vulnerability summary for the week of september 7, 2018 · access to the system when ldap is set to...

63
Vulnerability Summary for the Week of September 7, 2018 The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 Entries may include additional information provided by organizations and efforts sponsored by Ug-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of Ug-CERT analysis. High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info There were no high vulnerabilities recorded this week. Medium Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info There were no medium vulnerabilities recorded this week. Low Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info There were no low vulnerabilities recorded this week. Severity Not Yet Assigned

Upload: others

Post on 03-Mar-2021

0 views

Category:

Documents


0 download

TRANSCRIPT

Vulnerability Summary for the Week of September 7, 2018 The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by Ug-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of Ug-CERT analysis.

High Vulnerabilities

Primary

Vendor -- Product Description Published

CVSS

Score

Source &

Patch Info

There were no high vulnerabilities recorded this week.

Medium Vulnerabilities

Primary

Vendor -- Product Description Published

CVSS

Score

Source &

Patch Info

There were no medium vulnerabilities recorded this week.

Low Vulnerabilities

Primary

Vendor -- Product Description Published

CVSS

Score

Source &

Patch Info

There were no low vulnerabilities recorded this week.

Severity Not Yet Assigned

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

a10 --

acos_web_application_firewall

A10 ACOS Web Application Firewall (WAF) 2.7.1

and 2.7.2 before 2.7.2-P12, 4.1.0 before 4.1.0-P11,

4.1.1 before 4.1.1-P8, and 4.1.2 before 4.1.2-P4

mishandles the configured rules for blocking SQL

injection attacks, aka A10-2017-0008.

2018

-08-

27

not

yet

calcu

lated

CVE-

2018-

15904

CONFIR

M(link is

external)

abb -- esoms

ABB eSOMS version 6.0.2 may allow unauthorized

access to the system when LDAP is set to allow

anonymous authentication, and specific key values

within the eSOMS web.config file are present. Both

conditions are required to exploit this vulnerability.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

14805

BID(link

is

external)

MISC

CONFIR

M(link is

external)

adobe -- acrobat_and_reader

Adobe Acrobat and Reader versions

2018.011.20055 and earlier, 2017.011.30096 and

earlier, and 2015.006.30434 and earlier have an out-

of-bounds write vulnerability. Successful

exploitation could lead to arbitrary code execution.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

12808

BID(link

is

external)

SECTR

ACK(lin

k is

external)

CONFIR

M(link is

external)

adobe -- acrobat_and_reader

Adobe Acrobat and Reader versions

2018.011.20055 and earlier, 2017.011.30096 and

earlier, and 2015.006.30434 and earlier have an

untrusted pointer dereference vulnerability.

Successful exploitation could lead to arbitrary code

execution.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

12799

BID(link

is

external)

SECTR

ACK(lin

k is

external)

CONFIR

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

M(link is

external)

adobe -- creative_cloud

Adobe Creative Cloud Desktop Application before

4.6.1 has an improper certificate validation

vulnerability. Successful exploitation could lead to

privilege escalation.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

12829

BID(link

is

external)

CONFIR

M(link is

external)

adobe -- creative_cloud

Adobe Creative Cloud Desktop Application before

4.5.5.342 (installer) has an insecure library loading

(dll hijacking) vulnerability. Successful exploitation

could lead to privilege escalation.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

5003

BID(link

is

external)

SECTR

ACK(lin

k is

external)

CONFIR

M(link is

external)

adobe -- experience_manager

Adobe Experience Manager versions 6.4, 6.3, 6.2,

6.1, and 6.0 have an input validation bypass

vulnerability. Successful exploitation could lead to

unauthorized information modification.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

12807

BID(link

is

external)

SECTR

ACK(lin

k is

external)

CONFIR

M(link is

external)

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

adobe -- experience_manager

Adobe Experience Manager versions 6.4, 6.3, 6.2,

6.1, and 6.0 have a reflected cross-site scripting

vulnerability. Successful exploitation could lead to

sensitive information disclosure.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

12806

BID(link

is

external)

SECTR

ACK(lin

k is

external)

CONFIR

M(link is

external)

adobe -- flash_player

Adobe Flash Player 30.0.0.134 and earlier have an

out-of-bounds read vulnerability. Successful

exploitation could lead to information disclosure.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

12826

BID(link

is

external)

SECTR

ACK(lin

k is

external)

REDHA

T(link is

external)

CONFIR

M(link is

external)

adobe -- flash_player

Adobe Flash Player 30.0.0.134 and earlier have an

out-of-bounds read vulnerability. Successful

exploitation could lead to information disclosure.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

12827

BID(link

is

external)

SECTR

ACK(lin

k is

external)

REDHA

T(link is

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

external)

CONFIR

M(link is

external)

EXPLOI

T-

DB(link

is

external)

adobe -- flash_player

Adobe Flash Player 30.0.0.134 and earlier have a

security bypass vulnerability. Successful

exploitation could lead to security mitigation bypass.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

12825

BID(link

is

external)

SECTR

ACK(lin

k is

external)

REDHA

T(link is

external)

CONFIR

M(link is

external)

adobe -- flash_player

Adobe Flash Player 30.0.0.134 and earlier have an

out-of-bounds read vulnerability. Successful

exploitation could lead to information disclosure.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

12824

BID(link

is

external)

SECTR

ACK(lin

k is

external)

REDHA

T(link is

external)

CONFIR

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

M(link is

external)

adobe -- flash_player

Adobe Flash Player 30.0.0.134 and earlier have a

"use of a component with a known vulnerability"

vulnerability. Successful exploitation could lead to

privilege escalation.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

12828

BID(link

is

external)

SECTR

ACK(lin

k is

external)

REDHA

T(link is

external)

CONFIR

M(link is

external)

adobe -- photoshop_cc

Adobe Photoshop CC 2018 before 19.1.6 and

Photoshop CC 2017 before 18.1.6 have a memory

corruption vulnerability. Successful exploitation

could lead to remote code execution.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

12811

BID(link

is

external)

CONFIR

M(link is

external)

adobe -- photoshop_cc

Adobe Photoshop CC 2018 before 19.1.6 and

Photoshop CC 2017 before 18.1.6 have a memory

corruption vulnerability. Successful exploitation

could lead to remote code execution.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

12810

BID(link

is

external)

CONFIR

M(link is

external)

alcatel -- a30_device

The Alcatel A30 device with a build fingerprint of

TCL/5046G/MICKEY6US:7.0/NRD90M/J63:user/r

elease-keys contains a hidden privilege escalation

capability to achieve command execution as the root

2018

-08-

29 not

yet

CVE-

2018-

6597

MISC(li

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

user. They have made modifications that allow a

user with physical access to the device to obtain a

root shell via ADB. Modifying the read-only

properties by an app as the system user creates a

UNIX domain socket named factory_test that will

execute commands as the root user by processes that

have privilege to access it (as per the SELinux rules

that the vendor controls).

calcu

lated

nk is

external)

amazon –

amazon_web_services

An Amazon Web Services (AWS) developer who

does not specify the --owners flag when describing

images via AWS CLI, and therefore not properly

validating source software per AWS recommended

security best practices, may unintentionally load an

undesired and potentially malicious Amazon

Machine Image (AMI) from the uncurated public

community AMI catalog.

2018

-08-

24

not

yet

calcu

lated

CVE-

2018-

15869

BID(link

is

external)

MISC(li

nk is

external)

apache -- perl

mod_perl 2.0 through 2.0.10 allows attackers to

execute arbitrary Perl code by placing it in a user-

owned .htaccess file, because (contrary to the

documentation) there is no configuration option that

permits Perl code for the administrator's control of

HTTP request processing without also permitting

unprivileged users to run Perl code in the context of

the user account that runs Apache HTTP Server

processes.

2018

-08-

26

not

yet

calcu

lated

CVE-

2011-

2767

MISC

MISC

apache -- traffic_server

There are multiple HTTP smuggling and cache

poisoning issues when clients making malicious

requests interact with Apache Traffic Server (ATS).

This affects versions 6.0.0 to 6.2.2 and 7.0.0 to

7.1.3. To resolve this issue users running 6.x should

upgrade to 6.2.3 or later versions and 7.x users

should upgrade to 7.1.4 or later versions.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

8004

BID(link

is

external)

CONFIR

M(link is

external)

CONFIR

M(link is

external)

CONFIR

M(link is

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

external)

CONFIR

M(link is

external)

MLIST

DEBIAN

apache -- traffic_server

A carefully crafted invalid TLS handshake can cause

Apache Traffic Server (ATS) to segfault. This

affects version 6.2.2. To resolve this issue users

running 6.2.2 should upgrade to 6.2.3 or later

versions.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

8022

BID(link

is

external)

CONFIR

M(link is

external)

MLIST

apache -- traffic_server

Pages that are rendered using the ESI plugin can

have access to the cookie header when the plugin is

configured not to allow access. This affects Apache

Traffic Server (ATS) versions 6.0.0 to 6.2.2 and

7.0.0 to 7.1.3. To resolve this issue users running 6.x

should upgrade to 6.2.3 or later versions and 7.x

users should upgrade to 7.1.4 or later versions.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

8040

BID(link

is

external)

CONFIR

M(link is

external)

MLIST

MLIST

DEBIAN

apache -- traffic_server

When there are multiple ranges in a range request,

Apache Traffic Server (ATS) will read the entire

object from cache. This can cause performance

problems with large objects in cache. This affects

versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve

this issue users running 6.x users should upgrade to

6.2.3 or later versions and 7.x users should upgrade

to 7.1.4 or later versions.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

8005

BID(link

is

external)

CONFIR

M(link is

external)

CONFIR

M(link is

external)

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

MLIST

DEBIAN

apache -- traffic_server

Adding method ACLs in remap.config can cause a

segfault when the user makes a carefully crafted

request. This affects versions Apache Traffic Server

(ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve

this issue users running 6.x should upgrade to 6.2.3

or later versions and 7.x users should upgrade to

7.1.4 or later versions.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

1318

BID(link

is

external)

CONFIR

M(link is

external)

MLIST

DEBIAN

argus -- surveillance_dvr

Argus Surveillance DVR 4.0.0.0 devices allow

Unauthenticated Directory Traversal, leading to File

Disclosure via a ..%2F in the WEBACCOUNT.CGI

RESULTPAGE parameter.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

15745

MISC

MISC(li

nk is

external)

EXPLOI

T-

DB(link

is

external)

artifex -- ghostscript

In Artifex Ghostscript 9.23 before 2018-08-24,

attackers able to supply crafted PostScript could use

uninitialized memory access in the aesdecode

operator to crash the interpreter or potentially

execute code.

2018

-08-

28

not

yet

calcu

lated

CVE-

2018-

15911

MISC(li

nk is

external)

MISC(li

nk is

external)

MISC

artifex -- ghostscript

In Artifex Ghostscript 9.23 before 2018-08-23,

attackers able to supply crafted PostScript files

could use a type confusion in the

2018

-08-

27

not

yet

calcu

lated

CVE-

2018-

15910

MISC(li

nk is

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

LockDistillerParams parameter to crash the

interpreter or execute code.

external)

MISC

artifex -- ghostscript

In Artifex Ghostscript 9.23 before 2018-08-24, a

type confusion using the .shfill operator could be

used by attackers able to supply crafted PostScript

files to crash the interpreter or potentially execute

code.

2018

-08-

27

not

yet

calcu

lated

CVE-

2018-

15909

MISC(li

nk is

external)

MISC(li

nk is

external)

BID(link

is

external)

MISC

artifex -- ghostscript

In Artifex Ghostscript 9.23 before 2018-08-23,

attackers are able to supply malicious PostScript

files to bypass .tempfile restrictions and write files.

2018

-08-

27

not

yet

calcu

lated

CVE-

2018-

15908

MISC(li

nk is

external)

MISC

aspcm -- aspcms

An issue was discovered in ASPCMS 2.5.6. When

registering ordinary users in the addUser function of

the /member/reg.asp page, they can be registered

with the super administrators GroupID directly.

2018

-08-

26

not

yet

calcu

lated

CVE-

2018-

15888

MISC

MISC

asus -- dsl-n12e_c1

Main_Analysis_Content.asp in ASUS DSL-

N12E_C1 1.1.2.3_345 is prone to Authenticated

Remote Command Execution, which allows a

remote attacker to execute arbitrary OS commands

via service parameters, such as shell metacharacters

in the destIP parameter of a cmdMethod=ping

request.

2018

-08-

27

not

yet

calcu

lated

CVE-

2018-

15887

MISC(li

nk is

external)

asustor -- data_master

ASUSTOR Data Master 3.1.5 and below makes an

HTTP request for a configuration file that is

vulnerable to XSS. A man in the middle can take

2018

-08-

27

not

yet

calcu

lated

CVE-

2018-

15699

MISC(li

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

advantage of this by inserting Javascript into the

configuration files Version field.

nk is

external)

asustor -- data_master

ASUSTOR Data Master 3.1.5 and below allows

authenticated remote non-administrative users to

read any file on a share by providing the full path.

For example, /home/admin/.ash_history.

2018

-08-

27

not

yet

calcu

lated

CVE-

2018-

15697

MISC(li

nk is

external)

asustor -- data_master

ASUSTOR Data Master 3.1.5 and below allows

authenticated remote non-administrative users to

read any file on the file system when providing the

full path to loginimage.cgi.

2018

-08-

27

not

yet

calcu

lated

CVE-

2018-

15698

MISC(li

nk is

external)

asustor -- data_master

ASUSTOR Data Master 3.1.5 and below allows

authenticated remote non-administrative users to

enumerate all user accounts via user.cgi.

2018

-08-

27

not

yet

calcu

lated

CVE-

2018-

15696

MISC(li

nk is

external)

asustor -- data_master

ASUSTOR Data Master 3.1.5 and below allows

authenticated remote non-administrative users to

delete any file on the file system due to a path

traversal vulnerability in wallpaper.cgi.

2018

-08-

27

not

yet

calcu

lated

CVE-

2018-

15695

MISC(li

nk is

external)

asustor -- data_master

ASUSTOR Data Master 3.1.5 and below allows

authenticated remote non-administrative users to

upload files to arbitrary locations due to a path

traversal vulnerability. This could lead to code

execution if the "Web Server" feature is enabled.

2018

-08-

27

not

yet

calcu

lated

CVE-

2018-

15694

MISC(li

nk is

external)

atlassian -- jira

Various resources in Atlassian Jira before version

7.6.8, from version 7.7.0 before version 7.7.5, from

version 7.8.0 before version 7.8.5, from version

7.9.0 before version 7.9.3, from version 7.10.0

before version 7.10.3 and before version 7.11.1

allow remote attackers to inject arbitrary HTML or

2018

-08-

28

not

yet

calcu

lated

CVE-

2018-

13395

CONFIR

M(link is

external)

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

JavaScript via a cross site scripting (XSS)

vulnerability in the epic colour field of an issue

while an issue is being moved.

atlassian -- jira_server

The ProfileLinkUserFormat component of Jira

Server before version 7.6.8, from version 7.7.0

before version 7.7.5, from version 7.8.0 before

version 7.8.5, from version 7.9.0 before version

7.9.3, from version 7.10.0 before version 7.10.3 and

from version 7.11.0 before version 7.11.2 allows

remote attackers who can access & view an issue to

obtain the email address of the reporter and assignee

user of an issue despite the configured email

visibility setting being set to hidden.

2018

-08-

28

not

yet

calcu

lated

CVE-

2018-

13391

BID(link

is

external)

CONFIR

M(link is

external)

auth0 -- auth0

An issue was discovered in Auth0 auth0-aspnet and

auth0-aspnet-owin. Affected packages do not use or

validate the state parameter of the OAuth 2.0 and

OpenID Connect protocols. This leaves applications

vulnerable to CSRF attacks during authentication

and authorization operations.

2018

-08-

28

not

yet

calcu

lated

CVE-

2018-

15121

CONFIR

M(link is

external)

bludit -- bludit

Bludit 2.3.4 allows XSS via a user name.

2018

-09-

01

not

yet

calcu

lated

CVE-

2018-

16313

MISC(li

nk is

external)

ca -- ppm

An XML external entity vulnerability in the XOG

functionality, in CA PPM 14.3 and below, 14.4,

15.1, 15.2 CP5 and below, and 15.3 CP2 and below,

allows remote attackers to conduct server side

request forgery attacks.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

13826

CONFIR

M(link is

external)

ca -- ppm

Unprotected storage of credentials in CA PPM 14.3

and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3

CP2 and below, allows attackers to access sensitive

information.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

13822

CONFIR

M(link is

external)

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

ca -- ppm

Insufficient input validation in the gridExcelExport

functionality, in CA PPM 14.3 and below, 14.4,

15.1, 15.2 CP5 and below, and 15.3 CP2 and below,

allows remote attackers to execute reflected cross-

site scripting attacks.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

13825

CONFIR

M(link is

external)

ca -- ppm

Insufficient input sanitization of two parameters in

CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and

below, and 15.3 CP2 and below, allows remote

attackers to execute SQL injection attacks.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

13824

CONFIR

M(link is

external)

ca -- ppm

An XML external entity vulnerability in the XOG

functionality, in CA PPM 14.3 and below, 14.4,

15.1, 15.2 CP5 and below, and 15.3 CP2 and below,

allows remote attackers to access sensitive

information.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

13823

CONFIR

M(link is

external)

ca -- release_automation

Insecure deserialization of a specially crafted

serialized object, in CA Release Automation 6.5 and

earlier, allows attackers to potentially execute

arbitrary code.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

15691

SECTR

ACK(lin

k is

external)

CONFIR

M(link is

external)

ca --

unified_infrastructure_manage

ment

A hardcoded passphrase, in CA Unified

Infrastructure Management 8.5.1, 8.5, and 8.4.7,

allows attackers to access sensitive information.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

13820

CONFIR

M(link is

external)

ca --

unified_infrastructure_manage

ment

A hardcoded secret key, in CA Unified

Infrastructure Management 8.5.1, 8.5, and 8.4.7,

allows attackers to access sensitive information.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

13819

CONFIR

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

M(link is

external)

ca --

unified_infrastructure_manage

ment

A lack of authentication, in CA Unified

Infrastructure Management 8.5.1, 8.5, and 8.4.7,

allows remote attackers to conduct a variety of

attacks, including file reading/writing.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

13821

CONFIR

M(link is

external)

cms -- isweb

CMS ISWEB 3.5.3 has XSS via the ordineRis,

sezioneRicerca, or oggettiRicerca parameter to

index.php.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

15562

MISC(li

nk is

external)

conference-scheduler-cli --

conference-scheduler-cli

In conference-scheduler-cli, a pickle.load call on

imported data allows remote attackers to execute

arbitrary code via a crafted .pickle file, as

demonstrated by Python code that contains an

os.system call.

2018

-08-

28

not

yet

calcu

lated

CVE-

2018-

14572

MISC(li

nk is

external)

couchbase -- couchbase_server

An issue was discovered in Couchbase Server.

Authenticated users can send arbitrary Erlang code

to the 'diag/eval' endpoint of the REST API

(available by default on TCP/8091 and/or

TCP/18091). The executed code in the underlying

operating system will run with the privileges of the

user running Couchbase server.

2018

-08-

24

not

yet

calcu

lated

CVE-

2018-

15728

BUGTR

AQ

BID(link

is

external)

cpanel -- cpanel

cPanel through 74 allows XSS via a crafted filename

in the logs subdirectory of a user account, because

the filename is mishandled during

frontend/THEME/raw/index.html rendering.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

16236

MISC(li

nk is

external)

cybrotech -- cybrohttpserver

Cybrotech CyBroHttpServer 1.0.3 allows XSS via a

URI.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

16134

MISC(li

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

nk is

external)

MISC(li

nk is

external)

EXPLOI

T-

DB(link

is

external)

cybrotech -- cybrohttpserver

Cybrotech CyBroHttpServer 1.0.3 allows Directory

Traversal via a ../ in the URI.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

16133

MISC(li

nk is

external)

MISC(li

nk is

external)

EXPLOI

T-

DB(link

is

external)

d-link -- dir-601_devices

An issue was discovered on D-Link DIR-601

2.02NA devices. Being local to the network and

having only "User" account (which is a low

privilege account) access, an attacker can intercept

the response from a POST request to obtain

"Admin" rights due to the admin password being

displayed in XML.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

12710

FULLDI

SC

EXPLOI

T-

DB(link

is

external)

d-link -- dir-615_devices

D-Link DIR-615 devices have a buffer overflow via

a long Authorization HTTP header.

2018

-08-

28

not

yet

calcu

lated

CVE-

2018-

15839

MISC(li

nk is

external)

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

dabeaz -- ply

In PLY (aka Python Lex-Yacc) 3.11, as used in

pycparser and other products, a pickle.load call

(within the read_pickle function of the LRTable

class in yacc.py) on imported data allows remote

attackers to execute arbitrary code via a crafted

.pickle file, as demonstrated by Python code that

contains an os.system call.

2018

-08-

28

not

yet

calcu

lated

CVE-

2018-

14400

MISC(li

nk is

external)

damicms -- damicms

An issue was discovered in damiCMS V6.0.1.

Remote code execution can occur via PHP code in a

multipart/form-data POST to the

admin.php?s=/Tpl/Update.html URI. For example,

this can update the Web/Tpl/default/head.html file.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

16238

MISC(li

nk is

external)

damicms -- damicms

admin.php?s=/Admin/doedit in DamiCMS v6.0.0

allows CSRF to change the administrator account's

password.

2018

-09-

01

not

yet

calcu

lated

CVE-

2018-

16331

MISC(li

nk is

external)

damicms -- damicms

An issue was discovered in damiCMS V6.0.1. There

is Directory Traversal via '|' characters in the s

parameter to admin.php, as demonstrated by an

admin.php?s=Tpl/Add/id/c:|windows|win.ini URI.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

16237

MISC(li

nk is

external)

damicms -- damicms

An issue was discovered in damiCMS V6.0.1. It

relies on the PHP time() function for cookies, which

makes it possible to determine the cookie for an

existing admin session via 10800 guesses.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

16239

MISC(li

nk is

external)

docker -- docker_for_windows

HandleRequestAsync in Docker for Windows before

18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-

win72 (stable) deserialized requests over the

\\.\pipe\dockerBackend named pipe without

verifying the validity of the deserialized .NET

objects. This would allow a malicious user in the

"docker-users" group (who may not otherwise have

2018

-08-

31

not

yet

calcu

lated

CVE-

2018-

15514

MISC(li

nk is

external)

MISC(li

nk is

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

administrator access) to escalate to administrator

privileges.

external)

MISC(li

nk is

external)

e107 -- e107

e107 2.1.8 has CSRF in 'usersettings.php' with an

impact of changing details such as passwords of

users including administrators.

2018

-08-

28

not

yet

calcu

lated

CVE-

2018-

15901

MISC(li

nk is

external)

eaton -- power_xpert_meter

Eaton Power Xpert Meter 4000, 6000, and 8000

devices before 13.4.0.10 have a single SSH private

key across different customers' installations and do

not properly restrict access to this key, which makes

it easier for remote attackers to perform SSH logins

(to uid 0) via the PubkeyAuthentication option.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

16158

MISC(li

nk is

external)

MISC(li

nk is

external)

eaton -- power_xpert_meter

Michael Roth Software Personal FTP Server (PFTP)

through 8.4f allows remote attackers to cause a

denial of service (daemon crash) via an unspecified

sequence of FTP commands.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

16231

MISC(li

nk is

external)

elfutils -- elfutils

dwarf_getaranges in dwarf_getaranges.c in libdw in

elfutils before 2018-08-18 allows remote attackers to

cause a denial of service (heap-based buffer over-

read) via a crafted file.

2018

-08-

28

not

yet

calcu

lated

CVE-

2018-

16062

MISC

MISC

episerver -- episerver

XML external entity (XXE) vulnerability in

Episerver 7 patch 4 and earlier allows remote

attackers to read arbitrary files via a crafted DTD in

an XML request involving util/xmlrpc/Handler.ashx.

2018

-08-

29

not

yet

calcu

lated

CVE-

2017-

17762

MISC(li

nk is

external)

MISC(li

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

nk is

external)

epson --

iprint_application_6.6.3_for_a

ndroid

The EPSON iPrint application 6.6.3 for Android

contains hard-coded API and Secret keys for the

Dropbox, Box, Evernote and OneDrive services.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

14901

MISC(li

nk is

external)

epson --

iprint_application_6.6.3_for_a

ndroid

The ContentProvider in the EPSON iPrint

application 6.6.3 for Android does not properly

restrict data access. This allows an attacker's

application to read scanned documents.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

14902

MISC(li

nk is

external)

epson -- wf-

2750_printer_with_firmware_j

p02i2

On the EPSON WF-2750 printer with firmware

JP02I2, the Web interface AirPrint Setup page is

vulnerable to HTML Injection that can redirect users

to malicious sites.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

14899

MISC(li

nk is

external)

epson -- wf-

2750_printer_with_firmware_j

p02i2

EPSON WF-2750 printers with firmware JP02I2 do

not properly validate files before running updates,

which allows remote attackers to cause a printer

malfunction or send malicious data to the printer.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

14903

MISC(li

nk is

external)

epson -- wf-

2750_printer_with_firmware_j

p02i2

On EPSON WF-2750 printers with firmware

JP02I2, there is no filtering of print jobs. Remote

attackers can send print jobs directly to the printer

via TCP port 9100.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

14900

MISC(li

nk is

external)

exiv2 -- exiv2

Exiv2::Internal::PngChunk::parseTXTChunk in

Exiv2 v0.26 allows remote attackers to cause a

denial of service (heap-based buffer over-read) via a

crafted image file, a different vulnerability than

CVE-2018-10999.

2018

-09-

01

not

yet

calcu

lated

CVE-

2018-

16336

MISC(li

nk is

external)

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

fig2dev -- fig2dev

A buffer underwrite vulnerability in get_line()

(read.c) in fig2dev 3.2.7a allows an attacker to write

prior to the beginning of the buffer via a crafted .fig

file.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

16140

MISC(li

nk is

external)

foxit -- reader

This vulnerability allows remote attackers to execute

arbitrary code on vulnerable installations of Foxit

Reader 9.1.0.5096. User interaction is required to

exploit this vulnerability in that the target must visit

a malicious page or open a malicious file. The

specific flaw exists within the processing of PDF

files. The issue results from the lack of proper

validation of user-supplied data, which can result in

a type confusion condition. An attacker can leverage

this vulnerability to execute code in the context of

the current process. Was ZDI-CAN-6683.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

14317

CONFIR

M(link is

external)

MISC(li

nk is

external)

getsimple -- cms

There is XSS in GetSimple CMS 3.4.0.9 via the

admin/edit.php title field.

2018

-09-

01

not

yet

calcu

lated

CVE-

2018-

16325

MISC(li

nk is

external)

gleez -- cms

There is a CSRF vulnerability that can add an

administrator account in Gleez CMS 1.2.0 via

admin/users/add.

2018

-08-

25

not

yet

calcu

lated

CVE-

2018-

15845

MISC(li

nk is

external)

EXPLOI

T-

DB(link

is

external)

google -- chrome

Use after free in PDFium in Google Chrome prior to

63.0.3239.84 allowed a remote attacker to

potentially exploit heap corruption via a crafted PDF

file.

2018

-08-

28

not

yet

calcu

lated

CVE-

2017-

15410

REDHA

T(link is

external)

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

MISC(li

nk is

external)

MISC(li

nk is

external)

GENTO

O

DEBIAN

google -- chrome

Incorrect serialization in IPC in Google Chrome

prior to 63.0.3239.84 allowed a remote attacker to

leak the value of a pointer via a crafted HTML page.

2018

-08-

28

not

yet

calcu

lated

CVE-

2017-

15415

REDHA

T(link is

external)

MISC(li

nk is

external)

MISC(li

nk is

external)

GENTO

O

DEBIAN

google -- chrome

Inappropriate implementation in Skia canvas

composite operations in Google Chrome prior to

63.0.3239.84 allowed a remote attacker to leak

cross-origin data via a crafted HTML page.

2018

-08-

28

not

yet

calcu

lated

CVE-

2017-

15417

REDHA

T(link is

external)

MISC(li

nk is

external)

MISC(li

nk is

external)

GENTO

O

DEBIAN

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

google -- chrome

Inappropriate implementation in browser navigation

in Google Chrome prior to 63.0.3239.84 allowed a

remote attacker to spoof the contents of the

Omnibox (URL bar) via a crafted HTML page.

2018

-08-

28

not

yet

calcu

lated

CVE-

2017-

15420

SECTR

ACK(lin

k is

external)

REDHA

T(link is

external)

MISC(li

nk is

external)

MISC(li

nk is

external)

GENTO

O

DEBIAN

DEBIAN

google -- chrome

Use of uninitialized memory in Skia in Google

Chrome prior to 63.0.3239.84 allowed a remote

attacker to obtain potentially sensitive information

from process memory via a crafted HTML page.

2018

-08-

28

not

yet

calcu

lated

CVE-

2017-

15418

REDHA

T(link is

external)

MISC(li

nk is

external)

MISC(li

nk is

external)

GENTO

O

DEBIAN

google -- chrome

Heap buffer overflow in Blob API in Google

Chrome prior to 63.0.3239.84 allowed a remote

attacker to potentially exploit heap corruption via a

crafted HTML page, aka a Blink out-of-bounds read.

2018

-08-

28

not

yet

calcu

lated

CVE-

2017-

15416

REDHA

T(link is

external)

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

MISC(li

nk is

external)

MISC(li

nk is

external)

GENTO

O

DEBIAN

google -- chrome

Inappropriate implementation in BoringSSL

SPAKE2 in Google Chrome prior to 63.0.3239.84

allowed a remote attacker to leak the low-order bits

of SHA512(password) by inspecting protocol traffic.

2018

-08-

28

not

yet

calcu

lated

CVE-

2017-

15423

REDHA

T(link is

external)

MISC(li

nk is

external)

MISC(li

nk is

external)

GENTO

O

DEBIAN

google -- chrome

A use after free in V8 in Google Chrome prior to

62.0.3202.89 allowed a remote attacker to

potentially exploit heap corruption via a crafted

HTML page.

2018

-08-

28

not

yet

calcu

lated

CVE-

2017-

15399

BID(link

is

external)

REDHA

T(link is

external)

MISC(li

nk is

external)

MISC(li

nk is

external)

GENTO

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

O

DEBIAN

google -- chrome

Integer overflow in international date handling in

International Components for Unicode (ICU) for

C/C++ before 60.1, as used in V8 in Google Chrome

prior to 63.0.3239.84 and other products, allowed a

remote attacker to perform an out of bounds memory

read via a crafted HTML page.

2018

-08-

28

not

yet

calcu

lated

CVE-

2017-

15422

REDHA

T(link is

external)

MISC(li

nk is

external)

MISC(li

nk is

external)

GENTO

O

UBUNT

U(link is

external)

DEBIAN

google -- chrome

Insufficient policy enforcement in Omnibox in

Google Chrome prior to 63.0.3239.84 allowed a

remote attacker to perform domain spoofing via IDN

homographs in a crafted domain name.

2018

-08-

28

not

yet

calcu

lated

CVE-

2017-

15424

REDHA

T(link is

external)

MISC(li

nk is

external)

MISC(li

nk is

external)

GENTO

O

DEBIAN

google -- chrome

Unsafe navigation in Chromecast in Google Chrome

prior to 63.0.3239.84 allowed a remote attacker to

bypass navigation restrictions via a crafted HTML

page.

2018

-08-

28

not

yet

calcu

lated

CVE-

2017-

15430

MISC(li

nk is

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

external)

MISC(li

nk is

external)

google -- chrome

Insufficient policy enforcement in Resource Timing

API in Google Chrome prior to 63.0.3239.84

allowed a remote attacker to infer browsing history

by triggering a leaked cross-origin URL via a crafted

HTML page.

2018

-08-

28

not

yet

calcu

lated

CVE-

2017-

15419

REDHA

T(link is

external)

MISC(li

nk is

external)

MISC(li

nk is

external)

GENTO

O

DEBIAN

google -- chrome

Use after free in PDFium in Google Chrome prior to

63.0.3239.84 allowed a remote attacker to

potentially exploit heap corruption via a crafted PDF

file.

2018

-08-

28

not

yet

calcu

lated

CVE-

2017-

15411

REDHA

T(link is

external)

MISC(li

nk is

external)

MISC(li

nk is

external)

GENTO

O

DEBIAN

google -- chrome

Out-of-bounds Write in the QUIC networking stack

in Google Chrome prior to 63.0.3239.84 allowed a

remote attacker to gain code execution via a

malicious server.

2018

-08-

28

not

yet

calcu

lated

CVE-

2017-

15407

REDHA

T(link is

external)

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

MISC(li

nk is

external)

MISC(li

nk is

external)

GENTO

O

DEBIAN

google -- chrome

Insufficient policy enforcement in Omnibox in

Google Chrome prior to 63.0.3239.84 allowed a

remote attacker to perform domain spoofing via IDN

homographs in a crafted domain name.

2018

-08-

28

not

yet

calcu

lated

CVE-

2017-

15425

REDHA

T(link is

external)

MISC(li

nk is

external)

MISC(li

nk is

external)

GENTO

O

DEBIAN

google -- chrome

Insufficient policy enforcement in Omnibox in

Google Chrome prior to 63.0.3239.84 allowed a

remote attacker to perform domain spoofing via IDN

homographs in a crafted domain name.

2018

-08-

28

not

yet

calcu

lated

CVE-

2017-

15426

REDHA

T(link is

external)

MISC(li

nk is

external)

MISC(li

nk is

external)

GENTO

O

DEBIAN

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

google -- chrome

Heap buffer overflow in Omnibox in Google

Chrome prior to 63.0.3239.84 allowed a remote

attacker to potentially exploit heap corruption via a

crafted PDF file that is mishandled by PDFium.

2018

-08-

28

not

yet

calcu

lated

CVE-

2017-

15408

REDHA

T(link is

external)

MISC(li

nk is

external)

MISC(li

nk is

external)

GENTO

O

DEBIAN

google -- chrome

A stack buffer overflow in V8 in Google Chrome

prior to 62.0.3202.75 allowed a remote attacker to

perform an out of bounds memory read via a crafted

HTML page.

2018

-08-

28

not

yet

calcu

lated

CVE-

2017-

15406

MISC(li

nk is

external)

MISC(li

nk is

external)

google -- chrome

Heap buffer overflow in Skia in Google Chrome

prior to 63.0.3239.84 allowed a remote attacker to

potentially exploit heap corruption via a crafted

HTML page.

2018

-08-

28

not

yet

calcu

lated

CVE-

2017-

15409

REDHA

T(link is

external)

MISC(li

nk is

external)

MISC(li

nk is

external)

GENTO

O

DEBIAN

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

google -- chrome

Insufficient policy enforcement in Omnibox in

Google Chrome prior to 63.0.3239.84 allowed a

socially engineered user to XSS themselves by

dragging and dropping a javascript: URL into the

URL bar.

2018

-08-

28

not

yet

calcu

lated

CVE-

2017-

15427

REDHA

T(link is

external)

MISC(li

nk is

external)

MISC(li

nk is

external)

GENTO

O

DEBIAN

google -- chrome

Use after free in libxml2 before 2.9.5, as used in

Google Chrome prior to 63.0.3239.84 and other

products, allowed a remote attacker to potentially

exploit heap corruption via a crafted HTML page.

2018

-08-

28

not

yet

calcu

lated

CVE-

2017-

15412

SECTR

ACK(lin

k is

external)

REDHA

T(link is

external)

REDHA

T(link is

external)

MISC

MISC(li

nk is

external)

MISC(li

nk is

external)

MLIST

GENTO

O

DEBIAN

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

google -- chrome

Type confusion in WebAssembly in V8 in Google

Chrome prior to 63.0.3239.84 allowed a remote

attacker to potentially exploit heap corruption via a

crafted HTML page.

2018

-08-

28

not

yet

calcu

lated

CVE-

2017-

15413

REDHA

T(link is

external)

MISC(li

nk is

external)

MISC(li

nk is

external)

GENTO

O

DEBIAN

google -- chrome

Inappropriate implementation in V8 WebAssembly

JS bindings in Google Chrome prior to

63.0.3239.108 allowed a remote attacker to inject

arbitrary scripts or HTML (UXSS) via a crafted

HTML page.

2018

-08-

28

not

yet

calcu

lated

CVE-

2017-

15429

BID(link

is

external)

REDHA

T(link is

external)

MISC(li

nk is

external)

MISC(li

nk is

external)

GENTO

O

DEBIAN

google -- chrome

A stack buffer overflow in the QUIC networking

stack in Google Chrome prior to 62.0.3202.89

allowed a remote attacker to gain code execution via

a malicious server.

2018

-08-

28

not

yet

calcu

lated

CVE-

2017-

15398

BID(link

is

external)

REDHA

T(link is

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

external)

MISC(li

nk is

external)

MISC(li

nk is

external)

GENTO

O

DEBIAN

google -- chrome

A stack buffer overflow in NumberingSystem in

International Components for Unicode (ICU) for

C/C++ before 60.2, as used in V8 in Google Chrome

prior to 62.0.3202.75 and other products, allowed a

remote attacker to potentially exploit heap

corruption via a crafted HTML page.

2018

-08-

28

not

yet

calcu

lated

CVE-

2017-

15396

MISC

BID(link

is

external)

REDHA

T(link is

external)

MISC(li

nk is

external)

MISC(li

nk is

external)

GENTO

O

DEBIAN

grafana -- grafana

Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before

5.2.3 allows authentication bypass because an

attacker can generate a valid "remember me" cookie

knowing only a username of an LDAP or OAuth

user.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

15727

BID(link

is

external)

CONFIR

M(link is

external)

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

ibm -- cloud_orchestrator

A vulnerability has been identified in IBM Cloud

Orchestrator 2.3, 2.3.0.1, 2.4, and 2.4.0.1 that could

allow an attacker after authentication to enumerate

valid users of the system. IBM X-Force ID: 109394.

2018

-08-

30

not

yet

calcu

lated

CVE-

2016-

0205

XF(link

is

external)

CONFIR

M(link is

external)

ibm --

maximo_asset_management

IBM Maximo Asset Management 7.6 through 7.6.3

is vulnerable to SQL injection. A remote attacker

could send specially-crafted SQL statements, which

could allow the attacker to view, add, modify or

delete information in the back-end database. IBM X-

Force ID: 145968.

2018

-08-

24

not

yet

calcu

lated

CVE-

2018-

1699

BID(link

is

external)

XF(link

is

external)

CONFIR

M(link is

external)

ibm --

openpages_grc_platform

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3

could allow a local user to obtain sensitive

information when a previous user has logged out of

the system but neglected to close their browser. IBM

X-Force ID: 110303.

2018

-08-

30

not

yet

calcu

lated

CVE-

2016-

0234

CONFIR

M(link is

external)

XF(link

is

external)

ibm -- platform_symphony

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1

and IBM Spectrum Symphony 7.1.2 and 7.2.0.2

contain an information disclosure vulnerability that

could allow an authenticated attacker to obtain

highly sensitive information. IBM X-Force ID:

146340.

2018

-08-

28

not

yet

calcu

lated

CVE-

2018-

1705

XF(link

is

external)

CONFIR

M(link is

external)

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

ibm --

security_access_manager_appl

iance

IBM Security Access Manager Appliance 9.0.4.0

and 9.0.5.0 could allow remote code execution when

Advanced Access Control or Federation services are

running. IBM X-Force ID: 147370.

2018

-08-

24

not

yet

calcu

lated

CVE-

2018-

1722

BID(link

is

external)

SECTR

ACK(lin

k is

external)

XF(link

is

external)

CONFIR

M(link is

external)

ibm -- urbancode_deploy

IBM UrbanCode Deploy 6.0 through 6.2.2.1 could

allow an authenticated user to read sensitive

information due to UCD REST endpoints not

properly authorizing users when determining who

can read data. IBM X-Force ID: 112119.

2018

-08-

30

not

yet

calcu

lated

CVE-

2016-

0373

CONFIR

M(link is

external)

XF(link

is

external)

ibm --

websphere_application_server

_liberty

IBM WebSphere Application Server Liberty could

allow a remote attacker to obtain sensitive

information, caused by incorrect transport being

used when Liberty is configured to use Java

Authentication SPI for Containers (JASPIC). This

can happen when the Application Server is

configured to permit access on non-secure (http)

port and using JASPIC or JSR375 authentication.

2018

-08-

24

not

yet

calcu

lated

CVE-

2018-

1755

BID(link

is

external)

SECTR

ACK(lin

k is

external)

XF(link

is

external)

CONFIR

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

M(link is

external)

ibm -- websphere_commerce

IBM WebSphere Commerce Enterprise,

Professional, Express, and Developer 9.0.0.0 -

9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0

- 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack

8 could allow an authenticated user to obtain

sensitive information about another user.

2018

-08-

27

not

yet

calcu

lated

CVE-

2018-

1644

CONFIR

M(link is

external)

XF(link

is

external)

icewarp -- server

In IceWarp Server 12.0.3.1 and before, there is XSS

in the /webmail/ username field.

2018

-09-

01

not

yet

calcu

lated

CVE-

2018-

16324

MISC(li

nk is

external)

MISC(li

nk is

external)

icms -- icms

An issue was discovered in iCMS 7.0.9. There is an

admincp.php?app=article&do=update CSRF

vulnerability.

2018

-09-

01

not

yet

calcu

lated

CVE-

2018-

16332

MISC(li

nk is

external)

idera -- up.time

An issue was discovered in post2file.php in

Up.Time Monitoring Station 7.5.0 (build 16) and

7.4.0 (build 13). It allows an attacker to upload an

arbitrary file, such as a .php file that can execute

arbitrary OS commands.

2018

-08-

27

not

yet

calcu

lated

CVE-

2015-

9263

MISC(li

nk is

external)

EXPLOI

T-

DB(link

is

external)

MISC(li

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

nk is

external)

idreamsoft -- icms

An issue was discovered in admincp.php in

idreamsoft iCMS 7.0.11. When verifying

CSRF_TOKEN, if CSRF_TOKEN does not exist,

only the Referer header is validated, which can be

bypassed via an admincp.php substring in this

header.

2018

-09-

01

not

yet

calcu

lated

CVE-

2018-

16314

MISC(li

nk is

external)

idreamsoft -- icms

idreamsoft iCMS 7.0.11 allows

admincp.php?app=config Directory Traversal,

resulting in execution of arbitrary PHP code from a

ZIP file.

2018

-09-

01

not

yet

calcu

lated

CVE-

2018-

16320

MISC(li

nk is

external)

idreamsoft -- icms

An SSRF vulnerability was discovered in idreamsoft

iCMS 7.0.11 because the remote function in

app/spider/spider_tools.class.php does not block

DNS hostnames associated with private and reserved

IP addresses, as demonstrated by 127.0.0.1 in an A

record. NOTE: this vulnerability exists because of

an incomplete fix for CVE-2018-14858.

2018

-08-

27

not

yet

calcu

lated

CVE-

2018-

15895

MISC(li

nk is

external)

imagemagick -- imagemagick

In ImageMagick before 7.0.8-8, a NULL pointer

dereference exists in the GetMagickProperty

function in MagickCore/property.c.

2018

-09-

01

not

yet

calcu

lated

CVE-

2018-

16329

MISC(li

nk is

external)

imagemagick -- imagemagick

ReadXBMImage in coders/xbm.c in ImageMagick

before 7.0.8-9 leaves data uninitialized when

processing an XBM file that has a negative pixel

value. If the affected code is used as a library loaded

into a process that includes sensitive information,

that information sometimes can be leaked via the

image data.

2018

-09-

01

not

yet

calcu

lated

CVE-

2018-

16323

MISC(li

nk is

external)

imagemagick -- imagemagick

In ImageMagick before 7.0.8-8, a NULL pointer

dereference exists in the CheckEventLogging

function in MagickCore/log.c.

2018

-09-

01

not

yet

calcu

lated

CVE-

2018-

16328

MISC(li

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

nk is

external)

infoblox -- netmri

Infoblox NetMRI 7.1.1 has Reflected Cross-Site

Scripting via the /api/docs/index.php query

parameter.

2018

-08-

28

not

yet

calcu

lated

CVE-

2018-

6643

MISC(li

nk is

external)

joomla -- joomla

An issue was discovered in Joomla! before 3.8.12.

Inadequate checks in the InputFilter class could

allow specifically prepared phar files to pass the

upload filter.

2018

-08-

28

not

yet

calcu

lated

CVE-

2018-

15882

BID(link

is

external)

CONFIR

M

joomla -- joomla

An issue was discovered in Joomla! before 3.8.12.

Inadequate checks regarding disabled fields can lead

to an ACL violation.

2018

-08-

28

not

yet

calcu

lated

CVE-

2018-

15881

BID(link

is

external)

CONFIR

M

joomla -- joomla

The Joomanager component through 2.0.0 for

Joomla! has an arbitrary file download issue,

resulting in exposing the credentials of the database

via an

index.php?option=com_joomanager&controller=det

ails&task=download&path=configuration.php

request.

2018

-08-

26

not

yet

calcu

lated

CVE-

2017-

18345

MISC(li

nk is

external)

MISC

EXPLOI

T-

DB(link

is

external)

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

joomla -- joomla

An issue was discovered in Joomla! before 3.8.12.

Inadequate output filtering on the user profile page

could lead to a stored XSS attack.

2018

-08-

28

not

yet

calcu

lated

CVE-

2018-

15880

BID(link

is

external)

CONFIR

M

lansweeper -- lansweeper

Lansweeper 4.x through 6.x before 6.0.0.48 allows

attackers to execute arbitrary code on the

administrator's workstation via a crafted Windows

service.

2018

-08-

27

not

yet

calcu

lated

CVE-

2015-

9264

MISC(li

nk is

external)

libtiff -- libtiff

newoffsets handling in

ChopUpSingleUncompressedStrip in tif_dirread.c in

LibTIFF 4.0.9 allows remote attackers to cause a

denial of service (heap-based buffer overflow and

application crash) or possibly have unspecified other

impact via a crafted TIFF file, as demonstrated by

tiff2pdf. This is a different vulnerability than CVE-

2018-15209.

2018

-09-

01

not

yet

calcu

lated

CVE-

2018-

16335

MISC

libtirpc -- libtirpc

A null-pointer dereference vulnerability was found

in libtirpc before version 0.3.3-rc3. The return value

of makefd_xprt() was not checked in all instances,

which could lead to a crash when the server

exhausted the maximum number of available file

descriptors. A remote attacker could cause an rpc-

based application to crash by flooding it with new

connections.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

14622

CONFIR

M

REDHA

T(link is

external)

CONFIR

M(link is

external)

CONFIR

M(link is

external)

MLIST

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

libtirpc -- libtirpc

An infinite loop vulnerability was found in libtirpc

before version 1.0.2-rc2. With the port to using poll

rather than select, exhaustion of file descriptors

would cause the server to enter an infinite loop,

consuming a large amount of CPU time and denying

service to other clients until restarted.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

14621

CONFIR

M

CONFIR

M(link is

external)

CONFIR

M(link is

external)

libx11 -- libx11

An issue was discovered in libX11 through 1.6.5.

The function XListExtensions in ListExt.c is

vulnerable to an off-by-one error caused by

malicious server responses, leading to DoS or

possibly unspecified other impact.

2018

-08-

24

not

yet

calcu

lated

CVE-

2018-

14599

MLIST(l

ink is

external)

BID(link

is

external)

SECTR

ACK(lin

k is

external)

CONFIR

M(link is

external)

CONFIR

M

MLIST

MLIST

UBUNT

U(link is

external)

libx11 -- libx11

An issue was discovered in libX11 through 1.6.5.

The function XListExtensions in ListExt.c interprets

a variable as signed instead of unsigned, resulting in

an out-of-bounds write (of up to 128 bytes), leading

to DoS or remote code execution.

2018

-08-

24

not

yet

calcu

lated

CVE-

2018-

14600

MLIST(l

ink is

external)

BID(link

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

is

external)

SECTR

ACK(lin

k is

external)

CONFIR

M(link is

external)

CONFIR

M

MLIST

MLIST

UBUNT

U(link is

external)

libx11 -- libx11

An issue was discovered in XListExtensions in

ListExt.c in libX11 through 1.6.5. A malicious

server can send a reply in which the first string

overflows, causing a variable to be set to NULL that

will be freed later on, leading to DoS (segmentation

fault).

2018

-08-

24

not

yet

calcu

lated

CVE-

2018-

14598

MLIST(l

ink is

external)

BID(link

is

external)

SECTR

ACK(lin

k is

external)

CONFIR

M(link is

external)

CONFIR

M

MLIST

MLIST

UBUNT

U(link is

external)

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

libzypp -- libzypp

The decoupled download and installation steps in

libzypp before 17.5.0 could lead to a corrupted RPM

being left in the cache, where a later call would not

display the corrupted RPM warning and allow

installation, a problem caused by malicious

warnings only displayed during download.

2018

-08-

31

not

yet

calcu

lated

CVE-

2018-

7685

MISC(li

nk is

external)

CONFIR

M(link is

external)

MISC(li

nk is

external)

lightbend -- akka

Lightbend Akka 2.5.x before 2.5.16 allows message

disclosure and modification because of an RNG

error. A random number generator is used in Akka

Remoting for TLS (both classic and Artery

Remoting). Akka allows configuration of custom

random number generators. For historical reasons,

Akka included the AES128CounterSecureRNG and

AES256CounterSecureRNG random number

generators. The implementations had a bug that

caused the generated numbers to be repeated after

only a few bytes. The custom RNG implementations

were not configured by default but examples in the

documentation showed (and therefore implicitly

recommended) using the custom ones. This can be

used by an attacker to compromise the

communication if these random number generators

are enabled in configuration. It would be possible to

eavesdrop, replay, or modify the messages sent with

Akka Remoting/Cluster.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

16115

MISC(li

nk is

external)

lightbend -- akka

The decodeRequest and decodeRequestWith

directives in Lightbend Akka HTTP 10.1.x through

10.1.4 and 10.0.x through 10.0.13 allow remote

attackers to cause a denial of service (memory

consumption and daemon crash) via a ZIP bomb.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

16131

MISC(li

nk is

external)

MISC(li

nk is

external)

MISC(li

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

nk is

external)

linux -- linux_kernel

An issue was discovered in yurex_read in

drivers/usb/misc/yurex.c in the Linux kernel before

4.17.7. Local attackers could use user access

read/writes with incorrect bounds checking in the

yurex USB driver to crash the kernel or potentially

escalate privileges.

2018

-08-

31

not

yet

calcu

lated

CVE-

2018-

16276

MISC

MISC

MISC(li

nk is

external)

linux -- linux_kernel

A flaw was found in the crypto subsystem of the

Linux kernel before version kernel-4.15-rc4. The

"null skcipher" was being dropped when each

af_alg_ctx was freed instead of when the aead_tfm

was freed. This can cause the null skcipher to be

freed while it is still in use leading to a local user

being able to crash the system or possibly escalate

privileges.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

14619

CONFIR

M(link is

external)

CONFIR

M

linux -- linux_kernel

A flaw was found in the Linux kernel present since

v4.0-rc1 and through v4.13-rc4. A crafted network

packet sent remotely by an attacker may force the

kernel to enter an infinite loop in the

cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c

leading to a denial-of-service.

2018

-08-

27

not

yet

calcu

lated

CVE-

2018-

10938

MLIST

BID(link

is

external)

SECTR

ACK(lin

k is

external)

CONFIR

M(link is

external)

CONFIR

M

manjaro -- linux

An issue was discovered in manjaro-update-

system.sh in manjaro-system 20180716-1 on

Manjaro Linux. A local attacker can install or

remove arbitrary packages and package repositories

potentially containing hooks with arbitrary code,

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

15912

CONFIR

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

which will automatically be run as root, or remove

packages vital to the system.

M

MLIST

mediacomm -- zip-n-go

MediaComm Zip-n-Go before 4.95 has a Buffer

Overflow via a crafted file.

2018

-09-

01

not

yet

calcu

lated

CVE-

2018-

16302

EXPLOI

T-

DB(link

is

external)

micro_focus --

service_management_automati

on_containerized_suites

Remote Code Execution in the following products

Hybrid Cloud Management Containerized Suite

HCM2017.11, HCM2018.02, HCM2018.05,

Operations Bridge Containerized Suite 2017.11,

2018.02, 2018.05, Data Center Automation

Containerized Suite 2017.01 until 2018.05, Service

Management Automation Suite 2017.11, 2018.02,

2018.05, Service Virtualization (SV) with floating

licenses using Any version using APLS older than

10.7, Unified Functional Testing (UFT) with

floating licenses using Any version using APLS

older than 10.7, Network Virtualization (NV) with

floating licenses using Any version using APLS

older than 10.7 and Network Operations

Management (NOM) Suite CDF 2017.11, 2018.02,

2018.05 will allow Remote Code Execution.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

6499

CONFIR

M(link is

external)

CONFIR

M(link is

external)

CONFIR

M(link is

external)

CONFIR

M(link is

external)

CONFIR

M(link is

external)

CONFIR

M(link is

external)

micro_focus --

service_management_automati

on_containerized_suites

Remote Code Execution in the following products

Hybrid Cloud Management Containerized Suite

HCM2017.11, HCM2018.02, HCM2018.05,

Operations Bridge Containerized Suite 2017.11,

2018.02, 2018.05, Data Center Automation

Containerized Suite 2017.01 until 2018.05, Service

Management Automation Suite 2017.11, 2018.02,

2018.05 and Network Operations Management

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

6498

CONFIR

M(link is

external)

CONFIR

M(link is

external)

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

(NOM) Suite CDF 2017.11, 2018.02, 2018.05 will

allow Remote Code Execution.

CONFIR

M(link is

external)

CONFIR

M(link is

external)

CONFIR

M(link is

external)

minicms -- minicms

An issue was discovered in MiniCMS 1.10. There is

a post.php?date= XSS vulnerability.

2018

-08-

27

not

yet

calcu

lated

CVE-

2018-

15899

MISC(li

nk is

external)

minicms -- minicms

An issue was discovered in MiniCMS 1.10. There is

an mc-admin/post.php?tag= XSS vulnerability for a

state=delete, state=draft, or state=publish request.

2018

-08-

31

not

yet

calcu

lated

CVE-

2018-

16298

MISC(li

nk is

external)

minicms -- minicms

MiniCMS V1.10 has XSS via the mc-admin/post-

edit.php tags parameter.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

16233

MISC(li

nk is

external)

morningstar -- whatweb

MorningStar WhatWeb 0.4.9 has XSS via JSON

report files.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

16234

MISC(li

nk is

external)

mutiny --

monitoring_appliance

A command injection vulnerability in

maintenance.cgi in Mutiny "Monitoring Appliance"

before 6.1.0-5263 allows authenticated users, with

access to the admin interface, to inject arbitrary

2018

-08-

28

not

yet

calcu

lated

CVE-

2018-

15529

MISC(li

nk is

external)

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

commands within the filename of a system upgrade

upload.

MISC(li

nk is

external)

mybb -- mybb

An issue was discovered in

inc/class_feedgeneration.php in MyBB 1.8.17. On

the forum RSS Syndication page, one can generate a

URL such as

http://localhost/syndication.php?fid=&type=atom1.0

&limit=15. The thread titles (within title elements of

the generated XML documents) aren't sanitized,

leading to XSS.

2018

-08-

28

not

yet

calcu

lated

CVE-

2018-

15596

CONFIR

M(link is

external)

mystrom --

wifi_switch_and_bulb_and_le

d_strip_and_button_devices

An issue was discovered in myStrom WiFi Switch

V1 before 2.66, WiFi Switch V2 before 3.80, WiFi

Switch EU before 3.80, WiFi Bulb before 2.58,

WiFi LED Strip before 3.80, WiFi Button before

2.73, and WiFi Button Plus before 2.73. Devices did

not authenticate themselves to the cloud in device to

cloud communication. This lack of device

authentication allowed an attacker to impersonate

any device by guessing or learning their MAC

address.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

15479

MISC(li

nk is

external)

mystrom --

wifi_switch_and_bulb_and_le

d_strip_and_button_devices

An issue was discovered in myStrom WiFi Switch

V1 before 2.66, WiFi Switch V2 before 3.80, WiFi

Switch EU before 3.80, WiFi Bulb before 2.58,

WiFi LED Strip before 3.80, WiFi Button before

2.73, and WiFi Button Plus before 2.73. The process

of registering a device with a cloud account was

based on an activation code derived from the device

MAC address. By guessing valid MAC addresses or

using MAC addresses printed on devices in shops

and reverse engineering the protocol, an attacker

would have been able to register previously

unregistered devices to their account. When the

rightful owner would have connected them after

purchase to their WiFi network, the devices would

not have registered with their account, would

subsequently not have been controllable from the

owner's mobile app, and would not have been visible

in the owner's account. Instead, they would have

been under control of the attacker.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

15478

MISC(li

nk is

external)

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

mystrom --

wifi_switch_and_bulb_and_le

d_strip_and_button_devices

An issue was discovered in myStrom WiFi Switch

V1 before 2.66, WiFi Switch V2 before 3.80, WiFi

Switch EU before 3.80, WiFi Bulb before 2.58,

WiFi LED Strip before 3.80, WiFi Button before

2.73, and WiFi Button Plus before 2.73. The

SSL/TLS server certificate in the device to cloud

communication was not verified by the device. As a

result, an attacker in control of the network traffic of

a device could have taken control of a device by

intercepting and modifying commands issued from

the server to the device in a Man-in-the-Middle

attack. This included the ability to inject firmware

update commands into the communication and cause

the device to install maliciously modified firmware.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

15476

MISC(li

nk is

external)

mystrom --

wifi_switch_and_bulb_and_le

d_strip_and_button_devices

An issue was discovered in myStrom WiFi Switch

V1 before 2.66, WiFi Switch V2 before 3.80, WiFi

Switch EU before 3.80, WiFi Bulb before 2.58,

WiFi LED Strip before 3.80, WiFi Button before

2.73, and WiFi Button Plus before 2.73. The cloud

API had a hidden parameter, which allowed an

authenticated user to reconfigure the server URL for

a device registered to their account. In combination

with an insecure device registration vulnerability,

this allowed an attacker to reconfigure a maliciously

registered device to their own rogue replica of the

myStrom API and issue commands to the device,

including firmware update commands.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

15480

MISC(li

nk is

external)

mystrom --

wifi_switch_devices

myStrom WiFi Switch V1 devices before 2.66 did

not sanitize a parameter received from the cloud that

was used in an OS command. Malicious servers

were able to run operating system commands on the

device.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

15477

MISC(li

nk is

external)

norton -- identity_safe

The Norton Identity Safe product prior to 5.3.0.976

may be susceptible to a privilege escalation issue via

a hard coded IV, which is a type of vulnerability that

can potentially increase the likelihood of encrypted

data being recovered without adequate credentials.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

12240

BID(link

is

external)

CONFIR

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

M(link is

external)

npm -- mosca

This vulnerability allows remote attackers to deny

service on vulnerable installations of npm mosca

2.8.1. Authentication is not required to exploit this

vulnerability. The specific flaw exists within the

processing of topics. A crafted regular expression

can cause the broker to crash. An attacker can

leverage this vulnerability to deny access to the

target system. Was ZDI-CAN-6306.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

11615

MISC(li

nk is

external)

nvidia -- geforce_experience

NVIDIA GeForce Experience all versions prior to

3.14.1 contains a potential vulnerability when

GameStream is enabled where improper access

control may lead to a denial of service, escalation of

privileges, or both.

2018

-08-

31

not

yet

calcu

lated

CVE-

2018-

6257

CONFIR

M(link is

external)

nvidia -- geforce_experience

NVIDIA GeForce Experience all versions prior to

3.14.1 contains a potential vulnerability during

GameStream installation where an attacker who has

system access can potentially conduct a Man-in-the-

Middle (MitM) attack to obtain sensitive

information.

2018

-08-

31

not

yet

calcu

lated

CVE-

2018-

6258

CONFIR

M(link is

external)

nvidia -- geforce_experience

NVIDIA GeForce Experience all versions prior to

3.14.1 contains a potential vulnerability when

GameStream is enabled, an attacker has system

access, and certain system features are enabled,

where limited information disclosure may be

possible.

2018

-08-

31

not

yet

calcu

lated

CVE-

2018-

6259

CONFIR

M(link is

external)

open_whisper -- signal_app

The image rendering component

(createGenericPreview) of the Open Whisper Signal

app through 2.29.0 for iOS fails to check for

unreasonably large images before manipulating

received images. This allows for a large image sent

to a user to exhaust all available memory when the

image is displayed, resulting in a forced restart of

the device.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

16132

MISC

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

openssh -- openssh

Remotely observable behaviour in auth-gss2.c in

OpenSSH through 7.8 could be used by remote

attackers to detect existence of users on a target

system when GSS2 is in use. NOTE: the discoverer

states 'We understand that the OpenSSH developers

do not want to treat such a username enumeration

(or "oracle") as a vulnerability.'

2018

-08-

28

not

yet

calcu

lated

CVE-

2018-

15919

MISC

BID(link

is

external)

openstack-cinder -- openstack-

cinder

A vulnerability was found in openstack-cinder

releases up to and including Queens, allowing newly

created volumes in certain storage volume

configurations to contain previous data. It

specifically affects ScaleIO volumes using thin

volumes and zero padding. This could lead to

leakage of sensitive information between tenants.

2018

-08-

27

not

yet

calcu

lated

CVE-

2017-

15139

CONFIR

M(link is

external)

MISC

opswat -- metadefender

OPSWAT MetaDefender before v4.11.2 allows

CSV injection.

2018

-08-

31

not

yet

calcu

lated

CVE-

2018-

16275

CONFIR

M(link is

external)

orbic -- wonder_orbic_release-

keys_devices

An issue was discovered on Orbic Wonder

Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:us

er/release-keys devices, allowing attackers to obtain

sensitive information (such as text-message content)

by reading a copy of the Android log on the SD

card. The system-wide Android logs are not directly

available to third-party apps since they tend to

contain sensitive data. Third-party apps can read

from the log but only the log messages that the app

itself has written. Certain apps can leak data to the

Android log due to not sanitizing log messages,

which is in an insecure programming practice. Pre-

installed system apps and apps that are signed with

the framework key can read from the system-wide

Android log. We found a pre-installed app on the

Orbic Wonder that when started via an Intent will

write the Android log to the SD card, also known as

external storage, via

com.ckt.mmitest.MmiMainActivity. Any app that

requests the READ_EXTERNAL_STORAGE

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

6599

MISC(li

nk is

external)

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

permission can read from the SD card. Therefore, a

local app on the device can quickly start a specific

component in the pre-installed system app to have

the Android log written to the SD card. Therefore,

any app co-located on the device with the

READ_EXTERNAL_STORAGE permission can

obtain the data contained within the Android log and

continually monitor it and mine the log for relevant

data. In addition, the default messaging app

(com.android.mms) writes the body of sent and

received text messages to the Android log, as well as

the recipient phone number for sent text messages

and the sending phone number for received text

messages. In addition, any call data contains phone

numbers for sent and received calls.

orbic -- wonder_orbic_release-

keys_devices

An issue was discovered on Orbic Wonder

Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:us

er/release-keys devices. Any app co-located on the

device can send an intent to factory reset the device

programmatically because of

com.android.server.MasterClearReceiver. This does

not require any user interaction and does not require

any permission to perform. A factory reset will

remove all user data from the device. This will result

in the loss of any data that the user has not backed

up or synced externally. This capability to perform a

factory reset is not directly available to third-party

apps (those that the user installs themselves),

although this capability is present in an unprotected

component of the Android OS. This vulnerability is

not present in Google's Android Open Source

Project (AOSP) code. Therefore, it was introduced

by Orbic or another entity in the supply chain.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

6598

MISC(li

nk is

external)

ovation -- findme

Ovation FindMe 1.4-1083-1 is intended to support

transmission of network traffic from covert video

recorders but does not properly disrupt binary

analysis for discovering the product's capabilities or

purpose. This makes it easier for adversaries to

detect the covert operation. Specifically, the product

uses a compression technique to prevent the

identification of certain libraries in the software by

2018

-08-

26

not

yet

calcu

lated

CVE-

2018-

15885

MISC(li

nk is

external)

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

obfuscation. The software relies on a TLS callback

and an additional executable file to enable these

libraries and their access to certain websites. The

unpacked software can be exploited by several

different types of documented techniques.

pandao -- editor.md

Pandao Editor.md 1.5.0 allows XSS via crafted

attributes of an invalid IMG element.

2018

-09-

01

not

yet

calcu

lated

CVE-

2018-

16330

MISC(li

nk is

external)

pango -- pango

libpango in Pango 1.40.8 through 1.42.3, as used in

hexchat and other products, allows remote attackers

to cause a denial of service (application crash) or

possibly have unspecified other impact via crafted

text with invalid Unicode sequences.

2018

-08-

24

not

yet

calcu

lated

CVE-

2018-

15120

MISC(li

nk is

external)

CONFIR

M(link is

external)

CONFIR

M(link is

external)

MLIST

UBUNT

U(link is

external)

EXPLOI

T-

DB(link

is

external)

pdf-xchange -- editor

PDF-XChange Editor through 7.0.326.1 allows

remote attackers to cause a denial of service

(resource consumption) via a crafted x:xmpmeta

structure, a related issue to CVE-2003-1564.

2018

-09-

01

not

yet

calcu

lated

CVE-

2018-

16303

MISC(li

nk is

external)

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

phpkaiyuancms --

phpopensourcecms

phpkaiyuancms PhpOpenSourceCMS (POSCMS)

V3.2.0 allows an unauthenticated user to execute

arbitrary SQL commands via the

diy/module/member/controllers/Api.php

ajax_save_draft function with the dir parameter.

2018

-08-

31

not

yet

calcu

lated

CVE-

2018-

16278

MISC(li

nk is

external)

phpmyadmin -- phpmyadmin

An issue was discovered in phpMyAdmin before

4.8.3. A Cross-Site Scripting vulnerability has been

found where an attacker can use a crafted file to

manipulate an authenticated user who loads that file

through the import feature.

2018

-08-

24

not

yet

calcu

lated

CVE-

2018-

15605

BID(link

is

external)

SECTR

ACK(lin

k is

external)

CONFIR

M(link is

external)

CONFIR

M(link is

external)

phpmyfaq -- phpmyfaq

phpMyFAQ before 2.8.13 allows remote

authenticated users with admin privileges to bypass

authorization via a crafted instance ID parameter.

2018

-08-

28

not

yet

calcu

lated

CVE-

2014-

6049

MISC(li

nk is

external)

CONFIR

M(link is

external)

phpmyfaq -- phpmyfaq

phpMyFAQ before 2.8.13 allows remote

authenticated users with certain permissions to read

arbitrary attachments by leveraging incorrect

"download an attachment" permission checks.

2018

-08-

28

not

yet

calcu

lated

CVE-

2014-

6047

MISC(li

nk is

external)

CONFIR

M(link is

external)

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

phpmyfaq -- phpmyfaq

SQL injection vulnerability in phpMyFAQ before

2.8.13 allows remote authenticated users with

certain permissions to execute arbitrary SQL

commands via vectors involving the restore

function.

2018

-08-

28

not

yet

calcu

lated

CVE-

2014-

6045

MISC(li

nk is

external)

CONFIR

M(link is

external)

phpmyfaq -- phpmyfaq

Multiple cross-site request forgery (CSRF)

vulnerabilities in phpMyFAQ before 2.8.13 allow

remote attackers to hijack the authentication of

unspecified users for requests that (1) delete active

users by leveraging improper validation of CSRF

tokens or that (2) delete open questions, (3) activate

users, (4) publish FAQs, (5) add or delete Glossary,

(6) add or delete FAQ news, or (7) add or delete

comments or add votes by leveraging lack of a

CSRF token.

2018

-08-

28

not

yet

calcu

lated

CVE-

2014-

6046

MISC(li

nk is

external)

CONFIR

M(link is

external)

phpmyfaq -- phpmyfaq

phpMyFAQ before 2.8.13 allows remote attackers to

bypass the CAPTCHA protection mechanism by

replaying the request.

2018

-08-

28

not

yet

calcu

lated

CVE-

2014-

6050

MISC(li

nk is

external)

CONFIR

M(link is

external)

phpmyfaq -- phpmyfaq

phpMyFAQ before 2.8.13 allows remote attackers to

read arbitrary attachments via a direct request.

2018

-08-

28

not

yet

calcu

lated

CVE-

2014-

6048

MISC(li

nk is

external)

CONFIR

M(link is

external)

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

phpok -- phpok

PHPOK 4.8.278 has a Reflected XSS vulnerability

in framework/www/login_control.php via the _back

parameter to the ok_f function.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

16142

MISC(li

nk is

external)

phpscriptsmall.com --

website_seller_script

PHP Scripts Mall Website Seller Script 2.0.5 allows

remote attackers to cause a denial of service via

crafted JavaScript code in the First Name, Last

Name, Company Name, or Fax field, as

demonstrated by crossPwn.

2018

-08-

28

not

yet

calcu

lated

CVE-

2018-

15897

MISC(li

nk is

external)

phpscriptsmall.com --

website_seller_script

PHP Scripts Mall Website Seller Script 2.0.5 has

XSS via Personal Address or Company Name.

2018

-08-

28

not

yet

calcu

lated

CVE-

2018-

15896

MISC(li

nk is

external)

podofo -- podofo

In podofo 0.9.6, the function

PoDoFo::PdfParser::ReadObjects() in

base/PdfParser.cpp can cause the program to be

aborted, because

PoDoFo::PdfVecObjects::Reserve() in

base/PdfVecObjects.h can be called with a large size

value. Remote attackers could leverage this

vulnerability to cause a denial-of-service via a

crafted pdf file.

2018

-08-

26

not

yet

calcu

lated

CVE-

2018-

15889

MISC(li

nk is

external)

MISC(li

nk is

external)

portainer -- portainer

A stored Cross-site scripting (XSS) vulnerability in

Portainer through 1.19.1 allows remote

authenticated users to inject arbitrary JavaScript

and/or HTML via the Team Name field.

2018

-09-

01

not

yet

calcu

lated

CVE-

2018-

16316

MISC(li

nk is

external)

postgresql-jdbc -- postgresql-

jdbc

A weakness was found in postgresql-jdbc before

version 42.2.5. It was possible to provide an SSL

Factory and not check the host name if a host name

verifier was not provided to the driver. This could

lead to a condition where a man-in-the-middle

attacker could masquerade as a trusted server by

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

10936

CONFIR

M(link is

external)

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

providing a certificate for the wrong host, as long as

it was signed by a trusted CA.

CONFIR

M

qemu -- qemu

qemu-seccomp.c in QEMU might allow local OS

guest users to cause a denial of service (guest crash)

by leveraging mishandling of the seccomp policy for

threads other than the main thread.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

15746

MLIST(l

ink is

external)

MLIST

qnap -- photo_station

Cross-site scripting vulnerability in QNAP Photo

Station versions 5.7.0 and earlier could allow remote

attackers to inject Javascript code in the

compromised application.

2018

-08-

27

not

yet

calcu

lated

CVE-

2018-

0715

CONFIR

M(link is

external)

responsive_filemanager --

responsive_filemanager

/filemanager/ajax_calls.php in tecrail Responsive

FileManager before 9.13.4 uses external input to

construct a pathname that should be within a

restricted directory, but it does not properly

neutralize get_file sequences such as ".." that can

resolve to a location that is outside of that directory,

aka Directory Traversal.

2018

-08-

24

not

yet

calcu

lated

CVE-

2018-

15535

FULLDI

SC

EXPLOI

T-

DB(link

is

external)

responsive_filemanager --

responsive_filemanager

/filemanager/ajax_calls.php in tecrail Responsive

FileManager before 9.13.4 does not properly

validate file paths in archives, allowing for the

extraction of crafted archives to overwrite arbitrary

files via an extract action, aka Directory Traversal.

2018

-08-

24

not

yet

calcu

lated

CVE-

2018-

15536

FULLDI

SC

EXPLOI

T-

DB(link

is

external)

ricoh -- mp_c4504ex_devices RICOH MP C4504ex devices allow HTML

Injection via the

2018

-08-

28 not

yet

CVE-

2018-

15884

MISC(li

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

/web/entry/en/address/adrsSetUserWizard.cgi

entryNameIn parameter.

calcu

lated

nk is

external)

EXPLOI

T-

DB(link

is

external)

rsa --

bsafe_micro_edition_suite

RSA BSAFE Micro Edition Suite, version 4.1.6,

contains an integer overflow vulnerability. A remote

attacker could use maliciously constructed ASN.1

data to potentially cause a Denial Of Service.

2018

-08-

31

not

yet

calcu

lated

CVE-

2018-

11054

FULLDI

SC

rsa --

bsafe_micro_edition_suite

RSA BSAFE Micro Edition Suite, versions prior to

4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x),

contains an Improper Clearing of Heap Memory

Before Release ('Heap Inspection') vulnerability.

Decoded PKCS #12 data in heap memory is not

zeroized by MES before releasing the memory

internally and a malicious local user could gain

access to the unauthorized data by doing heap

inspection.

2018

-08-

31

not

yet

calcu

lated

CVE-

2018-

11055

FULLDI

SC

rsa --

bsafe_micro_edition_suite

RSA BSAFE Micro Edition Suite, prior to 4.1.6.1

(in 4.1.x), and RSA BSAFE Crypto-C Micro Edition

versions prior to 4.0.5.3 (in 4.0.x) contain an

Uncontrolled Resource Consumption ('Resource

Exhaustion') vulnerability when parsing ASN.1 data.

A remote attacker could use maliciously constructed

ASN.1 data that would exhaust the stack, potentially

causing a Denial Of Service.

2018

-08-

31

not

yet

calcu

lated

CVE-

2018-

11056

FULLDI

SC

rsa --

bsafe_micro_edition_suite

RSA BSAFE Micro Edition Suite, versions prior to

4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x)

contains a Covert Timing Channel vulnerability

during RSA decryption, also known as a

Bleichenbacher attack on RSA decryption. A remote

attacker may be able to recover a RSA key.

2018

-08-

31

not

yet

calcu

lated

CVE-

2018-

11057

FULLDI

SC

samsung --

smartthings_hub_sth-eth-

250_firmware

An exploitable integer underflow vulnerability exists

in the ZigBee firmware update routine of the

hubCore binary of the Samsung SmartThings Hub

STH-ETH-250 - Firmware version 0.20.17. The

2018

-08-

28 not

yet

CVE-

2018-

3926

BID(link

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

hubCore process incorrectly handles malformed files

existing in its data directory, leading to an infinite

loop, which eventually causes the process to crash.

An attacker can send an HTTP request to trigger this

vulnerability.

calcu

lated

is

external)

MISC(li

nk is

external)

samsung --

smartthings_hub_sth-eth-

250_firmware

An exploitable information disclosure vulnerability

exists in the crash handler of the hubCore binary of

the Samsung SmartThings Hub STH-ETH-250 -

Firmware version 0.20.17. When hubCore crashes,

Google Breakpad is used to record minidumps,

which are sent over an insecure HTTPS connection

to the backtrace.io service, leading to the exposure

of sensitive data. An attacker can impersonate the

remote backtrace.io server in order to trigger this

vulnerability.

2018

-08-

27

not

yet

calcu

lated

CVE-

2018-

3927

MISC(li

nk is

external)

samsung --

smartthings_hub_sth-eth-

250_firmware

An exploitable buffer overflow vulnerability exists

in the /cameras/XXXX/clips handler of video-core's

HTTP server of Samsung SmartThings Hub STH-

ETH-250 - Firmware version 0.20.17. The video-

core process incorrectly extracts fields from a user-

controlled JSON payload, leading to a buffer

overflow on the stack. An attacker can send an

HTTP request to trigger this vulnerability.

2018

-08-

27

not

yet

calcu

lated

CVE-

2018-

3893

MISC(li

nk is

external)

samsung --

smartthings_hub_sth-eth-

250_firmware

An exploitable buffer overflow vulnerability exists

in the camera 'update' feature of video-core's HTTP

server of Samsung SmartThings Hub STH-ETH-250

- Firmware version 0.20.17. The video-core process

incorrectly extracts fields from a user-controlled

JSON payload, leading to a buffer overflow on the

stack. An attacker can send an HTTP request to

trigger this vulnerability.

2018

-08-

27

not

yet

calcu

lated

CVE-

2018-

3904

MISC(li

nk is

external)

samsung --

smartthings_hub_sth-eth-

250_firmware

An exploitable vulnerability exists in the remote

servers of Samsung SmartThings Hub STH-ETH-

250 - Firmware version 0.20.17. The hubCore

process listens on port 39500 and relays any

unauthenticated messages to SmartThings' remote

servers, which incorrectly handle camera IDs for the

'sync' operation, leading to arbitrary deletion of

2018

-08-

27

not

yet

calcu

lated

CVE-

2018-

3918

MISC(li

nk is

external)

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

cameras. An attacker can send an HTTP request to

trigger this vulnerability.

samsung --

smartthings_hub_sth-eth-

250_firmware

An exploitable vulnerability exists in the REST

parser of video-core's HTTP server of the Samsung

SmartThings Hub STH-ETH-250-Firmware version

0.20.17. The video-core process incorrectly handles

pipelined HTTP requests, which allows successive

requests to overwrite the previously parsed HTTP

method, URL and body. With the implementation of

the on_body callback, defined by sub_41734, an

attacker can send an HTTP request to trigger this

vulnerability.

2018

-08-

28

not

yet

calcu

lated

CVE-

2018-

3908

MISC(li

nk is

external)

samsung --

smartthings_hub_sth-eth-

250_firmware

An exploitable buffer overflow vulnerability exists

in the /cameras/XXXX/clips handler of video-core's

HTTP server of Samsung SmartThings Hub STH-

ETH-250 Firmware version 0.20.17. The strncpy

call overflows the destination buffer, which has a

size of 52 bytes. An attacker can send an arbitrarily

long 'endTime' value in order to exploit this

vulnerability. An attacker can send an HTTP request

to trigger this vulnerability.

2018

-08-

28

not

yet

calcu

lated

CVE-

2018-

3895

MISC(li

nk is

external)

samsung --

smartthings_hub_sth-eth-

250_firmware

An exploitable stack-based buffer overflow

vulnerability exists in the retrieval of database fields

in the video-core HTTP server of the Samsung

SmartThings Hub STH-ETH-250 - Firmware

version 0.20.17. The strcpy call overflows the

destination buffer, which has a size of 136 bytes. An

attacker can send an arbitrarily long 'directory' value

in order to exploit this vulnerability. An attacker can

send an HTTP request to trigger this vulnerability.

2018

-08-

28

not

yet

calcu

lated

CVE-

2018-

3916

MISC(li

nk is

external)

schneider_electric --

modicon_m221

A Permissions, Privileges, and Access Control

vulnerability exists in Schneider Electric's Modicon

M221 product (all references, all versions prior to

firmware V1.6.2.0). The vulnerability allows

unauthorized users to overwrite the original

password with their password. If an attacker exploits

this vulnerability and overwrite the password, the

attacker can upload the original program from the

PLC.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

7791

BID(link

is

external)

CONFIR

M(link is

external)

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

schneider_electric --

modicon_m221

An Improper Check for Unusual or Exceptional

Conditions vulnerability exists in Schneider

Electric's Modicon M221 product (all references, all

versions prior to firmware V1.6.2.0). The

vulnerability allows unauthorized users to remotely

reboot Modicon M221 using crafted programing

protocol frames.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

7789

BID(link

is

external)

MISC

CONFIR

M(link is

external)

schneider_electric --

modicon_m221

An Information Management Error vulnerability

exists in Schneider Electric's Modicon M221

product (all references, all versions prior to firmware

V1.6.2.0). The vulnerability allows unauthorized

users to replay authentication sequences. If an

attacker exploits this vulnerability and connects to a

Modicon M221, the attacker can upload the original

program from the PLC.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

7790

BID(link

is

external)

CONFIR

M(link is

external)

schneider_electric --

modicon_m221

A Permissions, Privileges, and Access Control

vulnerability exists in Schneider Electric's Modicon

M221 product (all references, all versions prior to

firmware V1.6.2.0). The vulnerability allows

unauthorized users to decode the password using

rainbow table.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

7792

BID(link

is

external)

CONFIR

M(link is

external)

schneider_electric --

powerlogic

A Cross Protocol Injection vulnerability exists in

Schneider Electric's PowerLogic (PM5560 prior to

FW version 2.5.4) product. The vulnerability makes

the product susceptible to cross site scripting attack

on its web browser. User inputs can be manipulated

to cause execution of java script code.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

7795

BID(link

is

external)

MISC

CONFIR

M(link is

external)

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

sentrifugo -- sentrifugo

A SQL Injection issue was discovered in Sentrifugo

3.2 via the deptid parameter.

2018

-08-

28

not

yet

calcu

lated

CVE-

2018-

15873

MISC(li

nk is

external)

simplehttpserver --

simplehttpserver

Path traversal in simplehttpserver <v0.2.1 allows

listing any file on the server.

2018

-08-

31

not

yet

calcu

lated

CVE-

2018-

3787

MISC(li

nk is

external)

subrion -- subrion

There is Stored XSS in Subrion 4.2.1 via the admin

panel URL configuration.

2018

-09-

01

not

yet

calcu

lated

CVE-

2018-

16327

MISC(li

nk is

external)

technicolor -- tc8305c_devices

Technicolor (formerly RCA) TC8305C devices

allow remote attackers to cause a denial of service

(networking outage) via a flood of random MAC

addresses, as demonstrated by macof. NOTE: this

might overlap CVE-2018-15852.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

15907

MISC(li

nk is

external)

tencent -- foxmail

This vulnerability allows remote attackers to execute

arbitrary code on vulnerable installations of Tencent

Foxmail 7.2.9.115. User interaction is required to

exploit this vulnerability in that the target must visit

a malicious page or open a malicious file. The

specific flaw exists within the processing of URI

handlers. The issue results from the lack of proper

validation of a user-supplied string before using it to

execute a system call. An attacker can leverage this

vulnerability to execute code under the context of

the current process. Was ZDI-CAN-5543.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

11616

MISC(li

nk is

external)

tenda -- multiple_routers

An issue was discovered on Tenda AC7

V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN,

AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN,

and AC18 V15.03.05.19(6318)_CN devices. There

2018

-09-

01 not

yet

CVE-

2018-

16333

MISC(li

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

is a buffer overflow vulnerability in the router's web

server. While processing the ssid parameter for a

POST request, the value is directly used in a sprintf

call to a local variable placed on the stack, which

overrides the return address of the function, causing

a buffer overflow.

calcu

lated

nk is

external)

tenda -- multiple_routers

An issue was discovered on Tenda AC9

V15.03.05.19(6318)_CN and AC10

V15.03.06.23_CN devices. The mac parameter in a

POST request is used directly in a doSystemCmd

call, causing OS command injection.

2018

-09-

01

not

yet

calcu

lated

CVE-

2018-

16334

MISC(li

nk is

external)

thinkcmf -- thinkcmf

ThinkCMF X2.2.3 has an arbitrary file deletion

vulnerability in do_avatar in

\application\User\Controller\ProfileController.class.

php via an imgurl parameter with a ..\ sequence. A

member user can delete any file on a Windows

server.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

16141

MISC(li

nk is

external)

trend_micro -- officescan_xg

A Named Pipe Request Processing Out-of-Bounds

Read Information Disclosure vulnerability in Trend

Micro OfficeScan XG (12.0) could allow a local

attacker to disclose sensitive information on

vulnerable installations. An attacker must first

obtain the ability to execute low-privileged code on

the target system in order to exploit the

vulnerability.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

15364

CONFIR

M(link is

external)

MISC(li

nk is

external)

trend_micro -- security

A Deserialization of Untrusted Data Privilege

Escalation vulnerability in Trend Micro Security

2018 (Consumer) products could allow a local

attacker to escalate privileges on vulnerable

installations. An attacker must first obtain the ability

to execute low-privileged code on the target system

in order to exploit the vulnerability.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

10513

CONFIR

M(link is

external)

MISC(li

nk is

external)

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

trend_micro -- security

An Out-of-Bounds Read Privilege Escalation

vulnerability in Trend Micro Security 2018

(Consumer) products could allow a local attacker to

escalate privileges on vulnerable installations. An

attacker must first obtain the ability to execute low-

privileged code on the target system in order to

exploit the vulnerability.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

15363

CONFIR

M(link is

external)

MISC(li

nk is

external)

trend_micro -- security

A Missing Impersonation Privilege Escalation

vulnerability in Trend Micro Security 2018

(Consumer) products could allow a local attacker to

escalate privileges on vulnerable installations. An

attacker must first obtain the ability to execute low-

privileged code on the target system in order to

exploit the vulnerability.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

10514

CONFIR

M(link is

external)

MISC(li

nk is

external)

umbraco -- umbraco

Umbraco before 7.2.0 has a remote PHP code

execution vulnerability because

Umbraco.Web.UI/config/umbracoSettings.Release.c

onfig does not block the upload of .php files.

2018

-08-

27

not

yet

calcu

lated

CVE-

2014-

10074

MISC

MISC(li

nk is

external)

vanilla -- vanilla

In Vanilla before 2.6.1, the polling functionality

allows Insecure Direct Object Reference (IDOR) via

the Poll ID, leading to the ability of a single user to

select multiple Poll Options (e.g., vote for multiple

items).

2018

-08-

26

not

yet

calcu

lated

CVE-

2018-

15833

MISC(li

nk is

external)

MISC(li

nk is

external)

MISC(li

nk is

external)

MISC(li

nk is

external)

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

visiology --

flipbox_software_suite

Visiology Flipbox Software Suite before 2.7.0

allows directory traversal via %5c%2e%2e%2f

because it does not sanitize filename parameters.

2018

-08-

27

not

yet

calcu

lated

CVE-

2018-

15810

MISC(li

nk is

external)

MISC(li

nk is

external)

vivotek -- multiple_devices

Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*,

IP9*, IZ9*, MS9*, SD9*, and other devices before

XXXXXX-VVTK-xx06a allow remote attackers to

execute arbitrary code.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

14768

CONFIR

M(link is

external)

CONFIR

M(link is

external)

waimai -- super_cms

In waimai Super Cms 20150505, there is a CSRF

vulnerability that can change the configuration via

admin.php?m=Config&a=add.

2018

-09-

01

not

yet

calcu

lated

CVE-

2018-

16315

MISC(li

nk is

external)

waimai -- super_cms

waimai Super Cms 20150505 has a logic flaw

allowing attackers to modify a price, before form

submission, by observing data in a packet capture.

By setting the index.php?m=cart&a=save

item_totals parameter to zero, the entire cart is sold

for free.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

16157

MISC(li

nk is

external)

wireshark -- wireshark

In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0

to 2.2.16, the Bluetooth AVDTP dissector could

crash. This was addressed in epan/dissectors/packet-

btavdtp.c by properly initializing a data structure.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

16058

BID(link

is

external)

MISC

MISC

MISC

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

wireshark -- wireshark

In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0

to 2.2.16, the Radiotap dissector could crash. This

was addressed in epan/dissectors/packet-ieee80211-

radiotap-iter.c by validating iterator operations.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

16057

BID(link

is

external)

MISC

MISC

MISC

wireshark -- wireshark

In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0

to 2.2.16, the Bluetooth Attribute Protocol dissector

could crash. This was addressed in

epan/dissectors/packet-btatt.c by verifying that a

dissector for a specific UUID exists.

2018

-08-

29

not

yet

calcu

lated

CVE-

2018-

16056

BID(link

is

external)

MISC

MISC

MISC

wordpress -- wordpress

An issue was discovered in the ajax-bootmodal-

login plugin 1.4.3 for WordPress. The register form,

login form, and password-recovery form require

solving a CAPTCHA to perform actions. However,

this is required only once per user session, and

therefore one could send as many requests as one

wished by automation.

2018

-08-

26

not

yet

calcu

lated

CVE-

2018-

15876

MISC(li

nk is

external)

wordpress -- wordpress

The Gift Vouchers plugin through 2.0.1 for

WordPress allows SQL Injection via the template_id

parameter in a wp-admin/admin-ajax.php

wpgv_doajax_front_template request.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

16159

MISC(li

nk is

external)

EXPLOI

T-

DB(link

is

external)

wordpress -- wordpress

The Plainview Activity Monitor plugin 4.7.11 for

WordPress is vulnerable to OS command injection

via shell metacharacters in the ip parameter of a wp-

2018

-08-

26 not

yet

CVE-

2018-

15877

MISC(li

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

admin/admin.php?page=plainview_activity_monitor

&tab=activity_tools request.

calcu

lated

nk is

external)

EXPLOI

T-

DB(link

is

external)

wordpress -- wordpress

Cross-site scripting (XSS) vulnerability in the

Wordfence Security plugin before 5.1.5 for

WordPress allows remote attackers to inject

arbitrary web script or HTML via the val parameter

to whois.php.

2018

-08-

28

not

yet

calcu

lated

CVE-

2014-

4932

MISC(li

nk is

external)

CONFIR

M(link is

external)

wordpress -- wordpress

The Ninja Forms plugin before 3.3.14.1 for

WordPress allows CSV injection.

2018

-09-

01

not

yet

calcu

lated

CVE-

2018-

16308

MISC(li

nk is

external)

MISC

EXPLOI

T-

DB(link

is

external)

wordpress -- wordpress

The Export Users to CSV plugin through 1.1.1 for

WordPress allows CSV injection.

2018

-08-

28

not

yet

calcu

lated

CVE-

2018-

15571

MISC(li

nk is

external)

EXPLOI

T-

DB(link

is

external)

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

wuzhi -- cms

A SQL injection was discovered in

/coreframe/app/admin/copyfrom.php in WUZHI

CMS 4.1.0 via the

index.php?m=core&f=copyfrom&v=listing

keywords parameter.

2018

-08-

27

not

yet

calcu

lated

CVE-

2018-

15893

MISC(li

nk is

external)

wuzhi -- cms

A SQL injection was discovered in

/coreframe/app/admin/pay/admin/index.php in

WUZHI CMS 4.1.0 via the

index.php?m=pay&f=index&v=listing keyValue

parameter.

2018

-08-

27

not

yet

calcu

lated

CVE-

2018-

15894

MISC(li

nk is

external)

xovis -- pc-

series_sensors_firmware

Xovis PC2, PC2R, and PC3 devices through 3.6.0

allow Directory Traversal.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

11720

CONFIR

M(link is

external)

xovis -- pc-

series_sensors_firmware

Xovis PC2, PC2R, and PC3 devices through 3.6.0

allow XXE.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

11719

CONFIR

M(link is

external)

xovis -- pc-

series_sensors_firmware

Xovis PC2, PC2R, and PC3 devices through 3.6.0

allow CSRF.

2018

-08-

30

not

yet

calcu

lated

CVE-

2018-

11718

CONFIR

M(link is

external)

zoho_manageengine --

admanager_plus

Zoho ManageEngine ADManager Plus 6.5.7 allows

HTML Injection on the "AD Delegation" "Help

Desk Technicians" screen.

2018

-08-

28

not

yet

calcu

lated

CVE-

2018-

15608

EXPLOI

T-

DB(link

is

external)

Primary

Vendor -- Product Description

Publ

ished

CVS

S

Scor

e

Source

& Patch

Info

zoho_manageengine --

admanager_plus

Zoho ManageEngine ADManager Plus 6.5.7 has

XSS on the "Workflow Delegation" "Requester

Roles" screen.

2018

-08-

28

not

yet

calcu

lated

CVE-

2018-

15740

MISC(li

nk is

external)

MISC(li

nk is

external)

MISC(li

nk is

external)

zyxel --

vmg3312_b10b_devices

Zyxel VMG3312 B10B devices are affected by a

persistent XSS vulnerability via the

pages/connectionStatus/connectionStatus-

hostEntry.cmd hostname parameter.

2018

-08-

26

not

yet

calcu

lated

CVE-

2018-

15602

MISC(li

nk is

external)