
CONFIRM
MLIST
bagesoft/bagecms — bagesoft/bagecms In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges. 2018-11-08 not yet calculated CVE-2018-19104
MISC
basercms — basercms An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the data[UploaderCategory][name] parameter to an admin/uploader/uploader_categories/edit URI. 2018-11-05 not yet calculated CVE-2018-18943
MISC
MISC
basercms — basercms In baserCMS before 4.1.4, libBaserModelThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter. 2018-11-05 not yet calculated CVE-2018-18942
MISC
MISC
MISC
brocade_communication_systems — fabric A Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access. 2018-11-08 not yet calculated CVE-2018-6437
CONFIRM
brocade_communication_systems — fabric A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access. 2018-11-08 not yet calculated CVE-2018-6436
CONFIRM
brocade_communication_systems — fabric A Vulnerability in the supportsave command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access. 2018-11-08 not yet calculated CVE-2018-6438
CONFIRM
brocade_communication_systems — fabric A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote authenticated attackers to execute arbitrary commands. 2018-11-08 not yet calculated CVE-2018-6442
CONFIRM
brocade_communication_systems — fabric A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass the restricted configuration shell. 2018-11-08 not yet calculated CVE-2018-6441
CONFIRM
brocade_communication_systems — fabric A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, and gain root access. 2018-11-08 not yet calculated CVE-2018-6435
CONFIRM
brocade_communication_systems — fabric A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to bypass the export file access restrictions and initiate a file copy from the source to a remote system. 2018-11-08 not yet calculated CVE-2018-6433
CONFIRM
brocade_communication_systems — fabric A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to intercept or manipulate a user’s session ID. 2018-11-08 not yet calculated CVE-2018-6434
CONFIRM
circontrol — circarlife Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page. 2018-11-02 not yet calculated CVE-2018-17918
BID
MISC
circontrol — circarlife Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication. 2018-11-02 not yet calculated CVE-2018-17922
BID
MISC
cisco — content_security_management_appliance A vulnerability in the web-based management interface of Cisco Content Security Management Appliance (SMA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2018-11-08 not yet calculated CVE-2018-15393
BID
CISCO
cisco — energy_management_suite_software A vulnerability in the web-based management interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. 2018-11-08 not yet calculated CVE-2018-15445
BID
CISCO
MISC
cisco — energy_management_suite_software A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by convincing a user of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files within the affected application. 2018-11-08 not yet calculated CVE-2018-15444
BID
CISCO
MISC
cisco — firepower_system_software A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured Intrusion Prevention System (IPS) rule that inspects certain types of TCP traffic. The vulnerability is due to incorrect TCP retransmission handling. An attacker could exploit this vulnerability by sending a crafted TCP connection request through an affected device. A successful exploit could allow the attacker to bypass configured IPS rules and allow uninspected traffic onto the network. 2018-11-08 not yet calculated CVE-2018-15443
BID
CISCO
cisco — immunet_and_advanced_malware_protection_for_endpoints A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system without being analyzed for threats. The vulnerability is due to improper process resource handling. An attacker could exploit this vulnerability by gaining local access to a system running Microsoft Windows and protected by Cisco Immunet or Cisco AMP for Endpoints and executing a malicious file. A successful exploit could allow the attacker to prevent the scanning services from functioning properly and ultimately prevent the system from being protected from further intrusion. 2018-11-08 not yet calculated CVE-2018-15437
BID
CISCO
cisco — integrated_management_controller_supervisor A vulnerability in the web framework code of Cisco Integrated Management Controller (IMC) Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application. 2018-11-08 not yet calculated CVE-2018-15447
BID
CISCO
cisco — meeting_server A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper protections on data that is returned from user meeting requests when the Guest access via ID and passcode option is set to Legacy mode. An attacker could exploit this vulnerability by sending meeting requests to an affected system. A successful exploit could allow the attacker to determine the values of meeting room unique identifiers, possibly allowing the attacker to conduct further exploits. 2018-11-08 not yet calculated CVE-2018-15446
BID
CISCO
cisco — meraki_product_lines A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the attacker to establish an interactive session to the device with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device that is being exploited. 2018-11-08 not yet calculated CVE-2018-0284
CISCO
cisco — prime_collaboration_assurance A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a specific UI input field to provide a custom path location. A successful exploit could allow the attacker to overwrite files on the file system. 2018-11-08 not yet calculated CVE-2018-15450
BID
CISCO
cisco — prime_service_catalog A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. 2018-11-08 not yet calculated CVE-2018-15451
BID
CISCO
cisco — registered_envelope_service A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to an insecure configuration that allows improper indexing. An attacker could exploit this vulnerability by using a search engine to look for specific data strings. A successful exploit could allow the attacker to discover certain sensitive information about the application, including usernames. 2018-11-08 not yet calculated CVE-2018-15448
BID
CISCO
cisco — small_business_switches A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system. An attacker could exploit this vulnerability by using this account to log in to an affected device and execute commands with full admin rights. Cisco has not released software updates that address this vulnerability. This advisory will be updated with fixed software information once fixed software becomes available. There is a workaround to address this vulnerability. 2018-11-08 not yet calculated CVE-2018-15439
CISCO
cisco — stealthwatch_management_console A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. The vulnerability is due to an insecure system configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to gain unauthenticated access, resulting in elevated privileges in the SMC. 2018-11-08 not yet calculated CVE-2018-15394
BID
CISCO
cisco — unity_express A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to the listening Java Remote Method Invocation (RMI) service. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges. 2018-11-08 not yet calculated CVE-2018-15381
CISCO
cisco — video_surveillance_media_server A vulnerability in the web-based management interface of Cisco Video Surveillance Media Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to cause the web-based management interface to become unreachable, resulting in a DoS condition. 2018-11-08 not yet calculated CVE-2018-15449
BID
CISCO
clippercms — clippercms ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an attacker to perform actions for an admin (or any user with the file upload capability). With this vulnerability, one can automatically upload files (by default, it allows html, pdf, xml, zip, and many other file types). A file can be accessed publicly under the “/assets/files” directory. 2018-11-10 not yet calculated CVE-2018-19135
MISC
cloud_foundry — bits-service_release Cloud Foundry Bits-Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the Bits Service storage. 2018-11-09 not yet calculated CVE-2018-15796
CONFIRM
dedecms — dedecms DedeCMS 5.7 SP2 has SQL Injection via the dedeco_do.php ids parameter. 2018-11-07 not yet calculated CVE-2018-19061
MISC
MISC
degrau_publicidade_e_internet_plataforma_de_e-commerce — busca.aspx.cs Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de E-commerce allows SQL Injection via the busca/ URI. 2018-11-06 not yet calculated CVE-2018-18963
MISC
domainmod — domainmod DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter. 2018-11-09 not yet calculated CVE-2018-19136
MISC
domainmod — domainmod DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ipid parameter. 2018-11-09 not yet calculated CVE-2018-19137
MISC
exiv2 — exiv2 In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file. 2018-11-08 not yet calculated CVE-2018-19108
MISC
MISC
exiv2 — exiv2
 
In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file. 2018-11-08 not yet calculated CVE-2018-19107
MISC
MISC
flarum — flarum_core In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone’s email address. 2018-11-09 not yet calculated CVE-2018-19133
MISC
foscam — c2_and_opticam_i5_devices An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The exported device configuration is encrypted with the hardcoded Pxift* password in some cases. 2018-11-07 not yet calculated CVE-2018-19066
MISC
foscam — c2_and_opticam_i5_devices An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow remote attackers to execute arbitrary OS commands via shell metacharacters in the usrName parameter of a CGIProxy.fcgi addAccount action. 2018-11-07 not yet calculated CVE-2018-19070
MISC
foscam — c2_and_opticam_i5_devices An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/boot.sh has 0777 permissions, allowing local users to control the commands executed at system start-up. 2018-11-07 not yet calculated CVE-2018-19071
MISC
foscam — c2_and_opticam_i5_devices An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The exported device configuration is encrypted with the hardcoded BpP+2R9*Q password in some cases. 2018-11-07 not yet calculated CVE-2018-19065
MISC
foscam — c2_and_opticam_i5_devices An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for the root user with a password of toor. 2018-11-07 not yet calculated CVE-2018-19069
MISC
foscam — c2_and_opticam_i5_devices An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The admin account has a blank password. 2018-11-07 not yet calculated CVE-2018-19063
MISC
foscam — c2_and_opticam_i5_devices An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The firewall has no effect except for blocking port 443 and partially blocking port 88. 2018-11-07 not yet calculated CVE-2018-19074
MISC
foscam — c2_and_opticam_i5_devices An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. There is a hardcoded Ak47@99 password for the factory~ account. 2018-11-07 not yet calculated CVE-2018-19067
MISC
foscam — c2_and_opticam_i5_devices An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/app has 0777 permissions, allowing local users to replace an archive file (within that directory) to control what is extracted to RAM at boot time. 2018-11-07 not yet calculated CVE-2018-19072
MISC
foscam — c2_and_opticam_i5_devices An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The FTP and RTSP services make it easier for attackers to conduct brute-force authentication attacks, because failed-authentication limits apply only to HTTP (not FTP or RTSP). 2018-11-07 not yet calculated CVE-2018-19076
MISC
foscam — c2_and_opticam_i5_devices An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ftpuser1 account has a blank password, which cannot be changed. 2018-11-07 not yet calculated CVE-2018-19064
MISC
foscam — c2_and_opticam_i5_devices An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The firewall feature makes it easier for remote attackers to ascertain credentials and firewall rules because invalid credentials lead to error -2, whereas rule-based blocking leads to error -8. 2018-11-07 not yet calculated CVE-2018-19075
MISC
foscam — c2_and_opticam_i5_devices An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow attackers to execute arbitrary OS commands via shell metacharacters in the modelName, by leveraging /mnt/mtd/app/config/ProductConfig.xml write access. 2018-11-07 not yet calculated CVE-2018-19073
MISC
foscam — opticam_i5_devices An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to conduct stack-based buffer overflow attacks via the IPv4Address field. 2018-11-07 not yet calculated CVE-2018-19082
MISC
foscam — opticam_i5_devices An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetHostname method allows unauthenticated persistent XSS. 2018-11-07 not yet calculated CVE-2018-19080
MISC
foscam — opticam_i5_devices An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for hidden factory credentials. 2018-11-07 not yet calculated CVE-2018-19068
MISC
foscam — opticam_i5_devices An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The response to an ONVIF media GetStreamUri request contains the administrator username and password. 2018-11-07 not yet calculated CVE-2018-19078
MISC
foscam — opticam_i5_devices An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SystemReboot method allows unauthenticated reboot. 2018-11-07 not yet calculated CVE-2018-19079
MISC
foscam — opticam_i5_devices An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to execute arbitrary OS commands via the IPv4Address field. 2018-11-07 not yet calculated CVE-2018-19081
MISC
foscam — opticam_i5_devices An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. RtspServer allows remote attackers to cause a denial of service (daemon hang or restart) via a negative integer in the RTSP Content-Length header. 2018-11-07 not yet calculated CVE-2018-19077
MISC
foxit_software — foxit_reader The u3d plugin 9.3.0.10809 (aka pluginsU3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample. 2018-11-05 not yet calculated CVE-2018-18933
MISC
MISC
fruitywifi — fruitywifi Shell Metacharacter Injection in www/modules/save.php in FruityWifi (aka PatatasFritas/PatataWifi) through 2.4 allows remote attackers to execute arbitrary code with root privileges via a crafted mod_name parameter in a POST request. NOTE: unlike in CVE-2018-17317, the attacker does not need a valid session. 2018-11-10 not yet calculated CVE-2018-19168
MISC
gitea — gitea Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron. 2018-11-04 not yet calculated CVE-2018-18926
MISC
gogs — gogs Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a “..” session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron. 2018-11-04 not yet calculated CVE-2018-18925
MISC
google — android In the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing restriction. This could lead to a local escalation of privilege, with System privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-110107376. 2018-11-06 not yet calculated CVE-2018-9488
CONFIRM
EXPLOIT-DB
google — android In CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-77486542. 2018-11-06 not yet calculated CVE-2018-9427
SECTRACK
CONFIRM
google — android In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to local escalation of privilege with no additional privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74250718 References: Upstream kernel. 2018-11-06 not yet calculated CVE-2018-9422
MLIST
MLIST
CONFIRM
google — android In driver_override_store and driver_override_show of bus.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69129004 References: Upstream kernel. 2018-11-06 not yet calculated CVE-2018-9415
CONFIRM
UBUNTU
UBUNTU
UBUNTU
google — android In driver_override_store of bus.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74128061 References: Upstream kernel. 2018-11-06 not yet calculated CVE-2018-9385
CONFIRM
google — android In processMessagePart of InboundSmsHandler.java, there is a possible remote denial of service due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-72298611. 2018-11-06 not yet calculated CVE-2018-9362
BID
CONFIRM
google — android In getstring of ID3.cpp there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78656554. 2018-11-06 not yet calculated CVE-2018-9437
SECTRACK
CONFIRM
google — android In BNEP_Write of bnep_api.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74947856. 2018-11-06 not yet calculated CVE-2018-9357
BID
CONFIRM
google — android In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel. 2018-11-06 not yet calculated CVE-2018-9363
REDHAT
MLIST
CONFIRM
UBUNTU
UBUNTU
DEBIAN
google — android In gatts_process_attribute_req of gatt_sc.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-73172115. 2018-11-06 not yet calculated CVE-2018-9358
BID
CONFIRM
google — android In readMetadata of Utils.cpp, there is a possible path traversal bug due to a confused deputy. This could lead to local escalation of privilege when mounting a USB device with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80436257. 2018-11-06 not yet calculated CVE-2018-9445
SECTRACK
CONFIRM
EXPLOIT-DB
google — android In bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74950468. 2018-11-06 not yet calculated CVE-2018-9356
BID
CONFIRM
google — android When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine.java broadcasts an intent including detailed wifi network information. This could lead to information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-77286245. 2018-11-06 not yet calculated CVE-2018-9489
SECTRACK
MISC
google — android In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74201143. 2018-11-06 not yet calculated CVE-2018-9360
BID
CONFIRM
google — android In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79164722. 2018-11-06 not yet calculated CVE-2018-9436
SECTRACK
CONFIRM
google — android In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580. 2018-11-06 not yet calculated CVE-2018-9516
MLIST
CONFIRM
DEBIAN
google — android In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78286118. 2018-11-06 not yet calculated CVE-2018-9454
SECTRACK
CONFIRM
google — android When a device connects only over WiFi VPN, the device may not receive security updates due to some incorrect checks. This could lead to a local denial of service of security updates with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1 Android ID: A-78644887. 2018-11-06 not yet calculated CVE-2018-9438
SECTRACK
CONFIRM
google — android In computeFocusedWindow of RootWindowContainer.java, and related functions, there is possible interception of keypresses due to focus being on the wrong window. This could lead to local escalation of privilege revealing the user’s keypresses while the screen was locked with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-71786287. 2018-11-06 not yet calculated CVE-2018-9458
SECTRACK
CONFIRM
google — android In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79541338. 2018-11-06 not yet calculated CVE-2018-9450
SECTRACK
CONFIRM
google — android In DynamicRefTable::load of ResourceTypes.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79488511. 2018-11-06 not yet calculated CVE-2018-9451
SECTRACK
CONFIRM
google — android In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-79944113. 2018-11-06 not yet calculated CVE-2018-9448
SECTRACK
CONFIRM
google — android In avdt_msg_prs_cfg of avdt_msg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78288378. 2018-11-06 not yet calculated CVE-2018-9453
SECTRACK
CONFIRM
google — android In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78136677. 2018-11-06 not yet calculated CVE-2018-9455
SECTRACK
CONFIRM
google — android In task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69164715 References: Upstream kernel. 2018-11-06 not yet calculated CVE-2018-9465
SECTRACK
CONFIRM
google — android In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. This could lead to a remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-66230183. 2018-11-06 not yet calculated CVE-2018-9459
SECTRACK
CONFIRM
google — android In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74202041. 2018-11-06 not yet calculated CVE-2018-9361
BID
CONFIRM
google — android In ih264d_video_decode of ih264d_api.c there is a possible resource exhaustion due to an infinite loop. This could lead to remote temporary device denial of service (remote hang or reboot) with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android ID: A-63521984. 2018-11-06 not yet calculated CVE-2018-9444
SECTRACK
CONFIRM
google — android In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74196706. 2018-11-06 not yet calculated CVE-2018-9359
BID
CONFIRM
google — android In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74016921. 2018-11-06 not yet calculated CVE-2018-9355
BID
CONFIRM
google — android In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80145946. 2018-11-06 not yet calculated CVE-2018-9446
SECTRACK
CONFIRM
google — cardboard_application_for_android_and_ios The Google Cardboard application 1.8 for Android and 1.2 for iOS sends potentially private cleartext information to the Unity 3D Stats web site, as demonstrated by device make, model, and OS. 2018-11-08 not yet calculated CVE-2018-19111
MISC
hunan_jinyun_network_technology_co — pbootcms PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a “SET GLOBAL general_log_file” statement, followed by a SELECT statement containing this PHP code. 2018-11-07 not yet calculated CVE-2018-19053
MISC
i18n_gem_for_ruby_on_rails — i18n_gem_for_ruby_on_rails Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash. 2018-11-06 not yet calculated CVE-2014-10077
MISC
MISC
MISC
ibm — api_connect IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator. IBM X-Force ID: 148692. 2018-11-08 not yet calculated CVE-2018-1774
XF
CONFIRM
ibm — campaign IBM Campaign 9.1.0, 9.1.2, 10.0, and 10.1 could allow an authenticated user with access to the local network to bypass security due to lack of input validation. IBM X-Force ID: 120206. 2018-11-08 not yet calculated CVE-2016-9749
CONFIRM
XF
ibm — cognos_analytics IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902. 2018-11-08 not yet calculated CVE-2018-1842
SECTRACK
XF
CONFIRM
ibm — db2_for_linux_and_unix_and_windows IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. IBM X-Force ID: 150511. 2018-11-08 not yet calculated CVE-2018-1834
CONFIRM
XF
ibm — db2_for_linux_and_unix_and_windows IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148804. 2018-11-08 not yet calculated CVE-2018-1781
CONFIRM
XF
ibm — db2_for_linux_and_unix_and_windows IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 149640. 2018-11-08 not yet calculated CVE-2018-1802
CONFIRM
XF
ibm — db2_for_linux_and_unix_and_windows IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local unprivileged user to overwrite files on the system which could cause damage to the database. IBM X-Force ID: 149429. 2018-11-08 not yet calculated CVE-2018-1799
CONFIRM
XF
ibm — db2_for_linux_and_unix_and_windows IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow a user to bypass FGAC control and gain access to data they shouldn’t be able to see. IBM X-Force ID: 151155. 2018-11-08 not yet calculated CVE-2018-1857
CONFIRM
XF
ibm — db2_for_linux_and_unix_and_windows IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148803. 2018-11-08 not yet calculated CVE-2018-1780
CONFIRM
XF
ibm — marketing_operations IBM Marketing Operations 9.1.0, 9.1.2, and 10.1 could allow a remote attacker to obtain sensitive information. An attacker could send a specially-crafted request to cause an error message to be returned containing the full root path. An attacker could use this information to launch further attacks against the affected system. IBM X-Force ID: 121171. 2018-11-08 not yet calculated CVE-2017-1119
CONFIRM
XF
ibm — maximo_asset_management IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151330. 2018-11-09 not yet calculated CVE-2018-1872
XF
CONFIRM
ibm — multiple_products IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 145609. 2018-11-06 not yet calculated CVE-2018-1694
CONFIRM
XF
ibm — multiple_products IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow an authenticated user to obtain sensitive information from an error message that could be used in further attacks against the system. IBM X-Force ID: 143796. 2018-11-06 not yet calculated CVE-2018-1606
CONFIRM
XF
ibm — spectrum_protect_server IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873. 2018-11-02 not yet calculated CVE-2018-1788
CONFIRM
BID
SECTRACK
XF
ibm — websphere_mq IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. IBM X-Force ID: 145456. 2018-11-08 not yet calculated CVE-2018-1684
XF
CONFIRM
international_components_for_unicode — international_components_for_unicode International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp. 2018-11-04 not yet calculated CVE-2018-18928
MISC
MISC
MISC
iobit — malware_fighter RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E040 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges. 2018-11-09 not yet calculated CVE-2018-19086
MISC
iobit — malware_fighter RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E048 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges. 2018-11-09 not yet calculated CVE-2018-19085
MISC
iobit — malware_fighter RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E05C with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges. 2018-11-09 not yet calculated CVE-2018-19084
MISC
iobit — malware_fighter RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E044 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges. 2018-11-09 not yet calculated CVE-2018-19087
MISC
jasper — jasper An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c. 2018-11-09 not yet calculated CVE-2018-19139
MISC
jeecms — jeecms JEECMS 9.3 has XSS via an index.do#/content/update?type=update URI. 2018-11-05 not yet calculated CVE-2018-18952
MISC
jquery — jquery Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut 2018-11-05 not yet calculated CVE-2018-9208
MISC
keepalived — keepalived keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information. 2018-11-08 not yet calculated CVE-2018-19045
MISC
MISC
MISC
MISC
keepalived — keepalived keepalived 2.0.8 didn’t check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd. 2018-11-08 not yet calculated CVE-2018-19044
MISC
MISC
MISC
keepalived — keepalived
 
keepalived 2.0.8 didn’t check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information. 2018-11-08 not yet calculated CVE-2018-19046
MISC
MISC
keepalived — keepalived
 
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap. 2018-11-08 not yet calculated CVE-2018-19115
MISC
MISC
MISC
kindeditor — kindeditor KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication. 2018-11-05 not yet calculated CVE-2018-18950
MISC
knightjs — knightjs A Path Traversal in Knightjs versions 2018-11-06 not yet calculated CVE-2018-16475
MISC
libav — libav In Libav 12.3, there is a heap-based buffer over-read in decode_frame in libavcodec/lcldec.c that allows an attacker to cause denial-of-service via a crafted avi file. 2018-11-09 not yet calculated CVE-2018-19128
MISC
libav — libav In Libav 12.3, there is an invalid memory access in vc1_decode_frame in libavcodec/vc1dec.c that allows attackers to cause a denial-of-service via a crafted aac file. 2018-11-09 not yet calculated CVE-2018-19130
MISC
libav — libav In Libav 12.3, a NULL pointer dereference (RIP points to zero) issue in ff_mpa_synth_filter_float in libavcodec/mpegaudiodsp_template.c can cause a segmentation fault (application crash) via a crafted mov file. 2018-11-09 not yet calculated CVE-2018-19129
MISC
libiec61850 — libiec61850 An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in Ethernet_sendPacket in ethernet_bsd.c. 2018-11-09 not yet calculated CVE-2018-19122
MISC
MISC
libiec61850 — libiec61850 An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in ClientDataSet_getValues in client/ied_connection.c. 2018-11-05 not yet calculated CVE-2018-18937
MISC
MISC
libiec61850 — libiec61850 An issue has been found in libIEC61850 v1.3. It is a SEGV in Ethernet_receivePacket in ethernet_bsd.c. 2018-11-09 not yet calculated CVE-2018-19121
MISC
MISC
libiec61850 — libiec61850
 
An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c. 2018-11-05 not yet calculated CVE-2018-18957
MISC
EXPLOIT-DB
librecad — librecad LibreCAD 2.1.3 allows remote attackers to cause a denial of service (0x89C04589 write access violation and application crash) or possibly have unspecified other impact via a crafted file. 2018-11-08 not yet calculated CVE-2018-19105
MISC
light_code_labs — caddy Caddy through 0.11.0 sends incorrect certificates for certain invalid requests, making it easier for attackers to enumerate hostnames. Specifically, when unable to match a Host header with a vhost in its configuration, it serves the X.509 certificate for a randomly selected vhost in its configuration. Repeated requests (with a nonexistent hostname in the Host header) permit full enumeration of all certificates on the server. This generally permits an attacker to easily and accurately discover the existence of and relationships among hostnames that weren’t meant to be public, though this information could likely have been discovered via other methods with additional effort. 2018-11-10 not yet calculated CVE-2018-19148
MISC
MISC
MISC
lighttpd — lighttpd An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing ‘/’ character, but the alias target filesystem path does have a trailing ‘/’ character. 2018-11-07 not yet calculated CVE-2018-19052
MISC
metinfo — metinfo MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter. 2018-11-06 not yet calculated CVE-2018-19051
MISC
metinfo — metinfo MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter. 2018-11-06 not yet calculated CVE-2018-19050
MISC
micro_focus — operations_bridge A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure. 2018-11-07 not yet calculated CVE-2018-18590
CONFIRM
mindoc — mindoc An issue was discovered in MinDoc through v1.0.2. It allows attackers to gain privileges by uploading an image file with contents that represent an admin session, and then sending a Cookie: header with a mindoc_id value containing the relative pathname of this uploaded file. For example, the mindoc_id (aka session ID) could be of the form aa/../../uploads/blog/201811/attach_#.jpg where ‘#’ is a hex value displayed in the upload field of a manage/blogs/edit/ screen. 2018-11-08 not yet calculated CVE-2018-19114
MISC
nginx – nginx nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the ‘http2’ option of the ‘listen’ directive is used in a configuration file. 2018-11-07 not yet calculated CVE-2018-16844
MISC
BID
SECTRACK
CONFIRM
UBUNTU
DEBIAN
nginx — nginx nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. 2018-11-07 not yet calculated CVE-2018-16845
MISC
BID
SECTRACK
CONFIRM
MLIST
UBUNTU
DEBIAN
nginx — nginx nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the ‘http2’ option of the ‘listen’ directive is used in a configuration file. 2018-11-07 not yet calculated CVE-2018-16843
MISC
BID
SECTRACK
CONFIRM
UBUNTU
DEBIAN
node.js — node.js A path traversal in takeapeek module versions 2018-11-06 not yet calculated CVE-2018-16473
MISC
node.js — node.js A stored xss in tianma-static module versions 2018-11-06 not yet calculated CVE-2018-16474
MISC
node.js — node.js A prototype pollution attack in cached-path-relative versions 2018-11-06 not yet calculated CVE-2018-16472
MISC
omron — cx-supervisor When processing project files in Omron CX-Supervisor versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under the context of the application. 2018-11-05 not yet calculated CVE-2018-17909
BID
MISC
omron — cx-supervisor When processing project files in Omron CX-Supervisor versions 3.4.1.0 and prior and tampering with the value of an offset, an attacker can force the application to read a value outside of an array. 2018-11-05 not yet calculated CVE-2018-17907
BID
MISC
omron — cx-supervisor A type confusion vulnerability exists when processing project files in Omron CX-Supervisor versions 3.4.1.0 and prior, which may allow an attacker to execute code in the context of the application. 2018-11-05 not yet calculated CVE-2018-17913
BID
MISC
omron — cx-supervisor When processing project files in Omron CX-Supervisor versions 3.4.1.0 and prior and tampering with a specific byte, memory corruption may occur within a specific object. 2018-11-05 not yet calculated CVE-2018-17905
BID
MISC
open_information _security _foundation — suricata The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service (segfault and daemon crash) via crafted input to the SMTP parser, as exploited in the wild in November 2018. 2018-11-05 not yet calculated CVE-2018-18956
CONFIRM
MISC
MISC
oscommerce — oscommerce osCommerce 2.3.4.1 has an incomplete ‘.htaccess’ for blacklist filtering in the “product” page. The .htaccess file in catalog/images/ bans the html extension, but there are several extensions in which contained HTML can be executed, such as the svg extension. 2018-11-05 not yet calculated CVE-2018-18964
MISC
oscommerce — oscommerce osCommerce 2.3.4.1 has an incomplete ‘.htaccess’ for blacklist filtering in the “product” page. The .htaccess file in catalog/images/ bans the html extension, but Internet Explorer render HTML elements in a .eml file. 2018-11-05 not yet calculated CVE-2018-18966
MISC
oscommerce — oscommerce osCommerce 2.3.4.1 has an incomplete ‘.htaccess’ for blacklist filtering in the “product” page. The .htaccess file in catalog/images/ bans the html extension, but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename). 2018-11-05 not yet calculated CVE-2018-18965
MISC
pandao — editor.md pandao Editor.md 1.5.0 has DOM XSS via input starting with a ” 2018-11-07 not yet calculated CVE-2018-19056
MISC
pdfforge — pdf_architect Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in pdfforge PDF Architect 6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because of a “Data from Faulting Address controls Code Flow” issue. 2018-11-10 not yet calculated CVE-2018-19150
MISC
MISC
pluralsight– javascript A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements edits one of the Entities above via Admin Console, the injected JavaScript code is executed. 2018-11-06 not yet calculated CVE-2018-17184
MISC
popojicms — popojicmis An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=component&act=addnew URI, as demonstrated by adding a level=1 account. 2018-11-05 not yet calculated CVE-2018-18935
MISC
popojicms — popojicms An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code (that is extracted and can be executed). This can also be exploited via CSRF. 2018-11-05 not yet calculated CVE-2018-18934
MISC
MISC
popojicms — popojicms An issue was discovered in PopojiCMS v2.0.1. admin_library.php allows remote attackers to delete arbitrary files via directory traversal in the po-admin/route.php?mod=library&act=delete id parameter. 2018-11-05 not yet calculated CVE-2018-18936
MISC
poppler — poppler An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path. 2018-11-07 not yet calculated CVE-2018-19060
MISC
poppler — poppler An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts. 2018-11-07 not yet calculated CVE-2018-19059
MISC
poppler — poppler Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. 2018-11-10 not yet calculated CVE-2018-19149
MISC
poppler — poppler An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file. 2018-11-07 not yet calculated CVE-2018-19058
MISC
powerdns — recursor An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail. 2018-11-09 not yet calculated CVE-2018-14644
CONFIRM
CONFIRM
prestashop — prestashop PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload. 2018-11-09 not yet calculated CVE-2018-19126
MISC
MISC
MISC
prestashop — prestashop PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 on Windows allows remote attackers to write to arbitrary image files. 2018-11-09 not yet calculated CVE-2018-19124
MISC
MISC
MISC
prestashop — prestashop PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to delete an image directory. 2018-11-09 not yet calculated CVE-2018-19125
MISC
MISC
MISC
projeqtor — projeqtor The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with “#exec cmd” because rejected files remain on the server, with predictable filenames, after a “This file is not a valid image” error message. 2018-11-04 not yet calculated CVE-2018-18924
MISC
EXPLOIT-DB
publiccms — publiccms An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list “attached” attribute (which typically has ‘class=”icon-globe icon-large”‘ in its value), as demonstrated by an ‘UPDATE sys_module SET attached = “[XSS]” WHERE id=”page_list”‘ statement. 2018-11-04 not yet calculated CVE-2018-18927
MISC
qemu — qemu An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process. 2018-11-02 not yet calculated CVE-2018-16847
BID
CONFIRM
MISC
MLIST
richfaces — richfaces The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData. 2018-11-06 not yet calculated CVE-2018-14667
SECTRACK
REDHAT
REDHAT
REDHAT
CONFIRM
s-cms — s-cms An issue was discovered in S-CMS v1.5. There is an XSS vulnerability in search.php via the keyword parameter. 2018-11-09 not yet calculated CVE-2018-19145
MISC
sauter — case_suite An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when processing parameter entities, which may allow remote file disclosure. 2018-11-02 not yet calculated CVE-2018-17912
BID
MISC
sennheiser — headsetup Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software distribution, which allows remote attackers to spoof arbitrary web sites or software publishers for several years, even if the HeadSetup product is uninstalled. NOTE: a vulnerability-assessment approach must check all Windows systems for CA certificates with a CN of 127.0.0.1 or SennComRootCA, and determine whether those certificates are unwanted. 2018-11-09 not yet calculated CVE-2018-17612
MISC
shanghai_shengda_network_development_co — phpcms A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cache_template/*.tpl.php file along with a “ 2018-11-09 not yet calculated CVE-2018-19127
MISC
shangtao_information_technology_co — wstmart WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI. 2018-11-09 not yet calculated CVE-2018-19138
MISC
sparksuite — simplemde SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with [ and ( characters, which is mishandled during construction of an A element. 2018-11-07 not yet calculated CVE-2018-19057
MISC
squid — squid Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet. 2018-11-09 not yet calculated CVE-2018-19132
MISC
MISC
MISC
squid — squid
 
Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors. 2018-11-09 not yet calculated CVE-2018-19131
MISC
MISC
MISC
telexy — qpath An issue was discovered in Telexy QPath 5.4.462. A low privileged authenticated user supplying a specially crafted serialized request to AdanitDataService.svc may modify user information, including but not limited to email address, username, and password, of other user accounts. The simplest attack approach is for the attacker to intercept their own password-change request and modify the username before the request reaches the server. Also, changing a victim’s email address can have a similar account-takeover consequence. 2018-11-08 not yet calculated CVE-2018-7718
MISC
texas_instruments — multiple_devices Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices allows remote attackers to execute arbitrary code via a malformed packet that triggers a buffer overflow. 2018-11-06 not yet calculated CVE-2018-16986
CONFIRM
BID
SECTRACK
MISC
CISCO
CERT-VN
tianti — tianti tianti 2.3 has reflected XSS in the user management module via the tianti-module-admin/user/list userName parameter. 2018-11-07 not yet calculated CVE-2018-19091
MISC
tianti — tianti tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list directly to read the column list page or edit a column. 2018-11-08 not yet calculated CVE-2018-19109
MISC
tianti — tianti The skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/user/skin/list directly because controllerusercontroller.java maps a /skin/list request to the function skinList, and lacks an authorization check. 2018-11-08 not yet calculated CVE-2018-19110
MISC
tianti — tianti tianti 2.3 has stored XSS in the article management module via an article title. 2018-11-07 not yet calculated CVE-2018-19090
MISC
tianti — tianti tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role name parameter, which is mishandled in tianti-module-adminsrcmainwebappWEB-INFviewsuseruser_list.jsp. 2018-11-07 not yet calculated CVE-2018-19089
MISC
tibco — active_spaces The administrative daemon (tibdgadmind) of TIBCO Software Inc.’s TIBCO ActiveSpaces – Community Edition, TIBCO ActiveSpaces – Developer Edition, and TIBCO ActiveSpaces – Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.’s TIBCO ActiveSpaces – Community Edition: 3.3.0; 3.4.0; 3.5.0, TIBCO ActiveSpaces – Developer Edition: 3.0.0; 3.1.0; 3.3.0; 3.4.0; 3.5.0, and TIBCO ActiveSpaces – Enterprise Edition: 3.0.0; 3.1.0; 3.2.0; 3.3.0; 3.4.0; 3.5.0. 2018-11-06 not yet calculated CVE-2018-12411
BID
MISC
CONFIRM
tibco — enterprise_messaging_service The Central Administration server (emsca) component of TIBCO Software Inc.’s TIBCO Enterprise Messaging Service, TIBCO Enterprise Messaging Service – Community Edition, and TIBCO Enterprise Messaging Service – Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.’s TIBCO Enterprise Messaging Service: versions up to and including 8.4.0, TIBCO Enterprise Messaging Service – Community Edition: versions up to and including 8.4.0, and TIBCO Enterprise Messaging Service – Developer Edition versions up to and including 8.4.0. 2018-11-06 not yet calculated CVE-2018-12415
BID
MISC
CONFIRM
tibco — ftl
 
The realm server (tibrealmserver) component of TIBCO Software Inc. TIBCO FTL – Community Edition, TIBCO FTL – Developer Edition, and TIBCO FTL – Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO FTL – Community Edition: versions up to and including 5.4.0, TIBCO FTL – Developer Edition: versions up to and including 5.4.0, TIBCO FTL – Enterprise Edition: versions up to and including 5.4.0. 2018-11-06 not yet calculated CVE-2018-12412
BID
MISC
CONFIRM
tibco — messaging The Schema repository server (tibschemad) component of TIBCO Software Inc.’s TIBCO Messaging – Apache Kafka Distribution – Schema Repository – Community Edition, and TIBCO Messaging – Apache Kafka Distribution – Schema Repository – Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO Messaging – Apache Kafka Distribution – Schema Repository – Community Edition: 1.0.0, and TIBCO Messaging – Apache Kafka Distribution – Schema Repository – Enterprise Edition: 1.0.0. 2018-11-06 not yet calculated CVE-2018-12413
MISC
CONFIRM
tibco — multiple_products The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.’s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.’s TIBCO Rendezvous: versions up to and including 8.4.5, TIBCO Rendezvous Developer Edition: versions up to and including 8.4.5, TIBCO Rendezvous for z/Linux: versions up to and including 8.4.5, TIBCO Rendezvous for z/OS: versions up to and including 8.4.5, TIBCO Rendezvous Network Server: versions up to and including 1.1.2, and TIBCO Substation ES: versions up to and including 2.12.2. 2018-11-06 not yet calculated CVE-2018-12414
BID
MISC
CONFIRM
vanilla — vanilla Vanilla 2.6.x before 2.6.4 allows remote code execution. 2018-11-03 not yet calculated CVE-2018-18903
MISC
MISC
MISC
wecenter — wecenter WeCenter 3.2.0 through 3.2.2 has XSS in the views/default/question/index.tpl.html htmlspecialchars_decode function via the /?/publish/ajax/publish_question/ question_content parameter. 2018-11-07 not yet calculated CVE-2018-19083
MISC
wordpress — wordpress The WP Editor.md plugin 10.0.1 for WordPress allows XSS via the comment area. 2018-11-04 not yet calculated CVE-2018-18919
MISC
wuzhicms — wuzhicms An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field. 2018-11-05 not yet calculated CVE-2018-18938
MISC
wuzhicms — wuzhicms An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field. 2018-11-05 not yet calculated CVE-2018-18939
MISC
xiph — icecast
 
A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution. 2018-11-05 not yet calculated CVE-2018-18820
MLIST
SECTRACK
GENTOO
DEBIAN
yzmcms — yzmcms An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/archives/pubtime/ query string, as demonstrated by the search/index/archives/pubtime/1526387722/page/1.html URI. NOTE: this does not obtain a user’s cookie. 2018-11-07 not yet calculated CVE-2018-19092
MISC
zoho_manageengine — network_configuration_manager_and_opmanager An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local files to an arbitrary remote FTP server. 2018-11-05 not yet calculated CVE-2018-18980
MISC
MISC
zoho_manageengine — opmanager Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings. 2018-11-05 not yet calculated CVE-2018-18949
MISC
zyxel — zywall_usg_devices ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account’s access could, for example, subsequently be used for stored XSS. 2018-11-10 not yet calculated CVE-2017-17550
MISC

Back to top