vulnerability summary for the week of september 7, 2018 · access to the system when ldap is set to...
TRANSCRIPT
Vulnerability Summary for the Week of September 7, 2018 The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by Ug-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of Ug-CERT analysis.
High Vulnerabilities
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch Info
There were no high vulnerabilities recorded this week.
Medium Vulnerabilities
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch Info
There were no medium vulnerabilities recorded this week.
Low Vulnerabilities
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch Info
There were no low vulnerabilities recorded this week.
Severity Not Yet Assigned
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
a10 --
acos_web_application_firewall
A10 ACOS Web Application Firewall (WAF) 2.7.1
and 2.7.2 before 2.7.2-P12, 4.1.0 before 4.1.0-P11,
4.1.1 before 4.1.1-P8, and 4.1.2 before 4.1.2-P4
mishandles the configured rules for blocking SQL
injection attacks, aka A10-2017-0008.
2018
-08-
27
not
yet
calcu
lated
CVE-
2018-
15904
CONFIR
M(link is
external)
abb -- esoms
ABB eSOMS version 6.0.2 may allow unauthorized
access to the system when LDAP is set to allow
anonymous authentication, and specific key values
within the eSOMS web.config file are present. Both
conditions are required to exploit this vulnerability.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
14805
BID(link
is
external)
MISC
CONFIR
M(link is
external)
adobe -- acrobat_and_reader
Adobe Acrobat and Reader versions
2018.011.20055 and earlier, 2017.011.30096 and
earlier, and 2015.006.30434 and earlier have an out-
of-bounds write vulnerability. Successful
exploitation could lead to arbitrary code execution.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
12808
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
adobe -- acrobat_and_reader
Adobe Acrobat and Reader versions
2018.011.20055 and earlier, 2017.011.30096 and
earlier, and 2015.006.30434 and earlier have an
untrusted pointer dereference vulnerability.
Successful exploitation could lead to arbitrary code
execution.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
12799
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
M(link is
external)
adobe -- creative_cloud
Adobe Creative Cloud Desktop Application before
4.6.1 has an improper certificate validation
vulnerability. Successful exploitation could lead to
privilege escalation.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
12829
BID(link
is
external)
CONFIR
M(link is
external)
adobe -- creative_cloud
Adobe Creative Cloud Desktop Application before
4.5.5.342 (installer) has an insecure library loading
(dll hijacking) vulnerability. Successful exploitation
could lead to privilege escalation.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
5003
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
adobe -- experience_manager
Adobe Experience Manager versions 6.4, 6.3, 6.2,
6.1, and 6.0 have an input validation bypass
vulnerability. Successful exploitation could lead to
unauthorized information modification.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
12807
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
adobe -- experience_manager
Adobe Experience Manager versions 6.4, 6.3, 6.2,
6.1, and 6.0 have a reflected cross-site scripting
vulnerability. Successful exploitation could lead to
sensitive information disclosure.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
12806
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
adobe -- flash_player
Adobe Flash Player 30.0.0.134 and earlier have an
out-of-bounds read vulnerability. Successful
exploitation could lead to information disclosure.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
12826
BID(link
is
external)
SECTR
ACK(lin
k is
external)
REDHA
T(link is
external)
CONFIR
M(link is
external)
adobe -- flash_player
Adobe Flash Player 30.0.0.134 and earlier have an
out-of-bounds read vulnerability. Successful
exploitation could lead to information disclosure.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
12827
BID(link
is
external)
SECTR
ACK(lin
k is
external)
REDHA
T(link is
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
external)
CONFIR
M(link is
external)
EXPLOI
T-
DB(link
is
external)
adobe -- flash_player
Adobe Flash Player 30.0.0.134 and earlier have a
security bypass vulnerability. Successful
exploitation could lead to security mitigation bypass.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
12825
BID(link
is
external)
SECTR
ACK(lin
k is
external)
REDHA
T(link is
external)
CONFIR
M(link is
external)
adobe -- flash_player
Adobe Flash Player 30.0.0.134 and earlier have an
out-of-bounds read vulnerability. Successful
exploitation could lead to information disclosure.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
12824
BID(link
is
external)
SECTR
ACK(lin
k is
external)
REDHA
T(link is
external)
CONFIR
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
M(link is
external)
adobe -- flash_player
Adobe Flash Player 30.0.0.134 and earlier have a
"use of a component with a known vulnerability"
vulnerability. Successful exploitation could lead to
privilege escalation.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
12828
BID(link
is
external)
SECTR
ACK(lin
k is
external)
REDHA
T(link is
external)
CONFIR
M(link is
external)
adobe -- photoshop_cc
Adobe Photoshop CC 2018 before 19.1.6 and
Photoshop CC 2017 before 18.1.6 have a memory
corruption vulnerability. Successful exploitation
could lead to remote code execution.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
12811
BID(link
is
external)
CONFIR
M(link is
external)
adobe -- photoshop_cc
Adobe Photoshop CC 2018 before 19.1.6 and
Photoshop CC 2017 before 18.1.6 have a memory
corruption vulnerability. Successful exploitation
could lead to remote code execution.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
12810
BID(link
is
external)
CONFIR
M(link is
external)
alcatel -- a30_device
The Alcatel A30 device with a build fingerprint of
TCL/5046G/MICKEY6US:7.0/NRD90M/J63:user/r
elease-keys contains a hidden privilege escalation
capability to achieve command execution as the root
2018
-08-
29 not
yet
CVE-
2018-
6597
MISC(li
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
user. They have made modifications that allow a
user with physical access to the device to obtain a
root shell via ADB. Modifying the read-only
properties by an app as the system user creates a
UNIX domain socket named factory_test that will
execute commands as the root user by processes that
have privilege to access it (as per the SELinux rules
that the vendor controls).
calcu
lated
nk is
external)
amazon –
amazon_web_services
An Amazon Web Services (AWS) developer who
does not specify the --owners flag when describing
images via AWS CLI, and therefore not properly
validating source software per AWS recommended
security best practices, may unintentionally load an
undesired and potentially malicious Amazon
Machine Image (AMI) from the uncurated public
community AMI catalog.
2018
-08-
24
not
yet
calcu
lated
CVE-
2018-
15869
BID(link
is
external)
MISC(li
nk is
external)
apache -- perl
mod_perl 2.0 through 2.0.10 allows attackers to
execute arbitrary Perl code by placing it in a user-
owned .htaccess file, because (contrary to the
documentation) there is no configuration option that
permits Perl code for the administrator's control of
HTTP request processing without also permitting
unprivileged users to run Perl code in the context of
the user account that runs Apache HTTP Server
processes.
2018
-08-
26
not
yet
calcu
lated
CVE-
2011-
2767
MISC
MISC
apache -- traffic_server
There are multiple HTTP smuggling and cache
poisoning issues when clients making malicious
requests interact with Apache Traffic Server (ATS).
This affects versions 6.0.0 to 6.2.2 and 7.0.0 to
7.1.3. To resolve this issue users running 6.x should
upgrade to 6.2.3 or later versions and 7.x users
should upgrade to 7.1.4 or later versions.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
8004
BID(link
is
external)
CONFIR
M(link is
external)
CONFIR
M(link is
external)
CONFIR
M(link is
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
external)
CONFIR
M(link is
external)
MLIST
DEBIAN
apache -- traffic_server
A carefully crafted invalid TLS handshake can cause
Apache Traffic Server (ATS) to segfault. This
affects version 6.2.2. To resolve this issue users
running 6.2.2 should upgrade to 6.2.3 or later
versions.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
8022
BID(link
is
external)
CONFIR
M(link is
external)
MLIST
apache -- traffic_server
Pages that are rendered using the ESI plugin can
have access to the cookie header when the plugin is
configured not to allow access. This affects Apache
Traffic Server (ATS) versions 6.0.0 to 6.2.2 and
7.0.0 to 7.1.3. To resolve this issue users running 6.x
should upgrade to 6.2.3 or later versions and 7.x
users should upgrade to 7.1.4 or later versions.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
8040
BID(link
is
external)
CONFIR
M(link is
external)
MLIST
MLIST
DEBIAN
apache -- traffic_server
When there are multiple ranges in a range request,
Apache Traffic Server (ATS) will read the entire
object from cache. This can cause performance
problems with large objects in cache. This affects
versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve
this issue users running 6.x users should upgrade to
6.2.3 or later versions and 7.x users should upgrade
to 7.1.4 or later versions.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
8005
BID(link
is
external)
CONFIR
M(link is
external)
CONFIR
M(link is
external)
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
MLIST
DEBIAN
apache -- traffic_server
Adding method ACLs in remap.config can cause a
segfault when the user makes a carefully crafted
request. This affects versions Apache Traffic Server
(ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve
this issue users running 6.x should upgrade to 6.2.3
or later versions and 7.x users should upgrade to
7.1.4 or later versions.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
1318
BID(link
is
external)
CONFIR
M(link is
external)
MLIST
DEBIAN
argus -- surveillance_dvr
Argus Surveillance DVR 4.0.0.0 devices allow
Unauthenticated Directory Traversal, leading to File
Disclosure via a ..%2F in the WEBACCOUNT.CGI
RESULTPAGE parameter.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
15745
MISC
MISC(li
nk is
external)
EXPLOI
T-
DB(link
is
external)
artifex -- ghostscript
In Artifex Ghostscript 9.23 before 2018-08-24,
attackers able to supply crafted PostScript could use
uninitialized memory access in the aesdecode
operator to crash the interpreter or potentially
execute code.
2018
-08-
28
not
yet
calcu
lated
CVE-
2018-
15911
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC
artifex -- ghostscript
In Artifex Ghostscript 9.23 before 2018-08-23,
attackers able to supply crafted PostScript files
could use a type confusion in the
2018
-08-
27
not
yet
calcu
lated
CVE-
2018-
15910
MISC(li
nk is
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
LockDistillerParams parameter to crash the
interpreter or execute code.
external)
MISC
artifex -- ghostscript
In Artifex Ghostscript 9.23 before 2018-08-24, a
type confusion using the .shfill operator could be
used by attackers able to supply crafted PostScript
files to crash the interpreter or potentially execute
code.
2018
-08-
27
not
yet
calcu
lated
CVE-
2018-
15909
MISC(li
nk is
external)
MISC(li
nk is
external)
BID(link
is
external)
MISC
artifex -- ghostscript
In Artifex Ghostscript 9.23 before 2018-08-23,
attackers are able to supply malicious PostScript
files to bypass .tempfile restrictions and write files.
2018
-08-
27
not
yet
calcu
lated
CVE-
2018-
15908
MISC(li
nk is
external)
MISC
aspcm -- aspcms
An issue was discovered in ASPCMS 2.5.6. When
registering ordinary users in the addUser function of
the /member/reg.asp page, they can be registered
with the super administrators GroupID directly.
2018
-08-
26
not
yet
calcu
lated
CVE-
2018-
15888
MISC
MISC
asus -- dsl-n12e_c1
Main_Analysis_Content.asp in ASUS DSL-
N12E_C1 1.1.2.3_345 is prone to Authenticated
Remote Command Execution, which allows a
remote attacker to execute arbitrary OS commands
via service parameters, such as shell metacharacters
in the destIP parameter of a cmdMethod=ping
request.
2018
-08-
27
not
yet
calcu
lated
CVE-
2018-
15887
MISC(li
nk is
external)
asustor -- data_master
ASUSTOR Data Master 3.1.5 and below makes an
HTTP request for a configuration file that is
vulnerable to XSS. A man in the middle can take
2018
-08-
27
not
yet
calcu
lated
CVE-
2018-
15699
MISC(li
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
advantage of this by inserting Javascript into the
configuration files Version field.
nk is
external)
asustor -- data_master
ASUSTOR Data Master 3.1.5 and below allows
authenticated remote non-administrative users to
read any file on a share by providing the full path.
For example, /home/admin/.ash_history.
2018
-08-
27
not
yet
calcu
lated
CVE-
2018-
15697
MISC(li
nk is
external)
asustor -- data_master
ASUSTOR Data Master 3.1.5 and below allows
authenticated remote non-administrative users to
read any file on the file system when providing the
full path to loginimage.cgi.
2018
-08-
27
not
yet
calcu
lated
CVE-
2018-
15698
MISC(li
nk is
external)
asustor -- data_master
ASUSTOR Data Master 3.1.5 and below allows
authenticated remote non-administrative users to
enumerate all user accounts via user.cgi.
2018
-08-
27
not
yet
calcu
lated
CVE-
2018-
15696
MISC(li
nk is
external)
asustor -- data_master
ASUSTOR Data Master 3.1.5 and below allows
authenticated remote non-administrative users to
delete any file on the file system due to a path
traversal vulnerability in wallpaper.cgi.
2018
-08-
27
not
yet
calcu
lated
CVE-
2018-
15695
MISC(li
nk is
external)
asustor -- data_master
ASUSTOR Data Master 3.1.5 and below allows
authenticated remote non-administrative users to
upload files to arbitrary locations due to a path
traversal vulnerability. This could lead to code
execution if the "Web Server" feature is enabled.
2018
-08-
27
not
yet
calcu
lated
CVE-
2018-
15694
MISC(li
nk is
external)
atlassian -- jira
Various resources in Atlassian Jira before version
7.6.8, from version 7.7.0 before version 7.7.5, from
version 7.8.0 before version 7.8.5, from version
7.9.0 before version 7.9.3, from version 7.10.0
before version 7.10.3 and before version 7.11.1
allow remote attackers to inject arbitrary HTML or
2018
-08-
28
not
yet
calcu
lated
CVE-
2018-
13395
CONFIR
M(link is
external)
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
JavaScript via a cross site scripting (XSS)
vulnerability in the epic colour field of an issue
while an issue is being moved.
atlassian -- jira_server
The ProfileLinkUserFormat component of Jira
Server before version 7.6.8, from version 7.7.0
before version 7.7.5, from version 7.8.0 before
version 7.8.5, from version 7.9.0 before version
7.9.3, from version 7.10.0 before version 7.10.3 and
from version 7.11.0 before version 7.11.2 allows
remote attackers who can access & view an issue to
obtain the email address of the reporter and assignee
user of an issue despite the configured email
visibility setting being set to hidden.
2018
-08-
28
not
yet
calcu
lated
CVE-
2018-
13391
BID(link
is
external)
CONFIR
M(link is
external)
auth0 -- auth0
An issue was discovered in Auth0 auth0-aspnet and
auth0-aspnet-owin. Affected packages do not use or
validate the state parameter of the OAuth 2.0 and
OpenID Connect protocols. This leaves applications
vulnerable to CSRF attacks during authentication
and authorization operations.
2018
-08-
28
not
yet
calcu
lated
CVE-
2018-
15121
CONFIR
M(link is
external)
bludit -- bludit
Bludit 2.3.4 allows XSS via a user name.
2018
-09-
01
not
yet
calcu
lated
CVE-
2018-
16313
MISC(li
nk is
external)
ca -- ppm
An XML external entity vulnerability in the XOG
functionality, in CA PPM 14.3 and below, 14.4,
15.1, 15.2 CP5 and below, and 15.3 CP2 and below,
allows remote attackers to conduct server side
request forgery attacks.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
13826
CONFIR
M(link is
external)
ca -- ppm
Unprotected storage of credentials in CA PPM 14.3
and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3
CP2 and below, allows attackers to access sensitive
information.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
13822
CONFIR
M(link is
external)
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
ca -- ppm
Insufficient input validation in the gridExcelExport
functionality, in CA PPM 14.3 and below, 14.4,
15.1, 15.2 CP5 and below, and 15.3 CP2 and below,
allows remote attackers to execute reflected cross-
site scripting attacks.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
13825
CONFIR
M(link is
external)
ca -- ppm
Insufficient input sanitization of two parameters in
CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and
below, and 15.3 CP2 and below, allows remote
attackers to execute SQL injection attacks.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
13824
CONFIR
M(link is
external)
ca -- ppm
An XML external entity vulnerability in the XOG
functionality, in CA PPM 14.3 and below, 14.4,
15.1, 15.2 CP5 and below, and 15.3 CP2 and below,
allows remote attackers to access sensitive
information.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
13823
CONFIR
M(link is
external)
ca -- release_automation
Insecure deserialization of a specially crafted
serialized object, in CA Release Automation 6.5 and
earlier, allows attackers to potentially execute
arbitrary code.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
15691
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
ca --
unified_infrastructure_manage
ment
A hardcoded passphrase, in CA Unified
Infrastructure Management 8.5.1, 8.5, and 8.4.7,
allows attackers to access sensitive information.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
13820
CONFIR
M(link is
external)
ca --
unified_infrastructure_manage
ment
A hardcoded secret key, in CA Unified
Infrastructure Management 8.5.1, 8.5, and 8.4.7,
allows attackers to access sensitive information.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
13819
CONFIR
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
M(link is
external)
ca --
unified_infrastructure_manage
ment
A lack of authentication, in CA Unified
Infrastructure Management 8.5.1, 8.5, and 8.4.7,
allows remote attackers to conduct a variety of
attacks, including file reading/writing.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
13821
CONFIR
M(link is
external)
cms -- isweb
CMS ISWEB 3.5.3 has XSS via the ordineRis,
sezioneRicerca, or oggettiRicerca parameter to
index.php.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
15562
MISC(li
nk is
external)
conference-scheduler-cli --
conference-scheduler-cli
In conference-scheduler-cli, a pickle.load call on
imported data allows remote attackers to execute
arbitrary code via a crafted .pickle file, as
demonstrated by Python code that contains an
os.system call.
2018
-08-
28
not
yet
calcu
lated
CVE-
2018-
14572
MISC(li
nk is
external)
couchbase -- couchbase_server
An issue was discovered in Couchbase Server.
Authenticated users can send arbitrary Erlang code
to the 'diag/eval' endpoint of the REST API
(available by default on TCP/8091 and/or
TCP/18091). The executed code in the underlying
operating system will run with the privileges of the
user running Couchbase server.
2018
-08-
24
not
yet
calcu
lated
CVE-
2018-
15728
BUGTR
AQ
BID(link
is
external)
cpanel -- cpanel
cPanel through 74 allows XSS via a crafted filename
in the logs subdirectory of a user account, because
the filename is mishandled during
frontend/THEME/raw/index.html rendering.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
16236
MISC(li
nk is
external)
cybrotech -- cybrohttpserver
Cybrotech CyBroHttpServer 1.0.3 allows XSS via a
URI.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
16134
MISC(li
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
nk is
external)
MISC(li
nk is
external)
EXPLOI
T-
DB(link
is
external)
cybrotech -- cybrohttpserver
Cybrotech CyBroHttpServer 1.0.3 allows Directory
Traversal via a ../ in the URI.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
16133
MISC(li
nk is
external)
MISC(li
nk is
external)
EXPLOI
T-
DB(link
is
external)
d-link -- dir-601_devices
An issue was discovered on D-Link DIR-601
2.02NA devices. Being local to the network and
having only "User" account (which is a low
privilege account) access, an attacker can intercept
the response from a POST request to obtain
"Admin" rights due to the admin password being
displayed in XML.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
12710
FULLDI
SC
EXPLOI
T-
DB(link
is
external)
d-link -- dir-615_devices
D-Link DIR-615 devices have a buffer overflow via
a long Authorization HTTP header.
2018
-08-
28
not
yet
calcu
lated
CVE-
2018-
15839
MISC(li
nk is
external)
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
dabeaz -- ply
In PLY (aka Python Lex-Yacc) 3.11, as used in
pycparser and other products, a pickle.load call
(within the read_pickle function of the LRTable
class in yacc.py) on imported data allows remote
attackers to execute arbitrary code via a crafted
.pickle file, as demonstrated by Python code that
contains an os.system call.
2018
-08-
28
not
yet
calcu
lated
CVE-
2018-
14400
MISC(li
nk is
external)
damicms -- damicms
An issue was discovered in damiCMS V6.0.1.
Remote code execution can occur via PHP code in a
multipart/form-data POST to the
admin.php?s=/Tpl/Update.html URI. For example,
this can update the Web/Tpl/default/head.html file.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
16238
MISC(li
nk is
external)
damicms -- damicms
admin.php?s=/Admin/doedit in DamiCMS v6.0.0
allows CSRF to change the administrator account's
password.
2018
-09-
01
not
yet
calcu
lated
CVE-
2018-
16331
MISC(li
nk is
external)
damicms -- damicms
An issue was discovered in damiCMS V6.0.1. There
is Directory Traversal via '|' characters in the s
parameter to admin.php, as demonstrated by an
admin.php?s=Tpl/Add/id/c:|windows|win.ini URI.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
16237
MISC(li
nk is
external)
damicms -- damicms
An issue was discovered in damiCMS V6.0.1. It
relies on the PHP time() function for cookies, which
makes it possible to determine the cookie for an
existing admin session via 10800 guesses.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
16239
MISC(li
nk is
external)
docker -- docker_for_windows
HandleRequestAsync in Docker for Windows before
18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-
win72 (stable) deserialized requests over the
\\.\pipe\dockerBackend named pipe without
verifying the validity of the deserialized .NET
objects. This would allow a malicious user in the
"docker-users" group (who may not otherwise have
2018
-08-
31
not
yet
calcu
lated
CVE-
2018-
15514
MISC(li
nk is
external)
MISC(li
nk is
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
administrator access) to escalate to administrator
privileges.
external)
MISC(li
nk is
external)
e107 -- e107
e107 2.1.8 has CSRF in 'usersettings.php' with an
impact of changing details such as passwords of
users including administrators.
2018
-08-
28
not
yet
calcu
lated
CVE-
2018-
15901
MISC(li
nk is
external)
eaton -- power_xpert_meter
Eaton Power Xpert Meter 4000, 6000, and 8000
devices before 13.4.0.10 have a single SSH private
key across different customers' installations and do
not properly restrict access to this key, which makes
it easier for remote attackers to perform SSH logins
(to uid 0) via the PubkeyAuthentication option.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
16158
MISC(li
nk is
external)
MISC(li
nk is
external)
eaton -- power_xpert_meter
Michael Roth Software Personal FTP Server (PFTP)
through 8.4f allows remote attackers to cause a
denial of service (daemon crash) via an unspecified
sequence of FTP commands.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
16231
MISC(li
nk is
external)
elfutils -- elfutils
dwarf_getaranges in dwarf_getaranges.c in libdw in
elfutils before 2018-08-18 allows remote attackers to
cause a denial of service (heap-based buffer over-
read) via a crafted file.
2018
-08-
28
not
yet
calcu
lated
CVE-
2018-
16062
MISC
MISC
episerver -- episerver
XML external entity (XXE) vulnerability in
Episerver 7 patch 4 and earlier allows remote
attackers to read arbitrary files via a crafted DTD in
an XML request involving util/xmlrpc/Handler.ashx.
2018
-08-
29
not
yet
calcu
lated
CVE-
2017-
17762
MISC(li
nk is
external)
MISC(li
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
nk is
external)
epson --
iprint_application_6.6.3_for_a
ndroid
The EPSON iPrint application 6.6.3 for Android
contains hard-coded API and Secret keys for the
Dropbox, Box, Evernote and OneDrive services.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
14901
MISC(li
nk is
external)
epson --
iprint_application_6.6.3_for_a
ndroid
The ContentProvider in the EPSON iPrint
application 6.6.3 for Android does not properly
restrict data access. This allows an attacker's
application to read scanned documents.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
14902
MISC(li
nk is
external)
epson -- wf-
2750_printer_with_firmware_j
p02i2
On the EPSON WF-2750 printer with firmware
JP02I2, the Web interface AirPrint Setup page is
vulnerable to HTML Injection that can redirect users
to malicious sites.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
14899
MISC(li
nk is
external)
epson -- wf-
2750_printer_with_firmware_j
p02i2
EPSON WF-2750 printers with firmware JP02I2 do
not properly validate files before running updates,
which allows remote attackers to cause a printer
malfunction or send malicious data to the printer.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
14903
MISC(li
nk is
external)
epson -- wf-
2750_printer_with_firmware_j
p02i2
On EPSON WF-2750 printers with firmware
JP02I2, there is no filtering of print jobs. Remote
attackers can send print jobs directly to the printer
via TCP port 9100.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
14900
MISC(li
nk is
external)
exiv2 -- exiv2
Exiv2::Internal::PngChunk::parseTXTChunk in
Exiv2 v0.26 allows remote attackers to cause a
denial of service (heap-based buffer over-read) via a
crafted image file, a different vulnerability than
CVE-2018-10999.
2018
-09-
01
not
yet
calcu
lated
CVE-
2018-
16336
MISC(li
nk is
external)
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
fig2dev -- fig2dev
A buffer underwrite vulnerability in get_line()
(read.c) in fig2dev 3.2.7a allows an attacker to write
prior to the beginning of the buffer via a crafted .fig
file.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
16140
MISC(li
nk is
external)
foxit -- reader
This vulnerability allows remote attackers to execute
arbitrary code on vulnerable installations of Foxit
Reader 9.1.0.5096. User interaction is required to
exploit this vulnerability in that the target must visit
a malicious page or open a malicious file. The
specific flaw exists within the processing of PDF
files. The issue results from the lack of proper
validation of user-supplied data, which can result in
a type confusion condition. An attacker can leverage
this vulnerability to execute code in the context of
the current process. Was ZDI-CAN-6683.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
14317
CONFIR
M(link is
external)
MISC(li
nk is
external)
getsimple -- cms
There is XSS in GetSimple CMS 3.4.0.9 via the
admin/edit.php title field.
2018
-09-
01
not
yet
calcu
lated
CVE-
2018-
16325
MISC(li
nk is
external)
gleez -- cms
There is a CSRF vulnerability that can add an
administrator account in Gleez CMS 1.2.0 via
admin/users/add.
2018
-08-
25
not
yet
calcu
lated
CVE-
2018-
15845
MISC(li
nk is
external)
EXPLOI
T-
DB(link
is
external)
google -- chrome
Use after free in PDFium in Google Chrome prior to
63.0.3239.84 allowed a remote attacker to
potentially exploit heap corruption via a crafted PDF
file.
2018
-08-
28
not
yet
calcu
lated
CVE-
2017-
15410
REDHA
T(link is
external)
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
MISC(li
nk is
external)
MISC(li
nk is
external)
GENTO
O
DEBIAN
google -- chrome
Incorrect serialization in IPC in Google Chrome
prior to 63.0.3239.84 allowed a remote attacker to
leak the value of a pointer via a crafted HTML page.
2018
-08-
28
not
yet
calcu
lated
CVE-
2017-
15415
REDHA
T(link is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
GENTO
O
DEBIAN
google -- chrome
Inappropriate implementation in Skia canvas
composite operations in Google Chrome prior to
63.0.3239.84 allowed a remote attacker to leak
cross-origin data via a crafted HTML page.
2018
-08-
28
not
yet
calcu
lated
CVE-
2017-
15417
REDHA
T(link is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
GENTO
O
DEBIAN
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
google -- chrome
Inappropriate implementation in browser navigation
in Google Chrome prior to 63.0.3239.84 allowed a
remote attacker to spoof the contents of the
Omnibox (URL bar) via a crafted HTML page.
2018
-08-
28
not
yet
calcu
lated
CVE-
2017-
15420
SECTR
ACK(lin
k is
external)
REDHA
T(link is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
GENTO
O
DEBIAN
DEBIAN
google -- chrome
Use of uninitialized memory in Skia in Google
Chrome prior to 63.0.3239.84 allowed a remote
attacker to obtain potentially sensitive information
from process memory via a crafted HTML page.
2018
-08-
28
not
yet
calcu
lated
CVE-
2017-
15418
REDHA
T(link is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
GENTO
O
DEBIAN
google -- chrome
Heap buffer overflow in Blob API in Google
Chrome prior to 63.0.3239.84 allowed a remote
attacker to potentially exploit heap corruption via a
crafted HTML page, aka a Blink out-of-bounds read.
2018
-08-
28
not
yet
calcu
lated
CVE-
2017-
15416
REDHA
T(link is
external)
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
MISC(li
nk is
external)
MISC(li
nk is
external)
GENTO
O
DEBIAN
google -- chrome
Inappropriate implementation in BoringSSL
SPAKE2 in Google Chrome prior to 63.0.3239.84
allowed a remote attacker to leak the low-order bits
of SHA512(password) by inspecting protocol traffic.
2018
-08-
28
not
yet
calcu
lated
CVE-
2017-
15423
REDHA
T(link is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
GENTO
O
DEBIAN
google -- chrome
A use after free in V8 in Google Chrome prior to
62.0.3202.89 allowed a remote attacker to
potentially exploit heap corruption via a crafted
HTML page.
2018
-08-
28
not
yet
calcu
lated
CVE-
2017-
15399
BID(link
is
external)
REDHA
T(link is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
GENTO
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
O
DEBIAN
google -- chrome
Integer overflow in international date handling in
International Components for Unicode (ICU) for
C/C++ before 60.1, as used in V8 in Google Chrome
prior to 63.0.3239.84 and other products, allowed a
remote attacker to perform an out of bounds memory
read via a crafted HTML page.
2018
-08-
28
not
yet
calcu
lated
CVE-
2017-
15422
REDHA
T(link is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
GENTO
O
UBUNT
U(link is
external)
DEBIAN
google -- chrome
Insufficient policy enforcement in Omnibox in
Google Chrome prior to 63.0.3239.84 allowed a
remote attacker to perform domain spoofing via IDN
homographs in a crafted domain name.
2018
-08-
28
not
yet
calcu
lated
CVE-
2017-
15424
REDHA
T(link is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
GENTO
O
DEBIAN
google -- chrome
Unsafe navigation in Chromecast in Google Chrome
prior to 63.0.3239.84 allowed a remote attacker to
bypass navigation restrictions via a crafted HTML
page.
2018
-08-
28
not
yet
calcu
lated
CVE-
2017-
15430
MISC(li
nk is
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
external)
MISC(li
nk is
external)
google -- chrome
Insufficient policy enforcement in Resource Timing
API in Google Chrome prior to 63.0.3239.84
allowed a remote attacker to infer browsing history
by triggering a leaked cross-origin URL via a crafted
HTML page.
2018
-08-
28
not
yet
calcu
lated
CVE-
2017-
15419
REDHA
T(link is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
GENTO
O
DEBIAN
google -- chrome
Use after free in PDFium in Google Chrome prior to
63.0.3239.84 allowed a remote attacker to
potentially exploit heap corruption via a crafted PDF
file.
2018
-08-
28
not
yet
calcu
lated
CVE-
2017-
15411
REDHA
T(link is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
GENTO
O
DEBIAN
google -- chrome
Out-of-bounds Write in the QUIC networking stack
in Google Chrome prior to 63.0.3239.84 allowed a
remote attacker to gain code execution via a
malicious server.
2018
-08-
28
not
yet
calcu
lated
CVE-
2017-
15407
REDHA
T(link is
external)
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
MISC(li
nk is
external)
MISC(li
nk is
external)
GENTO
O
DEBIAN
google -- chrome
Insufficient policy enforcement in Omnibox in
Google Chrome prior to 63.0.3239.84 allowed a
remote attacker to perform domain spoofing via IDN
homographs in a crafted domain name.
2018
-08-
28
not
yet
calcu
lated
CVE-
2017-
15425
REDHA
T(link is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
GENTO
O
DEBIAN
google -- chrome
Insufficient policy enforcement in Omnibox in
Google Chrome prior to 63.0.3239.84 allowed a
remote attacker to perform domain spoofing via IDN
homographs in a crafted domain name.
2018
-08-
28
not
yet
calcu
lated
CVE-
2017-
15426
REDHA
T(link is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
GENTO
O
DEBIAN
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
google -- chrome
Heap buffer overflow in Omnibox in Google
Chrome prior to 63.0.3239.84 allowed a remote
attacker to potentially exploit heap corruption via a
crafted PDF file that is mishandled by PDFium.
2018
-08-
28
not
yet
calcu
lated
CVE-
2017-
15408
REDHA
T(link is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
GENTO
O
DEBIAN
google -- chrome
A stack buffer overflow in V8 in Google Chrome
prior to 62.0.3202.75 allowed a remote attacker to
perform an out of bounds memory read via a crafted
HTML page.
2018
-08-
28
not
yet
calcu
lated
CVE-
2017-
15406
MISC(li
nk is
external)
MISC(li
nk is
external)
google -- chrome
Heap buffer overflow in Skia in Google Chrome
prior to 63.0.3239.84 allowed a remote attacker to
potentially exploit heap corruption via a crafted
HTML page.
2018
-08-
28
not
yet
calcu
lated
CVE-
2017-
15409
REDHA
T(link is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
GENTO
O
DEBIAN
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
google -- chrome
Insufficient policy enforcement in Omnibox in
Google Chrome prior to 63.0.3239.84 allowed a
socially engineered user to XSS themselves by
dragging and dropping a javascript: URL into the
URL bar.
2018
-08-
28
not
yet
calcu
lated
CVE-
2017-
15427
REDHA
T(link is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
GENTO
O
DEBIAN
google -- chrome
Use after free in libxml2 before 2.9.5, as used in
Google Chrome prior to 63.0.3239.84 and other
products, allowed a remote attacker to potentially
exploit heap corruption via a crafted HTML page.
2018
-08-
28
not
yet
calcu
lated
CVE-
2017-
15412
SECTR
ACK(lin
k is
external)
REDHA
T(link is
external)
REDHA
T(link is
external)
MISC
MISC(li
nk is
external)
MISC(li
nk is
external)
MLIST
GENTO
O
DEBIAN
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
google -- chrome
Type confusion in WebAssembly in V8 in Google
Chrome prior to 63.0.3239.84 allowed a remote
attacker to potentially exploit heap corruption via a
crafted HTML page.
2018
-08-
28
not
yet
calcu
lated
CVE-
2017-
15413
REDHA
T(link is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
GENTO
O
DEBIAN
google -- chrome
Inappropriate implementation in V8 WebAssembly
JS bindings in Google Chrome prior to
63.0.3239.108 allowed a remote attacker to inject
arbitrary scripts or HTML (UXSS) via a crafted
HTML page.
2018
-08-
28
not
yet
calcu
lated
CVE-
2017-
15429
BID(link
is
external)
REDHA
T(link is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
GENTO
O
DEBIAN
google -- chrome
A stack buffer overflow in the QUIC networking
stack in Google Chrome prior to 62.0.3202.89
allowed a remote attacker to gain code execution via
a malicious server.
2018
-08-
28
not
yet
calcu
lated
CVE-
2017-
15398
BID(link
is
external)
REDHA
T(link is
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
GENTO
O
DEBIAN
google -- chrome
A stack buffer overflow in NumberingSystem in
International Components for Unicode (ICU) for
C/C++ before 60.2, as used in V8 in Google Chrome
prior to 62.0.3202.75 and other products, allowed a
remote attacker to potentially exploit heap
corruption via a crafted HTML page.
2018
-08-
28
not
yet
calcu
lated
CVE-
2017-
15396
MISC
BID(link
is
external)
REDHA
T(link is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
GENTO
O
DEBIAN
grafana -- grafana
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before
5.2.3 allows authentication bypass because an
attacker can generate a valid "remember me" cookie
knowing only a username of an LDAP or OAuth
user.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
15727
BID(link
is
external)
CONFIR
M(link is
external)
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
ibm -- cloud_orchestrator
A vulnerability has been identified in IBM Cloud
Orchestrator 2.3, 2.3.0.1, 2.4, and 2.4.0.1 that could
allow an attacker after authentication to enumerate
valid users of the system. IBM X-Force ID: 109394.
2018
-08-
30
not
yet
calcu
lated
CVE-
2016-
0205
XF(link
is
external)
CONFIR
M(link is
external)
ibm --
maximo_asset_management
IBM Maximo Asset Management 7.6 through 7.6.3
is vulnerable to SQL injection. A remote attacker
could send specially-crafted SQL statements, which
could allow the attacker to view, add, modify or
delete information in the back-end database. IBM X-
Force ID: 145968.
2018
-08-
24
not
yet
calcu
lated
CVE-
2018-
1699
BID(link
is
external)
XF(link
is
external)
CONFIR
M(link is
external)
ibm --
openpages_grc_platform
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3
could allow a local user to obtain sensitive
information when a previous user has logged out of
the system but neglected to close their browser. IBM
X-Force ID: 110303.
2018
-08-
30
not
yet
calcu
lated
CVE-
2016-
0234
CONFIR
M(link is
external)
XF(link
is
external)
ibm -- platform_symphony
IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1
and IBM Spectrum Symphony 7.1.2 and 7.2.0.2
contain an information disclosure vulnerability that
could allow an authenticated attacker to obtain
highly sensitive information. IBM X-Force ID:
146340.
2018
-08-
28
not
yet
calcu
lated
CVE-
2018-
1705
XF(link
is
external)
CONFIR
M(link is
external)
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
ibm --
security_access_manager_appl
iance
IBM Security Access Manager Appliance 9.0.4.0
and 9.0.5.0 could allow remote code execution when
Advanced Access Control or Federation services are
running. IBM X-Force ID: 147370.
2018
-08-
24
not
yet
calcu
lated
CVE-
2018-
1722
BID(link
is
external)
SECTR
ACK(lin
k is
external)
XF(link
is
external)
CONFIR
M(link is
external)
ibm -- urbancode_deploy
IBM UrbanCode Deploy 6.0 through 6.2.2.1 could
allow an authenticated user to read sensitive
information due to UCD REST endpoints not
properly authorizing users when determining who
can read data. IBM X-Force ID: 112119.
2018
-08-
30
not
yet
calcu
lated
CVE-
2016-
0373
CONFIR
M(link is
external)
XF(link
is
external)
ibm --
websphere_application_server
_liberty
IBM WebSphere Application Server Liberty could
allow a remote attacker to obtain sensitive
information, caused by incorrect transport being
used when Liberty is configured to use Java
Authentication SPI for Containers (JASPIC). This
can happen when the Application Server is
configured to permit access on non-secure (http)
port and using JASPIC or JSR375 authentication.
2018
-08-
24
not
yet
calcu
lated
CVE-
2018-
1755
BID(link
is
external)
SECTR
ACK(lin
k is
external)
XF(link
is
external)
CONFIR
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
M(link is
external)
ibm -- websphere_commerce
IBM WebSphere Commerce Enterprise,
Professional, Express, and Developer 9.0.0.0 -
9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0
- 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack
8 could allow an authenticated user to obtain
sensitive information about another user.
2018
-08-
27
not
yet
calcu
lated
CVE-
2018-
1644
CONFIR
M(link is
external)
XF(link
is
external)
icewarp -- server
In IceWarp Server 12.0.3.1 and before, there is XSS
in the /webmail/ username field.
2018
-09-
01
not
yet
calcu
lated
CVE-
2018-
16324
MISC(li
nk is
external)
MISC(li
nk is
external)
icms -- icms
An issue was discovered in iCMS 7.0.9. There is an
admincp.php?app=article&do=update CSRF
vulnerability.
2018
-09-
01
not
yet
calcu
lated
CVE-
2018-
16332
MISC(li
nk is
external)
idera -- up.time
An issue was discovered in post2file.php in
Up.Time Monitoring Station 7.5.0 (build 16) and
7.4.0 (build 13). It allows an attacker to upload an
arbitrary file, such as a .php file that can execute
arbitrary OS commands.
2018
-08-
27
not
yet
calcu
lated
CVE-
2015-
9263
MISC(li
nk is
external)
EXPLOI
T-
DB(link
is
external)
MISC(li
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
nk is
external)
idreamsoft -- icms
An issue was discovered in admincp.php in
idreamsoft iCMS 7.0.11. When verifying
CSRF_TOKEN, if CSRF_TOKEN does not exist,
only the Referer header is validated, which can be
bypassed via an admincp.php substring in this
header.
2018
-09-
01
not
yet
calcu
lated
CVE-
2018-
16314
MISC(li
nk is
external)
idreamsoft -- icms
idreamsoft iCMS 7.0.11 allows
admincp.php?app=config Directory Traversal,
resulting in execution of arbitrary PHP code from a
ZIP file.
2018
-09-
01
not
yet
calcu
lated
CVE-
2018-
16320
MISC(li
nk is
external)
idreamsoft -- icms
An SSRF vulnerability was discovered in idreamsoft
iCMS 7.0.11 because the remote function in
app/spider/spider_tools.class.php does not block
DNS hostnames associated with private and reserved
IP addresses, as demonstrated by 127.0.0.1 in an A
record. NOTE: this vulnerability exists because of
an incomplete fix for CVE-2018-14858.
2018
-08-
27
not
yet
calcu
lated
CVE-
2018-
15895
MISC(li
nk is
external)
imagemagick -- imagemagick
In ImageMagick before 7.0.8-8, a NULL pointer
dereference exists in the GetMagickProperty
function in MagickCore/property.c.
2018
-09-
01
not
yet
calcu
lated
CVE-
2018-
16329
MISC(li
nk is
external)
imagemagick -- imagemagick
ReadXBMImage in coders/xbm.c in ImageMagick
before 7.0.8-9 leaves data uninitialized when
processing an XBM file that has a negative pixel
value. If the affected code is used as a library loaded
into a process that includes sensitive information,
that information sometimes can be leaked via the
image data.
2018
-09-
01
not
yet
calcu
lated
CVE-
2018-
16323
MISC(li
nk is
external)
imagemagick -- imagemagick
In ImageMagick before 7.0.8-8, a NULL pointer
dereference exists in the CheckEventLogging
function in MagickCore/log.c.
2018
-09-
01
not
yet
calcu
lated
CVE-
2018-
16328
MISC(li
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
nk is
external)
infoblox -- netmri
Infoblox NetMRI 7.1.1 has Reflected Cross-Site
Scripting via the /api/docs/index.php query
parameter.
2018
-08-
28
not
yet
calcu
lated
CVE-
2018-
6643
MISC(li
nk is
external)
joomla -- joomla
An issue was discovered in Joomla! before 3.8.12.
Inadequate checks in the InputFilter class could
allow specifically prepared phar files to pass the
upload filter.
2018
-08-
28
not
yet
calcu
lated
CVE-
2018-
15882
BID(link
is
external)
CONFIR
M
joomla -- joomla
An issue was discovered in Joomla! before 3.8.12.
Inadequate checks regarding disabled fields can lead
to an ACL violation.
2018
-08-
28
not
yet
calcu
lated
CVE-
2018-
15881
BID(link
is
external)
CONFIR
M
joomla -- joomla
The Joomanager component through 2.0.0 for
Joomla! has an arbitrary file download issue,
resulting in exposing the credentials of the database
via an
index.php?option=com_joomanager&controller=det
ails&task=download&path=configuration.php
request.
2018
-08-
26
not
yet
calcu
lated
CVE-
2017-
18345
MISC(li
nk is
external)
MISC
EXPLOI
T-
DB(link
is
external)
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
joomla -- joomla
An issue was discovered in Joomla! before 3.8.12.
Inadequate output filtering on the user profile page
could lead to a stored XSS attack.
2018
-08-
28
not
yet
calcu
lated
CVE-
2018-
15880
BID(link
is
external)
CONFIR
M
lansweeper -- lansweeper
Lansweeper 4.x through 6.x before 6.0.0.48 allows
attackers to execute arbitrary code on the
administrator's workstation via a crafted Windows
service.
2018
-08-
27
not
yet
calcu
lated
CVE-
2015-
9264
MISC(li
nk is
external)
libtiff -- libtiff
newoffsets handling in
ChopUpSingleUncompressedStrip in tif_dirread.c in
LibTIFF 4.0.9 allows remote attackers to cause a
denial of service (heap-based buffer overflow and
application crash) or possibly have unspecified other
impact via a crafted TIFF file, as demonstrated by
tiff2pdf. This is a different vulnerability than CVE-
2018-15209.
2018
-09-
01
not
yet
calcu
lated
CVE-
2018-
16335
MISC
libtirpc -- libtirpc
A null-pointer dereference vulnerability was found
in libtirpc before version 0.3.3-rc3. The return value
of makefd_xprt() was not checked in all instances,
which could lead to a crash when the server
exhausted the maximum number of available file
descriptors. A remote attacker could cause an rpc-
based application to crash by flooding it with new
connections.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
14622
CONFIR
M
REDHA
T(link is
external)
CONFIR
M(link is
external)
CONFIR
M(link is
external)
MLIST
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
libtirpc -- libtirpc
An infinite loop vulnerability was found in libtirpc
before version 1.0.2-rc2. With the port to using poll
rather than select, exhaustion of file descriptors
would cause the server to enter an infinite loop,
consuming a large amount of CPU time and denying
service to other clients until restarted.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
14621
CONFIR
M
CONFIR
M(link is
external)
CONFIR
M(link is
external)
libx11 -- libx11
An issue was discovered in libX11 through 1.6.5.
The function XListExtensions in ListExt.c is
vulnerable to an off-by-one error caused by
malicious server responses, leading to DoS or
possibly unspecified other impact.
2018
-08-
24
not
yet
calcu
lated
CVE-
2018-
14599
MLIST(l
ink is
external)
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
CONFIR
M
MLIST
MLIST
UBUNT
U(link is
external)
libx11 -- libx11
An issue was discovered in libX11 through 1.6.5.
The function XListExtensions in ListExt.c interprets
a variable as signed instead of unsigned, resulting in
an out-of-bounds write (of up to 128 bytes), leading
to DoS or remote code execution.
2018
-08-
24
not
yet
calcu
lated
CVE-
2018-
14600
MLIST(l
ink is
external)
BID(link
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
CONFIR
M
MLIST
MLIST
UBUNT
U(link is
external)
libx11 -- libx11
An issue was discovered in XListExtensions in
ListExt.c in libX11 through 1.6.5. A malicious
server can send a reply in which the first string
overflows, causing a variable to be set to NULL that
will be freed later on, leading to DoS (segmentation
fault).
2018
-08-
24
not
yet
calcu
lated
CVE-
2018-
14598
MLIST(l
ink is
external)
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
CONFIR
M
MLIST
MLIST
UBUNT
U(link is
external)
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
libzypp -- libzypp
The decoupled download and installation steps in
libzypp before 17.5.0 could lead to a corrupted RPM
being left in the cache, where a later call would not
display the corrupted RPM warning and allow
installation, a problem caused by malicious
warnings only displayed during download.
2018
-08-
31
not
yet
calcu
lated
CVE-
2018-
7685
MISC(li
nk is
external)
CONFIR
M(link is
external)
MISC(li
nk is
external)
lightbend -- akka
Lightbend Akka 2.5.x before 2.5.16 allows message
disclosure and modification because of an RNG
error. A random number generator is used in Akka
Remoting for TLS (both classic and Artery
Remoting). Akka allows configuration of custom
random number generators. For historical reasons,
Akka included the AES128CounterSecureRNG and
AES256CounterSecureRNG random number
generators. The implementations had a bug that
caused the generated numbers to be repeated after
only a few bytes. The custom RNG implementations
were not configured by default but examples in the
documentation showed (and therefore implicitly
recommended) using the custom ones. This can be
used by an attacker to compromise the
communication if these random number generators
are enabled in configuration. It would be possible to
eavesdrop, replay, or modify the messages sent with
Akka Remoting/Cluster.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
16115
MISC(li
nk is
external)
lightbend -- akka
The decodeRequest and decodeRequestWith
directives in Lightbend Akka HTTP 10.1.x through
10.1.4 and 10.0.x through 10.0.13 allow remote
attackers to cause a denial of service (memory
consumption and daemon crash) via a ZIP bomb.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
16131
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
nk is
external)
linux -- linux_kernel
An issue was discovered in yurex_read in
drivers/usb/misc/yurex.c in the Linux kernel before
4.17.7. Local attackers could use user access
read/writes with incorrect bounds checking in the
yurex USB driver to crash the kernel or potentially
escalate privileges.
2018
-08-
31
not
yet
calcu
lated
CVE-
2018-
16276
MISC
MISC
MISC(li
nk is
external)
linux -- linux_kernel
A flaw was found in the crypto subsystem of the
Linux kernel before version kernel-4.15-rc4. The
"null skcipher" was being dropped when each
af_alg_ctx was freed instead of when the aead_tfm
was freed. This can cause the null skcipher to be
freed while it is still in use leading to a local user
being able to crash the system or possibly escalate
privileges.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
14619
CONFIR
M(link is
external)
CONFIR
M
linux -- linux_kernel
A flaw was found in the Linux kernel present since
v4.0-rc1 and through v4.13-rc4. A crafted network
packet sent remotely by an attacker may force the
kernel to enter an infinite loop in the
cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c
leading to a denial-of-service.
2018
-08-
27
not
yet
calcu
lated
CVE-
2018-
10938
MLIST
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
CONFIR
M
manjaro -- linux
An issue was discovered in manjaro-update-
system.sh in manjaro-system 20180716-1 on
Manjaro Linux. A local attacker can install or
remove arbitrary packages and package repositories
potentially containing hooks with arbitrary code,
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
15912
CONFIR
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
which will automatically be run as root, or remove
packages vital to the system.
M
MLIST
mediacomm -- zip-n-go
MediaComm Zip-n-Go before 4.95 has a Buffer
Overflow via a crafted file.
2018
-09-
01
not
yet
calcu
lated
CVE-
2018-
16302
EXPLOI
T-
DB(link
is
external)
micro_focus --
service_management_automati
on_containerized_suites
Remote Code Execution in the following products
Hybrid Cloud Management Containerized Suite
HCM2017.11, HCM2018.02, HCM2018.05,
Operations Bridge Containerized Suite 2017.11,
2018.02, 2018.05, Data Center Automation
Containerized Suite 2017.01 until 2018.05, Service
Management Automation Suite 2017.11, 2018.02,
2018.05, Service Virtualization (SV) with floating
licenses using Any version using APLS older than
10.7, Unified Functional Testing (UFT) with
floating licenses using Any version using APLS
older than 10.7, Network Virtualization (NV) with
floating licenses using Any version using APLS
older than 10.7 and Network Operations
Management (NOM) Suite CDF 2017.11, 2018.02,
2018.05 will allow Remote Code Execution.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
6499
CONFIR
M(link is
external)
CONFIR
M(link is
external)
CONFIR
M(link is
external)
CONFIR
M(link is
external)
CONFIR
M(link is
external)
CONFIR
M(link is
external)
micro_focus --
service_management_automati
on_containerized_suites
Remote Code Execution in the following products
Hybrid Cloud Management Containerized Suite
HCM2017.11, HCM2018.02, HCM2018.05,
Operations Bridge Containerized Suite 2017.11,
2018.02, 2018.05, Data Center Automation
Containerized Suite 2017.01 until 2018.05, Service
Management Automation Suite 2017.11, 2018.02,
2018.05 and Network Operations Management
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
6498
CONFIR
M(link is
external)
CONFIR
M(link is
external)
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
(NOM) Suite CDF 2017.11, 2018.02, 2018.05 will
allow Remote Code Execution.
CONFIR
M(link is
external)
CONFIR
M(link is
external)
CONFIR
M(link is
external)
minicms -- minicms
An issue was discovered in MiniCMS 1.10. There is
a post.php?date= XSS vulnerability.
2018
-08-
27
not
yet
calcu
lated
CVE-
2018-
15899
MISC(li
nk is
external)
minicms -- minicms
An issue was discovered in MiniCMS 1.10. There is
an mc-admin/post.php?tag= XSS vulnerability for a
state=delete, state=draft, or state=publish request.
2018
-08-
31
not
yet
calcu
lated
CVE-
2018-
16298
MISC(li
nk is
external)
minicms -- minicms
MiniCMS V1.10 has XSS via the mc-admin/post-
edit.php tags parameter.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
16233
MISC(li
nk is
external)
morningstar -- whatweb
MorningStar WhatWeb 0.4.9 has XSS via JSON
report files.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
16234
MISC(li
nk is
external)
mutiny --
monitoring_appliance
A command injection vulnerability in
maintenance.cgi in Mutiny "Monitoring Appliance"
before 6.1.0-5263 allows authenticated users, with
access to the admin interface, to inject arbitrary
2018
-08-
28
not
yet
calcu
lated
CVE-
2018-
15529
MISC(li
nk is
external)
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
commands within the filename of a system upgrade
upload.
MISC(li
nk is
external)
mybb -- mybb
An issue was discovered in
inc/class_feedgeneration.php in MyBB 1.8.17. On
the forum RSS Syndication page, one can generate a
URL such as
http://localhost/syndication.php?fid=&type=atom1.0
&limit=15. The thread titles (within title elements of
the generated XML documents) aren't sanitized,
leading to XSS.
2018
-08-
28
not
yet
calcu
lated
CVE-
2018-
15596
CONFIR
M(link is
external)
mystrom --
wifi_switch_and_bulb_and_le
d_strip_and_button_devices
An issue was discovered in myStrom WiFi Switch
V1 before 2.66, WiFi Switch V2 before 3.80, WiFi
Switch EU before 3.80, WiFi Bulb before 2.58,
WiFi LED Strip before 3.80, WiFi Button before
2.73, and WiFi Button Plus before 2.73. Devices did
not authenticate themselves to the cloud in device to
cloud communication. This lack of device
authentication allowed an attacker to impersonate
any device by guessing or learning their MAC
address.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
15479
MISC(li
nk is
external)
mystrom --
wifi_switch_and_bulb_and_le
d_strip_and_button_devices
An issue was discovered in myStrom WiFi Switch
V1 before 2.66, WiFi Switch V2 before 3.80, WiFi
Switch EU before 3.80, WiFi Bulb before 2.58,
WiFi LED Strip before 3.80, WiFi Button before
2.73, and WiFi Button Plus before 2.73. The process
of registering a device with a cloud account was
based on an activation code derived from the device
MAC address. By guessing valid MAC addresses or
using MAC addresses printed on devices in shops
and reverse engineering the protocol, an attacker
would have been able to register previously
unregistered devices to their account. When the
rightful owner would have connected them after
purchase to their WiFi network, the devices would
not have registered with their account, would
subsequently not have been controllable from the
owner's mobile app, and would not have been visible
in the owner's account. Instead, they would have
been under control of the attacker.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
15478
MISC(li
nk is
external)
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
mystrom --
wifi_switch_and_bulb_and_le
d_strip_and_button_devices
An issue was discovered in myStrom WiFi Switch
V1 before 2.66, WiFi Switch V2 before 3.80, WiFi
Switch EU before 3.80, WiFi Bulb before 2.58,
WiFi LED Strip before 3.80, WiFi Button before
2.73, and WiFi Button Plus before 2.73. The
SSL/TLS server certificate in the device to cloud
communication was not verified by the device. As a
result, an attacker in control of the network traffic of
a device could have taken control of a device by
intercepting and modifying commands issued from
the server to the device in a Man-in-the-Middle
attack. This included the ability to inject firmware
update commands into the communication and cause
the device to install maliciously modified firmware.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
15476
MISC(li
nk is
external)
mystrom --
wifi_switch_and_bulb_and_le
d_strip_and_button_devices
An issue was discovered in myStrom WiFi Switch
V1 before 2.66, WiFi Switch V2 before 3.80, WiFi
Switch EU before 3.80, WiFi Bulb before 2.58,
WiFi LED Strip before 3.80, WiFi Button before
2.73, and WiFi Button Plus before 2.73. The cloud
API had a hidden parameter, which allowed an
authenticated user to reconfigure the server URL for
a device registered to their account. In combination
with an insecure device registration vulnerability,
this allowed an attacker to reconfigure a maliciously
registered device to their own rogue replica of the
myStrom API and issue commands to the device,
including firmware update commands.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
15480
MISC(li
nk is
external)
mystrom --
wifi_switch_devices
myStrom WiFi Switch V1 devices before 2.66 did
not sanitize a parameter received from the cloud that
was used in an OS command. Malicious servers
were able to run operating system commands on the
device.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
15477
MISC(li
nk is
external)
norton -- identity_safe
The Norton Identity Safe product prior to 5.3.0.976
may be susceptible to a privilege escalation issue via
a hard coded IV, which is a type of vulnerability that
can potentially increase the likelihood of encrypted
data being recovered without adequate credentials.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
12240
BID(link
is
external)
CONFIR
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
M(link is
external)
npm -- mosca
This vulnerability allows remote attackers to deny
service on vulnerable installations of npm mosca
2.8.1. Authentication is not required to exploit this
vulnerability. The specific flaw exists within the
processing of topics. A crafted regular expression
can cause the broker to crash. An attacker can
leverage this vulnerability to deny access to the
target system. Was ZDI-CAN-6306.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
11615
MISC(li
nk is
external)
nvidia -- geforce_experience
NVIDIA GeForce Experience all versions prior to
3.14.1 contains a potential vulnerability when
GameStream is enabled where improper access
control may lead to a denial of service, escalation of
privileges, or both.
2018
-08-
31
not
yet
calcu
lated
CVE-
2018-
6257
CONFIR
M(link is
external)
nvidia -- geforce_experience
NVIDIA GeForce Experience all versions prior to
3.14.1 contains a potential vulnerability during
GameStream installation where an attacker who has
system access can potentially conduct a Man-in-the-
Middle (MitM) attack to obtain sensitive
information.
2018
-08-
31
not
yet
calcu
lated
CVE-
2018-
6258
CONFIR
M(link is
external)
nvidia -- geforce_experience
NVIDIA GeForce Experience all versions prior to
3.14.1 contains a potential vulnerability when
GameStream is enabled, an attacker has system
access, and certain system features are enabled,
where limited information disclosure may be
possible.
2018
-08-
31
not
yet
calcu
lated
CVE-
2018-
6259
CONFIR
M(link is
external)
open_whisper -- signal_app
The image rendering component
(createGenericPreview) of the Open Whisper Signal
app through 2.29.0 for iOS fails to check for
unreasonably large images before manipulating
received images. This allows for a large image sent
to a user to exhaust all available memory when the
image is displayed, resulting in a forced restart of
the device.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
16132
MISC
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
openssh -- openssh
Remotely observable behaviour in auth-gss2.c in
OpenSSH through 7.8 could be used by remote
attackers to detect existence of users on a target
system when GSS2 is in use. NOTE: the discoverer
states 'We understand that the OpenSSH developers
do not want to treat such a username enumeration
(or "oracle") as a vulnerability.'
2018
-08-
28
not
yet
calcu
lated
CVE-
2018-
15919
MISC
BID(link
is
external)
openstack-cinder -- openstack-
cinder
A vulnerability was found in openstack-cinder
releases up to and including Queens, allowing newly
created volumes in certain storage volume
configurations to contain previous data. It
specifically affects ScaleIO volumes using thin
volumes and zero padding. This could lead to
leakage of sensitive information between tenants.
2018
-08-
27
not
yet
calcu
lated
CVE-
2017-
15139
CONFIR
M(link is
external)
MISC
opswat -- metadefender
OPSWAT MetaDefender before v4.11.2 allows
CSV injection.
2018
-08-
31
not
yet
calcu
lated
CVE-
2018-
16275
CONFIR
M(link is
external)
orbic -- wonder_orbic_release-
keys_devices
An issue was discovered on Orbic Wonder
Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:us
er/release-keys devices, allowing attackers to obtain
sensitive information (such as text-message content)
by reading a copy of the Android log on the SD
card. The system-wide Android logs are not directly
available to third-party apps since they tend to
contain sensitive data. Third-party apps can read
from the log but only the log messages that the app
itself has written. Certain apps can leak data to the
Android log due to not sanitizing log messages,
which is in an insecure programming practice. Pre-
installed system apps and apps that are signed with
the framework key can read from the system-wide
Android log. We found a pre-installed app on the
Orbic Wonder that when started via an Intent will
write the Android log to the SD card, also known as
external storage, via
com.ckt.mmitest.MmiMainActivity. Any app that
requests the READ_EXTERNAL_STORAGE
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
6599
MISC(li
nk is
external)
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
permission can read from the SD card. Therefore, a
local app on the device can quickly start a specific
component in the pre-installed system app to have
the Android log written to the SD card. Therefore,
any app co-located on the device with the
READ_EXTERNAL_STORAGE permission can
obtain the data contained within the Android log and
continually monitor it and mine the log for relevant
data. In addition, the default messaging app
(com.android.mms) writes the body of sent and
received text messages to the Android log, as well as
the recipient phone number for sent text messages
and the sending phone number for received text
messages. In addition, any call data contains phone
numbers for sent and received calls.
orbic -- wonder_orbic_release-
keys_devices
An issue was discovered on Orbic Wonder
Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:us
er/release-keys devices. Any app co-located on the
device can send an intent to factory reset the device
programmatically because of
com.android.server.MasterClearReceiver. This does
not require any user interaction and does not require
any permission to perform. A factory reset will
remove all user data from the device. This will result
in the loss of any data that the user has not backed
up or synced externally. This capability to perform a
factory reset is not directly available to third-party
apps (those that the user installs themselves),
although this capability is present in an unprotected
component of the Android OS. This vulnerability is
not present in Google's Android Open Source
Project (AOSP) code. Therefore, it was introduced
by Orbic or another entity in the supply chain.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
6598
MISC(li
nk is
external)
ovation -- findme
Ovation FindMe 1.4-1083-1 is intended to support
transmission of network traffic from covert video
recorders but does not properly disrupt binary
analysis for discovering the product's capabilities or
purpose. This makes it easier for adversaries to
detect the covert operation. Specifically, the product
uses a compression technique to prevent the
identification of certain libraries in the software by
2018
-08-
26
not
yet
calcu
lated
CVE-
2018-
15885
MISC(li
nk is
external)
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
obfuscation. The software relies on a TLS callback
and an additional executable file to enable these
libraries and their access to certain websites. The
unpacked software can be exploited by several
different types of documented techniques.
pandao -- editor.md
Pandao Editor.md 1.5.0 allows XSS via crafted
attributes of an invalid IMG element.
2018
-09-
01
not
yet
calcu
lated
CVE-
2018-
16330
MISC(li
nk is
external)
pango -- pango
libpango in Pango 1.40.8 through 1.42.3, as used in
hexchat and other products, allows remote attackers
to cause a denial of service (application crash) or
possibly have unspecified other impact via crafted
text with invalid Unicode sequences.
2018
-08-
24
not
yet
calcu
lated
CVE-
2018-
15120
MISC(li
nk is
external)
CONFIR
M(link is
external)
CONFIR
M(link is
external)
MLIST
UBUNT
U(link is
external)
EXPLOI
T-
DB(link
is
external)
pdf-xchange -- editor
PDF-XChange Editor through 7.0.326.1 allows
remote attackers to cause a denial of service
(resource consumption) via a crafted x:xmpmeta
structure, a related issue to CVE-2003-1564.
2018
-09-
01
not
yet
calcu
lated
CVE-
2018-
16303
MISC(li
nk is
external)
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
phpkaiyuancms --
phpopensourcecms
phpkaiyuancms PhpOpenSourceCMS (POSCMS)
V3.2.0 allows an unauthenticated user to execute
arbitrary SQL commands via the
diy/module/member/controllers/Api.php
ajax_save_draft function with the dir parameter.
2018
-08-
31
not
yet
calcu
lated
CVE-
2018-
16278
MISC(li
nk is
external)
phpmyadmin -- phpmyadmin
An issue was discovered in phpMyAdmin before
4.8.3. A Cross-Site Scripting vulnerability has been
found where an attacker can use a crafted file to
manipulate an authenticated user who loads that file
through the import feature.
2018
-08-
24
not
yet
calcu
lated
CVE-
2018-
15605
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
CONFIR
M(link is
external)
phpmyfaq -- phpmyfaq
phpMyFAQ before 2.8.13 allows remote
authenticated users with admin privileges to bypass
authorization via a crafted instance ID parameter.
2018
-08-
28
not
yet
calcu
lated
CVE-
2014-
6049
MISC(li
nk is
external)
CONFIR
M(link is
external)
phpmyfaq -- phpmyfaq
phpMyFAQ before 2.8.13 allows remote
authenticated users with certain permissions to read
arbitrary attachments by leveraging incorrect
"download an attachment" permission checks.
2018
-08-
28
not
yet
calcu
lated
CVE-
2014-
6047
MISC(li
nk is
external)
CONFIR
M(link is
external)
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
phpmyfaq -- phpmyfaq
SQL injection vulnerability in phpMyFAQ before
2.8.13 allows remote authenticated users with
certain permissions to execute arbitrary SQL
commands via vectors involving the restore
function.
2018
-08-
28
not
yet
calcu
lated
CVE-
2014-
6045
MISC(li
nk is
external)
CONFIR
M(link is
external)
phpmyfaq -- phpmyfaq
Multiple cross-site request forgery (CSRF)
vulnerabilities in phpMyFAQ before 2.8.13 allow
remote attackers to hijack the authentication of
unspecified users for requests that (1) delete active
users by leveraging improper validation of CSRF
tokens or that (2) delete open questions, (3) activate
users, (4) publish FAQs, (5) add or delete Glossary,
(6) add or delete FAQ news, or (7) add or delete
comments or add votes by leveraging lack of a
CSRF token.
2018
-08-
28
not
yet
calcu
lated
CVE-
2014-
6046
MISC(li
nk is
external)
CONFIR
M(link is
external)
phpmyfaq -- phpmyfaq
phpMyFAQ before 2.8.13 allows remote attackers to
bypass the CAPTCHA protection mechanism by
replaying the request.
2018
-08-
28
not
yet
calcu
lated
CVE-
2014-
6050
MISC(li
nk is
external)
CONFIR
M(link is
external)
phpmyfaq -- phpmyfaq
phpMyFAQ before 2.8.13 allows remote attackers to
read arbitrary attachments via a direct request.
2018
-08-
28
not
yet
calcu
lated
CVE-
2014-
6048
MISC(li
nk is
external)
CONFIR
M(link is
external)
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
phpok -- phpok
PHPOK 4.8.278 has a Reflected XSS vulnerability
in framework/www/login_control.php via the _back
parameter to the ok_f function.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
16142
MISC(li
nk is
external)
phpscriptsmall.com --
website_seller_script
PHP Scripts Mall Website Seller Script 2.0.5 allows
remote attackers to cause a denial of service via
crafted JavaScript code in the First Name, Last
Name, Company Name, or Fax field, as
demonstrated by crossPwn.
2018
-08-
28
not
yet
calcu
lated
CVE-
2018-
15897
MISC(li
nk is
external)
phpscriptsmall.com --
website_seller_script
PHP Scripts Mall Website Seller Script 2.0.5 has
XSS via Personal Address or Company Name.
2018
-08-
28
not
yet
calcu
lated
CVE-
2018-
15896
MISC(li
nk is
external)
podofo -- podofo
In podofo 0.9.6, the function
PoDoFo::PdfParser::ReadObjects() in
base/PdfParser.cpp can cause the program to be
aborted, because
PoDoFo::PdfVecObjects::Reserve() in
base/PdfVecObjects.h can be called with a large size
value. Remote attackers could leverage this
vulnerability to cause a denial-of-service via a
crafted pdf file.
2018
-08-
26
not
yet
calcu
lated
CVE-
2018-
15889
MISC(li
nk is
external)
MISC(li
nk is
external)
portainer -- portainer
A stored Cross-site scripting (XSS) vulnerability in
Portainer through 1.19.1 allows remote
authenticated users to inject arbitrary JavaScript
and/or HTML via the Team Name field.
2018
-09-
01
not
yet
calcu
lated
CVE-
2018-
16316
MISC(li
nk is
external)
postgresql-jdbc -- postgresql-
jdbc
A weakness was found in postgresql-jdbc before
version 42.2.5. It was possible to provide an SSL
Factory and not check the host name if a host name
verifier was not provided to the driver. This could
lead to a condition where a man-in-the-middle
attacker could masquerade as a trusted server by
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
10936
CONFIR
M(link is
external)
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
providing a certificate for the wrong host, as long as
it was signed by a trusted CA.
CONFIR
M
qemu -- qemu
qemu-seccomp.c in QEMU might allow local OS
guest users to cause a denial of service (guest crash)
by leveraging mishandling of the seccomp policy for
threads other than the main thread.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
15746
MLIST(l
ink is
external)
MLIST
qnap -- photo_station
Cross-site scripting vulnerability in QNAP Photo
Station versions 5.7.0 and earlier could allow remote
attackers to inject Javascript code in the
compromised application.
2018
-08-
27
not
yet
calcu
lated
CVE-
2018-
0715
CONFIR
M(link is
external)
responsive_filemanager --
responsive_filemanager
/filemanager/ajax_calls.php in tecrail Responsive
FileManager before 9.13.4 uses external input to
construct a pathname that should be within a
restricted directory, but it does not properly
neutralize get_file sequences such as ".." that can
resolve to a location that is outside of that directory,
aka Directory Traversal.
2018
-08-
24
not
yet
calcu
lated
CVE-
2018-
15535
FULLDI
SC
EXPLOI
T-
DB(link
is
external)
responsive_filemanager --
responsive_filemanager
/filemanager/ajax_calls.php in tecrail Responsive
FileManager before 9.13.4 does not properly
validate file paths in archives, allowing for the
extraction of crafted archives to overwrite arbitrary
files via an extract action, aka Directory Traversal.
2018
-08-
24
not
yet
calcu
lated
CVE-
2018-
15536
FULLDI
SC
EXPLOI
T-
DB(link
is
external)
ricoh -- mp_c4504ex_devices RICOH MP C4504ex devices allow HTML
Injection via the
2018
-08-
28 not
yet
CVE-
2018-
15884
MISC(li
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
/web/entry/en/address/adrsSetUserWizard.cgi
entryNameIn parameter.
calcu
lated
nk is
external)
EXPLOI
T-
DB(link
is
external)
rsa --
bsafe_micro_edition_suite
RSA BSAFE Micro Edition Suite, version 4.1.6,
contains an integer overflow vulnerability. A remote
attacker could use maliciously constructed ASN.1
data to potentially cause a Denial Of Service.
2018
-08-
31
not
yet
calcu
lated
CVE-
2018-
11054
FULLDI
SC
rsa --
bsafe_micro_edition_suite
RSA BSAFE Micro Edition Suite, versions prior to
4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x),
contains an Improper Clearing of Heap Memory
Before Release ('Heap Inspection') vulnerability.
Decoded PKCS #12 data in heap memory is not
zeroized by MES before releasing the memory
internally and a malicious local user could gain
access to the unauthorized data by doing heap
inspection.
2018
-08-
31
not
yet
calcu
lated
CVE-
2018-
11055
FULLDI
SC
rsa --
bsafe_micro_edition_suite
RSA BSAFE Micro Edition Suite, prior to 4.1.6.1
(in 4.1.x), and RSA BSAFE Crypto-C Micro Edition
versions prior to 4.0.5.3 (in 4.0.x) contain an
Uncontrolled Resource Consumption ('Resource
Exhaustion') vulnerability when parsing ASN.1 data.
A remote attacker could use maliciously constructed
ASN.1 data that would exhaust the stack, potentially
causing a Denial Of Service.
2018
-08-
31
not
yet
calcu
lated
CVE-
2018-
11056
FULLDI
SC
rsa --
bsafe_micro_edition_suite
RSA BSAFE Micro Edition Suite, versions prior to
4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x)
contains a Covert Timing Channel vulnerability
during RSA decryption, also known as a
Bleichenbacher attack on RSA decryption. A remote
attacker may be able to recover a RSA key.
2018
-08-
31
not
yet
calcu
lated
CVE-
2018-
11057
FULLDI
SC
samsung --
smartthings_hub_sth-eth-
250_firmware
An exploitable integer underflow vulnerability exists
in the ZigBee firmware update routine of the
hubCore binary of the Samsung SmartThings Hub
STH-ETH-250 - Firmware version 0.20.17. The
2018
-08-
28 not
yet
CVE-
2018-
3926
BID(link
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
hubCore process incorrectly handles malformed files
existing in its data directory, leading to an infinite
loop, which eventually causes the process to crash.
An attacker can send an HTTP request to trigger this
vulnerability.
calcu
lated
is
external)
MISC(li
nk is
external)
samsung --
smartthings_hub_sth-eth-
250_firmware
An exploitable information disclosure vulnerability
exists in the crash handler of the hubCore binary of
the Samsung SmartThings Hub STH-ETH-250 -
Firmware version 0.20.17. When hubCore crashes,
Google Breakpad is used to record minidumps,
which are sent over an insecure HTTPS connection
to the backtrace.io service, leading to the exposure
of sensitive data. An attacker can impersonate the
remote backtrace.io server in order to trigger this
vulnerability.
2018
-08-
27
not
yet
calcu
lated
CVE-
2018-
3927
MISC(li
nk is
external)
samsung --
smartthings_hub_sth-eth-
250_firmware
An exploitable buffer overflow vulnerability exists
in the /cameras/XXXX/clips handler of video-core's
HTTP server of Samsung SmartThings Hub STH-
ETH-250 - Firmware version 0.20.17. The video-
core process incorrectly extracts fields from a user-
controlled JSON payload, leading to a buffer
overflow on the stack. An attacker can send an
HTTP request to trigger this vulnerability.
2018
-08-
27
not
yet
calcu
lated
CVE-
2018-
3893
MISC(li
nk is
external)
samsung --
smartthings_hub_sth-eth-
250_firmware
An exploitable buffer overflow vulnerability exists
in the camera 'update' feature of video-core's HTTP
server of Samsung SmartThings Hub STH-ETH-250
- Firmware version 0.20.17. The video-core process
incorrectly extracts fields from a user-controlled
JSON payload, leading to a buffer overflow on the
stack. An attacker can send an HTTP request to
trigger this vulnerability.
2018
-08-
27
not
yet
calcu
lated
CVE-
2018-
3904
MISC(li
nk is
external)
samsung --
smartthings_hub_sth-eth-
250_firmware
An exploitable vulnerability exists in the remote
servers of Samsung SmartThings Hub STH-ETH-
250 - Firmware version 0.20.17. The hubCore
process listens on port 39500 and relays any
unauthenticated messages to SmartThings' remote
servers, which incorrectly handle camera IDs for the
'sync' operation, leading to arbitrary deletion of
2018
-08-
27
not
yet
calcu
lated
CVE-
2018-
3918
MISC(li
nk is
external)
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
cameras. An attacker can send an HTTP request to
trigger this vulnerability.
samsung --
smartthings_hub_sth-eth-
250_firmware
An exploitable vulnerability exists in the REST
parser of video-core's HTTP server of the Samsung
SmartThings Hub STH-ETH-250-Firmware version
0.20.17. The video-core process incorrectly handles
pipelined HTTP requests, which allows successive
requests to overwrite the previously parsed HTTP
method, URL and body. With the implementation of
the on_body callback, defined by sub_41734, an
attacker can send an HTTP request to trigger this
vulnerability.
2018
-08-
28
not
yet
calcu
lated
CVE-
2018-
3908
MISC(li
nk is
external)
samsung --
smartthings_hub_sth-eth-
250_firmware
An exploitable buffer overflow vulnerability exists
in the /cameras/XXXX/clips handler of video-core's
HTTP server of Samsung SmartThings Hub STH-
ETH-250 Firmware version 0.20.17. The strncpy
call overflows the destination buffer, which has a
size of 52 bytes. An attacker can send an arbitrarily
long 'endTime' value in order to exploit this
vulnerability. An attacker can send an HTTP request
to trigger this vulnerability.
2018
-08-
28
not
yet
calcu
lated
CVE-
2018-
3895
MISC(li
nk is
external)
samsung --
smartthings_hub_sth-eth-
250_firmware
An exploitable stack-based buffer overflow
vulnerability exists in the retrieval of database fields
in the video-core HTTP server of the Samsung
SmartThings Hub STH-ETH-250 - Firmware
version 0.20.17. The strcpy call overflows the
destination buffer, which has a size of 136 bytes. An
attacker can send an arbitrarily long 'directory' value
in order to exploit this vulnerability. An attacker can
send an HTTP request to trigger this vulnerability.
2018
-08-
28
not
yet
calcu
lated
CVE-
2018-
3916
MISC(li
nk is
external)
schneider_electric --
modicon_m221
A Permissions, Privileges, and Access Control
vulnerability exists in Schneider Electric's Modicon
M221 product (all references, all versions prior to
firmware V1.6.2.0). The vulnerability allows
unauthorized users to overwrite the original
password with their password. If an attacker exploits
this vulnerability and overwrite the password, the
attacker can upload the original program from the
PLC.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
7791
BID(link
is
external)
CONFIR
M(link is
external)
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
schneider_electric --
modicon_m221
An Improper Check for Unusual or Exceptional
Conditions vulnerability exists in Schneider
Electric's Modicon M221 product (all references, all
versions prior to firmware V1.6.2.0). The
vulnerability allows unauthorized users to remotely
reboot Modicon M221 using crafted programing
protocol frames.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
7789
BID(link
is
external)
MISC
CONFIR
M(link is
external)
schneider_electric --
modicon_m221
An Information Management Error vulnerability
exists in Schneider Electric's Modicon M221
product (all references, all versions prior to firmware
V1.6.2.0). The vulnerability allows unauthorized
users to replay authentication sequences. If an
attacker exploits this vulnerability and connects to a
Modicon M221, the attacker can upload the original
program from the PLC.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
7790
BID(link
is
external)
CONFIR
M(link is
external)
schneider_electric --
modicon_m221
A Permissions, Privileges, and Access Control
vulnerability exists in Schneider Electric's Modicon
M221 product (all references, all versions prior to
firmware V1.6.2.0). The vulnerability allows
unauthorized users to decode the password using
rainbow table.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
7792
BID(link
is
external)
CONFIR
M(link is
external)
schneider_electric --
powerlogic
A Cross Protocol Injection vulnerability exists in
Schneider Electric's PowerLogic (PM5560 prior to
FW version 2.5.4) product. The vulnerability makes
the product susceptible to cross site scripting attack
on its web browser. User inputs can be manipulated
to cause execution of java script code.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
7795
BID(link
is
external)
MISC
CONFIR
M(link is
external)
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
sentrifugo -- sentrifugo
A SQL Injection issue was discovered in Sentrifugo
3.2 via the deptid parameter.
2018
-08-
28
not
yet
calcu
lated
CVE-
2018-
15873
MISC(li
nk is
external)
simplehttpserver --
simplehttpserver
Path traversal in simplehttpserver <v0.2.1 allows
listing any file on the server.
2018
-08-
31
not
yet
calcu
lated
CVE-
2018-
3787
MISC(li
nk is
external)
subrion -- subrion
There is Stored XSS in Subrion 4.2.1 via the admin
panel URL configuration.
2018
-09-
01
not
yet
calcu
lated
CVE-
2018-
16327
MISC(li
nk is
external)
technicolor -- tc8305c_devices
Technicolor (formerly RCA) TC8305C devices
allow remote attackers to cause a denial of service
(networking outage) via a flood of random MAC
addresses, as demonstrated by macof. NOTE: this
might overlap CVE-2018-15852.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
15907
MISC(li
nk is
external)
tencent -- foxmail
This vulnerability allows remote attackers to execute
arbitrary code on vulnerable installations of Tencent
Foxmail 7.2.9.115. User interaction is required to
exploit this vulnerability in that the target must visit
a malicious page or open a malicious file. The
specific flaw exists within the processing of URI
handlers. The issue results from the lack of proper
validation of a user-supplied string before using it to
execute a system call. An attacker can leverage this
vulnerability to execute code under the context of
the current process. Was ZDI-CAN-5543.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
11616
MISC(li
nk is
external)
tenda -- multiple_routers
An issue was discovered on Tenda AC7
V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN,
AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN,
and AC18 V15.03.05.19(6318)_CN devices. There
2018
-09-
01 not
yet
CVE-
2018-
16333
MISC(li
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
is a buffer overflow vulnerability in the router's web
server. While processing the ssid parameter for a
POST request, the value is directly used in a sprintf
call to a local variable placed on the stack, which
overrides the return address of the function, causing
a buffer overflow.
calcu
lated
nk is
external)
tenda -- multiple_routers
An issue was discovered on Tenda AC9
V15.03.05.19(6318)_CN and AC10
V15.03.06.23_CN devices. The mac parameter in a
POST request is used directly in a doSystemCmd
call, causing OS command injection.
2018
-09-
01
not
yet
calcu
lated
CVE-
2018-
16334
MISC(li
nk is
external)
thinkcmf -- thinkcmf
ThinkCMF X2.2.3 has an arbitrary file deletion
vulnerability in do_avatar in
\application\User\Controller\ProfileController.class.
php via an imgurl parameter with a ..\ sequence. A
member user can delete any file on a Windows
server.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
16141
MISC(li
nk is
external)
trend_micro -- officescan_xg
A Named Pipe Request Processing Out-of-Bounds
Read Information Disclosure vulnerability in Trend
Micro OfficeScan XG (12.0) could allow a local
attacker to disclose sensitive information on
vulnerable installations. An attacker must first
obtain the ability to execute low-privileged code on
the target system in order to exploit the
vulnerability.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
15364
CONFIR
M(link is
external)
MISC(li
nk is
external)
trend_micro -- security
A Deserialization of Untrusted Data Privilege
Escalation vulnerability in Trend Micro Security
2018 (Consumer) products could allow a local
attacker to escalate privileges on vulnerable
installations. An attacker must first obtain the ability
to execute low-privileged code on the target system
in order to exploit the vulnerability.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
10513
CONFIR
M(link is
external)
MISC(li
nk is
external)
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
trend_micro -- security
An Out-of-Bounds Read Privilege Escalation
vulnerability in Trend Micro Security 2018
(Consumer) products could allow a local attacker to
escalate privileges on vulnerable installations. An
attacker must first obtain the ability to execute low-
privileged code on the target system in order to
exploit the vulnerability.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
15363
CONFIR
M(link is
external)
MISC(li
nk is
external)
trend_micro -- security
A Missing Impersonation Privilege Escalation
vulnerability in Trend Micro Security 2018
(Consumer) products could allow a local attacker to
escalate privileges on vulnerable installations. An
attacker must first obtain the ability to execute low-
privileged code on the target system in order to
exploit the vulnerability.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
10514
CONFIR
M(link is
external)
MISC(li
nk is
external)
umbraco -- umbraco
Umbraco before 7.2.0 has a remote PHP code
execution vulnerability because
Umbraco.Web.UI/config/umbracoSettings.Release.c
onfig does not block the upload of .php files.
2018
-08-
27
not
yet
calcu
lated
CVE-
2014-
10074
MISC
MISC(li
nk is
external)
vanilla -- vanilla
In Vanilla before 2.6.1, the polling functionality
allows Insecure Direct Object Reference (IDOR) via
the Poll ID, leading to the ability of a single user to
select multiple Poll Options (e.g., vote for multiple
items).
2018
-08-
26
not
yet
calcu
lated
CVE-
2018-
15833
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
visiology --
flipbox_software_suite
Visiology Flipbox Software Suite before 2.7.0
allows directory traversal via %5c%2e%2e%2f
because it does not sanitize filename parameters.
2018
-08-
27
not
yet
calcu
lated
CVE-
2018-
15810
MISC(li
nk is
external)
MISC(li
nk is
external)
vivotek -- multiple_devices
Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*,
IP9*, IZ9*, MS9*, SD9*, and other devices before
XXXXXX-VVTK-xx06a allow remote attackers to
execute arbitrary code.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
14768
CONFIR
M(link is
external)
CONFIR
M(link is
external)
waimai -- super_cms
In waimai Super Cms 20150505, there is a CSRF
vulnerability that can change the configuration via
admin.php?m=Config&a=add.
2018
-09-
01
not
yet
calcu
lated
CVE-
2018-
16315
MISC(li
nk is
external)
waimai -- super_cms
waimai Super Cms 20150505 has a logic flaw
allowing attackers to modify a price, before form
submission, by observing data in a packet capture.
By setting the index.php?m=cart&a=save
item_totals parameter to zero, the entire cart is sold
for free.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
16157
MISC(li
nk is
external)
wireshark -- wireshark
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0
to 2.2.16, the Bluetooth AVDTP dissector could
crash. This was addressed in epan/dissectors/packet-
btavdtp.c by properly initializing a data structure.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
16058
BID(link
is
external)
MISC
MISC
MISC
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
wireshark -- wireshark
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0
to 2.2.16, the Radiotap dissector could crash. This
was addressed in epan/dissectors/packet-ieee80211-
radiotap-iter.c by validating iterator operations.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
16057
BID(link
is
external)
MISC
MISC
MISC
wireshark -- wireshark
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0
to 2.2.16, the Bluetooth Attribute Protocol dissector
could crash. This was addressed in
epan/dissectors/packet-btatt.c by verifying that a
dissector for a specific UUID exists.
2018
-08-
29
not
yet
calcu
lated
CVE-
2018-
16056
BID(link
is
external)
MISC
MISC
MISC
wordpress -- wordpress
An issue was discovered in the ajax-bootmodal-
login plugin 1.4.3 for WordPress. The register form,
login form, and password-recovery form require
solving a CAPTCHA to perform actions. However,
this is required only once per user session, and
therefore one could send as many requests as one
wished by automation.
2018
-08-
26
not
yet
calcu
lated
CVE-
2018-
15876
MISC(li
nk is
external)
wordpress -- wordpress
The Gift Vouchers plugin through 2.0.1 for
WordPress allows SQL Injection via the template_id
parameter in a wp-admin/admin-ajax.php
wpgv_doajax_front_template request.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
16159
MISC(li
nk is
external)
EXPLOI
T-
DB(link
is
external)
wordpress -- wordpress
The Plainview Activity Monitor plugin 4.7.11 for
WordPress is vulnerable to OS command injection
via shell metacharacters in the ip parameter of a wp-
2018
-08-
26 not
yet
CVE-
2018-
15877
MISC(li
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
admin/admin.php?page=plainview_activity_monitor
&tab=activity_tools request.
calcu
lated
nk is
external)
EXPLOI
T-
DB(link
is
external)
wordpress -- wordpress
Cross-site scripting (XSS) vulnerability in the
Wordfence Security plugin before 5.1.5 for
WordPress allows remote attackers to inject
arbitrary web script or HTML via the val parameter
to whois.php.
2018
-08-
28
not
yet
calcu
lated
CVE-
2014-
4932
MISC(li
nk is
external)
CONFIR
M(link is
external)
wordpress -- wordpress
The Ninja Forms plugin before 3.3.14.1 for
WordPress allows CSV injection.
2018
-09-
01
not
yet
calcu
lated
CVE-
2018-
16308
MISC(li
nk is
external)
MISC
EXPLOI
T-
DB(link
is
external)
wordpress -- wordpress
The Export Users to CSV plugin through 1.1.1 for
WordPress allows CSV injection.
2018
-08-
28
not
yet
calcu
lated
CVE-
2018-
15571
MISC(li
nk is
external)
EXPLOI
T-
DB(link
is
external)
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
wuzhi -- cms
A SQL injection was discovered in
/coreframe/app/admin/copyfrom.php in WUZHI
CMS 4.1.0 via the
index.php?m=core&f=copyfrom&v=listing
keywords parameter.
2018
-08-
27
not
yet
calcu
lated
CVE-
2018-
15893
MISC(li
nk is
external)
wuzhi -- cms
A SQL injection was discovered in
/coreframe/app/admin/pay/admin/index.php in
WUZHI CMS 4.1.0 via the
index.php?m=pay&f=index&v=listing keyValue
parameter.
2018
-08-
27
not
yet
calcu
lated
CVE-
2018-
15894
MISC(li
nk is
external)
xovis -- pc-
series_sensors_firmware
Xovis PC2, PC2R, and PC3 devices through 3.6.0
allow Directory Traversal.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
11720
CONFIR
M(link is
external)
xovis -- pc-
series_sensors_firmware
Xovis PC2, PC2R, and PC3 devices through 3.6.0
allow XXE.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
11719
CONFIR
M(link is
external)
xovis -- pc-
series_sensors_firmware
Xovis PC2, PC2R, and PC3 devices through 3.6.0
allow CSRF.
2018
-08-
30
not
yet
calcu
lated
CVE-
2018-
11718
CONFIR
M(link is
external)
zoho_manageengine --
admanager_plus
Zoho ManageEngine ADManager Plus 6.5.7 allows
HTML Injection on the "AD Delegation" "Help
Desk Technicians" screen.
2018
-08-
28
not
yet
calcu
lated
CVE-
2018-
15608
EXPLOI
T-
DB(link
is
external)
Primary
Vendor -- Product Description
Publ
ished
CVS
S
Scor
e
Source
& Patch
Info
zoho_manageengine --
admanager_plus
Zoho ManageEngine ADManager Plus 6.5.7 has
XSS on the "Workflow Delegation" "Requester
Roles" screen.
2018
-08-
28
not
yet
calcu
lated
CVE-
2018-
15740
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
zyxel --
vmg3312_b10b_devices
Zyxel VMG3312 B10B devices are affected by a
persistent XSS vulnerability via the
pages/connectionStatus/connectionStatus-
hostEntry.cmd hostname parameter.
2018
-08-
26
not
yet
calcu
lated
CVE-
2018-
15602
MISC(li
nk is
external)