Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Vulnerability Summary for the Week of August 20, 2018 The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch Info
There were no high vulnerabilities recorded this week.
Medium Vulnerabilities
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch Info
There were no medium vulnerabilities recorded this week.
Low Vulnerabilities
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch Info
There were no low vulnerabilities recorded this week.
Severity Not Yet Assigned
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
accupos -- accupos
AccuPOS 2017.8 is installed with the insecure
"Authenticated Users: Modify" permission for files
within the installation path. This may allow local
2018-
08-23
not
yet
calcul
ated
CVE-
2018-
15809
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
attackers to compromise the integrity of critical
resource and executable files.
MISC(link
is external)
actiontec -- t2200h_t2200h-
31.128l.03_devices
fileshare.cmd on Telus Actiontec T2200H
T2200H-31.128L.03 devices allows OS Command
Injection via shell metacharacters in the
smbdUserid or smbdPasswd field.
2018-
08-19
not
yet
calcul
ated
CVE-
2018-
15553
MISC
advanced_package_tool --
advanced_package_tool
The mirror:// method implementation in Advanced
Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x
before 1.7.0~alpha3 mishandles gpg signature
verification for the InRelease file of a fallback
mirror, aka mirrorfail.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-0501
MISC(link
is external)
MISC
MISC
UBUNTU(
link is
external)
amazon -- aws_cli_version
The Amazon Web Services (AWS) CLI version
1.15.85 (and possibly earlier versions) does not
require the owners flag when describing images,
which makes it easier for remote attackers to
trigger the loading of an undesired AMI by setting
similar image properties (i.e., name), as exploited
in the wild during August 2018 with a Monero
miner AMI instead of the expected Ubuntu AMI.
2018-
08-24
not
yet
calcul
ated
CVE-
2018-
15869
MISC(link
is external)
ansible -- ansible_tower
Ansible Tower before versions 3.1.8 and 3.2.6 is
vulnerable to cross-site request forgery (CSRF) in
awx/api/authentication.py. An attacker could
exploit this by tricking already authenticated users
into visiting a malicious site and hijacking the
authtoken cookie.
2018-
08-22
not
yet
calcul
ated
CVE-
2018-
10884
BID(link is
external)
CONFIRM
(link is
external)
apache -- cayenne
This affects Apache Cayenne 4.1.M1, 3.2.M1,
4.0.M2 to 4.0.M5, 4.0.B1, 4.0.B2, 4.0.RC1, 3.1,
3.1.1, 3.1.2. CayenneModeler is a desktop GUI
tool shipped with Apache Cayenne and intended
for editing Cayenne ORM models stored as XML
files. If an attacker tricks a user of
CayenneModeler into opening a malicious XML
file, the attacker will be able to instruct the XML
parser built into CayenneModeler to transfer files
from a local machine to a remote machine
2018-
08-22
not
yet
calcul
ated
CVE-
2018-
11758
MLIST
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
controlled by the attacker. The cause of the issue is
XML parser processing XML External Entity
(XXE) declarations included in XML. The
vulnerability is addressed in Cayenne by disabling
XXE processing in all operations that require
XML parsing.
apache -- sentry
An authenticated user can execute ALTER
TABLE EXCHANGE PARTITIONS without
being authorized by Apache Sentry before 2.0.1.
This can allow an attacker unauthorized access to
the partitioned data of a Sentry protected table and
can allow an attacker to remove data from a Sentry
protected table.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-8028
MISC
apache -- struts
Apache Struts versions 2.3 to 2.3.34 and 2.5 to
2.5.16 suffer from possible Remote Code
Execution when using results with no namespace
and in same time, its upper action(s) have no or
wildcard namespace. Same possibility when using
url tag which doesn't have value and action set and
in same time, its upper action(s) have no or
wildcard namespace.
2018-
08-22
not
yet
calcul
ated
CVE-
2018-
11776
CONFIRM
(link is
external)
BID(link is
external)
SECTRAC
K(link is
external)
CONFIRM
MISC(link
is external)
CONFIRM
(link is
external)
bd --
alaris_plus_medical_syringe
_pumps
Becton, Dickinson and Company (BD) Alaris Plus
medical syringe pumps (models Alaris GS, Alaris
GH, Alaris CC, and Alaris TIVA) versions 2.3.6
and prior are affected by an improper
authentication vulnerability where the software
does not perform authentication for functionality
that requires a provable user identity, where it may
allow a remote attacker to gain unauthorized
access to various Alaris Syringe pumps and impact
the intended operation of the pump when it is
connected to a terminal server via the serial port.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-
14786
CONFIRM
(link is
external)
MISC
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
beijing_ruoshen_technolo
gy -- xiuno_bbs The editor in Xiuno BBS 4.0.4 allows stored XSS.
2018-
08-19
not
yet
calcul
ated
CVE-
2018-
15559
MISC(link
is external)
belkin --
wemo_insight_smart_plug
Stack-based Buffer Overflow vulnerability in
libUPnPHndlr.so in Belkin Wemo Insight Smart
Plug allows remote attackers to bypass local
security protection via a crafted HTTP post packet.
2018-
08-21
not
yet
calcul
ated
CVE-
2018-6692
CONFIRM
(link is
external)
bloop -- airmail
An issue was discovered in Bloop Airmail 3 3.5.9
for macOS. Its primary WebView instance
implements
"webView:decidePolicyForNavigationAction:requ
est:frame:decisionListener:" such that OpenURL is
the default URL handler. A navigation request is
processed by the default URL handler only if the
currentEvent is NX_LMOUSEUP or
NX_OMOUSEUP. An attacker may abuse HTML
elements with an EventHandler for a chance to
validate navigation requests for URLs that are
processed during the NX_LMOUSEUP event
triggered by clicking an email.
2018-
08-21
not
yet
calcul
ated
CVE-
2018-
15670
MISC(link
is external)
bloop -- airmail
An issue was discovered in Bloop Airmail 3 3.5.9
for macOS. The "send" command in the airmail://
URL scheme allows an external application to
send arbitrary emails from an active account. URL
parameters for the "send" command with the
"attachment_" prefix designate attachment
parameters. If the value of an attachment
parameter corresponds to an accessible file path,
the file is attached to the outbound message. In
addition, relative file paths are acceptable
attachment parameter values. The handler can be
invoked using any method that invokes the URL
handler such as a hyperlink in an email. The user is
not prompted when the handler processes the
"send" command, thus leading to automatic
transmission of an email with designated
attachments from the target account to a target
address.
2018-
08-21
not
yet
calcul
ated
CVE-
2018-
15668
MISC(link
is external)
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
bloop -- airmail
An issue was discovered in Bloop Airmail 3 3.5.9
for macOS. Its primary WebView instance
implements
"webView:decidePolicyForNavigationAction:requ
est:frame:decisionListener:" such that requests
from HTMLIFrameElements are blacklisted.
However, other sub-classes of
HTMLFrameOwnerElements are not forbidden by
the policy. An attacker may abuse HTML plug-in
elements within an email to trigger frame
navigation requests that bypass this filter.
2018-
08-21
not
yet
calcul
ated
CVE-
2018-
15669
MISC(link
is external)
bloop -- airmail
An issue was discovered in Bloop Airmail 3 3.5.9
for macOS. It registers and uses the airmail:// URL
scheme. The "send" command in the URL scheme
allows an external application to send arbitrary
emails from an active account without
authentication. The handler has no restriction on
who can use its functionality. The handler can be
invoked using any method that invokes the URL
handler such as a hyperlink in an email. The user is
not prompted when the handler processes the
"send" command, thus leading to automatic
transmission of an attacker crafted email from the
target account.
2018-
08-21
not
yet
calcul
ated
CVE-
2018-
15667
MISC(link
is external)
cms_computers -- cmsuno CMSUno before 1.5.3 has XSS via the title field.
2018-
08-19
not
yet
calcul
ated
CVE-
2018-
15567
MISC(link
is external)
cobbler -- cobbler
Cobbler version Verified as present in Cobbler
versions 2.6.11+, but code inspection suggests at
least 2.0.0+ or possibly even older versions may be
vulnerable contains a Incorrect Access Control
vulnerability in XMLRPC API (/cobbler-api) that
can result in Privilege escalation, data
manipulation or exfiltration, LDAP credential
harvesting. This attack appear to be exploitable via
"network connectivity". Taking advantage of
improper validation of security tokens in API
endpoints. Please note this is a different issue than
CVE-2018-10931.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000226
CONFIRM
(link is
external)
MISC(link
is external)
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
cobbler -- cobbler
Cobbler version Verified as present in Cobbler
versions 2.6.11+, but code inspection suggests at
least 2.0.0+ or possibly even older versions may be
vulnerable contains a Cross Site Scripting (XSS)
vulnerability in cobbler-web that can result in
Privilege escalation to admin.. This attack appear
to be exploitable via "network connectivity".
Sending unauthenticated JavaScript payload to the
Cobbler XMLRPC API (/cobbler-api).
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000225
CONFIRM
(link is
external)
MISC(link
is external)
cobbler -- cobbler
A flaw was found in cobbler software component
version 2.6.11-1. It suffers from an invalid
parameter validation vulnerability, leading the
arbitrary file reading. The flaw is triggered by
navigating to a vulnerable URL via cobbler-web
on a default installation.
2018-
08-22
not
yet
calcul
ated
CVE-
2016-9605
CONFIRM
(link is
external)
containous -- traefik
Containous Traefik 1.6.x before 1.6.6, when --api
is used, exposes the configuration and secret if
authentication is missing and the API's port is
publicly reachable.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
15598
MISC(link
is external)
MISC(link
is external)
MISC(link
is external)
MISC(link
is external)
couchbase -- server
An issue was discovered in Couchbase Server.
Authenticated users can send arbitrary Erlang code
to the 'diag/eval' endpoint of the REST API
(available by default on TCP/8091 and/or
TCP/18091). The executed code in the underlying
operating system will run with the privileges of the
user running Couchbase server.
2018-
08-24
not
yet
calcul
ated
CVE-
2018-
15728
BUGTRA
Q
curl -- curl
curl 7.x before 7.10.7 sends CONNECT proxy
credentials to the remote server.
2018-
08-23
not
yet
calcul
ated
CVE-
2003-1605
BID(link is
external)
MISC(link
is external)
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
d-link -- dir-615_routers
Cross-site scripting (XSS) vulnerability on D-Link
DIR-615 routers 20.07 allows attackers to inject
JavaScript into the router's admin UPnP page via
the description field in an AddPortMapping UPnP
SOAP request.
2018-
08-25
not
yet
calcul
ated
CVE-
2018-
15875
MISC(link
is external)
d-link -- dir-615_routers
Cross-site scripting (XSS) vulnerability on D-Link
DIR-615 routers 20.07 allows an attacker to inject
JavaScript into the "Status -> Active Client Table"
page via the hostname field in a DHCP request.
2018-
08-25
not
yet
calcul
ated
CVE-
2018-
15874
MISC(link
is external)
d-link --
eyeon_baby_monitor
D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1
has a remote code execution vulnerability. A UDP
"Discover" service, which provides multiple
functions such as changing the passwords and
getting basic information, was installed on the
device. A remote attacker can send a crafted UDP
request to finderd to perform stack overflow and
execute arbitrary code with root privilege on the
device.
2018-
08-24
not
yet
calcul
ated
CVE-
2017-
11563
FULLDIS
C
MISC(link
is external)
d-link --
eyeon_baby_monitor
The D-Link EyeOn Baby Monitor (DCS-825L)
1.08.1 has multiple command injection
vulnerabilities in the web service framework. An
attacker can forge malicious HTTP requests to
execute commands; authentication is required
before executing the attack.
2018-
08-24
not
yet
calcul
ated
CVE-
2017-
11564
FULLDIS
C
MISC(link
is external)
damicms -- damicms
An issue was discovered in DamiCMS 6.0.0.
There is an CSRF vulnerability that can revise the
administrator account's password via
/admin.php?s=/Admin/doedit.
2018-
08-25
not
yet
calcul
ated
CVE-
2018-
15844
MISC(link
is external)
davegamble/cjson --
davegamble/cjson
Dave Gamble cJSON version 1.7.2 and earlier
contains a CWE-415: Double Free vulnerability in
cJSON library that can result in Possible crash or
RCE. This attack appear to be exploitable via
Attacker must be able to force victim to print
JSON data, depending on how cJSON library is
used this could be either local or over a network.
This vulnerability appears to have been fixed in
1.7.3.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000216
CONFIRM
(link is
external)
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
davegamble/cjson --
davegamble/cjson
Dave Gamble cJSON version 1.7.3 and earlier
contains a CWE-416: Use After Free vulnerability
in cJSON library that can result in Possible crash,
corruption of data or even RCE. This attack appear
to be exploitable via Depends on how application
uses cJSON library. If application provides
network interface then can be exploited over a
network, otherwise just local.. This vulnerability
appears to have been fixed in 1.7.4.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000217
CONFIRM
(link is
external)
davegamble/cjson --
davegamble/cjson
Dave Gamble cJSON version 1.7.6 and earlier
contains a CWE-772 vulnerability in cJSON
library that can result in Denial of Service (DoS).
This attack appear to be exploitable via If the
attacker can force the data to be printed and the
system is in low memory it can force a leak of
memory. This vulnerability appears to have been
fixed in 1.7.7.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000215
CONFIRM
(link is
external)
daveismyname/simple-
cms --
daveismyname/simple-
cms
An issue was discovered in daveismyname simple-
cms through 2014-03-11. There is a CSRF
vulnerability that can delete any page via
admin/?delpage=8.
2018-
08-19
not
yet
calcul
ated
CVE-
2018-
15564
MISC(link
is external)
daveismyname/simple-cms -
- daveismyname/simple-cms
An issue was discovered in daveismyname simple-
cms through 2014-03-11. admin/addpage.php does
not require authentication for adding a page. This
can also be exploited via CSRF.
2018-
08-19
not
yet
calcul
ated
CVE-
2018-
15565
MISC(link
is external)
MISC(link
is external)
dell -- 2335dn_printers
On Dell 2335dn printers with Printer Firmware
Version 2.70.05.02, Engine Firmware Version
1.10.65, and Network Firmware Version
V4.02.15(2335dn MFP) 11-22-2010, the admin
interface allows an authenticated attacker to
retrieve the configured SMTP or LDAP password
by viewing the HTML source code of the Email
Settings webpage. In some cases, authentication
can be achieved with the blank default password
for the admin account. NOTE: the vendor indicates
that this is an "End Of Support Life" product.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-
15748
MISC(link
is external)
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
dom4j -- dom4j
dom4j version prior to version 2.1.1 contains a
CWE-91: XML Injection vulnerability in Class:
Element. Methods: addElement, addAttribute that
can result in an attacker tampering with XML
documents through XML injection. This attack
appear to be exploitable via an attacker specifying
attributes or elements in the XML document. This
vulnerability appears to have been fixed in 2.1.1 or
later.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000632
CONFIRM
(link is
external)
CONFIRM
(link is
external)
MISC(link
is external)
dropbear -- dropbear
The recv_msg_userauth_request function in svr-
auth.c in Dropbear through 2018.76 is prone to a
user enumeration vulnerability because username
validity affects how fields in
SSH_MSG_USERAUTH messages are handled, a
similar issue to CVE-2018-15473 in an unrelated
codebase.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
15599
MISC(link
is external)
MISC(link
is external)
MISC(link
is external)
easylogin -- easylogin_pro
An issue was discovered in EasyLogin Pro through
1.3.0. Encryptor.php contains an unserialize call
that can be exploited for remote code execution in
the decrypt function, if the attacker knows the key.
2018-
08-24
not
yet
calcul
ated
CVE-
2018-
15576
MISC(link
is external)
EXPLOIT-
DB(link is
external)
eclipse_rdf4j --
eclipse_rdf4j
Eclipse RDF4j version < 2.4.0 Milestone 2
contains a XML External Entity (XXE)
vulnerability in RDF4j XML parser parsing RDF
files that can result in the disclosure of confidential
data, denial of service, server side request forgery,
port scanning. This attack appear to be exploitable
via Specially crafted RDF file.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000644
MISC(link
is external)
CONFIRM
(link is
external)
egg-scripts -- egg-scripts
A command injection vulnerability in egg-scripts
<v2.8.1 allows arbitrary shell command execution
through a maliciously crafted command line
argument.
2018-
08-24
not
yet
calcul
ated
CVE-
2018-3786
CONFIRM
(link is
external)
CONFIRM
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
(link is
external)
MISC(link
is external)
elefant_cms -- elefant_cms
apps/filemanager/handlers/upload/drop.php in
Elefant CMS 2.0.3 performs a urldecode step too
late in the "Cannot upload executable files"
protection mechanism.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
15601
MISC(link
is external)
emerson -- deltav
DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and
R5 is vulnerable due to improper path validation
which may allow an attacker to replace executable
files.
2018-
08-21
not
yet
calcul
ated
CVE-
2018-
14795
BID(link is
external)
MISC
emerson -- deltav
DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and
R5 is vulnerable to a buffer overflow exploit
through an open communication port to allow
arbitrary code execution.
2018-
08-21
not
yet
calcul
ated
CVE-
2018-
14793
BID(link is
external)
MISC
emerson -- deltav_dcs
Emerson DeltaV DCS versions 11.3.1, 12.3.1,
13.3.0, 13.3.1, R5 allow a specially crafted DLL
file to be placed in the search path and loaded as
an internal and valid DLL, which may allow
arbitrary code execution.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-
14797
BID(link is
external)
MISC
emerson -- deltav_dcs
Emerson DeltaV DCS versions 11.3.1, 12.3.1,
13.3.0, 13.3.1, R5 may allow non-administrative
users to change executable and library files on the
affected products.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-
14791
BID(link is
external)
MISC
ffmpeg -- ffmpeg
The flv_write_packet function in
libavformat/flvenc.c in FFmpeg through 4.0.2 does
not check for an empty audio packet, leading to an
assertion failure.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-
15822
MISC(link
is external)
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
fledrcms -- fledrcms
An issue was discovered in fledrCMS through
2014-02-03. There is a CSRF vulnerability that
can change the administrator's password via
index.php?p=done&savedata=1.
2018-
08-25
not
yet
calcul
ated
CVE-
2018-
15846
MISC(link
is external)
flexo_cms -- flexo_cms
An issue was discovered in Flexo CMS v0.1.6.
There is a CSRF vulnerability that can add an
administrator via /admin/user/add.
2018-
08-25
not
yet
calcul
ated
CVE-
2018-
15851
MISC(link
is external)
flightairmap -- flightairmap
FlightAirMap version <=v1.0-beta.21 contains a
Cross Site Scripting (XSS) vulnerability in GET
variable used within registration sub menu page
that can result in unauthorised actions and access
to data, stealing session information. This
vulnerability appears to have been fixed in after
commit 22b09a3.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000642
MISC(link
is external)
CONFIRM
(link is
external)
foreman -- foreman
A flaw was found in Foreman's katello plugin
version 3.4.5. After setting a new role to allow
restricted access on a repository with a filter (filter
set on the Product Name), the filter is not
respected when the actions are done via hammer
using the repository id.
2018-
08-22
not
yet
calcul
ated
CVE-
2017-2662
CONFIRM
(link is
external)
CONFIRM
gchq/stroom --
gchq/stroom
Stroom version <5.4.5 contains a XML External
Entity (XXE) vulnerability in XML Parser that can
result in disclosure of confidential data, denial of
service, server side request forgery, port scanning.
This attack appear to be exploitable via Specially
crafted XML file.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000651
MISC(link
is external)
CONFIRM
(link is
external)
gear_software --
multiple_products
GEAR Software products that include
GEARAspiWDM.sys, 2.2.5.0, allow local users to
cause a denial of service (Race Condition and
BSoD on Windows) by not checking that user-
mode memory is available right before writing to
it. A check is only performed at the beginning of a
long subroutine.
2018-
08-24
not
yet
calcul
ated
CVE-
2018-
15499
MISC(link
is external)
MISC(link
is external)
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
getsimple_cms --
getsimple_cms
GetSimple CMS 3.3.14 has XSS via the
admin/edit.php "Add New Page" field.
2018-
08-25
not
yet
calcul
ated
CVE-
2018-
15843
MISC(link
is external)
geutebrueck -- re_porter
Geutebrueck re_porter 16 before 7.8.974.20 has a
possibility of unauthenticated access to sensitive
information including usernames and hashes via a
direct request for /statistics/gscsetup.xml on TCP
port 12003.
2018-
08-21
not
yet
calcul
ated
CVE-
2018-
15534
MISC(link
is external)
EXPLOIT-
DB(link is
external)
geutebrueck -- re_porter
A reflected cross-site scripting vulnerability exists
in Geutebrueck re_porter 16 before 7.8.974.20 by
appending a query string to /modifychannel/exec
or /images/*.png on TCP port 12005.
2018-
08-21
not
yet
calcul
ated
CVE-
2018-
15533
MISC(link
is external)
EXPLOIT-
DB(link is
external)
github -- electron
GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-
beta.6, in certain scenarios involving IFRAME
elements and "nativeWindowOpen: true" or
"sandbox: true" options, is affected by a
WebPreferences vulnerability that can be
leveraged to perform remote code execution.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-
15685
MISC
gleez_cms -- gleez_cms
There is a CSRF vulnerability that can add an
administrator account in Gleez CMS 1.2.0 via
admin/users/add.
2018-
08-25
not
yet
calcul
ated
CVE-
2018-
15845
MISC(link
is external)
gnu -- gnutls
A cache-based side channel in GnuTLS
implementation that leads to plain text recovery in
cross-VM attack setting was found. An attacker
could use a combination of "Just in Time"
Prime+probe attack in combination with Lucky-13
attack to recover plain text using crafted packets.
2018-
08-22
not
yet
calcul
ated
CVE-
2018-
10846
BID(link is
external)
CONFIRM
(link is
external)
MISC
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
CONFIRM
(link is
external)
gnu -- gnutls
It was found that the GnuTLS implementation of
HMAC-SHA-384 was vulnerable to a Lucky
thirteen style attack. Remote attackers could use
this flaw to conduct distinguishing attacks and
plain text recovery attacks via statistical analysis
of timing data using crafted packets.
2018-
08-22
not
yet
calcul
ated
CVE-
2018-
10845
BID(link is
external)
CONFIRM
(link is
external)
MISC
CONFIRM
(link is
external)
gnu -- gnutls
It was found that the GnuTLS implementation of
HMAC-SHA-256 was vulnerable to a Lucky
thirteen style attack. Remote attackers could use
this flaw to conduct distinguishing attacks and
plaintext-recovery attacks via statistical analysis of
timing data using crafted packets.
2018-
08-22
not
yet
calcul
ated
CVE-
2018-
10844
BID(link is
external)
CONFIRM
(link is
external)
MISC
CONFIRM
(link is
external)
gnu -- libtasn1
GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-
4.13, libtasn1-4.12 contains a DoS, specifically
CPU usage will reach 100% when running
asn1Paser against the POC due to an issue in
_asn1_expand_object_id(p_tree), after a long time,
the program will be killed. This attack appears to
be exploitable via parsing a crafted file.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000654
CONFIRM
(link is
external)
godot_engine --
godot_engine
Godot Engine version All versions prior to 2.1.5,
all 3.0 versions prior to 3.0.6. contains a
Signed/unsigned comparison, wrong buffer size
chackes, integer overflow, missing padding
initialization vulnerability in (De)Serialization
functions (core/io/marshalls.cpp) that can result in
DoS (packet of death), possible leak of
uninitialized memory. This attack appear to be
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000224
CONFIRM
(link is
external)
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
exploitable via A malformed packet is received
over the network by a Godot application that uses
built-in serialization (e.g. game server, or game
client). Could be triggered by multiplayer
opponent. This vulnerability appears to have been
fixed in 2.1.5, 3.0.6, master branch after commit
feaf03421dda0213382b51aff07bd5a96b29487b.
CONFIRM
CONFIRM
hdf -- hdf5
An issue was discovered in the HDF HDF5 1.10.2
library. A SIGFPE is raised in the function
H5D__chunk_init() of H5Dchunk.c during an
attempted parse of a crafted HDF file, because of
incorrect protection against division by zero.
2018-
08-21
not
yet
calcul
ated
CVE-
2018-
15672
MISC(link
is external)
hdf -- hdf5
An issue was discovered in the HDF HDF5 1.10.2
library. Excessive stack consumption has been
detected in the function H5P__get_cb() in
H5Pint.c during an attempted parse of a crafted
HDF file. This results in denial of service.
2018-
08-21
not
yet
calcul
ated
CVE-
2018-
15671
MISC(link
is external)
huawei --
multiple_firewall_products
Some Huawei Firewall products USG2205BSR
V300R001C10SPC600; USG2220BSR
V300R001C00; USG5120BSR V300R001C00;
USG5150BSR V300R001C00 have a DoS
vulnerability in the IPSEC IKEv1 implementations
of Huawei Firewall products. Due to improper
handling of the malformed messages, an attacker
may sent crafted packets to the affected device to
exploit these vulnerabilities. Successful exploit the
vulnerability could lead to device deny of service.
2018-
08-21
not
yet
calcul
ated
CVE-
2017-
17311
CONFIRM
(link is
external)
huawei --
multiple_firewall_products
Some Huawei Firewall products USG2205BSR
V300R001C10SPC600; USG2220BSR
V300R001C00; USG5120BSR V300R001C00;
USG5150BSR V300R001C00 have a DoS
vulnerability in the IPSEC IKEv1 implementations
of Huawei Firewall products. Due to improper
handling of the malformed messages, an attacker
may sent crafted packets to the affected device to
exploit these vulnerabilities. Successful exploit the
vulnerability could lead to device deny of service.
2018-
08-21
not
yet
calcul
ated
CVE-
2017-
17312
CONFIRM
(link is
external)
huawei --
multiple_firewall_products
Some Huawei Firewall products USG2205BSR
V300R001C10SPC600; USG2220BSR
V300R001C00; USG5120BSR V300R001C00;
USG5150BSR V300R001C00 have a
2018-
08-21 not
yet
CVE-
2017-
17305
CONFIRM
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
Bleichenbacher Oracle vulnerability in the IPSEC
IKEv1 implementations. Remote attackers can
decrypt IPSEC tunnel ciphertext data by
leveraging a Bleichenbacher RSA padding oracle.
Cause a Bleichenbacher oracle attack. Successful
exploit this vulnerability can impact IPSec tunnel
security.
calcul
ated
(link is
external)
ibm -- api_connect
IBM API Connect 5.0.0.0 through 5.0.8.3 could
allow a remote attacker to hijack the clicking
action of the victim. By persuading a victim to
visit a malicious Web site, a remote attacker could
exploit this vulnerability to hijack the victim's
click actions and possibly launch further attacks
against the victim. IBM X-Force ID: 143744.
2018-
08-22
not
yet
calcul
ated
CVE-
2018-1599
CONFIRM
(link is
external)
XF(link is
external)
ibm --
maximo_asset_managment
IBM Maximo Asset Management 7.6 through
7.6.3 is vulnerable to SQL injection. A remote
attacker could send specially-crafted SQL
statements, which could allow the attacker to view,
add, modify or delete information in the back-end
database. IBM X-Force ID: 145968.
2018-
08-24
not
yet
calcul
ated
CVE-
2018-1699
XF(link is
external)
CONFIRM
(link is
external)
ibm --
multiple_rational_products
Multiple IBM Rational products are vulnerable to
HTML injection. A remote attacker could inject
malicious HTML code, which when viewed,
would be executed in the victim's Web browser
within the security context of the hosting site. IBM
X-Force ID: 135655.
2018-
08-20
not
yet
calcul
ated
CVE-
2017-1753
XF(link is
external)
CONFIRM
(link is
external)
ibm --
multiple_rational_products
Multiple IBM Rational products are vulnerable to
cross-site scripting. This vulnerability allows users
to embed arbitrary JavaScript code in the Web UI
thus altering the intended functionality potentially
leading to credentials disclosure within a trusted
session. IBM X-Force ID: 138425.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-1394
XF(link is
external)
CONFIRM
(link is
external)
ibm --
sdk_java_technology_editio
n
A flaw in the java.math component in IBM SDK,
Java Technology Edition 6.0, 7.0, and 8.0 may
allow an attacker to inflict a denial-of-service
attack with specially crafted String data. IBM X-
Force ID: 141681.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-1517
CONFIRM
(link is
external)
BID(link is
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
external)
XF(link is
external)
ibm --
sdk_java_technology_editio
n
The IBM Java Runtime Environment's Diagnostic
Tooling Framework for Java (DTFJ) (IBM SDK,
Java Technology Edition 6.0 , 7.0, and 8.0) does
not protect against path traversal attacks when
extracting compressed dump files. IBM X-Force
ID: 144882.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-1656
CONFIRM
(link is
external)
BID(link is
external)
XF(link is
external)
ibm --
security_access_manager_a
ppliance
IBM Security Access Manager Appliance 9.0.4.0
and 9.0.5.0 could allow remote code execution
when Advanced Access Control or Federation
services are running. IBM X-Force ID: 147370.
2018-
08-24
not
yet
calcul
ated
CVE-
2018-1722
SECTRAC
K(link is
external)
XF(link is
external)
CONFIRM
(link is
external)
ibm --
websphere_applicaiton_serv
er_liberty
IBM WebSphere Application Server Liberty could
allow a remote attacker to obtain sensitive
information, caused by incorrect transport being
used when Liberty is configured to use Java
Authentication SPI for Containers (JASPIC). This
can happen when the Application Server is
configured to permit access on non-secure (http)
port and using JASPIC or JSR375 authentication.
2018-
08-24
not
yet
calcul
ated
CVE-
2018-1755
SECTRAC
K(link is
external)
XF(link is
external)
CONFIRM
(link is
external)
imagemagick --
imagemagick
In ImageMagick 7.0.8-11 Q16, a tiny input file
0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36
0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00
can result in a hang of several minutes during
which CPU and memory resources are consumed
until ultimately an attempted large memory
allocation fails. Remote attackers could leverage
this vulnerability to cause a denial of service via a
crafted file.
2018-
08-21
not
yet
calcul
ated
CVE-
2018-
15607
BID(link is
external)
MISC(link
is external)
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
insteon -- insteon_hub
An exploitable firmware downgrade vulnerability
exists in Insteon Hub running firmware version
1013. The firmware upgrade functionality,
triggered via PubNub, retrieves signed firmware
binaries using plain HTTP requests. The device
doesn't check the firmware version that is going to
be installed and thus allows for flashing older
firmware images. To trigger this vulnerability, an
attacker needs to impersonate the remote server
'cache.insteon.com' and serve any signed firmware
image.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-3833
MISC(link
is external)
insteon -- insteon_hub
An exploitable denial of service vulnerability
exists in Insteon Hub running firmware version
1012. Leftover demo functionality allows for
arbitrarily rebooting the device without
authentication. An attacker can send a UDP packet
to trigger this vulnerability.
2018-
08-23
not
yet
calcul
ated
CVE-
2017-
16348
MISC(link
is external)
insteon -- insteon_hub
An exploitable firmware update vulnerability
exists in Insteon Hub running firmware version
1013. The HTTP server allows for uploading
arbitrary MPFS binaries that could be modified to
enable access to hidden resources which allow for
uploading unsigned firmware images to the device.
To trigger this vulnerability, an attacker can
upload an MPFS binary via the '/mpfsupload'
HTTP form and later on upload the firmware via a
POST request to 'firmware.htm'.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-3832
MISC(link
is external)
insteon -- insteon_hub
An exploitable buffer overflow vulnerability exists
in the PubNub message handler for the "control"
channel of Insteon Hub running firmware version
1012. Specially crafted replies received from the
PubNub service can cause buffer overflows on a
global section overwriting arbitrary data. A strcpy
overflows the buffer
insteon_pubnub.channel_cc_r, which has a size of
16 bytes. An attacker can send an arbitrarily long
"c_r" parameter in order to exploit this
vulnerability. An attacker should impersonate
PubNub and answer an HTTPS GET request to
trigger this vulnerability.
2018-
08-23
not
yet
calcul
ated
CVE-
2017-
14452
MISC(link
is external)
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
insteon --
insteon_hub_2245-
222_devices
On Insteon Hub 2245-222 devices with firmware
version 1012, specially crafted replies received
from the PubNub service can cause buffer
overflows on a global section overwriting arbitrary
data. An attacker should impersonate PubNub and
answer an HTTPS GET request to trigger this
vulnerability. A strcpy overflows the buffer
insteon_pubnub.channel_ad_r, which has a size of
16 bytes. An attacker can send an arbitrarily long
"ad_r" parameter in order to exploit this
vulnerability.
2018-
08-23
not
yet
calcul
ated
CVE-
2017-
14453
MISC(link
is external)
insteon --
insteon_hub_2245-
222_devices
On Insteon Hub 2245-222 devices with firmware
version 1012, specially crafted replies received
from the PubNub service can cause buffer
overflows on a global section overwriting arbitrary
data. An attacker should impersonate PubNub and
answer an HTTPS GET request to trigger this
vulnerability. A strcpy overflows the buffer
insteon_pubnub.channel_ak, which has a size of
16 bytes. An attacker can send an arbitrarily long
"ak" parameter in order to exploit this
vulnerability.
2018-
08-23
not
yet
calcul
ated
CVE-
2017-
14455
MISC(link
is external)
insteon --
insteon_hub_2245-
222_devices
On Insteon Hub 2245-222 devices with firmware
version 1012, specially crafted commands sent
through the PubNub service can cause a stack-
based buffer overflow overwriting arbitrary data.
An attacker should send an authenticated HTTP
request to trigger this vulnerability. At 0x9d01ef24
the value for the s_offset key is copied using
strcpy to the buffer at $sp+0x2b0. This buffer is 32
bytes large, sending anything longer will cause a
buffer overflow.
2018-
08-23
not
yet
calcul
ated
CVE-
2017-
16337
MISC(link
is external)
jabref -- jabref
JabRef version <=4.3.1 contains a XML External
Entity (XXE) vulnerability in MsBibImporter
XML Parser that can result in disclosure of
confidential data, denial of service, server side
request forgery, port scanning. This attack appear
to be exploitable via Specially crafted MsBib file.
This vulnerability appears to have been fixed in
after commit 89f855d.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000652
MISC(link
is external)
CONFIRM
(link is
external)
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
java_system_solutions --
sso_plugin_for_bmc_myit
Reflected Cross-Site Scripting exists in the Java
System Solutions SSO plugin 4.0.13.1 for BMC
MyIT. A remote attacker can abuse this issue to
inject client-side scripts into the "select_sso()"
function. The payload is triggered when the victim
opens a prepared /ux/jss-sso/arslogin?[XSS] link
and then clicks the "Login" button.
2018-
08-21
not
yet
calcul
ated
CVE-
2018-
15528
MISC(link
is external)
BUGTRA
Q
jenkins -- jenkins
A vulnerability exists in Jenkins 2.137 and earlier,
2.121.2 and earlier in XStream2.java that allows
attackers to have Jenkins resolve a domain name
when deserializing an instance of java.net.URL.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-
1999042
CONFIRM
(link is
external)
jenkins -- jenkins
A denial of service vulnerability exists in Jenkins
2.137 and earlier, 2.121.2 and earlier in
BasicAuthenticationFilter.java,
BasicHeaderApiTokenAuthenticator.java that
allows attackers to create ephemeral in-memory
user records by attempting to log in using invalid
credentials.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-
1999043
CONFIRM
(link is
external)
jenkins -- jenkins
A improper authentication vulnerability exists in
Jenkins 2.137 and earlier, 2.121.2 and earlier in
SecurityRealm.java,
TokenBasedRememberMeServices2.java that
allows attackers with a valid cookie to remain
logged in even if that feature is disabled.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-
1999045
CONFIRM
(link is
external)
jenkins -- jenkins
A improper authorization vulnerability exists in
Jenkins 2.137 and earlier, 2.121.2 and earlier in
UpdateCenter.java that allows attackers to cancel a
Jenkins restart scheduled through the update
center.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-
1999047
CONFIRM
(link is
external)
jenkins -- jenkins
A denial of service vulnerability exists in Jenkins
2.137 and earlier, 2.121.2 and earlier in
CronTab.java that allows attackers with
Overall/Read permission to have a request
handling thread enter an infinite loop.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-
1999044
CONFIRM
(link is
external)
jenkins -- jenkins A exposure of sensitive information vulnerability
exists in Jenkins 2.137 and earlier, 2.121.2 and
2018-
08-23 not
yet
CVE-
2018-
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
earlier in Computer.java that allows attackers With
Overall/Read permission to access the connection
log for any agent.
calcul
ated
1999046
CONFIRM
(link is
external)
jerryscript -- jerryscript
JerryScript version Tested on commit
f86d7459d195c8ba58479d1861b0cc726c8b3793.
Analysing history it seems that the issue has been
present since commit
64a340ffeb8809b2b66bbe32fd443a8b79fdd860
contains a CWE-476: NULL Pointer Dereference
vulnerability in Triggering undefined behavior at
jerry-core/ecma/builtin-objects/typedarray/ecma-
builtin-typedarray-prototype.c:598 (passing NULL
to memcpy as 2nd argument) results in null pointer
dereference (segfault) at jerry-core/jmem/jmem-
heap.c:463 that can result in Crash due to
segmentation fault. This attack appear to be
exploitable via The victim must execute specially
crafted javascript code. This vulnerability appears
to have been fixed in after commit
87897849f6879df10e8ad68a41bf8cf507edf710.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000636
CONFIRM
(link is
external)
jsish -- jsish
Jsish version 2.4.65 contains a CWE-476: NULL
Pointer Dereference vulnerability in Function
jsi_ValueCopyMove from jsiValue.c:240 that can
result in Crash due to segmentation fault. This
attack appear to be exploitable via a crafted
javascript code. This vulnerability appears to have
been fixed in 2.4.67.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000655
CONFIRM
latexdraw -- latexdraw
LatexDraw version <=4.0 contains a XML
External Entity (XXE) vulnerability in SVG
parsing functionality that can result in disclosure
of data, server side request forgery, port scanning,
possible rce. This attack appear to be exploitable
via Specially crafted SVG file.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000639
MISC(link
is external)
MISC(link
is external)
libbpg -- libbpg
A vulnerability was found while fuzzing libbpg
0.9.7. It is a NULL pointer dereference issue due
to missing check of the return value of function
malloc in the BPG encoder. This vulnerability
appeared while converting a malicious JPEG file
to BPG.
2018-
08-22
not
yet
calcul
ated
CVE-
2017-2575
MLIST
BID(link is
external)
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
libgd -- libgd
Libgd version 2.2.5 contains a Double Free
Vulnerability vulnerability in gdImageBmpPtr
Function that can result in Remote Code Execution
. This attack appear to be exploitable via Specially
Crafted Jpeg Image can trigger double free. This
vulnerability appears to have been fixed in after
commit
ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000222
CONFIRM
(link is
external)
libgit2 -- libgit2
In ng_pkt in transports/smart_pkt.c in libgit2
before 0.26.6 and 0.27.x before 0.27.4, a remote
attacker can send a crafted smart-protocol "ng"
packet that lacks a '\0' byte to trigger an out-of-
bounds read that leads to DoS.
2018-
08-17
not
yet
calcul
ated
CVE-
2018-
15501
MISC
MISC(link
is external)
MISC(link
is external)
MISC(link
is external)
MISC(link
is external)
MLIST
MISC(link
is external)
libming -- libming
An invalid memory address dereference was
discovered in
decompileSingleArgBuiltInFunctionCall in
libming 0.4.8 before 2018-03-12. The vulnerability
causes a segmentation fault and application crash,
which leads to denial of service.
2018-
08-25
not
yet
calcul
ated
CVE-
2018-
15871
MISC(link
is external)
libming -- libming
An invalid memory address dereference was
discovered in decompileGETVARIABLE in
libming 0.4.8 before 2018-03-12. The vulnerability
causes a segmentation fault and application crash,
which leads to denial of service.
2018-
08-25
not
yet
calcul
ated
CVE-
2018-
15870
MISC(link
is external)
librehealthio/lh-ehr --
librehealthio/lh-ehr
LibreHealthIO lh-ehr version REL-2.0.0 contains a
Authenticated Unrestricted File Write in letter.php
(2) vulnerability in Patient file letter functions that
can result in Write files with malicious content and
may lead to remote code execution. This attack
appear to be exploitable via User controlled input.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000649
MISC(link
is external)
MISC(link
is external)
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
librehealthio/lh-ehr --
librehealthio/lh-ehr
LibreHealthIO lh-ehr version <REL-2.0.0 contains
an Authenticated Local File Disclosure
vulnerability in Importing of templates allows
local file disclosure that can result in Disclosure of
sensitive files on the server. This attack appear to
be exploitable via User controlled variable in
import templates function.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000645
MISC(link
is external)
CONFIRM
(link is
external)
librehealthio/lh-ehr --
librehealthio/lh-ehr
LibreHealthIO lh-ehr version REL-2.0.0 contains a
Authenticated Unrestricted File Deletion
vulnerability in Import template that can result in
Denial of service. This attack appear to be
exploitable via User controlled parameter.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000647
MISC(link
is external)
MISC(link
is external)
librehealthio/lh-ehr --
librehealthio/lh-ehr
LibreHealthIO LH-EHR version REL-2.0.0
contains an Authenticated Unrestricted File Write
vulnerability in Import template that can result in
write files with malicious content and may lead to
remote code execution.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000646
MISC(link
is external)
MISC(link
is external)
librehealthio/lh-ehr --
librehealthio/lh-ehr
LibreHealthIO lh-ehr version REL-2.0.0 contains a
SQL Injection vulnerability in Show Groups
Popup SQL query functions that can result in
Ability to perform malicious database queries.
This attack appear to be exploitable via User
controlled parameters.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000650
MISC(link
is external)
CONFIRM
(link is
external)
librehealthio/lh-ehr --
librehealthio/lh-ehr
LibreHealthIO lh-ehr version REL-2.0.0 contains a
Authenticated Unrestricted File Write vulnerability
in Patient file letter functions that can result in
Write files with malicious content and may lead to
remote code execution. This attack appear to be
exploitable via User controlled parameters.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000648
MISC(link
is external)
MISC(link
is external)
libvirt -- libvirt
libvirt before 2.2 includes Ceph credentials on the
qemu command line when using RADOS Block
2018-
08-20 not
yet
CVE-
2015-5160
REDHAT(
link is
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
Device (aka RBD), which allows local users to
obtain sensitive information via a process listing.
calcul
ated
external)
MLIST(lin
k is
external)
CONFIRM
(link is
external)
CONFIRM
(link is
external)
CONFIRM
libvirt -- libvirt
A NULL pointer deference flaw was found in the
way libvirt from 2.5.0 to 3.0.0 handled empty
drives. A remote authenticated attacker could use
this flaw to crash libvirtd daemon resulting in
denial of service.
2018-
08-22
not
yet
calcul
ated
CVE-
2017-2635
CONFIRM
(link is
external)
CONFIRM
linux -- linux_kernel
lldptool version 1.0.1 and older can print a raw,
unsanitized attacker controlled buffer when
mngAddr information is displayed. This may allow
an attacker to inject shell control characters into
the buffer and impact the behavior of the terminal.
2018-
08-21
not
yet
calcul
ated
CVE-
2018-
10932
CONFIRM
(link is
external)
CONFIRM
(link is
external)
CONFIRM
(link is
external)
linux -- linux_kernel
arch/x86/kernel/paravirt.c in the Linux kernel
before 4.18.1 mishandles certain indirect calls,
which makes it easier for attackers to conduct
Spectre-v2 attacks against paravirtual guests.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
15594
MISC
BID(link is
external)
MISC
MISC(link
is external)
MISC(link
is external)
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
linux -- linux_kernel
The pam_fscrypt module in fscrypt before 0.2.4
may incorrectly restore primary and supplementary
group IDs to the values associated with the root
user, which allows attackers to gain privileges via
a successful login through certain applications that
use Linux-PAM (aka pam).
2018-
08-23
not
yet
calcul
ated
CVE-
2018-6558
MISC(link
is external)
MISC(link
is external)
MISC(link
is external)
MISC(link
is external)
linux -- linux_kernel
The spectre_v2_select_mitigation function in
arch/x86/kernel/cpu/bugs.c in the Linux kernel
before 4.18.1 does not always fill RSB upon a
context switch, which makes it easier for attackers
to conduct userspace-userspace spectreRSB
attacks.
2018-
08-19
not
yet
calcul
ated
CVE-
2018-
15572
MISC
MISC
MISC(link
is external)
linux -- linux_kernel
It was found that the raw midi kernel driver does
not protect against concurrent access which leads
to a double realloc (double free) in
snd_rawmidi_input_params() and
snd_rawmidi_output_status() which are part of
snd_rawmidi_ioctl() handler in rawmidi.c file. A
malicious local attacker could possibly use this for
privilege escalation.
2018-
08-21
not
yet
calcul
ated
CVE-
2018-
10902
BID(link is
external)
SECTRAC
K(link is
external)
CONFIRM
(link is
external)
MISC
mapr --
converged_data_platform_a
nd_mapr-xd
An issue was discovered in the MapR File System
in MapR Converged Data Platform and MapR-XD
6.x and earlier. Under certain conditions, it is
possible for MapR ticket credentials to become
compromised, allowing a user to escalate their
privileges to act as (aka impersonate) any other
user, including cluster administrators, aka bug#
31935. This affects all users who have enabled
security on the MapR platform and is fixed in
mapr-patch-5.2.1.42646.GA-20180731093831,
mapr-patch-5.2.2.44680.GA-20180802011430,
mapr-patch-6.0.0.20171109191718.GA-
2018-
08-23
not
yet
calcul
ated
CVE-
2018-
15804
CONFIRM
(link is
external)
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
20180802011420, and mapr-patch-
6.0.1.20180404222005.GA-20180806214919.
mikrotik -- routeros
Mikrotik RouterOS before 6.42.7 and 6.40.9 is
vulnerable to a memory exhaustion vulnerability.
An authenticated remote attacker can crash the
HTTP server and in some circumstances reboot the
system via a crafted HTTP POST request.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-1157
CONFIRM
(link is
external)
CONFIRM
(link is
external)
MISC(link
is external)
mikrotik -- routeros
Mikrotik RouterOS before 6.42.7 and 6.40.9 is
vulnerable to a memory corruption vulnerability.
An authenticated remote attacker can crash the
HTTP server by rapidly authenticating and
disconnecting.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-1159
CONFIRM
(link is
external)
CONFIRM
(link is
external)
MISC(link
is external)
mikrotik -- routeros
Mikrotik RouterOS before 6.42.7 and 6.40.9 is
vulnerable to a stack exhaustion vulnerability. An
authenticated remote attacker can crash the HTTP
server via recursive parsing of JSON.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-1158
CONFIRM
(link is
external)
CONFIRM
(link is
external)
MISC(link
is external)
mikrotik -- routeros
Mikrotik RouterOS before 6.42.7 and 6.40.9 is
vulnerable to stack buffer overflow through the
license upgrade interface. This vulnerability could
theoretically allow a remote authenticated attacker
execute arbitrary code on the system.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-1156
CONFIRM
(link is
external)
CONFIRM
(link is
external)
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
MISC(link
is external)
minicms -- minicms
MiniCMS version 1.1 contains a Cross Site
Scripting (XSS) vulnerability in
http://example.org/mc-
admin/page.php?date={payload} that can result in
code injection.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000638
MISC(link
is external)
my_little_forum --
my_little_forum
my little forum 2.4.12 allows CSRF for deletion of
users.
2018-
08-19
not
yet
calcul
ated
CVE-
2018-
15569
MISC(link
is external)
mybb -- mybb
An issue was discovered in the Moderator Log
Notes plugin 1.1 for MyBB. It allows moderators
to save notes and display them in a list in the
modCP. An attacker can remotely delete all mod
notes and mod note logs in the modCP and ACP
via CSRF.
2018-
08-24
not
yet
calcul
ated
CVE-
2018-
11502
MISC(link
is external)
EXPLOIT-
DB(link is
external)
national_payments_corporat
ion_of_india --
bhim_app_for_android
The National Payments Corporation of India
BHIM application 1.3 for Android does not
properly restrict use of the OTP feature, which
makes it easier for attackers to bypass
authentication.
2018-
08-24
not
yet
calcul
ated
CVE-
2017-9819
MISC(link
is external)
national_payments_corporat
ion_of_india --
bhim_app_for_android
The National Payments Corporation of India
BHIM application 1.3 for Android uses a custom
keypad for which the input element is available to
the Accessibility service, which makes it easier for
attackers to bypass authentication.
2018-
08-24
not
yet
calcul
ated
CVE-
2017-9820
MISC(link
is external)
national_payments_corporat
ion_of_india --
bhim_app_for_android
The National Payments Corporation of India
BHIM application 1.3 for Android relies on three
hardcoded strings (AK-NPCIMB, IM-NPCIBM,
and VK-NPCIBM) for SMS validation, which
makes it easier for attackers to bypass
authentication.
2018-
08-24
not
yet
calcul
ated
CVE-
2017-9821
MISC(link
is external)
national_payments_corporat
ion_of_india --
The National Payments Corporation of India
BHIM application 1.3 for Android relies on a four-
2018-
08-24 not
yet
CVE-
2017-9818
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
bhim_app_for_android
digit passcode, which makes it easier for attackers
to obtain access.
calcul
ated
MISC(link
is external)
nec -- aterm_wg2600hp2
An issue was discovered on the NEC Aterm
WG2600HP2 1.0.2. The router has a set of web
service APIs for access to and setup of the
configuration. Some APIs don't require
authentication. An attacker could exploit this
vulnerability by sending a crafted HTTP request to
retrieve DHCP clients, firmware version, and
network status (ex.: curl -X
http://[IP]/aterm_httpif.cgi/negotiate -d
"REQ_ID=SUPPORT_IF_GET").
2018-
08-24
not
yet
calcul
ated
CVE-
2017-
12575
FULLDIS
C
netwave -- ip_camera
Information disclosure in Netwave IP camera at
get_status.cgi (via HTTP on port 8000) allows an
unauthenticated attacker to exfiltrate sensitive
information from the device.
2018-
08-24
not
yet
calcul
ated
CVE-
2018-
11654
MISC(link
is external)
netwave -- ip_camera
Information disclosure in Netwave IP camera at
//etc/RT2870STA.dat (via HTTP on port 8000)
allows an unauthenticated attacker to exfiltrate
sensitive information about the network
configuration like the network SSID and password.
2018-
08-24
not
yet
calcul
ated
CVE-
2018-
11653
MISC(link
is external)
node.js -- node.js
In all versions of Node.js prior to 6.14.4, 8.11.4
and 10.9.0 when used with UCS-2 encoding
(recognized by Node.js under the names `'ucs2'`,
`'ucs-2'`, `'utf16le'` and `'utf-16le'`),
`Buffer#write()` can be abused to write outside of
the bounds of a single `Buffer`. Writes that start
from the second-to-last position of a buffer cause a
miscalculation of the maximum length of the input
bytes to be written.
2018-
08-21
not
yet
calcul
ated
CVE-
2018-
12115
BID(link is
external)
REDHAT(
link is
external)
REDHAT(
link is
external)
CONFIRM
node.js -- node.js
In all versions of Node.js 10 prior to 10.9.0, an
argument processing flaw can cause
`Buffer.alloc()` to return uninitialized memory.
This method is intended to be safe and only return
initialized, or cleared, memory. The third argument
specifying `encoding` can be passed as a number,
this is misinterpreted by `Buffer's` internal "fill"
2018-
08-21
not
yet
calcul
ated
CVE-
2018-7166
REDHAT(
link is
external)
CONFIRM
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
method as the `start` to a fill operation. This flaw
may be abused where `Buffer.alloc()` arguments
are derived from user input to return uncleared
memory blocks that may contain sensitive
information.
ome --
open_microscopy_environm
ent_omero
The Open Microscopy Environment
OMERO.server version 5.4.0 to 5.4.6 contains an
Improper Access Control vulnerability in User
management that can result in administrative user
with privilege restrictions logging in as a more
powerful administrator. This attack appear to be
exploitable via Use user administration privilege to
set the password of a more powerful administrator.
This vulnerability appears to have been fixed in
5.4.7.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000634
CONFIRM
CONFIRM
ome --
open_microscopy_environm
ent_omero
The Open Microscopy Environment
OMERO.server version 5.4.0 to 5.4.6 contains a
Information Exposure Through Sent Data
vulnerability in OMERO.server that can result in
an Attacker gaining full administrative access to
server and may be able to disable it. This
vulnerability appears to have been fixed in 5.4.7.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000635
CONFIRM
CONFIRM
ome --
open_microscopy_environm
ent_omero
The Open Microscopy Environment OMERO.web
version prior to 5.4.7 contains an Information
Exposure Through Log Files vulnerability in the
login form and change password form that can
result in User's password being revealed. Attacker
can log in as that user. This attack appear to be
exploitable via an attacker reading the web server
log. This vulnerability appears to have been fixed
in 5.4.7.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000633
CONFIRM
CONFIRM
openemr -- openemr
OpenEMR version v5_0_1_4 contains a Cross Site
Scripting (XSS) vulnerability in The 'scan'
parameter in line #41 of
interface/fax/fax_view.php that can result in The
vulnerability could allow remote authenticated
attackers to inject arbitrary web script or HTML..
This attack appear to be exploitable via The victim
must visit on a specially crafted URL..
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000219
MISC(link
is external)
CONFIRM
(link is
external)
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
openemr -- openemr
OpenEMR version v5_0_1_4 contains a Cross Site
Scripting (XSS) vulnerability in The 'file'
parameter in line #43 of
interface/fax/fax_view.php that can result in The
vulnerability could allow remote authenticated
attackers to inject arbitrary web script or HTML..
This attack appear to be exploitable via The victim
must visit on a specially crafted URL..
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000218
MISC(link
is external)
CONFIRM
(link is
external)
openssh -- openssh
OpenSSH through 7.7 is prone to a user
enumeration vulnerability due to not delaying
bailout for an invalid authenticating user until after
the packet containing the request has been fully
parsed, related to auth2-gss.c, auth2-hostbased.c,
and auth2-pubkey.c.
2018-
08-17
not
yet
calcul
ated
CVE-
2018-
15473
MISC(link
is external)
SECTRAC
K(link is
external)
MISC
MISC(link
is external)
MLIST
DEBIAN
EXPLOIT-
DB(link is
external)
EXPLOIT-
DB(link is
external)
owasp -- antisamy
OWASP OWASP ANTISAMY version 1.5.7 and
earlier contains a Cross Site Scripting (XSS)
vulnerability in AntiSamy.scan() - for both SAX &
DOM that can result in Cross Site Scripting.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000643
MISC(link
is external)
oxid -- eshop
An issue was discovered in the Paymorrow module
1.0.0 before 1.0.2 and 2.0.0 before 2.0.1 for OXID
eShop. An attacker can bypass delivery-address
change detection if the payment module doesn't
use eShop's checkout procedure properly. To do
so, the attacker must change the delivery address
to one that is not verified by the Paymorrow
module.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
14020
CONFIRM
(link is
external)
CONFIRM
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
oxid -- multiple_products
An issue was discovered in OXID eShop
Enterprise Edition before 5.3.8, 6.0.x before 6.0.3,
and 6.1.x before 6.1.0; Professional Edition before
4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before
6.1.0; and Community Edition before 4.10.8, 5.x
and 6.0.x before 6.0.3, and 6.1.x before 6.1.0. An
attacker could gain access to the admin panel or a
customer account when using the password reset
function. To do so, it is required to own a domain
name similar to the one the victim uses for their e-
mail accounts.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
12579
CONFIRM
(link is
external)
CONFIRM
pallets_project -- flash
The Pallets Project flask version Before 0.12.3
contains a CWE-20: Improper Input Validation
vulnerability in flask that can result in Large
amount of memory usage possibly leading to
denial of service. This attack appear to be
exploitable via Attacker provides JSON data in
incorrect encoding. This vulnerability appears to
have been fixed in 0.12.3.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000656
CONFIRM
(link is
external)
CONFIRM
(link is
external)
pango -- pango
libpango in Pango before 1.42.4, as used in
hexchat and other products, allows remote
attackers to cause a denial of service (application
crash) or possibly have unspecified other impact
via crafted text.
2018-
08-24
not
yet
calcul
ated
CVE-
2018-
15120
MISC(link
is external)
CONFIRM
(link is
external)
CONFIRM
(link is
external)
MLIST
UBUNTU(
link is
external)
philips --
intellispace_cardiovascular_
products
In Philips' IntelliSpace Cardiovascular (ISCV)
products (ISCV Version 3.1 or prior and Xcelera
Version 4.1 or prior), an unquoted search path or
element vulnerability has been identified, which
may allow an attacker to execute arbitrary code
and escalate their level of privileges.
2018-
08-22
not
yet
calcul
ated
CVE-
2018-
14789
MISC
CONFIRM
(link is
external)
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
philips --
intellispace_cardiovascular_
products
In Philips' IntelliSpace Cardiovascular (ISCV)
products (ISCV Version 2.x or prior and Xcelera
Version 4.1 or prior), an attacker with escalated
privileges could access folders which contain
executables where authenticated users have write
permissions, and could then execute arbitrary code
with local administrative permissions.
2018-
08-22
not
yet
calcul
ated
CVE-
2018-
14787
MISC
CONFIRM
(link is
external)
philips -- pagewriter
In Philips PageWriter TC10, TC20, TC30, TC50,
TC70 Cardiographs, all versions prior to May
2018, an attacker with both the superuser password
and physical access can enter the superuser
password that can be used to access and modify all
settings on the device, as well as allow the user to
reset existing passwords.
2018-
08-22
not
yet
calcul
ated
CVE-
2018-
14801
BID(link is
external)
MISC
CONFIRM
(link is
external)
philips -- pagewriter
In Philips PageWriter TC10, TC20, TC30, TC50,
TC70 Cardiographs, all versions prior to May
2018, the PageWriter device does not sanitize data
entered by user. This can lead to buffer overflow
or format string vulnerabilities.
2018-
08-22
not
yet
calcul
ated
CVE-
2018-
14799
BID(link is
external)
MISC
CONFIRM
(link is
external)
phpmyadmin --
phpmyadmin
An issue was discovered in phpMyAdmin before
4.8.3. A Cross-Site Scripting vulnerability has
been found where an attacker can use a crafted file
to manipulate an authenticated user who loads that
file through the import feature.
2018-
08-24
not
yet
calcul
ated
CVE-
2018-
15605
SECTRAC
K(link is
external)
CONFIRM
(link is
external)
CONFIRM
(link is
external)
phpwhois -- phpwhois
phpWhois allows remote attackers to execute
arbitrary code via a crafted whois record.
2018-
08-20
not
yet
calcul
ated
CVE-
2015-5243
MISC(link
is external)
CONFIRM
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
(link is
external)
CONFIRM
(link is
external)
CONFIRM
(link is
external)
MISC(link
is external)
CONFIRM
pimcore -- pimcore
Pimcore allows XSS via Users, Assets, Data
Objects, Video Thumbnails, Image Thumbnails,
Field-Collections, Objectbrick, Classification
Store, Document Types, Predefined Properties,
Predefined Asset Metadata, Quantity Value, and
Static Routes functions.
2018-
08-24
not
yet
calcul
ated
CVE-
2018-
14059
MISC(link
is external)
FULLDIS
C
EXPLOIT-
DB(link is
external)
MISC(link
is external)
pkgconf -- pkgconf
pkgconf version 1.5.0 to 1.5.2 contains a Buffer
Overflow vulnerability in dequote() that can result
in dequote() function returns 1-byte allocation if
initial length is 0, leading to buffer overflow. This
attack appear to be exploitable via specially crafted
.pc file. This vulnerability appears to have been
fixed in 1.5.3.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000221
CONFIRM
planex -- cs-qr20
An issue was discovered on the PLANEX CS-
QR20 1.30. A hidden and undocumented
management page allows an attacker to execute
arbitrary code on the device when the user is
authenticated. The management page was used for
debugging purposes, once you login and access the
page directly (/admin/system_command.asp), you
can execute any command.
2018-
08-24
not
yet
calcul
ated
CVE-
2017-
12576
FULLDIS
C
planex -- cs-qr20
An issue was discovered on the PLANEX CS-
QR20 1.30. A hardcoded account / password
("admin:password") is used in the Android
application that allows attackers to use a hidden
2018-
08-24 not
yet
CVE-
2017-
12577
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
API URL "/goform/SystemCommand" to execute
any command with root permission.
calcul
ated
FULLDIS
C
planex -- cs-w50hd_devices
An issue was discovered on PLANEX CS-W50HD
devices with firmware before 030720. The device
has a command-injection vulnerability in the web
management UI on NAS settings page "/cgi-
bin/nasset.cgi". An attacker can send a crafted
HTTP POST request to execute arbitrary code.
Authentication is required before executing the
attack.
2018-
08-24
not
yet
calcul
ated
CVE-
2017-
12573
FULLDIS
C
planex -- cs-w50hd_devices
An issue was discovered on PLANEX CS-W50HD
devices with firmware before 030720. A
hardcoded credential "supervisor:dangerous" was
injected into web authentication database
"/.htpasswd" during booting process, which allows
attackers to gain unauthorized access and control
the device completely; the account can't be
modified or deleted.
2018-
08-24
not
yet
calcul
ated
CVE-
2017-
12574
FULLDIS
C
portfoliocms -- portfoliocms
An issue was discovered in portfolioCMS 1.0.5.
There is CSRF to create new pages via
admin/portfolio.php?newpage=true.
2018-
08-25
not
yet
calcul
ated
CVE-
2018-
15848
MISC(link
is external)
portfoliocms -- portfoliocms
An issue was discovered in portfolioCMS 1.0.5.
There is CSRF to update the website settings via
admin/aboutus.php.
2018-
08-25
not
yet
calcul
ated
CVE-
2018-
15849
MISC(link
is external)
posim -- evo
POSIM EVO 15.13 for Windows includes
hardcoded database credentials for the "root"
database user. "root" access to POSIM EVO's
database may result in a breach of confidentiality,
integrity, or availability or allow for attackers to
remotely execute code on associated POSIM EVO
clients.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-
15808
MISC(link
is external)
posim -- evo
POSIM EVO 15.13 for Windows includes an
"Emergency Override" administrative account that
may be accessed through POSIM's "override"
feature. This Override prompt expects a code that
is computed locally using a deterministic
2018-
08-23
not
yet
calcul
ated
CVE-
2018-
15807
MISC(link
is external)
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
algorithm. This code may be generated by an
attacker and used to bypass any POSIM EVO
login prompt.
postgresql -- postgresql
The interactive installer in PostgreSQL before
9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5
might allow remote attackers to execute arbitrary
code by leveraging use of HTTP to download
software.
2018-
08-20
not
yet
calcul
ated
CVE-
2016-7048
CONFIRM
(link is
external)
CONFIRM
puppet -- puppet_enterprise
When users are configured to use startTLS with
RBAC LDAP, at login time, the user's credentials
are sent via plaintext to the LDAP server. This
affects Puppet Enterprise 2018.1.3, 2017.3.9, and
2016.4.14, and is fixed in Puppet Enterprise
2018.1.4, 2017.3.10, and 2016.4.15. It scored an
8.5 CVSS score.
2018-
08-24
not
yet
calcul
ated
CVE-
2018-
11749
CONFIRM
(link is
external)
puppycms -- puppycms
An issue was discovered in puppyCMS 5.1. There
is an XSS vulnerability via menu.php in the "Add
Page/URL" URL link field.
2018-
08-25
not
yet
calcul
ated
CVE-
2018-
15847
MISC(link
is external)
pycryptodome --
pycryptodome
PyCryptodome before 3.6.6 has an integer
overflow in the data_len variable in AESNI.c,
related to the AESNI_encrypt and AESNI_decrypt
functions, leading to the mishandling of messages
shorter than 16 bytes.
2018-
08-19
not
yet
calcul
ated
CVE-
2018-
15560
MISC(link
is external)
MISC(link
is external)
pyro -- pyro
pyro before 3.15 unsafely handles pid files in
temporary directory locations and opening the pid
file as root. An attacker can use this flaw to
overwrite arbitrary files via symlinks.
2018-
08-20
not
yet
calcul
ated
CVE-
2011-2765
CONFIRM
CONFIRM
(link is
external)
CONFIRM
red_hat --
cloudforms_management_e
ngine_5
Ansible Tower as shipped with Red Hat
CloudForms Management Engine 5 is vulnerable
to CRLF Injection. It was found that X-
Forwarded-For header allows internal servers to
deploy other systems (using callback).
2018-
08-22
not
yet
calcul
ated
CVE-
2017-7528
CONFIRM
(link is
external)
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
red_hat --
openstack_enterprise
A flaw was found in openstack-tripleo-common as
shipped with Red Hat Openstack Enterprise 10 and
11. The sudoers file as installed with OSP's
openstack-tripleo-common package is much too
permissive. It contains several lines for the mistral
user that have wildcards that allow directory
traversal with '..' and it grants full passwordless
root access to the validations user.
2018-
08-22
not
yet
calcul
ated
CVE-
2017-2627
CONFIRM
(link is
external)
red_hat -- satellite_5
It was found that Satellite 5 configured with
SSL/TLS for the PostgreSQL backend failed to
correctly validate X.509 server certificate host
name fields. A man-in-the-middle attacker could
use this flaw to spoof a PostgreSQL server using a
specially crafted X.509 certificate.
2018-
08-22
not
yet
calcul
ated
CVE-
2017-7513
CONFIRM
(link is
external)
redaxo -- redaxo_cms
An issue was discovered in REDAXO CMS 4.7.2.
There is a CSRF vulnerability that can add an
administrator account via index.php?page=user.
2018-
08-25
not
yet
calcul
ated
CVE-
2018-
15850
MISC(link
is external)
rsa -- archer
The WorkPoint component, which is embedded in
all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to
6.3.0.7 and 6.4.x prior to 6.4.0.1, contains a SQL
injection vulnerability. A malicious user could
potentially exploit this vulnerability to execute
SQL commands on the back-end database to read
certain data. Embedded WorkPoint is upgraded to
version 4.10.16, which contains a fix for the
vulnerability.
2018-
08-24
not
yet
calcul
ated
CVE-
2018-
11065
FULLDIS
C
BID(link is
external)
SECTRAC
K(link is
external)
rsa --
netwitness_platform_and_se
curity_analytics
RSA NetWitness Platform versions prior to
11.1.0.2 and RSA Security Analytics versions
prior to 10.6.6 are vulnerable to a server-side
template injection vulnerability due to insecure
configuration of the template engine used in the
product. A remote authenticated malicious RSA
NetWitness Server user with an Admin or
Operator role could exploit this vulnerability to
execute arbitrary commands on the server with
root privileges.
2018-
08-24
not
yet
calcul
ated
CVE-
2018-
11061
FULLDIS
C
BID(link is
external)
SECTRAC
K(link is
external)
SECTRAC
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
K(link is
external)
rust -- rust
Rust Programming Language Rust standard library
version Commit
bfa0e1f58acf1c28d500c34ed258f09ae021893e and
later; stable release 1.3.0 and later contains a
Buffer Overflow vulnerability in
std::collections::vec_deque::VecDeque::reserve()
function that can result in Arbitrary code
execution, but no proof-of-concept exploit is
currently published.. This vulnerability appears to
have been fixed in after commit
fdfafb510b1a38f727e920dccbeeb638d39a8e60;
stable release 1.22.0 and later.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000657
CONFIRM
(link is
external)
CONFIRM
(link is
external)
samba -- samba
A missing input sanitization flaw was found in the
implementation of LDP database used for the
LDAP server. An attacker could use this flaw to
cause a denial of service against a samba server,
used as a Active Directory Domain Controller. All
versions of Samba from 4.8.0 onwards are
vulnerable
2018-
08-22
not
yet
calcul
ated
CVE-
2018-1140
BID(link is
external)
CONFIRM
(link is
external)
CONFIRM
CONFIRM
(link is
external)
CONFIRM
samba -- samba
A null pointer dereference flaw was found in the
way samba checked database outputs from the
LDB database layer. An authenticated attacker
could use this flaw to crash a samba server in an
Active Directory Domain Controller configuration.
Samba versions before 4.7.9 and 4.8.4 are
vulnerable.
2018-
08-22
not
yet
calcul
ated
CVE-
2018-
10918
BID(link is
external)
CONFIRM
(link is
external)
CONFIRM
(link is
external)
UBUNTU(
link is
external)
CONFIRM
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
samba -- samba
The Samba Active Directory LDAP server was
vulnerable to an information disclosure flaw
because of missing access control checks. An
authenticated attacker could use this flaw to extract
confidential attribute values using LDAP search
expressions. Samba versions before 4.6.16, 4.7.9
and 4.8.4 are vulnerable.
2018-
08-22
not
yet
calcul
ated
CVE-
2018-
10919
BID(link is
external)
CONFIRM
(link is
external)
CONFIRM
(link is
external)
UBUNTU(
link is
external)
DEBIAN
CONFIRM
samba -- samba
A flaw was found in the way samba before 4.7.9
and 4.8.4 allowed the use of weak NTLMv1
authentication even when NTLMv1 was explicitly
disabled. A man-in-the-middle attacker could use
this flaw to read the credential and other details
passed between the samba server and client.
2018-
08-22
not
yet
calcul
ated
CVE-
2018-1139
BID(link is
external)
CONFIRM
(link is
external)
CONFIRM
(link is
external)
UBUNTU(
link is
external)
CONFIRM
samba -- samba
A heap-buffer overflow was found in the way
samba clients processed extra long filename in a
directory listing. A malicious samba server could
use this flaw to cause arbitrary code execution on a
samba client. Samba versions before 4.6.16, 4.7.9
and 4.8.4 are vulnerable.
2018-
08-22
not
yet
calcul
ated
CVE-
2018-
10858
BID(link is
external)
CONFIRM
(link is
external)
CONFIRM
(link is
external)
UBUNTU(
link is
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
external)
DEBIAN
CONFIRM
samsung --
smartthings_hub_sth-eth-
250
An exploitable JSON injection vulnerability exists
in the credentials handler of video-core's HTTP
server of Samsung SmartThings Hub STH-ETH-
250 devices with firmware version 0.20.17. The
video-core process incorrectly parses the user-
controlled JSON payload, leading to a JSON
injection which in turn leads to a SQL injection in
the video-core database. An attacker can send a
series of HTTP requests to trigger this
vulnerability.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-3879
MISC(link
is external)
samsung --
smartthings_hub_sth-eth-
250
An exploitable buffer overflow vulnerability exists
in the camera "create" feature of video-core's
HTTP server of Samsung SmartThings Hub STH-
ETH-250 devices with firmware version 0.20.17.
The video-core process incorrectly extracts the
"state" field from a user-controlled JSON payload,
leading to a buffer overflow on the stack. An
attacker can send an HTTP request to trigger this
vulnerability.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-3905
MISC(link
is external)
samsung --
smartthings_hub_sth-eth-
250
An exploitable vulnerability exists in the REST
parser of video-core's HTTP server of the
Samsung SmartThings Hub STH-ETH-250 -
Firmware version 0.20.17. The video-core process
incorrectly handles pipelined HTTP requests,
which allows successive requests to overwrite the
previously parsed HTTP method, 'on_url' callback.
An attacker can send an HTTP request to trigger
this vulnerability.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-3907
MISC(link
is external)
samsung --
smartthings_hub_sth-eth-
250
An exploitable buffer overflow vulnerability exists
in the camera "replace" feature of video-core's
HTTP server of Samsung SmartThings Hub STH-
ETH-250 devices with firmware version 0.20.17.
The video-core process incorrectly extracts the
URL field from a user-controlled JSON payload,
leading to a buffer overflow on the stack. An
attacker can send an HTTP request to trigger this
vulnerability.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-3902
MISC(link
is external)
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
samsung --
smartthings_hub_sth-eth-
250
An exploitable vulnerability exists in the REST
parser of video-core's HTTP server of the
Samsung SmartThings Hub STH-ETH-250 -
Firmware version 0.20.17. The video-core process
incorrectly handles pipelined HTTP requests,
which allows successive requests to overwrite the
previously parsed HTTP method,
'onmessagecomplete' callback. An attacker can
send an HTTP request to trigger this vulnerability.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-3909
MISC(link
is external)
samsung --
smartthings_hub_sth-eth-
250
On Samsung SmartThings Hub STH-ETH-250
devices with firmware version 0.20.17, the video-
core process incorrectly extracts fields from a user-
controlled JSON payload, leading to a buffer
overflow on the stack. An attacker can send an
HTTP request to trigger this vulnerability. A
strcpy overflows the destination buffer, which has
a size of 40 bytes. An attacker can send an
arbitrarily long "user" value in order to exploit this
vulnerability.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-3863
MISC(link
is external)
samsung --
smartthings_hub_sth-eth-
250
An exploitable buffer overflow vulnerability exists
in the samsungWifiScan handler of video-core's
HTTP server of Samsung SmartThings Hub STH-
ETH-250 - Firmware version 0.20.17. The video-
core process incorrectly extracts fields from a user-
controlled JSON payload, leading to a buffer
overflow on the stack. The strcpy at [8] overflows
the destination buffer, which has a size of 40 bytes.
An attacker can send an arbitrarily long
'callbackUrl' value in order to exploit this
vulnerability.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-3866
MISC(link
is external)
samsung --
smartthings_hub_sth-eth-
250
An exploitable stack-based buffer overflow
vulnerability exists in the samsungWifiScan
callback notification of video-core's HTTP server
of Samsung SmartThings Hub STH-ETH-250
devices with firmware version 0.20.17. The video-
core process incorrectly handles the answer
received from a smart camera, leading to a buffer
overflow on the stack. An attacker can send a
series of HTTP requests to trigger this
vulnerability.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-3867
MISC(link
is external)
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
samsung --
smartthings_hub_sth-eth-
250
An exploitable stack-based buffer overflow
vulnerability exists in the retrieval of database
fields in video-core's HTTP server of Samsung
SmartThings Hub STH-ETH-250 devices with
firmware version 0.20.17. The video-core process
insecurely extracts the fields from the "clips" table
of its SQLite database, leading to a buffer
overflow on the stack. An attacker can send a
series of HTTP requests to trigger this
vulnerability.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-3919
MISC(link
is external)
samsung --
smartthings_hub_sth-eth-
250
An exploitable stack-based buffer overflow
vulnerability exists in the database 'find-by-
cameraId' functionality of video-core's HTTP
server of Samsung SmartThings Hub STH-ETH-
250 - Firmware version 0.20.17. The video-core
process incorrectly handles existing records inside
its SQLite database, leading to a buffer overflow
on the stack. An attacker can send an HTTP
request to trigger this vulnerability.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-3880
MISC(link
is external)
samsung --
smartthings_hub_sth-eth-
250
Multiple exploitable buffer overflow
vulnerabilities exist in the credentials handler of
video-core's HTTP server of Samsung
SmartThings Hub STH-ETH-250 devices with
firmware version 0.20.17. The video-core process
incorrectly extracts fields from a user-controlled
JSON payload, leading to a buffer overflow on the
stack. A strncpy overflows the destination buffer,
which has a size of 16 bytes. An attacker can send
an arbitrarily long "region" value in order to
exploit this vulnerability.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-3878
MISC(link
is external)
samsung --
smartthings_hub_sth-eth-
250
An exploitable buffer overflow vulnerability exists
in the remote video-host communication of video-
core's HTTP server of Samsung SmartThings Hub
STH-ETH-250 devices with firmware version
0.20.17. The video-core process insecurely parses
the AWSELB cookie while communicating with
remote video-host servers, leading to a buffer
overflow on the heap. An attacker able to
impersonate the remote HTTP servers could
trigger this vulnerability.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-3925
MISC(link
is external)
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
samsung --
smartthings_hub_sth-eth-
250
On Samsung SmartThings Hub STH-ETH-250
devices with firmware version 0.20.17, the video-
core process insecurely extracts the fields from the
"shard" table of its SQLite database, leading to a
buffer overflow on the stack. An attacker can send
an HTTP request to trigger this vulnerability. The
strcpy call overflows the destination buffer, which
has a size of 16 bytes. An attacker can send an
arbitrarily long "region" value in order to exploit
this vulnerability.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-3917
MISC(link
is external)
samsung --
smartthings_hub_sth-eth-
250
An exploitable HTTP header injection
vulnerability exists in the remote servers of
Samsung SmartThings Hub STH-ETH-250 -
Firmware version 0.20.17. The hubCore process
listens on port 39500 and relays any
unauthenticated message to SmartThings' remote
servers, which insecurely handle JSON messages,
leading to partially controlled requests generated
toward the internal video-core process. An attacker
can send an HTTP request to trigger this
vulnerability.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-3911
MISC(link
is external)
samsung --
smartthings_hub_sth-eth-
250
An exploitable buffer overflow vulnerability exists
in the credentials handler of video-core's HTTP
server of Samsung SmartThings Hub STH-ETH-
250 - Firmware version 0.20.17. The video-core
process incorrectly extracts the videoHostUrl field
from a user-controlled JSON payload, leading to a
buffer overflow on the stack. An attacker can send
an HTTP request to trigger this vulnerability.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-3872
MISC(link
is external)
samsung --
smartthings_hub_sth-eth-
250
On Samsung SmartThings Hub STH-ETH-250
devices with firmware version 0.20.17, the video-
core process insecurely extracts the fields from the
"shard" table of its SQLite database, leading to a
buffer overflow on the stack. The strcpy call
overflows the destination buffer, which has a size
of 128 bytes. An attacker can send an arbitrarily
long "secretKey" value in order to exploit this
vulnerability.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-3912
MISC(link
is external)
samsung --
smartthings_hub_sth-eth-
250
On Samsung SmartThings Hub STH-ETH-250
devices with firmware version 0.20.17, the video-
core process incorrectly extracts fields from a user-
controlled JSON payload, leading to a buffer
2018-
08-23 not
yet
CVE-
2018-3903
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
overflow on the stack. An attacker can send an
HTTP request to trigger this vulnerability. The
memcpy call overflows the destination buffer,
which has a size of 512 bytes. An attacker can
send an arbitrarily long "url" value in order to
overwrite the saved-PC with 0x42424242.
calcul
ated
MISC(link
is external)
samsung --
smartthings_hub_sth-eth-
250
An exploitable vulnerability exists in the smart
cameras RTSP configuration of the Samsung
SmartThings Hub STH-ETH-250 - Firmware
version 0.20.17. The device incorrectly handles
spaces in the URL field, leading to an arbitrary
operating system command injection. An attacker
can send a series of HTTP requests to trigger this
vulnerability.
2018-
08-23
not
yet
calcul
ated
CVE-
2018-3856
MISC(link
is external)
signal_messenger --
open_whisper_signal
Open Whisper Signal (aka Signal-Desktop) before
1.15.0-beta.10 allows information leakage.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
14023
MISC(link
is external)
MISC(link
is external)
soundtouch -- soundtouch
soundtouch version up to and including 2.0.0
contains a Buffer Overflow vulnerability in
SoundStretch/WavFile.cpp:WavInFile::readHeader
Block() that can result in arbitrary code execution.
This attack appear to be exploitable via victim
must open maliocius file in soundstretch utility.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000223
CONFIRM
(link is
external)
spice -- spice
A vulnerability was discovered in SPICE before
version 0.14.1 where the generated code used for
demarshalling messages lacked sufficient bounds
checks. A malicious client or server, after
authentication, could send specially crafted
messages to its peer which would result in a crash
or, potentially, other impacts.
2018-
08-17
not
yet
calcul
ated
CVE-
2018-
10873
CONFIRM
(link is
external)
CONFIRM
UBUNTU(
link is
external)
swoole -- swoole
The unpack implementation in Swoole version
4.0.4 lacks correct size checks in the
deserialization process. An attacker can craft a
2018-
08-17 not
yet
CVE-
2018-
15503
MISC(link
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
serialized object to exploit this vulnerability and
cause a SEGV.
calcul
ated
is external)
MISC(link
is external)
MISC(link
is external)
symantec --
encryption_management_ser
ver
The Symantec Encryption Management Server
(SEMS) product, prior to version 3.4.2 MP1, may
be susceptible to a denial of service (DoS) exploit.
A DoS attack is a type of attack whereby the
perpetrator attempts to make a particular machine
or network resource unavailable to its intended
users by temporarily or indefinitely disrupting
services of a specific host within a network.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-5243
BID(link is
external)
SECTRAC
K(link is
external)
CONFIRM
(link is
external)
symantec --
norton_ppower_eraser_and_
symdiag
Norton Power Eraser (prior to 5.3.0.24) and
SymDiag (prior to 2.1.242) may be susceptible to a
DLL Preloading vulnerability, which is a type of
issue that can occur when an application looks to
call a DLL for execution and an attacker provides
a malicious DLL to use instead. Depending on
how the application is configured, it will generally
follow a specific search path to locate the DLL.
The vulnerability can be exploited by a simple file
write (or potentially an over-write) which results in
a foreign DLL running under the context of the
application.
2018-
08-22
not
yet
calcul
ated
CVE-
2018-5238
BID(link is
external)
CONFIRM
(link is
external)
symantec -- norton_utilities
Norton Utilities (prior to 16.0.3.44) may be
susceptible to a DLL Preloading vulnerability,
which is a type of issue that can occur when an
application looks to call a DLL for execution and
an attacker provides a malicious DLL to use
instead. Depending on how the application is
configured, it will generally follow a specific
search path to locate the DLL. The vulnerability
can be exploited by a simple file write (or
potentially an over-write) which results in a
foreign DLL running under the context of the
application.
2018-
08-22
not
yet
calcul
ated
CVE-
2018-5235
BID(link is
external)
CONFIRM
(link is
external)
technicolor --
tc7200.20_cable_modem_de
Technicolor TC7200.20 devices allow remote
attackers to cause a denial of service (networking
2018-
08-25 not
yet
CVE-
2018-
15852
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
vices
outage) via a flood of random MAC addresses, as
demonstrated by macof.
calcul
ated
MISC(link
is external)
tecrail --
responsive_filemanager
/filemanager/ajax_calls.php in tecrail Responsive
FileManager before 9.13.4 does not properly
validate file paths in archives, allowing for the
extraction of crafted archives to overwrite arbitrary
files via an extract action, aka Directory Traversal.
2018-
08-24
not
yet
calcul
ated
CVE-
2018-
15536
FULLDIS
C
tecrail --
responsive_filemanager
/filemanager/ajax_calls.php in tecrail Responsive
FileManager before 9.13.4 uses external input to
construct a pathname that should be within a
restricted directory, but it does not properly
neutralize get_file sequences such as ".." that can
resolve to a location that is outside of that
directory, aka Directory Traversal.
2018-
08-24
not
yet
calcul
ated
CVE-
2018-
15535
FULLDIS
C
tp5cms -- tp5cms
tp5cms through 2017-05-25 has XSS via the
admin.php/article/index.html q parameter.
2018-
08-19
not
yet
calcul
ated
CVE-
2018-
15566
MISC(link
is external)
tp5cms -- tp5cms
tp5cms through 2017-05-25 has CSRF via
admin.php/category/delete.html.
2018-
08-19
not
yet
calcul
ated
CVE-
2018-
15568
MISC(link
is external)
tridium -- niagara
An attacker can log into the local Niagara platform
(Niagara AX Framework Versions 3.8 and prior or
Niagara 4 Framework Versions 4.4 and prior)
using a disabled account name and a blank
password, granting the attacker administrator
access to the Niagara system.
2018-
08-20
not
yet
calcul
ated
CVE-
2017-
16748
BID(link is
external)
MISC
tridium -- niagara
A path traversal vulnerability in Tridium Niagara
AX Versions 3.8 and prior and Niagara 4 systems
Versions 4.4 and prior installed on Microsoft
Windows Systems can be exploited by leveraging
valid platform (administrator) credentials.
2018-
08-20
not
yet
calcul
ated
CVE-
2017-
16744
BID(link is
external)
MISC
ubuntu -- ubuntu
The MOTD update script in the base-files package
in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and
Ubuntu 18.10 before 10.1ubuntu6 incorrectly
handled temporary files. A local attacker could use
2018-
08-21 not
yet
CVE-
2018-6557
SECTRAC
K(link is
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
this issue to cause a denial of service, or possibly
escalate privileges if kernel symlink restrictions
were disabled.
calcul
ated
external)
UBUNTU(
link is
external)
ucopia --
wireless_appliance_devices
Improper input sanitization within the restricted
administration shell on UCOPIA Wireless
Appliance devices using firmware version 5.1.x
before 5.1.13 allows authenticated remote
attackers to escape the shell and escalate their
privileges by adding a LocalCommand to the SSH
configuration file in the user home folder.
2018-
08-21
not
yet
calcul
ated
CVE-
2018-
15481
MISC(link
is external)
victoralagwu/cmssite --
victoralagwu/cmssite
An issue was discovered in Victor CMS through
2018-05-10. There is XSS via the Author field of
the "Leave a Comment" screen.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
15603
MISC(link
is external)
villagedefrance -- opencart-
overclocked
OpenCart-Overclocked version <=1.11.1 contains
a Cross Site Scripting (XSS) vulnerability in User
input entered unsanitised within JS function in the
template that can result in Unauthorised actions
and access to data, stealing session information,
denial of service. This attack appear to be
exploitable via Malicious input passed in GET
parameter.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000640
MISC(link
is external)
CONFIRM
(link is
external)
waimai -- super_cms
In waimai Super Cms 20150505, there is stored
XSS via the /admin.php/Foodcat/editsave fcname
parameter.
2018-
08-19
not
yet
calcul
ated
CVE-
2018-
15570
MISC(link
is external)
wi2be -- smart_hp_wmt
Wi2be SMART HP WMT R1.2.20_201400922
allows unauthorized remote attackers to obtain
sensitive information via
/Status/SystemStatusRpm.esp.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
14079
MISC(link
is external)
wi2be -- smart_hp_wmt
Wi2be SMART HP WMT R1.2.20_201400922
allows unauthorized remote attackers to reset the
admin password via the
/ConfigWizard/ChangePwd.esp?2admin URL
(Attackers can login using the "admin" username
with password "admin" after a successful attack).
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
14078
MISC(link
is external)
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
wi2be -- smart_hp_wmt
Wi2be SMART HP WMT R1.2.20_201400922
allows unauthorized remote attackers to backup
the device configuration via a direct request to
/Maintenance/configfile.cfg.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
14077
MISC(link
is external)
wolfcms -- wolfcms
WolfCMS 0.8.3.1 has XSS via the
/?/admin/page/add slug parameter.
2018-
08-25
not
yet
calcul
ated
CVE-
2018-
15842
MISC(link
is external)
x.org -- libx11
An issue was discovered in libX11 through 1.6.5.
The function XListExtensions in ListExt.c is
vulnerable to an off-by-one error caused by
malicious server responses, leading to DoS or
possibly unspecified other impact.
2018-
08-24
not
yet
calcul
ated
CVE-
2018-
14599
MLIST(lin
k is
external)
SECTRAC
K(link is
external)
CONFIRM
(link is
external)
CONFIRM
MLIST
x.org -- libx11
An issue was discovered in libX11 through 1.6.5.
The function XListExtensions in ListExt.c
interprets a variable as signed instead of unsigned,
resulting in an out-of-bounds write (of up to 128
bytes), leading to DoS or remote code execution.
2018-
08-24
not
yet
calcul
ated
CVE-
2018-
14600
MLIST(lin
k is
external)
SECTRAC
K(link is
external)
CONFIRM
(link is
external)
CONFIRM
MLIST
x.org -- libx11
An issue was discovered in XListExtensions in
ListExt.c in libX11 through 1.6.5. A malicious
server can send a reply in which the first string
overflows, causing a variable to be set to NULL
2018-
08-24 not
yet
CVE-
2018-
14598
MLIST(lin
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
that will be freed later on, leading to DoS
(segmentation fault).
calcul
ated
k is
external)
SECTRAC
K(link is
external)
CONFIRM
(link is
external)
CONFIRM
MLIST
xkbcommon -- xkbcommon
Unchecked NULL pointer usage when parsing
invalid atoms in ExprResolveLhs in
xkbcomp/expr.c in xkbcommon before 0.8.2 could
be used by local attackers to crash (NULL pointer
dereference) the xkbcommon parser by supplying
a crafted keymap file, because lookup failures are
mishandled.
2018-
08-25
not
yet
calcul
ated
CVE-
2018-
15859
MISC(link
is external)
MISC
xkbcommon -- xkbcommon
Unchecked NULL pointer usage when handling
invalid aliases in CopyKeyAliasesToKeymap in
xkbcomp/keycodes.c in xkbcommon before 0.8.1
could be used by local attackers to crash (NULL
pointer dereference) the xkbcommon parser by
supplying a crafted keymap file.
2018-
08-25
not
yet
calcul
ated
CVE-
2018-
15858
MISC(link
is external)
MISC
xkbcommon -- xkbcommon
Unchecked NULL pointer usage in xkbcommon
before 0.8.1 could be used by local attackers to
crash (NULL pointer dereference) the xkbcommon
parser by supplying a crafted keymap file, because
the XkbFile for an xkb_geometry section was
mishandled.
2018-
08-25
not
yet
calcul
ated
CVE-
2018-
15855
MISC(link
is external)
MISC
xkbcommon -- xkbcommon
An infinite loop when reaching EOL unexpectedly
in compose/parser.c (aka the keymap parser) in
xkbcommon before 0.8.1 could be used by local
attackers to cause a denial of service during
parsing of crafted keymap files.
2018-
08-25
not
yet
calcul
ated
CVE-
2018-
15856
MISC(link
is external)
MISC
xkbcommon -- xkbcommon
An invalid free in ExprAppendMultiKeysymList
in xkbcomp/ast-build.c in xkbcommon before
0.8.1 could be used by local attackers to crash
xkbcommon keymap parsers or possibly have
2018-
08-25
not
yet
calcul
ated
CVE-
2018-
15857
MISC(link
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
unspecified other impact by supplying a crafted
keymap file.
is external)
MISC
xkbcommon -- xkbcommon
Unchecked NULL pointer usage in
ExprResolveLhs in xkbcomp/expr.c in
xkbcommon before 0.8.2 could be used by local
attackers to crash (NULL pointer dereference) the
xkbcommon parser by supplying a crafted keymap
file that triggers an xkb_intern_atom failure.
2018-
08-25
not
yet
calcul
ated
CVE-
2018-
15861
MISC(link
is external)
MISC
xkbcommon -- xkbcommon
Unchecked NULL pointer usage in
resolve_keysym in xkbcomp/parser.y in
xkbcommon before 0.8.2 could be used by local
attackers to crash (NULL pointer dereference) the
xkbcommon parser by supplying a crafted keymap
file, because a map access attempt can occur for a
map that was never created.
2018-
08-25
not
yet
calcul
ated
CVE-
2018-
15864
MISC(link
is external)
MISC
xkbcommon -- xkbcommon
Unchecked NULL pointer usage in
ResolveStateAndPredicate in xkbcomp/compat.c
in xkbcommon before 0.8.2 could be used by local
attackers to crash (NULL pointer dereference) the
xkbcommon parser by supplying a crafted keymap
file with a no-op modmask expression.
2018-
08-25
not
yet
calcul
ated
CVE-
2018-
15863
MISC(link
is external)
MISC
xkbcommon -- xkbcommon
Unchecked NULL pointer usage in
LookupModMask in xkbcomp/expr.c in
xkbcommon before 0.8.2 could be used by local
attackers to crash (NULL pointer dereference) the
xkbcommon parser by supplying a crafted keymap
file with invalid virtual modifiers.
2018-
08-25
not
yet
calcul
ated
CVE-
2018-
15862
MISC(link
is external)
MISC
xkbcommon --
xkbcommon
Endless recursion exists in xkbcomp/expr.c in
xkbcommon and libxkbcommon before 0.8.1,
which could be used by local attackers to crash
xkbcommon users by supplying a crafted keymap
file that triggers boolean negation.
2018-
08-25
not
yet
calcul
ated
CVE-
2018-
15853
MISC(link
is external)
MISC
xkbcommon -- xkbcommon
Unchecked NULL pointer usage in xkbcommon
before 0.8.1 could be used by local attackers to
crash (NULL pointer dereference) the xkbcommon
parser by supplying a crafted keymap file, because
geometry tokens were desupported incorrectly.
2018-
08-25
not
yet
calcul
ated
CVE-
2018-
15854
MISC(link
is external)
MISC
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source &
Patch Info
yeswiki -- yeswiki
YesWiki version <= cercopitheque beta 1 contains
a PHP Object Injection vulnerability in
Unserialising user entered parameter in
i18n.inc.php that can result in execution of code,
disclosure of information.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000641
MISC(link
is external)
MISC(link
is external)
zutils -- zutils
zutils version prior to version 1.8-pre2 contains a
Buffer Overflow vulnerability in zcat that can
result in Potential denial of service or arbitrary
code execution. This attack appear to be
exploitable via the victim openning a crafted
compressed file. This vulnerability appears to have
been fixed in 1.8-pre2.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000637
CONFIRM
MLIST
zzcms -- zzcms
zzcms version 8.3 and earlier contains a SQL
Injection vulnerability in zt/top.php line 5 that can
result in could be attacked by sql injection in
zzcms in nginx. This attack appear to be
exploitable via running zzcms in nginx.
2018-
08-20
not
yet
calcul
ated
CVE-
2018-
1000653
MISC(link
is external)