vulnerability summary for the week of september 17, 2018 summary for the... · vulnerability...
TRANSCRIPT
Vulnerability Summary for the Week of September 17, 2018 The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by Ug-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of Ug-CERT analysis.
High Vulnerabilities
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch Info
There were no high vulnerabilities recorded this week.
Back to top
Medium Vulnerabilities
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch Info
There were no medium vulnerabilities recorded this week.
Back to top
Low Vulnerabilities
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch Info
There were no low vulnerabilities recorded this week.
Back to top
Severity Not Yet Assigned
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
accusoft -- prizmdoc
Accusoft PrizmDoc version 13.3 and earlier
contains a Stored Cross-Site Scripting issue
through a crafted PDF file.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
15546
CONFI
RM
MISC
apache -- camel
Apache Camel's Mail 2.20.0 through 2.20.3,
2.21.0 through 2.21.1 and 2.22.0 is vulnerable to
path traversal.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
8041
CONFI
RM
BID
CONFI
RM
apache -- karaf
In Apache Karaf prior to 4.2.0 release, if the
sshd service in Karaf is left on so an
administrator can manage the running instance,
any user with rights to the Karaf console can
pivot and read/write any file on the file system
to which the Karaf process user has access. This
can be locked down a bit by using chroot to
change the root directory to protect files outside
of the Karaf install directory; it can be further
locked down by defining a security manager
policy that limits file system access to those
directories beneath the Karaf home that are
necessary for the system to run. However, this
still allows anyone with ssh access to the Karaf
process to read and write a large number of files
as the Karaf process user.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11786
CONFI
RM
CONFI
RM
MLIST
apache -- karaf
In Apache Karaf version prior to 3.0.9, 4.0.9,
4.1.1, when the webconsole feature is installed
in Karaf, it is available at .../system/console and
requires authentication to access it. One part of
the console is a Gogo shell/console that gives
access to the command line console of Karaf via
a Web browser, and when navigated to it is
available at .../system/console/gogo. Trying to
go directly to that URL does require
authentication. And optional bundle that some
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11787
CONFI
RM
CONFI
RM
MLIST
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
applications use is the Pax Web Extender
Whiteboard, it is part of the pax-war feature and
perhaps others. When it is installed, the Gogo
console becomes available at another URL
.../gogo/, and that URL is not secured giving
access to the Karaf console to unauthenticated
users. A mitigation for the issue is to manually
stop/uninstall Gogo plugin bundle that is
installed with the webconsole feature, although
of course this removes the console from the
.../system/console application, not only from the
unauthenticated endpoint. One could also
stop/uninstall the Pax Web Extender
Whiteboard, but other components/applications
may require it and so their functionality would
be reduced/compromised.
apache -- mesos
Apache Mesos can be configured to require
authentication to call the Executor HTTP API
using JSON Web Token (JWT). In Apache
Mesos versions pre-1.4.2, 1.5.0, 1.5.1, 1.6.0 the
comparison of the generated HMAC value
against the provided signature in the JWT
implementation used is vulnerable to a timing
attack because instead of a constant-time string
comparison routine a standard `==` operator has
been used. A malicious actor can therefore abuse
the timing difference of when the JWT
validation function returns to reveal the correct
HMAC value.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
8023
MLIST
apache -- spamassassin
A potential Remote Code Execution bug exists
with the PDFInfo plugin in Apache
SpamAssassin before 3.4.2.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
11780
BID
MLIST
apache -- spamassassin
Apache SpamAssassin 3.4.2 fixes a local user
code injection in the meta rule syntax.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
11781
MLIST
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
apache -- spamassassin
A denial of service vulnerability was identified
that exists in Apache SpamAssassin before
3.4.2. The vulnerability arises with certain
unclosed tags in emails that cause markup to be
handled incorrectly leading to scan timeouts. In
Apache SpamAssassin, using HTML::Parser, we
setup an object and hook into the begin and end
tag event handlers In both cases, the "open"
event is immediately followed by a "close" event
- even if the tag *does not* close in the HTML
being parsed. Because of this, we are missing
the "text" event to deal with the object normally.
This can cause carefully crafted emails that
might take more scan time than expected leading
to a Denial of Service. The issue is possibly a
bug or design decision in HTML::Parser that
specifically impacts the way Apache
SpamAssassin uses the module with poorly
formed html. The exploit has been seen in the
wild but not believed to have been purposefully
part of a Denial of Service attempt. We are
concerned that there may be attempts to abuse
the vulnerability in the future.
2018-
09-17
not
yet
calcul
ated
CVE-
2017-
15705
BID
MLIST
apache -- tika
In Apache Tika 0.1 to 1.18, the XML parsers
were not configured to limit entity expansion.
They were therefore vulnerable to an entity
expansion vulnerability which can lead to a
denial of service attack.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
11761
MLIST
apache -- tika
In Apache Tika 0.9 to 1.18, in a rare edge case
where a user does not specify an extract
directory on the commandline (--extract-dir=)
and the input file has an embedded file with an
absolute path, such as "C:/evil.bat", tika-app
would overwrite that file.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
11762
MLIST
apache -- tika
In Apache Tika 1.2 to 1.18, a carefully crafted
file can trigger an infinite loop in the
IptcAnpaParser.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
8017
MLIST
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
artifex -- ghostscript
Artifex Ghostscript before 9.25 allowed a user-
writable error exception table, which could be
used by remote attackers able to supply crafted
PostScript to potentially overwrite or replace
error handlers to inject code.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
17183
MISC
MISC
asus -- gt-ac5300
blocking_request.cgi on ASUS GT-AC5300
devices through 3.0.0.4.384_32738 allows
remote attackers to cause a denial of service
(NULL pointer dereference and device crash)
via a request that lacks a timestap parameter.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
17127
MISC
atlassian -- fisheye_and_crucible
The administrative smart-commits resource in
Atlassian Fisheye and Crucible before version
4.5.4 allows remote attackers to modify smart-
commit settings via a Cross-site request forgery
(CSRF) vulnerability.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
13398
CONFI
RM
CONFI
RM
atlassian -- jira
The DEISER "Profields - Project Custom
Fields" app before 6.0.2 for Jira has Incorrect
Access Control.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
16281
CONFI
RM
audiofile -- audiofile
An issue has been discovered in mpruett Audio
File Library (aka audiofile) 0.3.6. A heap-based
buffer overflow in Expand3To4Module::run has
occurred when running sfconvert.
2018-
09-16
not
yet
calcul
ated
CVE-
2018-
17095
MISC
MISC
avaya --
aura_orchestration_designer
A CSRF vulnerability in the Runtime Config
component of Avaya Aura Orchestration
Designer could allow an attacker to add, change,
or remove administrative settings. Affected
versions of Avaya Aura Orchestration Designer
include all versions up to 7.2.1.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
15612
CONFI
RM
avaya --
aura_orchestration_designer
A cross-site scripting (XSS) vulnerability in the
Runtime Config component of Avaya Aura
Orchestration Designer could result in malicious
content being returned to the user. Affected
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
15613
CONFI
RM
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
versions of Avaya Aura Orchestration Designer
include all versions up to 7.2.1.
bitcoin_core -- bitcoin_core
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before
0.15.2, and 0.16.x before 0.16.3 and Bitcoin
Knots 0.14.x through 0.16.x before 0.16.3 allow
a remote denial of service (application crash)
exploitable by miners via duplicate input. An
attacker can make bitcoind or Bitcoin-Qt crash.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
17144
MISC
MISC
MISC
MISC
blackberry --
enterprise_mobility_server
A directory traversal vulnerability in the
Connect Service of the BlackBerry Enterprise
Mobility Server (BEMS) 2.8.17.29 and earlier
could allow an attacker to retrieve arbitrary files
in the context of a BEMS administrator account.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
8889
CONFI
RM
browserify-hmr -- browserify-hmr
An issue was discovered in Browserify-HMR.
Attackers are able to steal developer's code
because the origin of requests is not checked by
the WebSocket server, which is used for HMR
(Hot Module Replacement). Anyone can receive
the HMR message sent by the WebSocket server
via a ws://127.0.0.1:3123/ connection from any
origin.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
14730
MISC
MISC
bullguard -- safe_browsing
BullGuard Safe Browsing before 18.1.355.9
allows XSS on Google, Bing, and Yahoo! pages
via domains indexed in search results.
2018-
09-15
not
yet
calcul
ated
CVE-
2018-
17061
MISC
CONFI
RM
circontrol -- circarlife
An issue was discovered in CIRCONTROL
CirCarLife before 4.3. There is system software
information disclosure due to lack of
authentication for /html/device-id.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
16671
MISC
circontrol -- circarlife
An issue was discovered in CIRCONTROL
CirCarLife before 4.3. There is internal
installation path disclosure due to the lack of
authentication for /html/repository.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
16668
MISC
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
circontrol -- circarlife
An issue was discovered in CIRCONTROL
CirCarLife before 4.3. There is PLC status
disclosure due to lack of authentication for
/html/devstat.html.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
16670
MISC
circontrol --
open_charge_point_protocol
An issue was discovered in CIRCONTROL
Open Charge Point Protocol (OCPP) before
1.5.0, as used in CirCarLife, PowerStudio, and
other products. Due to storage of credentials in
XML files, an unprivileged user can look at
/services/config/config.xml for the admin
credentials of the ocpp and circarlife panels.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
16669
MISC
cloud_foundry_foundation --
container_runtime
Cloud Foundry Container Runtime (kubo-
release), versions prior to 0.14.0, may leak UAA
and vCenter credentials to application logs. A
malicious user with the ability to read the
application logs could use these credentials to
escalate privileges.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
1223
CONFI
RM
cloud_foundry_foundation --
garden-runc
Cloud Foundry Garden-runC release, versions
prior to 1.16.1, prevents deletion of some app
environments based on file attributes. A remote
authenticated malicious user may create and
delete apps with crafted file attributes to cause a
denial of service for new app instances or
scaling up of existing apps.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11084
CONFI
RM
cscms -- cscms
CScms 4.1 allows arbitrary directory deletion
via a dir=..\\ substring to
plugins\sys\admin\Plugins.php.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
17125
MISC
MISC
cscms -- cscms
CScms 4.1 allows remote code execution, as
demonstrated by 1');eval($_POST[cmd]);# in
Web Name to upload\plugins\sys\Install.php.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
17126
MISC
MISC
cuppacms -- cuppacms
Stored XSS exists in CuppaCMS through 2018-
09-03 via an
administrator/#/component/table_manager/view/
cu_menus section name.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
17300
MISC
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
dedecms -- dedecms
DedeCMS 5.7 SP2 allows XML injection, and
resultant remote code execution, via a "<file
type='file' name='../" substring.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
16784
MISC
dedecms -- dedecms
DedeCMS 5.7 SP2 allows XSS via an
onhashchange attribute in the msg parameter to
/plus/feedback_ajax.php.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
16786
MISC
dedecms -- dedecms
XML injection vulnerability exists in the file of
DedeCMS V5.7 SP2 version, which can be
utilized by attackers to create script file to obtain
webshell
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
16785
MISC
dell_emc -- isilon_onefs
Dell EMC Isilon OneFS versions 7.1.1.x,
7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior
to 8.1.2 and Dell EMC IsilonSD Edge versions
8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2
contain a remote process crash vulnerability. An
unauthenticated remote attacker may potentially
exploit this vulnerability to crash the isi_drive_d
process by sending specially crafted input data
to the affected system. This process will then be
restarted.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11071
FULLD
ISC
donlinkage -- donlinkage
An issue was discovered in DonLinkage 6.6.8. It
allows remote attackers to obtain potentially
sensitive information via a direct request for
files/temporary.txt.
2018-
09-16
not
yet
calcul
ated
CVE-
2018-
17091
MISC
donlinkage -- donlinkage
An issue was discovered in DonLinkage 6.6.8.
The modules /pages/bazy/bazy_adresow.php and
/pages/proxy/add.php are vulnerable to stored
XSS that can be triggered by closing <textarea>
followed by <script></script> tags.
2018-
09-16
not
yet
calcul
ated
CVE-
2018-
17090
MISC
donlinkage -- donlinkage
An issue was discovered in DonLinkage 6.6.8.
SQL injection in /pages/proxy/php.php and
/pages/proxy/add.php can be exploited via
specially crafted input, allowing an attacker to
obtain information from a database. The
vulnerability can only be triggered by an
authorized user.
2018-
09-16
not
yet
calcul
ated
CVE-
2018-
17092
MISC
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
easycms -- easycms
App/Modules/Admin/Tpl/default/Public/dwz/upl
oadify/scripts/uploadify.swf in EasyCMS 1.5
has XSS via the uploadifyID or movieName
parameter, a related issue to CVE-2018-9173.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
17113
MISC
elastic -- elastic_cloud_enterprise
In Elastic Cloud Enterprise (ECE) versions prior
to 1.1.4 a default master encryption key is used
in the process of granting ZooKeeper access to
Elasticsearch clusters. Unless explicitly
overwritten, this master key is predictable across
all ECE deployments. If an attacker can connect
to ZooKeeper directly they would be able to
access configuration information of other tenants
if their cluster ID is known.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
3825
CONFI
RM
CONFI
RM
elastic -- elastic_cloud_enterprise
Elastic Cloud Enterprise (ECE) versions prior to
1.1.4 contain an information exposure
vulnerability. It was discovered that certain
exception conditions would result in encryption
keys, passwords, and other security sensitive
headers being leaked to the allocator logs. An
attacker with access to the logging cluster may
obtain leaked credentials and perform
authenticated actions using these credentials.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
3828
CONFI
RM
CONFI
RM
elastic -- elastic_cloud_enterprise
In Elastic Cloud Enterprise (ECE) versions prior
to 1.1.4 it was discovered that a user could scale
out allocators on new hosts with an invalid roles
token. An attacker with access to the previous
runner ID and IP address of the coordinator-host
could add a allocator to an existing ECE install
to gain access to other clusters data.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
3829
CONFI
RM
CONFI
RM
elastic --
elasticsearch_alerting_and_monit
oring
Elasticsearch Alerting and Monitoring in
versions before 6.4.1 or 5.6.12 have an
information disclosure issue when secrets are
configured via the API. The Elasticsearch
_cluster/settings API, when queried, could leak
sensitive configuration information such as
passwords, tokens, or usernames. This could
allow an authenticated Elasticsearch user to
improperly view these details.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
3831
CONFI
RM
CONFI
RM
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
elastic -- elasticsearch_repository-
azure
A sensitive data disclosure flaw was found in the
Elasticsearch repository-azure (formerly
elasticsearch-cloud-azure) plugin. When the
repository-azure plugin is set to log at TRACE
level Azure credentials can be inadvertently
logged.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
3827
CONFI
RM
CONFI
RM
elastic -- elasticsearch
In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a
disclosure flaw was found in the _snapshot API.
When the access_key and security_key
parameters are set using the _snapshot API they
can be exposed as plain text by users able to
query the _snapshot API.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
3826
CONFI
RM
CONFI
RM
elastic -- x-
pack_machine_learning
X-Pack Machine Learning versions before 6.2.4
and 5.6.9 had a cross-site scripting (XSS)
vulnerability. Users with manage_ml
permissions could create jobs containing
malicious data as part of their configuration that
could allow the attacker to obtain sensitive
information from or perform destructive actions
on behalf of other ML users viewing the results
of the jobs.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
3823
CONFI
RM
CONFI
RM
elastic -- x-
pack_machine_learning
X-Pack Machine Learning versions before 6.2.4
and 5.6.9 had a cross-site scripting (XSS)
vulnerability. If an attacker is able to inject data
into an index that has a ML job running against
it, then when another user views the results of
the ML job it could allow the attacker to obtain
sensitive information from or perform
destructive actions on behalf of that other ML
user.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
3824
CONFI
RM
CONFI
RM
enalean -- tuleap
An issue was discovered in Enalean Tuleap
before 10.5. Reset password links are not
invalidated after a user changes its password.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
17298
MISC
MISC
MISC
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
espocrm -- espocrm
Stored XSS exists in views/fields/wysiwyg.js in
EspoCRM 5.3.6 via a /#Email/view saved draft
message.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
17302
MISC
espocrm -- espocrm
Reflected XSS exists in
client/res/templates/global-search/name-field.tpl
in EspoCRM 5.3.6 via /#Account in the search
panel.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
17301
MISC
ethereum -- coinlancer_token
The onlyOwner modifier of a smart contract
implementation for Coinlancer (CL), an
Ethereum ERC20 token, has a potential access
control vulnerability. All contract users can
access functions that use this onlyOwner
modifier, because the comparison between
msg.sender and owner is incorrect.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
17111
MISC
ethereum -- minttoken_token
In the mintToken function of a smart contract
implementation for Substratum (SUB), an
Ethereum ERC20 token, the administrator can
control mintedAmount, leverage an integer
overflow, and modify a user account's balance
arbitrarily.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
12511
MISC
ethereum -- minttoken_token
The mintToken function of a smart contract
implementation for PolyAi (AI), an Ethereum
token, has an integer overflow that allows the
owner of the contract to set the balance of an
arbitrary user to any value.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
17050
MISC
exiv2 -- exiv2
Exiv2::ul2Data in types.cpp in Exiv2 v0.26
allows remote attackers to cause a denial of
service (heap-based buffer overflow) via a
crafted image file.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
17230
MISC
exiv2 -- exiv2
An issue was discovered in Exiv2 v0.26. The
function Exiv2::DataValue::copy in value.cpp
has a NULL pointer dereference.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
17282
MISC
exiv2 -- exiv2 Exiv2::d2Data in types.cpp in Exiv2 v0.26
allows remote attackers to cause a denial of
2018-
09-19 not
yet
CVE-
2018-
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
service (heap-based buffer overflow) via a
crafted image file.
calcul
ated
17229
MISC
foreman -- foreman
An authentication bypass flaw was found in the
smart_proxy_dynflow component used by
Foreman. A malicious attacker can use this flaw
to remotely execute arbitrary commands on
machines managed by vulnerable Foreman
instances, in a highly privileged context.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
14643
BID
REDH
AT
CONFI
RM
CONFI
RM
foscam -- c1_indoor_hd_camera
An exploitable buffer overflow vulnerability
exists in the Multi-Camera interface used by the
Foscam C1 Indoor HD Camera running
application firmware 2.52.2.43. A specially
crafted request on port 10000 can cause a buffer
overflow resulting in overwriting arbitrary data.
2018-
09-19
not
yet
calcul
ated
CVE-
2017-
2875
MISC
foscam -- c1_indoor_hd_camera
An exploitable buffer overflow vulnerability
exists in the DDNS client used by the Foscam
C1 Indoor HD Camera running application
firmware 2.52.2.43. On devices with DDNS
enabled, an attacker who is able to intercept
HTTP connections will be able to fully
compromise the device by creating a rogue
HTTP server.
2018-
09-17
not
yet
calcul
ated
CVE-
2017-
2856
MISC
foscam -- c1_indoor_hd_camera
An exploitable command injection vulnerability
exists in the web management interface used by
the Foscam C1 Indoor HD Camera running
application firmware 2.52.2.43. A specially
crafted HTTP request can allow for a user to
inject arbitrary shell characters during the
SoftAP configuration resulting in command
injection. An attacker can simply send an HTTP
request to the device to trigger this vulnerability.
2018-
09-19
not
yet
calcul
ated
CVE-
2017-
2873
MISC
foscam -- c1_indoor_hd_camera
An exploitable buffer overflow vulnerability
exists in the Multi-Camera interface used by the
Foscam C1 Indoor HD Camera running
application firmware 2.52.2.43. A specially
2018-
09-19 not
yet
CVE-
2017-
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
crafted request on port 10000 can cause a buffer
overflow resulting in overwriting arbitrary data.
calcul
ated
2876
MISC
foscam -- c1_indoor_hd_camera
An information disclosure vulnerability exists in
the Multi-Camera interface used by the Foscam
C1 Indoor HD Camera running application
firmware 2.52.2.43. A specially crafted request
on port 10001 can allow for a user to retrieve
sensitive information without authentication.
2018-
09-17
not
yet
calcul
ated
CVE-
2017-
2874
MISC
foscam -- c1_indoor_hd_camera
Insufficient security checks exist in the recovery
procedure used by the Foscam C1 Indoor HD
Camera running application firmware 2.52.2.43.
A HTTP request can allow for a user to perform
a firmware upgrade using a crafted image.
Before any firmware upgrades in this image are
flashed to the device, binaries as well as
arguments to shell commands contained in the
image are executed with elevated privileges.
2018-
09-17
not
yet
calcul
ated
CVE-
2017-
2872
MISC
foscam -- c1_indoor_hd_camera
A missing error check exists in the Multi-
Camera interface used by the Foscam C1 Indoor
HD Camera running application firmware
2.52.2.43. A specially crafted request on port
10001 could allow an attacker to reset the user
accounts to factory defaults, without
authentication.
2018-
09-19
not
yet
calcul
ated
CVE-
2017-
2877
MISC
foscam -- c1_indoor_hd_camera
An exploitable buffer overflow vulnerability
exists in the DDNS client used by the Foscam
C1 Indoor HD Camera running application
firmware 2.52.2.43. On devices with DDNS
enabled, an attacker who is able to intercept
HTTP connections will be able to fully
compromise the device by creating a rogue
HTTP server.
2018-
09-19
not
yet
calcul
ated
CVE-
2017-
2855
MISC
foscam -- c1_indoor_hd_camera
An exploitable buffer overflow vulnerability
exists in the UPnP implementation used by the
Foscam C1 Indoor HD Camera running
application firmware 2.52.2.43. A specially
crafted UPnP discovery response can cause a
buffer overflow resulting in overwriting
arbitrary data. An attacker needs to be in the
2018-
09-19
not
yet
calcul
ated
CVE-
2017-
2879
MISC
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
same subnetwork and reply to a discovery
message to trigger this vulnerability.
foscam -- c1_indoor_hd_camera
An exploitable buffer overflow vulnerability
exists in the DDNS client used by the Foscam
C1 Indoor HD Camera running application
firmware 2.52.2.43. On devices with DDNS
enabled, an attacker who is able to intercept
HTTP connections will be able to fully
compromise the device by creating a rogue
HTTP server.
2018-
09-17
not
yet
calcul
ated
CVE-
2017-
2857
MISC
foscam -- c1_indoor_hd_camera
An exploitable buffer overflow vulnerability
exists in the web management interface used by
the Foscam C1 Indoor HD Camera running
application firmware 2.52.2.43. A specially
crafted HTTP request can cause a buffer
overflow resulting in overwriting arbitrary data.
An attacker can simply send an HTTP request to
the device to trigger this vulnerability.
2018-
09-19
not
yet
calcul
ated
CVE-
2017-
2878
MISC
foscam -- c1_indoor_hd_camera
An exploitable buffer overflow vulnerability
exists in the DDNS client used by the Foscam
C1 Indoor HD Camera running application
firmware 2.52.2.43. On devices with DDNS
enabled, an attacker who is able to intercept
HTTP connections will be able to fully
compromise the device by creating a rogue
HTTP server.
2018-
09-17
not
yet
calcul
ated
CVE-
2017-
2854
MISC
gitolite -- gitolite
gitolite before commit fa06a34 might allow
local users to read arbitrary files in repositories
via vectors related to the user umask when
running gitolite setup.
2018-
09-21
not
yet
calcul
ated
CVE-
2013-
7203
CONFI
RM
FEDOR
A
MLIST
gitolite -- gitolite
gitolite commit fa06a34 through 3.5.3 might
allow attackers to have unspecified impact via
vectors involving world-writable permissions
when creating (1) ~/.gitolite.rc, (2) ~/.gitolite, or
2018-
09-21
not
yet
calcul
ated
CVE-
2013-
4451
CONFI
RM
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
(3) ~/repositories/gitolite-admin.git on fresh
installs.
CONFI
RM
MLIST
BID
golang -- go
The html package (aka x/net/html) through
2018-09-17 in Go mishandles
<template><tBody><isindex/action=0>, leading
to a "panic: runtime error" in inBodyIM in
parse.go during an html.Parse call.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
17143
MISC
golang -- go
The html package (aka x/net/html) through
2018-09-17 in Go mishandles
<math><template><mo><template>, leading to
a "panic: runtime error" in parseCurrentToken in
parse.go during an html.Parse call.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
17142
MISC
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, lack of length validation
check for value received from firmware can lead
to buffer overflow in WMA handler.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11869
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, during wlan association,
driver allocates memory. In case the mem
allocation fails driver does a mem free though
the memory was not allocated.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11842
CONFI
RM
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, lack of check while
calculating the MPDU data length will cause an
integer overflow and then to buffer overflow in
WLAN function.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
11886
CONFI
RM
CONFI
RM
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, lack of check on the
length of array while accessing can lead to an
out of bound read in WLAN HOST function.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
11891
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, a buffer over-read can
occur In the WMA NDP event handler functions
due to lack of validation of input value
event_info which is received from FW.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11297
CONFI
RM
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, while processing diag
event after associating to a network out of
bounds read occurs if ssid of the network joined
is greater than max limit.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
11897
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, LUT configuration is
passed down to driver from userspace via ioctl.
Simultaneous update from userspace while
kernel drivers are updating LUT registers can
lead to race condition.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11818
CONFI
RM
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, while processing start bss
request from upper layer, out of bounds read
occurs if ssid length is greater than maximum.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
11898
CONFI
RM
CONFI
RM
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, WLAN handler
indication from the firmware gets the
information for 4 access categories. While
processing this information only the first 3 AC
information is copied due to the improper
conditional logic used to compare with the max
number of categories.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11294
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, in policy mgr unit test if
mode parameter in wlan function is given an out
of bound value it can cause an out of bound
access while accessing the PCL table.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
11883
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, while processing the
function for writing device values into flash,
uninitialized memory can be written to flash.
2018-
09-18
not
yet
calcul
ated
CVE-
2017-
15844
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, lack of length validation
check for value received from firmware can lead
to OOB access in WLAN HOST.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
11902
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, lack of check of input
received from userspace before copying into
buffer can lead to potential array overflow in
WLAN.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11302
CONFI
RM
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, callback executed from
the other thread has freed memory which is also
used in wlan function and may result in to a
"Use after free" scenario.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11300
CONFI
RM
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, in
wma_ndp_confirm_event_handler and
wma_ndp_indication_event_handler, ndp_cfg
len and num_ndp_app_info is from fw. If they
are not checked, it may cause buffer over-read
once the value is too large.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11293
CONFI
RM
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, improper length check
Validation in WLAN function can lead to driver
writes the default rsn capabilities to the memory
not allocated to the frame.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
11895
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, when requesting rssi
timeout, access invalid memory may occur since
local variable 'context' stack data of wlan
function is free.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
11889
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, lack of input size
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11832
CONFI
RM
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
validation before copying to buffer in PMIC
function can lead to heap overflow.
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, possibility of invalid
memory access while processing driver
command in WLAN function.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
11878
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, lack of length validation
check for value received from firmware can lead
to buffer overflow in nan response event
handler.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11868
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, while processing
preferred network offload scan results integer
overflow may lead to buffer overflow when
large frame length is received from FW.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
11894
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, improper check In the
WMA API for the inputs received from the
firmware and then fills the same to the host
structure will lead to OOB write.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11852
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, lack of length validation
check for value received from caller function
used as an array index for WMA interfaces can
lead to OOB write in WLAN HOST.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
11903
CONFI
RM
CONFI
RM
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, while processing vendor
scan request, when input argument - length of
request IEs is greater than maximum can lead to
a buffer overflow.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
11893
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, lack of check on buffer
length while processing debug log event from
firmware can lead to an integer overflow.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11301
CONFI
RM
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, while accessing the
keystore in LK, an integer overflow
vulnerability exists which may potentially lead
to a buffer overflow.
2018-
09-18
not
yet
calcul
ated
CVE-
2017-
15828
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, lack fo check on return
value in WMA response handler can lead to
potential use after free.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11843
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, asynchronous callbacks
received a pointer to a callers local variable.
Should the caller return early (e.g., timeout), the
callback will dereference an invalid pointer.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
11904
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, while processing a gpt
update, an out of bounds memory access may
potentially occur.
2018-
09-18
not
yet
calcul
ated
CVE-
2017-
15825
CONFI
RM
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, lack of check on input
received to calculate the buffer length can lead
to out of bound write to kernel stack.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11851
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, a potential buffer over
flow could occur while processing the ndp event
due to lack of check on the message length.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11860
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, WMA handler carries a
fixed event data from the firmware to the host .
If the length and anqp length from this event
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11295
CONFI
RM
CONFI
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
data exceeds the max length, an OOB write
would happen.
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, improper validation of
array index in WMA roam synchronization
handler can lead to OOB write.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11827
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, when WLAN FW has not
filled the vdev id correctly in stats events then
WLAN host driver tries to access interface array
without proper bound check which can lead to
invalid memory access and as a side effect
kernel panic or page fault.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11299
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, while processing a
message from firmware in WLAN handler, a
buffer overwrite can occur.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11296
CONFI
RM
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, while processing the
WLAN driver command ioctl a temporary buffer
used to construct the reply message may be
freed twice.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11840
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, improper length check
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11836
CONFI
RM
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
can lead to out-of-bounds access in WLAN
function.
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, lack of check of input
received from firmware to calculate the length of
WMA roam synch buffer can lead to buffer
overwrite during memcpy.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11863
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, lack of check on integer
overflow while calculating memory can lead to
Buffer overflow in WLAN ext scan handler.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11826
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, memory allocated with
devm_kzalloc is automatically released by the
kernel if the probe function fails with an error
code. This may result in data corruption.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11270
CONFI
RM
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, while relocating kernel
images with a specially crafted boot image, an
out of bounds access can occur.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
3573
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, 'voice_svc_dev' is
allocated as a device-managed resource. If error
'cdev_alloc_err' occurs, 'device_destroy' will
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11273
CONFI
RM
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
free all associated resources, including
'voice_svc_dev' leading to a double free.
CONFI
RM
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, possible buffer overflow
while incrementing the log_buf of type uint64_t
in memcpy function, since the log_buf pointer
can access the memory beyond the size to store
the data after pointer increment.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11265
CONFI
RM
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, while processing user-
space there is no size validation of the NAT
entry input. If the user input size of the NAT
entry is greater than the max allowed size,
memory exhaustion will occur.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11280
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, while accessing global
variable "debug_client" in multi-thread manner,
Use after free issue occurs
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11286
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, userspace can request
ION cache maintenance on a secure ION buffer
for which the ION_FLAG_SECURE ion flag is
not set and cause the kernel to attempt to
perform cache maintenance on memory which
does not belong to HLOS.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
3574
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, while processing
SET_PASSPOINT_LIST vendor command
HDD does not make sure that the realm string
that gets passed by upper-layer is NULL
terminated. This may lead to buffer overflow as
strlen is used to get realm string length to
construct the PASSPOINT WMA command.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11298
CONFI
RM
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, buffer overflow may
occur when payload size is extremely large.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11274
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, while loading a user
application in qseecom, an integer overflow
could potentially occur if the application
partition size is rounded up to page_size.
2018-
09-18
not
yet
calcul
ated
CVE-
2017-
15818
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, when flashing image
using FastbootLib if size is not divisible by
block size, information leak occurs.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11275
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, a race condition while
accessing num of clients in DIAG services can
lead to out of boundary access.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
5905
CONFI
RM
CONFI
RM
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, Venus HW searches for
start code when decoding input bit stream
buffers. If start code is not found in entire buffer,
there is over-fetch beyond allocation length.
This leads to page fault.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11278
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, double free of memory
allocation is possible in Kernel when it explicitly
tries to free that memory on driver probe failure,
since memory allocated is automatically freed
on probe.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11276
CONFI
RM
CONFI
RM
CONFI
RM
google -- android
In all android releases (Android for MSM,
Firefox OS for MSM, QRD Android) from CAF
using the linux kernel, while calling
IPA_IOC_MDFY_RT_RULE IPA IOCTL,
header entry is not checked before use. If
IPA_IOC_MDFY_RT_RULE IOCTL called for
header entries formerly deleted, a Use after free
condition will occur.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
11281
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
haproxy -- hpack_decoder
A flaw was discovered in the HPACK decoder
of HAProxy, before 1.8.14, that is used for
HTTP/2. An out-of-bounds read access in
hpack_valid_idx() resulted in a remote crash and
denial of service.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
14645
CONFI
RM
MLIST
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
hdf -- hdf5
A SIGFPE signal is raised in the function
H5D__chunk_set_info_real() of H5Dchunk.c in
the HDF HDF5 1.10.3 library during an
attempted parse of a crafted HDF file, because
of incorrect protection against division by zero.
This issue is different from CVE-2018-11207.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
17237
MISC
hdf -- hdf5
Memory leak in the H5O__chunk_deserialize()
function in H5Ocache.c in the HDF HDF5
through 1.10.3 library allows attackers to cause a
denial of service (memory consumption) via a
crafted HDF5 file.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
17234
MISC
hdf -- hdf5
A SIGFPE signal is raised in the function
H5D__create_chunk_file_map_hyper() of
H5Dchunk.c in the HDF HDF5 through 1.10.3
library during an attempted parse of a crafted
HDF file, because of incorrect protection against
division by zero. It could allow a remote denial
of service attack.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
17233
MISC
huawei -- mate10_smartphones
Huawei smartphones Mate10 with versions
earlier before ALP-AL00B 8.0.0.110(C00) have
a Factory Reset Protection (FRP) bypass
vulnerability. The system does not sufficiently
verify the permission, an attacker uses a data
cable to connect the smartphone to the computer
and then perform some specific operations.
Successful exploit could allow the attacker
bypass the FRP protection to access the system
setting page.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
7991
CONFI
RM
huawei -- mate_rs_smartphones
Huawei Mate RS smartphones with the versions
before NEO-AL00D 8.1.0.167(C786) have a
lock-screen bypass vulnerability. An attacker
could unlock and use the phone through certain
operations.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
7929
CONFI
RM
hutool -- hutool
The unzip function in ZipUtil.java in Hutool
before 4.1.12 allows remote attackers to
overwrite arbitrary files via directory traversal
sequences in a filename within a ZIP archive.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
17297
MISC
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
hylafax -- fax_software
HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow
remote attackers to execute arbitrary code via a
dial-in session that provides a FAX page with
the JPEG bit enabled, which is mishandled in
FaxModem::writeECMData() in the
faxd/CopyQuality.c++ file.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
17141
CONFI
RM
MLIST
MLIST
BUGT
RAQ
DEBIA
N
MISC
ibm -- business_process_manager
IBM Business Process Manager 8.5 through 8.6
and 18.0.0.0 through 18.0.0.1 are vulnerable to
SQL injection. A remote attacker could send
specially-crafted SQL statements, which could
allow the attacker to view, add, modify or delete
information in the back-end database. IBM X-
Force ID: 145109.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
1674
XF
CONFI
RM
ibm --
db2_for_linux_and_unix_and_win
dows
IBM DB2 for Linux, UNIX and Windows
(includes DB2 Connect Server) 9.7, 10.1, 10.5,
and 11.1 contains a vulnerability in db2cacpy
that could allow a local user to read any file on
the system. IBM X-Force ID: 145502.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
1685
SECTR
ACK
XF
CONFI
RM
ibm --
db2_for_linux_and_unix_and_win
dows
IBM DB2 for Linux, UNIX and Windows
(includes DB2 Connect Server) 10.1, 10.5, and
11.1 tool db2licm is affected by buffer overflow
vulnerability that can potentially result in
arbitrary code execution. IBM X-Force ID:
146364.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
1710
XF
CONFI
RM
ibm --
db2_for_linux_and_unix_and_win
dows
IBM DB2 for Linux, UNIX and Windows
(includes DB2 Connect Server) 9.7, 10.1, 10.5,
and 11.1 could allow a local user to to gain
privileges due to allowing modificaiton of
columns of existing tasks. IBM X-Force ID:
146369.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
1711
XF
CONFI
RM
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
ibm -- gpfs
IBM GPFS (IBM Spectrum Scale 5.0.1.0 and
5.0.1.1) allows a local, unprivileged user to
cause a kernel panic on a node running GPFS by
accessing a file that is stored on a GPFS file
system with mmap, or by executing a crafted file
stored on a GPFS file system. IBM X-Force ID:
148805.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
1782
XF
CONFI
RM
ibm -- sterling_b2b_integrator
IBM Sterling B2B Integrator Standard Edition
5.2.6.0 and 6.2.6.1 could allow a local user to
obtain highly sensitive information during a
short time period when installation is occuring.
IBM X-Force ID: 149607.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
1800
XF
CONFI
RM
ibm -- tivoli_monitoring
IBM Tivoli Monitoring 6.2.3 through 6.2.3.5
and 6.3.0 through 6.3.0.7 are vulnerable to both
TEPS user privilege escalation and possible
denial of service due to unconstrained memory
growth. IBM X-Force ID: 137039.
2018-
09-19
not
yet
calcul
ated
CVE-
2017-
1794
XF
CONFI
RM
iceni -- argus
An exploitable heap overflow vulnerability
exists in the ipStringCreate function of Iceni
Argus Version 6.6.05. A specially crafted pdf
file can cause an integer overflow resulting in
heap overflow. An attacker can send file to
trigger this vulnerability.
2018-
09-17
not
yet
calcul
ated
CVE-
2017-
2777
MISC
insteon -- insteon_hub
An exploitable information leak vulnerability
exists in Insteon Hub running firmware version
1012. The HTTP server implementation
incorrectly checks the number of GET
parameters supplied, leading to an arbitrarily
controlled information leak on the whole device
memory. An attacker can send an authenticated
HTTP request to trigger this vulnerability.
2018-
09-17
not
yet
calcul
ated
CVE-
2017-
14443
MISC
intel -- core_processor
Platform sample code firmware in 4th
Generation Intel Core Processor, 5th Generation
Intel Core Processor, 6th Generation Intel Core
Processor, 7th Generation Intel Core Processor
and 8th Generation Intel Core Processor
contains a logic error which may allow physical
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
12169
CONFI
RM
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
attacker to potentially bypass firmware
authentication.
jhead -- jhead
The ProcessGpsInfo function of the gpsinfo.c
file of jhead 3.00 may allow a remote attacker to
cause a denial-of-service attack or unspecified
other impact via a malicious JPEG file, because
there is an integer overflow during a check for
whether a location exceeds the EXIF data
length. This is analogous to the CVE-2016-3822
integer overflow in exif.c. This gpsinfo.c
vulnerability is unrelated to the CVE-2018-
16554 gpsinfo.c vulnerability.
2018-
09-16
not
yet
calcul
ated
CVE-
2018-
17088
MISC
joomla! -- joomla!
The JCK Editor component 6.4.4 for Joomla!
allows SQL Injection via the
jtreelink/dialogs/links.php parent parameter.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
17254
EXPLO
IT-DB
joomla! -- joomla!
The CWJoomla CW Article Attachments PRO
extension before 2.0.7 and CW Article
Attachments FREE extension before 1.0.6 for
Joomla! allow SQL Injection within
download.php.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
14592
CONFI
RM
kibana -- kibana
Kibana versions 5.3.0 to 6.4.1 had a cross-site
scripting (XSS) vulnerability via the source field
formatter that could allow an attacker to obtain
sensitive information from or perform
destructive actions on behalf of other Kibana
users.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
3830
CONFI
RM
CONFI
RM
lg -- supersign_cms
LG SuperSign CMS allows remote attackers to
execute arbitrary code via the sourceUri
parameter to qsr_server/device/getThumbnail.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
17173
MISC
lg -- supersign_cms
LG SuperSign CMS allows reading of arbitrary
files via signEzUI/playlist/edit/upload/..%2f
URIs.
2018-
09-14
not
yet
calcul
ated
CVE-
2018-
16288
MISC
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
EXPLO
IT-DB
liblouis -- liblouis
The matchCurrentInput function inside
lou_translateString.c of Liblouis prior to 3.7
does not check the input string's length, allowing
attackers to cause a denial of service (application
crash via out-of-bounds read) by crafting an
input file with certain translation dictionaries.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
17294
MISC
MISC
libmp4v2 -- libmp4v2
The function
mp4v2::impl::MP4Track::FinishSdtp() in
mp4track.cpp in libmp4v2 2.1.0 mishandles
compatibleBrand while processing a crafted mp4
file, which leads to a heap-based buffer over-
read, causing denial of service.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
17235
MISC
libmp4v2 -- libmp4v2
The function MP4Free() in mp4property.cpp in
libmp4v2 2.1.0 internally calls free() on a
invalid pointer, raising a SIGABRT signal.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
17236
MISC
libsvg2 -- libsvg2
An issue was discovered in libsvg2 through
2012-10-19. The svgGetNextPathField function
in svg_string.c returns its input pointer in certain
circumstances, which might result in a memory
leak caused by wasteful malloc calls.
2018-
09-22
not
yet
calcul
ated
CVE-
2018-
17332
MISC
libsvg2 -- libsvg2
An issue was discovered in libsvg2 through
2012-10-19. A stack-based buffer overflow in
the svgGetNextPathField function in
svg_string.c allows remote attackers to cause a
denial of service (application crash) or possibly
have unspecified other impact because a strncpy
copy limit is miscalculated.
2018-
09-22
not
yet
calcul
ated
CVE-
2018-
17334
MISC
libsvg2 -- libsvg2
An issue was discovered in libsvg2 through
2012-10-19. A stack-based buffer overflow in
svgStringToLength in svg_types.c allows remote
attackers to cause a denial of service (application
crash) or possibly have unspecified other impact
because sscanf is misused.
2018-
09-22
not
yet
calcul
ated
CVE-
2018-
17333
MISC
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
libtiff -- libtiff
An issue was discovered in LibTIFF 4.0.9.
There are two out-of-bounds writes in cpTags in
tools/tiff2bw.c and tools/pal2rgb.c, which can
cause a denial of service (application crash) or
possibly have unspecified other impact via a
crafted image file.
2018-
09-16
not
yet
calcul
ated
CVE-
2018-
17101
MISC
BID
MISC
libtiff -- libtiff
An issue was discovered in LibTIFF 4.0.9.
There is a int32 overflow in multiply_ms in
tools/ppm2tiff.c, which can cause a denial of
service (crash) or possibly have unspecified
other impact via a crafted image file.
2018-
09-16
not
yet
calcul
ated
CVE-
2018-
17100
MISC
MISC
limesurvey -- limesurvey
In LimeSurvey 3.14.7, HTML Injection and
Stored XSS have been discovered in the
appendix via the surveyls_title parameter to
/index.php?r=admin/survey/sa/insert.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
17003
MISC
link-net -- lw-n605r_devices
LINK-NET LW-N605R devices with firmware
12.20.2.1486 allow Remote Code Execution via
shell metacharacters in the HOST field of the
ping feature at adm/systools.asp. Authentication
is needed but the default password of admin for
the admin account may be used in some cases.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
16752
MISC
EXPLO
IT-DB
linksys -- velop
Linksys Velop 1.1.2.187020 devices allow
unauthenticated command injection, providing
an attacker with full root access, via cgi-
bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that
can be discovered with binwalk on the firmware,
but are not visible in the web interface). This
occurs because shell metacharacters in the query
string are mishandled by ShellExecute, as
demonstrated by the
zbtest.cgi?cmd=level&level= substring. This can
also be exploited via CSRF.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
17208
MISC
linux -- kernel
An issue was discovered in the Linux kernel
through 4.18.8. The vmacache_flush_all
function in mm/vmacache.c mishandles
sequence number overflows. An attacker can
trigger a use-after-free (and possibly gain
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
17182
MISC
MISC
MISC
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
privileges) via certain thread creation, map,
unmap, invalidation, and dereference operations.
linux -- kernel
An issue was discovered in the Linux kernel
through 4.18.6. Incorrect access checking in
overlayfs mounts could be used by local
attackers to modify or truncate files in the
underlying filesystem.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
16597
CONFI
RM
CONFI
RM
linux -- kernel
A security flaw was found in the
ip_frag_reasm() function in
net/ipv4/ip_fragment.c in the Linux kernel from
4.19-rc1 to 4.19-rc3 inclusive, which can cause a
later system crash in ip_do_fragment(). With
certain non-default, but non-rare, configuration
of a victim host, an attacker can trigger this
crash remotely, thus leading to a remote denial-
of-service.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
14641
CONFI
RM
CONFI
RM
MLIST
lucky9io -- lucky9io
The fallback function of a simple lottery smart
contract implementation for Lucky9io, an
Ethereum gambling game, generates a random
value with the publicly readable variable
entry_number. This variable is private, yet it is
readable by eth.getStorageAt function. Also,
attackers can purchase a ticket at a low price by
directly calling the fallback function with small
msg.value, because the developer set the
currency unit incorrectly. Therefore, it allows
attackers to always win and get rewards.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
17071
MISC
matrix -- synapse
Matrix Synapse before 0.33.3.1 allows remote
attackers to spoof events and possibly have
unspecified other impacts by leveraging
improper transaction and event signature
validation.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
16515
CONFI
RM
FEDOR
A
CONFI
RM
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
mcafee --
application_and_change_control
Bypassing password security vulnerability in
McAfee Application and Change Control
(MACC) 7.0.1 and 6.2.0 allows authenticated
users to perform arbitrary command execution
via a command-line utility.
2018-
09-18
not
yet
calcul
ated
CVE-
2017-
3912
BID
CONFI
RM
mcafee --
application_and_change_control
Accessing, modifying, or executing executable
files vulnerability in Microsoft Windows client
in McAfee Application and Change Control
(MACC) 8.0.0 Hotfix 4 and earlier allows
authenticated users to execute arbitrary code via
file transfer from external system.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
6690
CONFI
RM
mcafee --
endpoint_security_for_linux_threa
t_prevention
An unprivileged user can delete arbitrary files on
a Linux system running ENSLTP 10.5.1, 10.5.0,
and 10.2.3 Hotfix 1246778 and earlier. By
exploiting a time of check to time of use
(TOCTOU) race condition during a specific
scanning sequence, the unprivileged user is able
to perform a privilege escalation to delete
arbitrary files.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
6693
CONFI
RM
metinfo -- metinfo
MetInfo 6.1.0 has XSS in doexport() in
app/system/feedback/admin/feedback_admin.cla
ss.php via the class1 field.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
17129
MISC
micro_focus --
arcsight_management_center
A potential Directory Traversal Security
vulnerability has been identified in ArcSight
Management Center (ArcMC) in all versions
prior to 2.81. This vulnerability could be
remotely exploited to allow Directory Traversal.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
6500
CONFI
RM
micro_focus --
arcsight_management_center
A potential Reflected Cross-Site Scripting (XSS)
Security vulnerability has been identified in
ArcSight Management Center (ArcMC) in all
versions prior to 2.81. This vulnerability could
be exploited to allow for Reflected Cross-site
Scripting (XSS).
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
6502
CONFI
RM
micro_focus --
arcsight_management_center
A potential Unauthenticated File Download
vulnerability has been identified in ArcSight
Management Center (ArcMC) in all versions
2018-
09-20 not
yet
CVE-
2018-
6505
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
prior to 2.81. This vulnerability could be
exploited to allow for Unauthenticated File
Downloads.
calcul
ated
CONFI
RM
micro_focus --
arcsight_management_center
Potential security vulnerability of Insufficient
Access Controls has been identified in ArcSight
Management Center (ArcMC) for versions prior
to 2.81. This vulnerability could be exploited to
allow for insufficient access controls.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
6501
CONFI
RM
micro_focus --
arcsight_management_center
A potential Access Control vulnerability has
been identified in ArcSight Management Center
(ArcMC) in all versions prior to 2.81. This
vulnerability could be exploited to allow for
vulnerable Access Controls.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
6503
CONFI
RM
micro_focus --
arcsight_management_center
A potential Cross-Site Request Forgery (CSRF)
vulnerability has been identified in ArcSight
Management Center (ArcMC) in all versions
prior to 2.81. This vulnerability could be
exploited to allow for Cross-Site Request
Forgery (CSRF).
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
6504
CONFI
RM
microsoft --
active_directory_federation_servi
ces_windows_server
Microsoft ADFS 4.0 Windows Server 2016 and
previous (Active Directory Federation Services)
has an SSRF vulnerability via the txtBoxEmail
parameter in /adfs/ls.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
16794
MISC
FULLD
ISC
BID
BUGT
RAQ
microsoft -- exchange_server
Rollup 18 for Microsoft Exchange Server 2010
SP3 and previous versions has an SSRF
vulnerability via the username parameter in
/owa/auth/logon.aspx in the OWA (Outlook
Web Access) login page.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
16793
MISC
FULLD
ISC
BUGT
RAQ
microweber -- microweber
An issue was discovered in Microweber 1.0.7.
There is a CSRF attack (against the admin user)
2018-
09-16 not
yet
CVE-
2018-
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
that can add an administrative account via
api/save_user.
calcul
ated
17104
CONFI
RM
MISC
CONFI
RM
monstra -- cms
admin/index.php in Monstra CMS 3.0.4 allows
arbitrary file deletion via
id=filesmanager&path=uploads/.......//./.......//./&
delete_file= requests.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
16819
MISC
MISC
monstra -- cms
admin/index.php in Monstra CMS 3.0.4 allows
arbitrary directory listing via
id=filesmanager&path=uploads/.......//./.......//./
requests.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
16820
MISC
MISC
moodle -- moodle
moodle before versions 3.5.2, 3.4.5, 3.3.8 is
vulnerable to a boost theme - blog search GET
parameter insufficiently filtered. The
breadcrumb navigation provided by Boost theme
when displaying search results of a blog were
insufficiently filtered, which could result in
reflected XSS if a user followed a malicious link
containing JavaScript in the search parameter.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
14631
CONFI
RM
BID
CONFI
RM
CONFI
RM
moodle -- moodle
moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14
is vulnerable to an XML import of ddwtos could
lead to intentional remote code execution. When
importing legacy 'drag and drop into text'
(ddwtos) type quiz questions, it was possible to
inject and execute PHP code from within the
imported questions, either intentionally or by
importing questions from an untrusted source.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
14630
CONFI
RM
BID
CONFI
RM
CONFI
RM
FULLD
ISC
MISC
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
moxa -- edr-810
A command injection vulnerability in the web
server functionality of Moxa EDR-810 V4.2
build 18041013 allows remote attackers to
execute arbitrary OS commands with root
privilege via the caname parameter to the
/xml/net_WebCADELETEGetValue URI.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
16282
MISC
CONFI
RM
mybb -- mybb
A Persistent XSS issue was discovered in the
Visual Editor in MyBB before 1.8.19 via a
Video MyCode.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
17128
MISC
navigate -- cms
Navigate CMS 2.8 has Reflected XSS via the
navigate.php fid parameter.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
17255
MISC
neato_robotics -- botvac
A replay issue was discovered on Neato Botvac
Connected 2.2.0 devices. Manual control mode
requires authentication, but once recorded, the
authentication (always transmitted in cleartext)
can be replayed to /bin/webserver on port 8081.
There are no nonces, and timestamps are not
checked at all.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
17176
MISC
neato_robotics -- botvac
An issue was discovered on Neato Botvac
Connected 2.2.0 devices. They execute
unauthenticated manual drive commands (sent to
/bin/webserver on port 8081) if they already
have an active session. Commands like forward,
back, arc-left, arc-right, pivot-left, and pivot-
right are executed even though the web socket
replies with { "message" : "invalid authorization
header" }. Without an active session, commands
are still interpreted, but (except for eco-on and
eco-off) have no effect, since without active
driving, a driving direction does not change
anything.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
17178
MISC
neato_robotics -- botvac
An issue was discovered on Neato Botvac
Connected 2.2.0 and Botvac 85 1.2.1 devices.
Static encryption is used for the copying of so-
called "black box" logs (event logs and core
dumps) to a USB stick. These logs are RC4-
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
17177
MISC
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
encrypted with a 9-character password of
*^JEd4W!I that is obfuscated by hiding it within
a custom /bin/rc4_crypt binary.
nmap4j -- nmap4j
nmap4j 1.1.0 allows attackers to execute
arbitrary commands via shell metacharacters in
an includeHosts call.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
17228
MISC
nmealib -- nmealib
A stack-based buffer overflow was discovered in
the xtimor NMEA library (aka nmealib) 0.5.3.
nmea_parse() in parser.c allows an attacker to
trigger denial of service (even arbitrary code
execution in a certain context) in a product using
this library via malformed data.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
17174
MISC
nuuo -- nvrmini2
NUUO's NVRMini2 3.8.0 and below contains a
backdoor that would allow an unauthenticated
remote attacker to take over user accounts if the
file /tmp/moses exists.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
1150
CONFI
RM
MISC
nuuo -- nvrmini2
cgi_system in NUUO's NVRMini2 3.8.0 and
below allows remote attackers to execute
arbitrary code via crafted HTTP requests.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
1149
CONFI
RM
CONFI
RM
MISC
open-xchange -- webmail
Cross-site scripting (XSS) vulnerability in the
Open-Xchange webmail before 7.6.3-rev28
allows remote attackers to inject arbitrary web
script or HTML via the event attribute in a time
tag.
2018-
09-18
not
yet
calcul
ated
CVE-
2017-
6913
MISC
CONFI
RM
open_vswitch -- open_vswitch
An issue was discovered in Open vSwitch (OvS)
2.7.x through 2.7.6. The decode_bundle function
inside lib/ofp-actions.c is affected by a buffer
over-read issue during BUNDLE action
decoding.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
17206
MISC
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
open_vswitch -- openvswitch
An issue was discovered in Open vSwitch (OvS)
2.7.x through 2.7.6, affecting
parse_group_prop_ntr_selection_method in
lib/ofp-util.c. When decoding a group mod, it
validates the group type and command after the
whole group mod has been decoded. The OF1.5
decoder, however, tries to use the type and
command earlier, when it might still be invalid.
This causes an assertion failure (via
OVS_NOT_REACHED). ovs-vswitchd does not
enable support for OpenFlow 1.5 by default.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
17204
MISC
open_vswitch -- openvswitch
An issue was discovered in Open vSwitch (OvS)
2.7.x through 2.7.6, affecting
ofproto_rule_insert__ in ofproto/ofproto.c.
During bundle commit, flows that are added in a
bundle are applied to ofproto in order. If a flow
cannot be added (e.g., the flow action is a go-to
for a group id that does not exist), OvS tries to
revert back all previous flows that were
successfully applied from the same bundle. This
is possible since OvS maintains list of old flows
that were replaced by flows from the bundle.
While reinserting old flows, OvS has an
assertion failure due to a check on rule state !=
RULE_INITIALIZED. This would work for
new flows, but for an old flow the rule state is
RULE_REMOVED. The assertion failure causes
an OvS crash.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
17205
MISC
opmantek -- open-audit
Cross-site scripting (XSS) vulnerability in the
Orgs Page in Open-AudIT Professional edition
in 2.2.7 allows remote attackers to inject
arbitrary web script via the Orgs name field.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
16607
MISC
oracle --
webcenter_interaction_portal
An issue was discovered in Oracle WebCenter
Interaction Portal 10.3.3. The portal component
is delivered with an insecure default User Profile
community configuration that allows
anonymous users to retrieve the account names
of all portal users via /portal/server.pt/user/user/
requests. When WCI is synchronised with
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
16959
BID
MISC
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
Active Directory (AD), this vulnerability can
expose the account names of all AD users.
oracle --
webcenter_interaction_portal
The AjaxControl component of Oracle
WebCenter Interaction Portal 10.3.3 does not
validate the names of pages when processing
page rename requests. Pages can be renamed to
include characters unsupported for URIs by the
web server hosting the WCI Portal software
(such as IIS). Renaming pages to include
unsupported characters, such as 0x7f, prevents
these pages from being accessed over the web
server, causing a Denial of Service (DoS) to the
page.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
16956
BID
MISC
oracle --
webcenter_interaction_portal
The login function of Oracle WebCenter
Interaction Portal 10.3.3 is vulnerable to
reflected cross-site scripting (XSS). The content
of the in_hi_redirect parameter, when prefixed
with the https:// scheme, is unsafely reflected in
a HTML META tag in the HTTP response.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
16955
BID
MISC
oracle --
webcenter_interaction_portal
The AjaxView::DisplayResponse() function of
the portalpages.dll assembly in Oracle
WebCenter Interaction Portal 10.3.3 is
vulnerable to reflected cross-site scripting
(XSS). User input from the name parameter is
unsafely reflected in the server response.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
16953
BID
MISC
oracle --
webcenter_interaction_portal
An issue was discovered in Oracle WebCenter
Interaction Portal 10.3.3. The login function of
the portal is vulnerable to insecure redirection
(also called an open redirect). The in_hi_redirect
parameter is not validated by the application
after a successful login.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
16954
BID
MISC
oracle --
webcenter_interaction_portal
An issue was discovered in Oracle WebCenter
Interaction Portal 10.3.3. The
ASP.NET_SessionID primary session cookie,
when Internet Information Services (IIS) with
ASP.NET is used, is not protected with the
HttpOnly attribute. The attribute cannot be
enabled by customers. Consequently, this cookie
is exposed to session hijacking attacks should an
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
16958
BID
MISC
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
adversary be able to execute JavaScript in the
origin of the portal installation.
oracle --
webcenter_interaction_portal
The Oracle WebCenter Interaction Portal 10.3.3
does not implement protection against Cross-site
Request Forgery in its design. The impact is
sensitive actions in the portal (such as changing
a portal user's password).
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
16952
BID
MISC
oracle -- webcenter_interaction
The Oracle WebCenter Interaction 10.3.3 search
service queryd.exe binary is compiled with the
i1g2s3c4 hardcoded password. Authentication to
the Oracle WCI search service uses this
hardcoded password and cannot be customised
by customers. An adversary able to access this
service over a network could perform search
queries to extract large quantities of sensitive
information from the WCI installation.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
16957
BID
MISC
otcms -- otcms
An issue was discovered in OTCMS 3.61. XSS
exists in admin/share_switch.php via these
parameters: fieldName fieldName2 tabName.
2018-
09-16
not
yet
calcul
ated
CVE-
2018-
17086
MISC
otcms -- otcms
An issue was discovered in OTCMS 3.61. XSS
exists in admin/users.php via these parameters:
dataTypeCN dataMode dataModeStr.
2018-
09-16
not
yet
calcul
ated
CVE-
2018-
17085
MISC
parcel -- parcel-bundler
An issue was discovered in HMRServer.js in
Parcel parcel-bundler. Attackers are able to steal
developer's code because the origin of requests
is not checked by the WebSocket server, which
is used for HMR (Hot Module Replacement).
Anyone can receive the HMR message sent by
the WebSocket server via a ws://127.0.0.1
connection (with a random TCP port number)
from any origin. The random port number can be
found by connecting to http://127.0.0.1 and
reading the "new WebSocket" line in the source
code.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
14731
MISC
CONFI
RM
CONFI
RM
patatasfritas -- patatawifi FruityWifi (aka PatatasFritas/PatataWifi) 2.1
allows remote attackers to execute arbitrary
2018-
09-21 not
yet
CVE-
2018-
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
commands via shell metacharacters in the
io_mode, ap_mode, io_action, io_in_iface,
io_in_set, io_in_ip, io_in_mask, io_in_gw,
io_out_iface, io_out_set, io_out_mask,
io_out_gw, iface, or domain parameter to
/www/script/config_iface.php, or the newSSID,
hostapd_secure, hostapd_wpa_passphrase, or
supplicant_ssid parameter to
/www/page_config.php.
calcul
ated
17317
MISC
MISC
php -- php
The Apache2 component in PHP before 5.6.38,
7.0.x before 7.0.32, 7.1.x before 7.1.22, and
7.2.x before 7.2.10 allows XSS via the body of a
"Transfer-Encoding: chunked" request, because
the bucket brigade is mishandled in the
php_handler function in
sapi/apache2handler/sapi_apache2.c.
2018-
09-16
not
yet
calcul
ated
CVE-
2018-
17082
MISC
MISC
MISC
MISC
MLIST
phpmywind -- phpmywind
admin/web_config.php in PHPMyWind 5.5
allows Admin users to execute arbitrary code via
the rewrite url setting.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
17133
MISC
phpmywind -- phpmywind
admin/goods_update.php in PHPMyWind 5.5
allows Admin users to execute arbitrary code via
the attrvalue[] array parameter.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
17132
MISC
phpmywind -- phpmywind
PHPMyWind 5.5 has XSS in member.php via an
HTTP Referer header,
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
17130
MISC
phpmywind -- phpmywind
admin/web_config.php in PHPMyWind 5.5
allows Admin users to execute arbitrary code via
the varvalue field.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
17131
MISC
phpmywind -- phpmywind
admin/web_config.php in PHPMyWind 5.5
allows Admin users to execute arbitrary code via
the cfg_author field in conjunction with a crafted
cfg_webpath field.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
17134
MISC
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
pivotal -- applications_service
Pivotal Usage Service in Pivotal Application
Service, versions 2.0 prior to 2.0.21 and 2.1
prior to 2.1.13 and 2.2 prior to 2.2.5, contains a
bug which may allow escalation of privileges. A
space developer with access to the system org
may be able to access an artifact which contains
the CF admin credential, allowing them to
escalate to an admin role.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
11086
CONFI
RM
pivotal -- applications_service
Pivotal Applications Manager in Pivotal
Application Service, versions 2.0 prior to 2.0.21
and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5,
contains a bug which may allow escalation of
privileges. A space developer with access to the
system org may be able to access an artifact
which contains the CF admin credential,
allowing them to escalate to an admin role.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
11088
CONFI
RM
pivotal -- cloud_cache
Pivotal Cloud Cache, versions prior to 1.3.1,
prints a superuser password in plain text during
BOSH deployment logs. A malicious user with
access to the logs could escalate their privileges
using this password.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
1198
CONFI
RM
podofo_project -- podofo
This vulnerability allows remote attackers to
disclose sensitive information on vulnerable
installations of PoDoFo. User interaction is
required to exploit this vulnerability in that the
target must visit a malicious page or open a
malicious file. The specific flaw exists within
PdfEncoding::ParseToUnicode. The issue results
from the lack of proper validation of user-
supplied data, which can result in a memory
corruption condition. An attacker can leverage
this in conjunction with other vulnerabilities to
execute arbitrary code in the context of the
current process. Was ZDI-CAN-5673.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
14320
MISC
prezi -- next
Prezi Next 1.3.101.11 has a documented purpose
of creating HTML5 presentations but has
SE_DEBUG_PRIVILEGE on Windows, which
might allow attackers to bypass intended access
restrictions.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
17137
MISC
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
processmaker --
processmaker_enterprise_core
A code execution vulnerability exists in
ProcessMaker Enterprise Core 3.0.1.7-
community. A specially crafted web request can
cause unsafe deserialization potentially resulting
in PHP code being executed. An attacker can
send a crafted web parameter to trigger this
vulnerability.
2018-
09-17
not
yet
calcul
ated
CVE-
2016-
9045
MISC
python -- marshmallow_library
In the marshmallow library before 2.15.1 and
3.x before 3.0.0b9 for Python, the schema "only"
option treats an empty list as implying no "only"
option, which allows a request that was intended
to expose no fields to instead expose all fields (if
the schema is being filtered dynamically using
the "only" option, and there is a user role that
produces an empty value for "only").
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
17175
MISC
MISC
MISC
python_software_foundation --
python
Python Software Foundation Python (CPython)
version 2.7 contains a CWE-77: Improper
Neutralization of Special Elements used in a
Command ('Command Injection') vulnerability
in shutil module (make_archive function) that
can result in Denial of service, Information gain
via injection of arbitrary files on the system or
entire drive. This attack appear to be exploitable
via Passage of unfiltered user input to the
function. This vulnerability appears to have been
fixed in after commit
add531a1e55b0a739b0f42582f1c9747e5649ace.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
100080
2
CONFI
RM
CONFI
RM
CONFI
RM
MISC
qbee -- multisensor_camera
The QBee MultiSensor Camera through 4.16.4
accepts unencrypted network traffic from clients
(such as the QBee Cam application through
1.0.5 for Android and the Swisscom Home
application up to 10.7.2 for Android), which
results in an attacker being able to reuse cookies
to bypass authentication and disable the camera.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
16225
MISC
FULLD
ISC
qualcomm -- android
In Snapdragon (Automobile ,Mobile) in version
MSM8996AU, SD 425, SD 427, SD 430, SD
435, SD 450, SD 625, SD 650/52, SD 820, SD
820A, SD 835, SDA660, SDM429, SDM439,
SDM630, SDM632, SDM636, SDM660,
Snapdragon_High_Med_2016, a crafted HLOS
2018-
09-20
not
yet
calcul
ated
CVE-
2017-
18302
SECTR
ACK
CONFI
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
client can modify the structure in memory
passed to a QSEE application between the time
of check and the time of use, resulting in
arbitrary writes to TZ kernel memory regions.
RM
CONFI
RM
qualcomm -- android
In Small Cell SoC and Snapdragon (Automobile,
Mobile, Wear) in version FSM9055, FSM9955,
MDM9607, MDM9640, MDM9650,
MSM8909W, SD 425, SD 427, SD 430, SD
435, SD 450, SD 617, SD 625, SD 650/52, SD
820, SD 820A, SD 835, SD 845, SDM630,
SDM636, SDM660, SDX20,
Snapdragon_High_Med_2016, providing the
NULL argument of ICE regulator while
processing create key IOCTL results in system
restart.
2018-
09-20
not
yet
calcul
ated
CVE-
2017-
18301
SECTR
ACK
CONFI
RM
CONFI
RM
qualcomm -- android
In Snapdragon (Automobile, Mobile, Wear) in
version MDM9206, MDM9607, MDM9635M,
MDM9640, MDM9645, MDM9650,
MDM9655, MSM8909W, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12, SD 425, SD
427, SD 430, SD 435, SD 450, SD 615/16/SD
415, SD 617, SD 625, SD 650/52, SD 810, SD
820, SD 820A, SD 835, SDA660, SDM429,
SDM439, SDM630, SDM632, SDM636,
SDM660, Snapdragon_High_Med_2016, on TZ
cold boot the CNOC_QDSS RG0 locked by
xBL_SEC is cleared by TZ.
2018-
09-20
not
yet
calcul
ated
CVE-
2017-
18314
CONFI
RM
CONFI
RM
qualcomm -- android
In Snapdragon (Automobile, Mobile, Wear) in
version MDM9607, MSM8909W,
MSM8996AU, SD 210/SD 212/SD 205, SD
425, SD 427, SD 430, SD 435, SD 450, SD 617,
SD 625, SD 650/52, SD 820, SD 820A, SD 835,
SDM429, SDM439, SDM632,
Snapdragon_High_Med_2016, when a Trusted
Application has opened the SPI/I2C interface to
a particular device, it is possible for another
Trusted Application to read the data on this open
interface by calling the SPI/I2C read function.
2018-
09-20
not
yet
calcul
ated
CVE-
2017-
18280
SECTR
ACK
CONFI
RM
CONFI
RM
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
qualcomm -- android
In Snapdragon (Automobile, Mobile, Wear) in
version MDM9206, MDM9607, MDM9640,
MDM9650, MSM8996AU, QCA6574AU,
QCA6584, SD 210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD 625, SD
650/52, SD 820A, SD 845, SDM429, SDM439,
SDM630, SDM632, SDM636, SDM660,
SDX20, Snapdragon_High_Med_2016, MAC
address randomization performed during probe
requests is not done properly due to a flawed
RNG in use.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
11290
CONFI
RM
CONFI
RM
CONFI
RM
qualcomm -- android
In Snapdragon (Mobile, Wear) in version
MDM9206, MDM9607, MDM9635M,
MDM9640, MDM9645, MDM9655,
MSM8909W, MSM8996AU, SD 210/SD
212/SD 205, SD 410/12, SD 425, SD 427, SD
430, SD 435, SD 450, SD 615/16/SD 415, SD
617, SD 625, SD 650/52, SD 810, SD 820, SD
835, Snapdragon_High_Med_2016, a double
free of ASN1 heap memory used for EUTRA
CAP container occurs during UTRAN to LTE
Capability inquiry procedure.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
11982
CONFI
RM
qualcomm -- android
In Snapdragon (Automobile, Mobile, Wear) in
version MDM9206, MDM9607, MDM9640,
MDM9650, MSM8909W, MSM8996AU,
QCA6574AU, QCA6584, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427, SD 430, SD
435, SD 450, SD 615/16/SD 415, SD 625, SD
650/52, SD 820A, SDM429, SDM439,
SDM630, SDM632, SDM636, SDM660,
Snapdragon_High_Med_2016, lack of input
validation in WLANWMI command handlers
can lead to integer & heap overflows.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
11292
CONFI
RM
CONFI
RM
CONFI
RM
qualcomm -- android
In Snapdragon (Automobile, Mobile, Wear) in
version MDM9206, MDM9607, MDM9635M,
MDM9640, MDM9645, MDM9650,
MDM9655, MSM8909W, MSM8996AU, SD
210/SD 212/SD 205, SD 425, SD 427, SD 430,
SD 435, SD 450, SD 625, SD 650/52, SD 810,
SD 820, SD 820A, SD 835, SD 845, SD 850,
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
11269
CONFI
RM
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
SDA660, SDM429, SDM439, SDM630,
SDM632, SDM636, SDM660, SDM710,
SDX20, Snapdragon_High_Med_2016, a
potential buffer overflow exists when parsing
TFTP options.
qualcomm -- android
In Snapdragon (Automobile, Mobile, Wear) in
version MDM9206, MDM9607, MDM9640,
MDM9650, MSM8996AU, QCA6574AU, SD
210/SD 212/SD 205, SD 425, SD 427, SD 430,
SD 435, SD 450, SD 615/16/SD 415, SD 625,
SD 650/52, SD 820A, SD 835, SD 845, SD 850,
SDA660, SDM429, SDM439, SDM630,
SDM632, SDM636, SDM660, SDM710,
Snapdragon_High_Med_2016, MAC address
randomization performed during probe requests
(for privacy reasons) is not done properly due to
a flawed RNG which produces repeating output
much earlier than expected.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
5871
CONFI
RM
CONFI
RM
qualcomm -- android
In Snapdragon (Automobile, Mobile, Wear) in
version MDM9206, MDM9607, MDM9650,
MSM8909W, MSM8996AU, SD 210/SD
212/SD 205, SD 425, SD 427, SD 430, SD 435,
SD 450, SD 625, SD 650/52, SD 820, SD 820A,
SD 835, SD 845, SD 850, SDA660, SDM429,
SDM439, SDM630, SDM632, SDM636,
SDM660, SDM710,
Snapdragon_High_Med_2016, incorrect control
flow implementation in Video while checking
buffer sufficiency.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
11287
CONFI
RM
CONFI
RM
qualcomm -- android
In Snapdragon (Automobile, Mobile, Wear) in
version MSM8909W, MSM8996AU, SD
210/SD 212/SD 205, SD 430, SD 450, SD
615/16/SD 415, SD 617, SD 625, SD 650/52,
SD 810, SD 820, SD 820A, SD 835, SD 845,
SDA660, the com.qualcomm.embms is a vendor
package deployed in the system image which
has an inadequate permission level and allows
any application installed from Play Store to
request this permission at install-time. The
system application interfaces with the Radio
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
11277
CONFI
RM
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
Interface Layer leading to potential access
control issue.
qualcomm -- android
In Snapdragon (Automobile, Mobile, Wear) in
version MDM9206, MDM9607, MDM9635M,
MDM9640, MDM9645, MDM9650,
MDM9655, MSM8909W, MSM8996AU, SD
210/SD 212/SD 205, SD 425, SD 427, SD 430,
SD 435, SD 450, SD 625, SD 650/52, SD 810,
SD 820, SD 820A, SD 835, SD 845, SD 850,
SDA660, SDM429, SDM439, SDM630,
SDM632, SDM636, SDM660, SDM710,
SDX20, Snapdragon_High_Med_2016, a
potential buffer overflow exists when parsing
TFTP options.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
11268
CONFI
RM
qualcomm -- android
In Snapdragon (Automobile, Mobile, Wear) in
version IPQ8074, MDM9206, MDM9607,
MDM9640, MDM9650, MSM8996AU,
QCA6574AU, SD 210/SD 212/SD 205, SD 425,
SD 427, SD 430, SD 435, SD 450, SD 625, SD
820A, SD 835, SD 845, SD 850, SDA660,
SDM429, SDM439, SDM630, SDM632,
SDM636, SDM660, SDM710,
Snapdragon_High_Med_2016, MAC address
randomization performed during probe requests
is not done properly due to a flawed RNG which
produced repeating output much earlier than
expected.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
5837
CONFI
RM
CONFI
RM
qualcomm -- android
In Snapdragon (Automobile, Mobile, Wear) in
version IPQ8074, MDM9206, MDM9607,
MDM9640, MDM9650, MSM8996AU,
QCA4531, QCA6174A, QCA6564, QCA6574,
QCA6574AU, QCA6584, QCA6584AU,
QCA9377, QCA9378, QCA9379, SD 425, SD
427, SD 430, SD 435, SD 450, SD 600, SD 625,
SD 650/52, SD 810, SD 820, SD 820A, SD 835,
SD 845, SD 850, SDM630, SDM632, SDM636,
SDM660, SDX20,
Snapdragon_High_Med_2016, cryptographic
issues due to the random number generator was
not a strong one in NAN.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
11291
CONFI
RM
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
qualcomm -- android
In Snapdragon (Automobile, Mobile, Wear) in
version MDM9206, MDM9607, MDM9650,
MSM8909W, MSM8996AU, SD 210/SD
212/SD 205, SD 425, SD 427, SD 430, SD 435,
SD 450, SD 615/16/SD 415, SD 625, SD
650/52, SD 810, SD 820, SD 820A, SD 835, SD
845, SDA660, SDM429, SDM439, SDM630,
SDM632, SDM636, SDM660, SDM710,
SDX20, Snapdragon_High_Med_2016, while
parsing FLAC file with corrupted picture block,
a buffer over-read can occur.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
11285
CONFI
RM
CONFI
RM
qualcomm -- android
In Snapdragon (Automobile, Mobile, Wear) in
version MDM9206, MDM9607, MDM9615,
MDM9640, MDM9650, MDM9655,
MSM8996AU, SD 210/SD 212/SD 205, SD
410/12, SD 425, SD 427, SD 430, SD 435, SD
450, SD 600, SD 615/16/SD 415, SD 617, SD
625, SD 650/52, SD 820, SD 820A, SD 835, SD
845, SD 850, SDA660, SDM429, SDM439,
SDM630, SDM632, SDM636, SDM660,
SDX20, Snapdragon_High_Med_2016, when
sending an malformed XML data to
deviceprogrammer/firehose it may do an out of
bounds buffer write allowing a region of
memory to be filled with 0x20.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
11267
CONFI
RM
quickapps -- quickappscms
An issue was discovered in QuickAppsCMS
(aka QACMS) through 2.0.0-beta2. A CSRF
vulnerability can change the administrator
password via the user/me URI.
2018-
09-16
not
yet
calcul
ated
CVE-
2018-
17102
MISC
MISC
red_hat -- undertow
An information leak vulnerability was found in
Undertow. If all headers are not written out in
the first write() call then the code that handles
flushing the buffer will always write out the full
contents of the writevBuffer buffer, which may
contain data from previous requests.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
14642
CONFI
RM
ricoh -- mp_2001_printer
On the RICOH MP 2001 printer, HTML
Injection and Stored XSS vulnerabilities have
been discovered in the area of adding addresses
2018-
09-21 not
yet
CVE-
2018-
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
via the entryNameIn parameter to
/web/entry/en/address/adrsSetUserWizard.cgi.
calcul
ated
17002
MISC
ricoh -- sp_4510sf_printer
On the RICOH SP 4510SF printer, HTML
Injection and Stored XSS vulnerabilities have
been discovered in the area of adding addresses
via the entryNameIn parameter to
/web/entry/en/address/adrsSetUserWizard.cgi.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
17001
MISC
rockwell_automation --
rslinx_classic
Rockwell Automation RSLinx Classic Versions
4.00.01 and prior. This vulnerability may allow
a remote threat actor to intentionally send a
malformed CIP packet to Port 44818, causing
the software application to stop responding and
crash. This vulnerability also has the potential to
exploit a buffer overflow condition, which may
allow the threat actor to remotely execute
arbitrary code.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
14829
MISC
MISC
rockwell_automation --
rslinx_classic
Rockwell Automation RSLinx Classic Versions
4.00.01 and prior. A remote, unauthenticated
threat actor may intentionally send specially
crafted Ethernet/IP packets to Port 44818,
causing the software application to stop
responding and crash. The user must restart the
software to regain functionality.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
14827
MISC
rockwell_automation --
rslinx_classic
Rockwell Automation RSLinx Classic Versions
4.00.01 and prior. This vulnerability may allow
a remote, unauthenticated threat actor to
intentionally send a malformed CIP packet to
Port 44818, causing the RSLinx Classic
application to terminate. The user will need to
manually restart the software to regain
functionality.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
14821
MISC
MISC
samsung -- smarthings_hub-sth-
eth-250
An exploitable buffer overflow vulnerability
exists in the /cameras/XXXX/clips handler of
video-core's HTTP server of Samsung
SmartThings Hub STH-ETH-250-Firmware
version 0.20.17. The strncpy call overflows the
destination buffer, which has a size of 52 bytes.
An attacker can send an arbitrarily long
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
3894
MISC
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
"startTime" value in order to exploit this
vulnerability.
samsung -- smarthings_hub-sth-
eth-250
An exploitable buffer overflow vulnerability
exists in the credentials handler of video-core's
HTTP server of Samsung SmartThings Hub
STH-ETH-250-Firmware version 0.20.17. The
strncpy overflows the destination buffer, which
has a size of 160 bytes. An attacker can send an
arbitrarily long "directory" value in order to
exploit this vulnerability.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
3877
MISC
samsung -- smarthings_hub_sth-
eth-250
An exploitable stack-based buffer overflow
vulnerability exists in the retrieval of database
fields in the video-core HTTP server of the
Samsung SmartThings Hub STH-ETH-250 -
Firmware version 0.20.17. The strcpy call
overflows the destination buffer, which has a
size of 64 bytes. An attacker can send an
arbitrarily long "bucket" value in order to exploit
this vulnerability.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
3915
MISC
samsung -- smarthings_hub_sth-
eth-250
An exploitable buffer overflow vulnerability
exists in the credentials handler of video-core's
HTTP server of Samsung SmartThings Hub
STH-ETH-250-Firmware version 0.20.17. The
strncpy overflows the destination buffer, which
has a size of 128 bytes. An attacker can send an
arbitrarily long "secretKey" value in order to
exploit this vulnerability.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
3873
MISC
samsung -- smarthings_hub_sth-
eth-250
An exploitable stack-based buffer overflow
vulnerability exists in the retrieval of database
fields in the video-core HTTP server of the
Samsung SmartThings Hub STH-ETH-250 -
Firmware version 0.20.17. The strcpy call
overflows the destination buffer, which has a
size of 2000 bytes. An attacker can send an
arbitrarily long "sessionToken" value in order to
exploit this vulnerability.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
3914
MISC
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
samsung -- smarthings_hub_sth-
eth-250
An exploitable buffer overflow vulnerability
exists in the credentials handler of video-core's
HTTP server of Samsung SmartThings Hub
STH-ETH-250-Firmware version 0.20.17. The
strncpy overflows the destination buffer, which
has a size of 64 bytes. An attacker can send an
arbitrarily long "bucket" value in order to exploit
this vulnerability.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
3876
MISC
samsung -- smarthings_hub_sth-
eth-250
An exploitable stack-based buffer overflow
vulnerability exists in the retrieval of database
fields in the video-core HTTP server of the
Samsung SmartThings Hub STH-ETH-250 -
Firmware version 0.20.17. The strcpy call
overflows the destination buffer, which has a
size of 32 bytes. An attacker can send an
arbitrarily long "accessKey" value in order to
exploit this vulnerability.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
3913
MISC
samsung -- smarthings_hub_sth-
eth-250
An exploitable buffer overflow vulnerability
exists in the credentials handler of video-core's
HTTP server of Samsung SmartThings Hub
STH-ETH-250-Firmware version 0.20.17. The
strncpy overflows the destination buffer, which
has a size of 32 bytes. An attacker can send an
arbitrarily long "accessKey" value in order to
exploit this vulnerability.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
3874
MISC
samsung -- smarthings_hub
An exploitable stack-based buffer overflow
vulnerability exists in the retrieval of a database
field in video-core's HTTP server of Samsung
SmartThings Hub. The video-core process
insecurely extracts the shard.videoHostURL
field from its SQLite database, leading to a
buffer overflow on the stack. An attacker can
send an HTTP request to trigger this
vulnerability.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
3906
MISC
samsung -- wifiscan
An exploitable buffer overflow vulnerability
exists in the Samsung WifiScan handler of
video-core's HTTP server of Samsung
SmartThings Hub STH-ETH-250 - Firmware
version 0.20.17. The strcpy overflows the
destination buffer, which has a size of 40 bytes.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
3865
MISC
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
An attacker can send an arbitrarily long
"cameraIp" value in order to exploit this
vulnerability.
samsung -- wifiscan
An exploitable buffer overflow vulnerability
exists in the Samsung WifiScan handler of
video-core's HTTP server of Samsung
SmartThings Hub STH-ETH-250 - Firmware
version 0.20.17. The strcpy overflows the
destination buffer, which has a size of 40 bytes.
An attacker can send an arbitrarily long
"password" value in order to exploit this
vulnerability.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
3864
MISC
sbi -- sbibuddy
The SBIbuddy (aka com.sbi.erupee) application
1.41 and 1.42 for Android might allow attackers
to perform Account Takeover attacks by
intercepting a security-question response during
the initial configuration of the application.
2018-
09-16
not
yet
calcul
ated
CVE-
2018-
17108
MISC
seacms -- seacms
SeaCMS 6.64 allows arbitrary directory listing
via
upload/admin/admin_template.php?path=../temp
lets/../../ requests.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
16821
MISC
MISC
seacms -- seacms
An issue was discovered in SeaCMS 6.64. XSS
exists in admin_datarelate.php via the time or
maxHit parameter in a dorandomset action.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
17321
MISC
seacms -- seacms
SeaCMS 6.64 allows SQL Injection via the
upload/admin/admin_video.php order parameter.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
16822
MISC
MISC
seacms -- seacms
An issue was discovered in SeaCMS 6.64. XSS
exists in admin_video.php via the action, area,
type, yuyan, jqtype, v_isunion, v_recycled,
v_ismoney, or v_ispsd parameter.
2018-
09-16
not
yet
calcul
ated
CVE-
2018-
17062
MISC
simple_pos_pool -- simple_pos
Simple POS 4.0.24 allows SQL Injection via a
products/get_products/
columns[0][search][value] parameter in the
2018-
09-17 not
yet
CVE-
2018-
17110
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
management panel, as demonstrated by
products/get_products/1.
calcul
ated
EXPLO
IT-DB
slack-archive-bot -- slack-archive-
bot
SQL injection vulnerability in archivebot.py in
docmarionum1 Slack ArchiveBot (aka slack-
archive-bot) before 2018-09-19 allows remote
attackers to execute arbitrary SQL commands
via the text parameter to cursor.execute().
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
17232
MISC
smarty -- smarty
Smarty_Security::isTrustedResourceDir() in
Smarty before 3.1.33 is prone to a path traversal
vulnerability due to insufficient template code
sanitization. This allows attackers controlling
the executed template code to bypass the trusted
directory security restriction and read arbitrary
files.
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
13982
MISC
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
CONFI
RM
snap_creek -- duplicator
An issue was discovered in Snap Creek
Duplicator before 1.2.42. By accessing leftover
installer files (installer.php and installer-
backup.php), an attacker can inject PHP code
into wp-config.php during the database setup
step, achieving arbitrary code execution.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
17207
MISC
MISC
softcase -- t-router
An issue was discovered on SoftCase T-Router
build 20112017 devices. A remote attacker can
read and write to arbitrary files on the system as
root, as demonstrated by code execution after
writing to a crontab file. This is fixed in
production builds as of Spring 2018.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
11241
MISC
softcase -- t-router
An issue was discovered on SoftCase T-Router
build 20112017 devices. There are no
restrictions on the 'exec command' feature of the
T-Router protocol. If the command syntax is
correct, there is code execution both on the other
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
11240
MISC
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
modem and on the main servers. This is fixed in
production builds as of Spring 2018.
soundtouch -- soundtouch
The BPMDetect class in BPMDetect.cpp in
libSoundTouch.a in Olli Parviainen SoundTouch
2.0 allows remote attackers to cause a denial of
service (assertion failure and application exit), as
demonstrated by SoundStretch.
2018-
09-16
not
yet
calcul
ated
CVE-
2018-
17096
MISC
MISC
soundtouch -- soundtouch
The WavFileBase class in WavFile.cpp in Olli
Parviainen SoundTouch 2.0 allows remote
attackers to cause a denial of service (double
free) or possibly have unspecified other impact,
as demonstrated by SoundStretch.
2018-
09-16
not
yet
calcul
ated
CVE-
2018-
17097
MISC
MISC
soundtouch -- soundtouch
The WavFileBase class in WavFile.cpp in Olli
Parviainen SoundTouch 2.0 allows remote
attackers to cause a denial of service (heap
corruption from size inconsistency) or possibly
have unspecified other impact, as demonstrated
by SoundStretch.
2018-
09-16
not
yet
calcul
ated
CVE-
2018-
17098
MISC
MISC
subsonic -- media_server
An XSS issue was discovered in Subsonic
Media Server 6.1.1. The podcast subscription
form is affected by a stored XSS vulnerability in
the add parameter to
podcastReceiverAdmin.view; no administrator
access is required. By injecting a JavaScript
payload, this flaw could be used to manipulate a
user's session, or elevate privileges by targeting
an administrative user.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
9282
MISC
subsonic -- subsonic
An issue was discovered in Subsonic 6.1.1. The
music tags feature is affected by three stored
cross-site scripting vulnerabilities in the c0-
param2, c0-param3, and c0-param4 parameters
to dwr/call/plaincall/tagService.setTags.dwr that
could be used to steal session information of a
victim.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
14691
MISC
subsonic -- subsonic
An issue was discovered in Subsonic 6.1.1. The
radio settings are affected by three stored cross-
site scripting vulnerabilities in the name[x],
streamUrl[x], homepageUrl[x] parameters
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
14688
MISC
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
(where x is an integer) to
internetRadioSettings.view that could be used to
steal session information of a victim.
subsonic -- subsonic
An issue was discovered in Subsonic 6.1.1. The
general settings are affected by two stored cross-
site scripting vulnerabilities in the title and
subtitle parameters to generalSettings.view that
could be used to steal session information of a
victim.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
14690
MISC
subsonic -- subsonic
An issue was discovered in Subsonic 6.1.1. The
transcoding settings are affected by five stored
cross-site scripting vulnerabilities in the
name[x], sourceformats[x], targetFormat[x],
step1[x], and step2[x] parameters (where x is an
integer) to transcodingSettings.view that could
be used to steal session information of a victim.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
14689
MISC
symantec -- messaging_gateway
The Symantec Messaging Gateway product prior
to 10.6.6 may be susceptible to a XML external
entity (XXE) exploit, which is a type of issue
where XML input containing a reference to an
external entity is processed by a weakly
configured XML parser. The attack uses file
URI schemes or relative paths in the system
identifier to access files that should not normally
be accessible.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
12243
BID
CONFI
RM
symantec -- messaging_gateway
The Symantec Messaging Gateway product prior
to 10.6.6 may be susceptible to an authentication
bypass exploit, which is a type of issue that can
allow attackers to potentially circumvent
security mechanisms currently in place and gain
access to the system or network.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
12242
BID
CONFI
RM
tec4data -- smartcooler
Tec4Data SmartCooler, all versions prior to
firmware 180806, the device responds to a
remote unauthenticated reboot command that
may be used to perform a denial of service
attack.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
14796
MISC
thewebfosters -- ultimatepos
UltimatePOS 2.5 allows users to upload
arbitrary files, which leads to remote command
2018-
09-17 not
yet
CVE-
2018-
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
execution by posting to a /products URI with
PHP code in a .php file with the image/jpeg
content type.
calcul
ated
17139
EXPLO
IT-DB
tinyftp -- tinyftpd
In Tinyftp Tinyftpd 1.1, a buffer overflow exists
in the text variable of the do_mkd function in the
ftpproto.c file. An attacker can overwrite ebp via
a long pathname.
2018-
09-16
not
yet
calcul
ated
CVE-
2018-
17106
MISC
torproject.org -- tor_browser
Tor Browser on Windows before 8.0 allows
remote attackers to bypass the intended
anonymity feature and discover a client IP
address, a different vulnerability than CVE-
2017-16541. User interaction is required to
trigger this vulnerability.
2018-
09-14
not
yet
calcul
ated
CVE-
2017-
16639
MISC
BID
BUGT
RAQ
MISC
ubisoft -- uplay_desktop_client
upc.exe in Ubisoft Uplay Desktop Client
versions 63.0.5699.0 allows remote attackers to
execute arbitrary code. User interaction is
required to exploit this vulnerability in that the
target must visit a malicious page or open a
malicious file. The specific flaw exists within
the processing of URI handlers. The issue results
from the lack of proper validation of a user-
supplied string before using it to execute a
system call. An attacker can leverage this
vulnerability to execute code under the context
of the current process.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
15832
EXPLO
IT-DB
ucms -- ucms
An issue was discovered in UCMS 1.4.6.
aaddpost.php has stored XSS via the
sadmin/aindex.php minfo parameter in a
sadmin_aaddpost action.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
17320
MISC
udisks -- udisks
UDisks 2.8.0 has a format string vulnerability in
udisks_log in udiskslogging.c, allowing
attackers to obtain sensitive information (stack
contents), cause a denial of service (memory
corruption), or possibly have unspecified other
impact via a malformed filesystem label, as
demonstrated by %d or %n substrings.
2018-
09-22
not
yet
calcul
ated
CVE-
2018-
17336
MISC
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
vectra_networks --
cognito_brain_and_sensor
CouchDB in Vectra Networks Cognito Brain
and Sensor before 4.3 contains a local code
execution vulnerability.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
14889
CONFI
RM
vectra_networks --
cognito_brain_and_sensor
Vectra Networks Cognito Brain and Sensor
before 4.2 contains a cross-site scripting (XSS)
vulnerability in the Web Management Console.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
14890
CONFI
RM
vectra_networks --
cognito_brain_and_sensor
Management Console in Vectra Networks
Cognito Brain and Sensor before 4.3 contains a
local privilege escalation vulnerability.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
14891
CONFI
RM
wallabag -- wallabag
The Wallabag application 2.2.3 to 2.3.2 is
affected by one cross-site scripting (XSS)
vulnerability that is stored within the
configuration page. This vulnerability enables
the execution of a JavaScript payload each time
an administrator visits the configuration page.
The vulnerability can be exploited with
authentication and used to target administrators
and steal their sessions.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
11352
MISC
wanscam -- hw0021_ip_camera
There exists a partial Denial of Service
vulnerability in Wanscam HW0021 IP Cameras.
An attacker could craft a malicious POST
request to crash the ONVIF service on such a
device.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
13111
MISC
wavm -- wavm
An issue was discovered in WAVM before
2018-09-16. The run function in
Programs/wavm/wavm.cpp does not check
whether there is Emscripten memory to store the
command-line arguments passed by the input
WebAssembly file's main function, which
allows attackers to cause a denial of service
(application crash by NULL pointer dereference)
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
17293
MISC
MISC
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
or possibly have unspecified other impact by
crafting certain WebAssembly files.
wavm -- wavm
An issue was discovered in WAVM before
2018-09-16. The loadModule function in
Include/Inline/CLI.h lacks checking of the file
length before a file magic comparison, allowing
attackers to cause a Denial of Service
(application crash caused by out-of-bounds read)
by crafting a file that has fewer than 4 bytes.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
17292
MISC
MISC
webpack_dev_server --
webpack_dev_server
An issue was discovered in lib/Server.js in
webpack-dev-server before 3.1.6. Attackers are
able to steal developer's code because the origin
of requests is not checked by the WebSocket
server, which is used for HMR (Hot Module
Replacement). Anyone can receive the HMR
message sent by the WebSocket server via a
ws://127.0.0.1:8080/ connection from any
origin.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
14732
MISC
CONFI
RM
CONFI
RM
wecon -- plc_editor
WECON PLC Editor version 1.3.3U may allow
an attacker to execute code under the current
process when processing project files.
2018-
09-19
not
yet
calcul
ated
CVE-
2018-
14792
MISC
western_digital --
my_cloud_device
It was discovered that the Western Digital My
Cloud device before 2.30.196 is affected by an
authentication bypass vulnerability. An
unauthenticated attacker can exploit this
vulnerability to authenticate as an admin user
without needing to provide a password, thereby
gaining full control of the device. (Whenever an
admin logs into My Cloud, a server-side session
is created that is bound to the user's IP address.
After the session is created, it is possible to call
authenticated CGI modules by sending the
cookie username=admin in the HTTP request.
The invoked CGI will check if a valid session is
present and bound to the user's IP address.) It
was found that it is possible for an
unauthenticated attacker to create a valid session
without a login. The network_mgr.cgi CGI
module contains a command called
2018-
09-18
not
yet
calcul
ated
CVE-
2018-
17153
BID
MISC
MISC
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
"cgi_get_ipv6" that starts an admin session --
tied to the IP address of the user making the
request -- if the additional parameter "flag" with
the value "1" is provided. Subsequent invocation
of commands that would normally require admin
privileges now succeed if an attacker sets the
username=admin cookie.
wordpress -- wordpress
The Quizlord plugin through 2.0 for WordPress
is prone to Stored XSS via the title parameter in
a ql_insert action to wp-admin/admin.php.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
17140
EXPLO
IT-DB
wordpress -- wordpress
The Jibu Pro plugin through 1.7 for WordPress
is prone to Stored XSS via the wp-
content/plugins/jibu-pro/quiz_action.php name
(aka Quiz Name) field.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
17138
EXPLO
IT-DB
xar -- xar
An issue has been discovered in mackyle xar
1.6.1. There is a NULL pointer dereference in
xar_unserialize in lib/archive.c.
2018-
09-16
not
yet
calcul
ated
CVE-
2018-
17094
MISC
xar -- xar
An issue has been discovered in mackyle xar
1.6.1. There is a NULL pointer dereference in
xar_get_path in lib/util.c.
2018-
09-16
not
yet
calcul
ated
CVE-
2018-
17093
MISC
yunucms -- yunucms
Cross-site scripting (XSS) vulnerability in
index.php/index/category/index in YUNUCMS
1.1.4 allows remote attackers to inject arbitrary
web script or HTML via the area parameter.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
17322
MISC
zoho --
manageengine_desktop_central
Zoho ManageEngine Desktop Central 10.0.271
has XSS via the "Features & Articles" search
field to the
/advsearch.do?SUBREQUEST=XMLHTTP
URI.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
16833
MISC
zoho -- manageengine_opmanager
Global Search in Zoho ManageEngine
OpManager before 12.3 123205 allows SQL
Injection.
2018-
09-20 not
yet
CVE-
2018-
17243
Primary
Vendor -- Product Description
Publis
hed
CVSS
Score
Source
&
Patch
Info
calcul
ated
CONFI
RM
zoho --
manageengine_opsmanager
Zoho ManageEngine OpManager before 12.3
Build 123196 does not require authentication for
/oputilsServlet requests, as demonstrated by a
/oputilsServlet?action=getAPIKey request that
can be leveraged against Firewall Analyzer to
add an admin user via
/api/json/v2/admin/addUser or conduct a SQL
Injection attack via the
/api/json/device/setManaged name parameter.
2018-
09-20
not
yet
calcul
ated
CVE-
2018-
17283
MISC
MISC
zoho --
manageengine_supportcenter
In Zoho ManageEngine SupportCenter Plus
8.1.0, there is HTML Injection and Stored XSS
via the /ServiceContractDef.do contractName
parameter.
2018-
09-21
not
yet
calcul
ated
CVE-
2018-
16965
MISC
zzcms -- zzcms
zzcms 8.3 contains a SQL Injection vulnerability
in /user/check.php via a Client-Ip HTTP header.
2018-
09-17
not
yet
calcul
ated
CVE-
2018-
17136
MISC