Waaxe.com - Security Site waaxe.com - In memory of Ponca Chief Standing Bear waaxe.com - Chief Standing Bear In memory of Ponca Chief Standing Bear  

RSS CVE - US National Vulnerability Database

Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.

CVE-2013-0633 (flash_player) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0633

Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to obtain sensitive information via unspecified vectors.

CVE-2013-0637 (air, air_sdk, flash_player) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0637

Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-0647.

CVE-2013-0638 (air, air_sdk, flash_player) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0638

Integer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors.

CVE-2013-0639 (air, air_sdk, flash_player) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0639

Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0649 and CVE-2013-1374.

CVE-2013-0644 (air, air_sdk, flash_player) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0644

Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0644 and CVE-2013-1374.

CVE-2013-0649 (air, air_sdk, flash_player) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0649

Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373.

CVE-2013-1365 (air, air_sdk, flash_player) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1365

Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373.

CVE-2013-1366 (air, air_sdk, flash_player) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1366

Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373.

CVE-2013-1368 (air, air_sdk, flash_player) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1368

Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1372, and CVE-2013-1373.

CVE-2013-1370 (air, air_sdk, flash_player) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1370

Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, and CVE-2013-1373.

CVE-2013-1372 (air, air_sdk, flash_player) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1372

Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, and CVE-2013-1372.

CVE-2013-1373 (air, air_sdk, flash_player) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1373

Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0644 and CVE-2013-0649.

CVE-2013-1374 (air, air_sdk, flash_player) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1374

The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path, which allows remote attackers to read arbitrary files via a \ (backslash) character.

CVE-2013-1939 (owncloud, sabredav) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1939

httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVE-2013-2037 (httplib2, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2037

Directory traversal vulnerability in apps/files_trashbin/index.php in ownCloud Server before 5.0.6 allows remote authenticated users to access arbitrary files via a .. (dot dot) in the dir parameter.

CVE-2013-2085 (owncloud) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2085

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files.

CVE-2013-2149 (owncloud) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2149

Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl in the OPAC interface or (2) remote authenticated users to execute arbitrary SQL commands via the Filter or (3) Criteria parameter to reports/borrowers_out.pl in the Staff interface.

CVE-2015-4633 (koha) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4633

python-kdcproxy before 0.3.2 allows remote attackers to cause a denial of service via a large POST request.

CVE-2015-5159 (kdcproxy) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5159

ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=1, or process-zip-download.php, or add_user_form_* parameters to users-add.php.

CVE-2016-10732 (projectsend) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10732

ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip-download.php query string.

CVE-2016-10733 (projectsend) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10733

ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php.

CVE-2016-10734 (projectsend) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10734

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Userspace can pass IEs to the host driver and if multiple append commands are received, then the integer variable that stores the length can overflow and the subsequent copy of the IE data may potentially lead to a heap buffer overflow.

CVE-2017-14888 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14888

A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the "open" event is immediately followed by a "close" event - even if the tag *does not* close in the HTML being parsed. Because of this, we are missing the "text" event to deal with the object normally. This can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. The issue is possibly a bug or design decision in HTML::Parser that specifically impacts the way Apache SpamAssassin uses the module with poorly formed html. The exploit has been seen in the wild but not believed to have been purposefully part of a Denial of Service attempt. We are concerned that there may be attempts to abuse the vulnerability in the future.

CVE-2017-15705 (debian_linux, enterprise_linux_desktop, enterprise_linux_eus, enterprise_linux_server, enterprise_linux_workstation, spamassassin, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15705

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, While processing the RIC Data Descriptor IE in an artificially crafted 802.11 frame with IE length more than 255, an infinite loop may potentially occur resulting in a denial of service.

CVE-2017-15835 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15835

IBM QRadar SIEM 7.2.8 and 7.3 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-force ID: 133120.

CVE-2017-1622 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1622

An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image.

CVE-2017-16909 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16909

An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition.

CVE-2017-16910 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16910

When dynamic memory allocation fails, currently the process sleeps for one second and continues with infinite loop without retrying for memory allocation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCN5502, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835.

CVE-2017-18277 (mdm9206_firmware, mdm9607_firmware, mdm9640_firmware, mdm9650_firmware, msm8909w_firmware, qcn5502_firmware, sd205_firmware, sd210_firmware, sd212_firmware, sd415_firmware, sd425_firmware, sd430_firmware, sd450_firmware, sd600_firmware, sd615_firmware, sd616_firmware, sd625_firmware, sd650_firmware, sd652_firmware, sd810_firmware, sd820_firmware, sd820a_firmware, sd835_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18277

Non-secure SW can cause SDCC to generate secure bus accesses, which may expose RPM access in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660.

CVE-2017-18282 (mdm9206_firmware, mdm9607_firmware, mdm9650_firmware, sd205_firmware, sd210_firmware, sd212_firmware, sd425_firmware, sd430_firmware, sd450_firmware, sd625_firmware, sd650_firmware, sd652_firmware, sd835_firmware, sda660_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18282

Possible memory corruption when Read Val Blob Req is received with invalid parameters in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 625, SD 835, SD 845, SD 850, SDA660.

CVE-2017-18283 (qca9379_firmware, sd_205_firmware, sd_210_firmware, sd_212_firmware, sd_625_firmware, sd_835_firmware, sd_845_firmware, sd_850_firmware, sda660_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18283

When a particular GPIO is protected by blocking access to the corresponding GPIO resource registers, the protection can be bypassed using the corresponding banked GPIO registers instead in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660.

CVE-2017-18293 (mdm9206_firmware, mdm9607_firmware, mdm9650_firmware, sd_205_firmware, sd_210_firmware, sd_212_firmware, sd_425_firmware, sd_430_firmware, sd_450_firmware, sd_625_firmware, sd_650_firmware, sd_652_firmware, sd_835_firmware, sda660_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18293

While reading file class type from ELF header, a buffer overread may happen if the ELF file size is less than the size of ELF64 header size in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20.

CVE-2017-18294 (fsm9055_firmware, mdm9206_firmware, mdm9607_firmware, mdm9650_firmware, msm8909w_firmware, msm8996au_firmware, sd_205_firmware, sd_210_firmware, sd_212_firmware, sd_415_firmware, sd_425_firmware, sd_430_firmware, sd_450_firmware, sd_615_firmware, sd_616_firmware, sd_625_firmware, sd_650_firmware, sd_652_firmware, sd_820_firmware, sd_820a_firmware, sd_835_firmware, sd_845_firmware, sda660_firmware, sdx20_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18294

Possible buffer overflow if input is not null terminated in DSP Service module in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDX20.

CVE-2017-18295 (mdm9206_firmware, mdm9607_firmware, mdm9650_firmware, msm8909w_firmware, msm8996au_firmware, sd_205_firmware, sd_210_firmware, sd_212_firmware, sd_415_firmware, sd_450_firmware, sd_615_firmware, sd_616_firmware, sd_625_firmware, sd_650_firmware, sd_652_firmware, sd_820_firmware, sd_820a_firmware, sd_835_firmware, sdx20_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18295

Access control on applications is not applied while accessing SafeSwitch services can lead to improper access in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20.

CVE-2017-18296 (mdm9206_firmware, mdm9607_firmware, mdm9650_firmware, msm8909w_firmware, msm8996au_firmware, sd_205_firmware, sd_210_firmware, sd_212_firmware, sd_415_firmware, sd_425_firmware, sd_430_firmware, sd_450_firmware, sd_615_firmware, sd_616_firmware, sd_617_firmware, sd_625_firmware, sd_650_firmware, sd_652_firmware, sd_820_firmware, sd_820a_firmware, sd_835_firmware, sd_845_firmware, sda660_firmware, sdx20_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18296

Double memory free while closing TEE SE API Session management in Snapdragon Mobile in version SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820.

CVE-2017-18297 (sd_425_firmware, sd_430_firmware, sd_450_firmware, sd_625_firmware, sd_650_firmware, sd_652_firmware, sd_820_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18297

Improper translation table consolidation logic leads to resource exhaustion and QSEE error in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660

CVE-2017-18299 (mdm9206_firmware, mdm9607_firmware, mdm9650_firmware, msm8996au_firmware, sd_205_firmware, sd_210_firmware, sd_212_firmware, sd_425_firmware, sd_430_firmware, sd_450_firmware, sd_625_firmware, sd_650_firmware, sd_652_firmware, sd_820_firmware, sd_820a_firmware, sd_835_firmware, sd_845_firmware, sd_850_firmware, sda660_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18299

XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835.

CVE-2017-18305 (mdm9206_firmware, mdm9607_firmware, mdm9650_firmware, sd_205_firmware, sd_210_firmware, sd_212_firmware, sd_835_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18305

While accessing SafeSwitch services, third party can manipulate a given device and perform unauthorized operation due to lack of checking of same state transitions in Snapdragon Automobile, Snapdragon Mobile in version MSM8996AU, SD 410/12, SD 617, SD 650/52, SD 810, SD 820, SD 820A

CVE-2017-18312 (msm8996au_firmware, sd_410_firmware, sd_412_firmware, sd_617_firmware, sd_650_firmware, sd_652_firmware, sd_810_firmware, sd_820_firmware, sd_820a_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18312

Buffer over-read vulnerabilities in an older version of ASN.1 parser in Snapdragon Mobile in versions SD 600.

CVE-2017-18315 (sd_600_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18315

Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.

CVE-2017-3912 (application_and_change_control) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3912

Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified vectors.

CVE-2017-8931 (gravityzone) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8931

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device.

CVE-2018-0430 (unified_computing_system) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0430

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device.

CVE-2018-0431 (unified_computing_system) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0431

In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection.

CVE-2018-1002101 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1002101

In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new Kubernetes Deployment running arbitrary code. If minikube mount is in use, the attacker could also directly access the host filesystem.

CVE-2018-1002103 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1002103

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.

CVE-2018-1002105 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1002105

cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests.

CVE-2018-1149 (nvrmini2_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1149

NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists.

CVE-2018-1150 (nvrmini2_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1150

In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access. This can be locked down a bit by using chroot to change the root directory to protect files outside of the Karaf install directory; it can be further locked down by defining a security manager policy that limits file system access to those directories beneath the Karaf home that are necessary for the system to run. However, this still allows anyone with ssh access to the Karaf process to read and write a large number of files as the Karaf process user.

CVE-2018-11786 (karaf) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11786

In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part of the console is a Gogo shell/console that gives access to the command line console of Karaf via a Web browser, and when navigated to it is available at .../system/console/gogo. Trying to go directly to that URL does require authentication. And optional bundle that some applications use is the Pax Web Extender Whiteboard, it is part of the pax-war feature and perhaps others. When it is installed, the Gogo console becomes available at another URL .../gogo/, and that URL is not secured giving access to the Karaf console to unauthenticated users. A mitigation for the issue is to manually stop/uninstall Gogo plugin bundle that is installed with the webconsole feature, although of course this removes the console from the .../system/console application, not only from the unauthenticated endpoint. One could also stop/uninstall the Pax Web Extender Whiteboard, but other components/applications may require it and so their functionality would be reduced/compromised.

CVE-2018-11787 (karaf) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11787

A stack-based buffer overflow can occur in a firmware routine in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, SDA660

CVE-2018-11824 (mdm9206_firmware, mdm9607_firmware, mdm9650_firmware, sd_205_firmware, sd_210_firmware, sd_212_firmware, sd_835_firmware, sd_845_firmware, sd_850_firmware, sda660_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11824

Lack of check on out of range of bssid parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9886, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016

CVE-2018-11849 (ipq8074_firmware, mdm9206_firmware, mdm9607_firmware, mdm9635m_firmware, mdm9640_firmware, mdm9650_firmware, msm8996au_firmware, qca4531_firmware, qca6174a_firmware, qca6564_firmware, qca6574_firmware, qca6574au_firmware, qca6584_firmware, qca6584au_firmware, qca9377_firmware, qca9378_firmware, qca9379_firmware, qca9886_firmware, sd_205_firmware, sd_210_firmware, sd_212_firmware, sd_425_firmware, sd_427_firmware, sd_430_firmware, sd_435_firmware, sd_450_firmware, sd_600_firmware, sd_625_firmware, sd_650_firmware, sd_652_firmware, sd_810_firmware, sd_820_firmware, sd_820a_firmware, sd_835_firmware, sd_845_firmware, sd_850_firmware, sda660_firmware, sdm630_firmware, sdm632_firmware, sdm636_firmware, sdm660_firmware, sdm710_firmware, sdx20_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11849

Lack of check on out of range for channels When processing channel list set command will lead to buffer flow in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016

CVE-2018-11853 (ipq8074_firmware, mdm9206_firmware, mdm9607_firmware, mdm9650_firmware, sd_425_firmware, sd_427_firmware, sd_430_firmware, sd_435_firmware, sd_450_firmware, sd_625_firmware, sd_650_firmware, sd_652_firmware, sd_835_firmware, sd_845_firmware, sd_850_firmware, sda660_firmware, sdm429_firmware, sdm439_firmware, sdm630_firmware, sdm632_firmware, sdm636_firmware, sdm660_firmware, sdm710_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11853

Lack of check of valid length of input parameter may cause buffer overwrite in WLAN in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660

CVE-2018-11854 (sd_835_firmware, sd_845_firmware, sd_850_firmware, sda660_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11854

Improper input validation leads to buffer overwrite in the WLAN function that handles WMI commands in Snapdragon Mobile in version SD 835, SD 845, SD 850.

CVE-2018-11856 (sd_835_firmware, sd_845_firmware, sd_850_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11856

Improper input validation in WLAN encrypt/decrypt module can lead to a buffer copy in Snapdragon Mobile in version SD 835, SD 845, SD 850

CVE-2018-11857 (sd_835_firmware, sd_845_firmware, sd_850_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11857

When processing IE set command, buffer overwrite may occur due to lack of input validation of the IE length in Snapdragon Mobile in version SD 835, SD 845, SD 850.

CVE-2018-11858 (sd_835_firmware, sd_845_firmware, sd_850_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11858

Buffer overwrite can happen in WLAN due to lack of validation of the input length in Snapdragon Mobile in version SD 845, SD 850.

CVE-2018-11859 (sd_845_firmware, sd_850_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11859

Buffer overflow can happen in WLAN function due to lack of validation of the input length in Snapdragon Mobile in version SD 845, SD 850, SDA660.

CVE-2018-11861 (sd_845_firmware, sd_850_firmware, sda660_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11861

Buffer overflow can happen in WLAN module due to lack of validation of the input length in Snapdragon Mobile in version SD 845, SD 850, SDA660.

CVE-2018-11862 (sd_845_firmware, sd_850_firmware, sda660_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11862

Integer overflow may happen when calculating an internal structure size due to lack of validation of the input length in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016.

CVE-2018-11865 (mdm9206_firmware, mdm9607_firmware, mdm9650_firmware, sd_205_firmware, sd_210_firmware, sd_212_firmware, sd_425_firmware, sd_427_firmware, sd_430_firmware, sd_435_firmware, sd_450_firmware, sd_625_firmware, sd_835_firmware, sd_845_firmware, sd_850_firmware, sda660_firmware, sdm429_firmware, sdm439_firmware, sdm630_firmware, sdm632_firmware, sdm636_firmware, sdm660_firmware, sdm710_firmware, snapdragon_high_med_2016_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11865

Integer overflow may happen in WLAN when calculating an internal structure size due to lack of validation of the input length in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016.

CVE-2018-11866 (ipq8074_firmware, mdm9206_firmware, mdm9607_firmware, mdm9650_firmware, sd_205_firmware, sd_210_firmware, sd_212_firmware, sd_425_firmware, sd_427_firmware, sd_430_firmware, sd_435_firmware, sd_450_firmware, sd_625_firmware, sd_835_firmware, sd_845_firmware, sd_850_firmware, sda660_firmware, sdm429_firmware, sdm439_firmware, sdm630_firmware, sdm632_firmware, sdm636_firmware, sdm660_firmware, sdm710_firmware, snapdragon_high_med_2016_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11866

Lack of buffer length check before copying in WLAN function while processing FIPS event, can lead to a buffer overflow in Snapdragon Mobile in version SD 845.

CVE-2018-11867 (sd_845_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11867

Buffer overwrite can occur when the legacy rates count received from the host is not checked against the maximum number of legacy rates in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20.

CVE-2018-11870 (mdm9206_firmware, mdm9607_firmware, mdm9635m_firmware, mdm9640_firmware, mdm9650_firmware, msm8996au_firmware, qca4531_firmware, qca6174a_firmware, qca6574au_firmware, qca6584_firmware, qca6584au_firmware, qca9377_firmware, qca9378_firmware, qca9379_firmware, sd_205_firmware, sd_210_firmware, sd_212_firmware, sd_425_firmware, sd_600_firmware, sd_625_firmware, sd_650_firmware, sd_652_firmware, sd_810_firmware, sd_820_firmware, sd_820a_firmware, sd_835_firmware, sd_845_firmware, sd_850_firmware, sda660_firmware, sdx20_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11870

Buffer overwrite can happen in WLAN function while processing set pdev parameter command due to lack of input validation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016.

CVE-2018-11871 (ipq4019_firmware, ipq8064_firmware, ipq8074_firmware, mdm9206_firmware, mdm9607_firmware, mdm9635m_firmware, mdm9640_firmware, mdm9650_firmware, msm8996au_firmware, qca6174a_firmware, qca6564_firmware, qca6574_firmware, qca6574au_firmware, qca6584_firmware, qca6584au_firmware, qca9377_firmware, qca9378_firmware, qca9379_firmware, qca9531_firmware, qca9558_firmware, qca9563_firmware, qca9880_firmware, qca9886_firmware, qca9980_firmware, sd_205_firmware, sd_210_firmware, sd_212_firmware, sd_425_firmware, sd_427_firmware, sd_430_firmware, sd_435_firmware, sd_450_firmware, sd_600_firmware, sd_625_firmware, sd_650_firmware, sd_652_firmware, sd_820_firmware, sd_820a_firmware, sd_835_firmware, sd_845_firmware, sd_850_firmware, sda660_firmware, sdm630_firmware, sdm632_firmware, sdm636_firmware, sdm660_firmware, sdm710_firmware, sdx20_firmware, snapdragon_high_med_2016_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11871

Improper input validation leads to buffer overwrite in the WLAN function that handles WMI commands in Snapdragon Mobile in version SD 845, SD 850, SDA660

CVE-2018-11872 (sd_845_firmware, sd_850_firmware, sda660_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11872

Improper input validation leads to buffer overwrite in the WLAN function that handles WLAN roam buffer in Snapdragon Mobile in version SD 845.

CVE-2018-11873 (sd845_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11873

Buffer overflow if the length of passphrase is more than 32 when setting up secure NDP connection in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660.

CVE-2018-11874 (sd_835_firmware, sd_845_firmware, sd_850_firmware, sda660_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11874

Lack of check of buffer size before copying in a WLAN function can lead to a buffer overflow in Snapdragon Mobile in version SD 845, SD 850.

CVE-2018-11875 (sd_845_firmware, sd_850_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11875

Lack of input validation while copying to buffer in WLAN will lead to a buffer overflow in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660.

CVE-2018-11876 (sd_835_firmware, sd_845_firmware, sd_850_firmware, sda660_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11876

When the buffer length passed is very large in WLAN, bounds check could be bypassed leading to potential buffer overwrite in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660.

CVE-2018-11877 (sd_835_firmware, sd_845_firmware, sd_850_firmware, sda660_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11877

When the buffer length passed is very large, bounds check could be bypassed leading to potential buffer overwrite in Snapdragon Mobile in version SD 845

CVE-2018-11879 (sd_845_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11879

Incorrect bound check can lead to potential buffer overwrite in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660.

CVE-2018-11880 (sd_835_firmware, sd_845_firmware, sd_850_firmware, sda660_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11880

Incorrect bound check can lead to potential buffer overwrite in WLAN controller in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660.

CVE-2018-11882 (sd_835_firmware, sd_845_firmware, sd_850_firmware, sda660_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11882

Improper input validation leads to buffer overflow while processing network list offload command in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660

CVE-2018-11884 (sd_835_firmware, sd_845_firmware, sd_850_firmware, sda660_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11884

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in WLAN function due to lack of input validation in values received from firmware.

CVE-2018-11905 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11905

Unapproved TrustZone applications can be loaded and executed in Snapdragon Mobile in version SD 845, SD 850

CVE-2018-11950 (sd_845_firmware, sd_850_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11950

Improper access control in core module lead XBL_LOADER performs the ZI region clear for QTEE instead of XBL_SEC in Snapdragon Mobile in version SD 845, SD 850.

CVE-2018-11951 (sd_845_firmware, sd_850_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11951

Data leakage in cryptographic libraries for Intel IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access.

CVE-2018-12155 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12155

The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network.

CVE-2018-12242 (messaging_gateway) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12242

The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible.

CVE-2018-12243 (messaging_gateway) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12243

Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker can target end users protected by WI with social engineering attacks using crafted URLs for legitimate web sites. A successful attack allows injecting malicious JavaScript code into the website's rendered copy running inside the end user's web browser. It does not allow injecting code into the real (isolated) copy of the website running on the WI Threat Isolation Engine.

CVE-2018-12246 (web_isolation) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12246

Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque. This vulnerability affects Firefox < 61.

CVE-2018-12358 (firefox, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12358

A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

CVE-2018-12359 (debian_linux, enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_server_tus, enterprise_linux_workstation, firefox, firefox_esr, thunderbird, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12359

An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.

CVE-2018-12361 (debian_linux, firefox, firefox_esr, thunderbird, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12361

In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.

CVE-2018-12367 (debian_linux, firefox, firefox_esr, thunderbird, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12367

Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This also allows a WebExtension with the limited downloads.open permission to execute arbitrary code without user interaction on Windows 10 systems. *Note: this issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

CVE-2018-12368 (firefox, firefox_esr, thunderbird) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12368

WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR < 60.1 and Firefox < 61.

CVE-2018-12369 (firefox, firefox_esr, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12369

In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox < 61.

CVE-2018-12370 (firefox, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12370

Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62.

CVE-2018-12375 (firefox, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12375

Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.

CVE-2018-12376 (debian_linux, enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_server_tus, enterprise_linux_workstation, firefox, firefox_esr, thunderbird, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12376

A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.

CVE-2018-12377 (debian_linux, enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_server_tus, enterprise_linux_workstation, firefox, firefox_esr, thunderbird, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12377

A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.

CVE-2018-12378 (debian_linux, enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_server_tus, enterprise_linux_workstation, firefox, firefox_esr, thunderbird, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12378

When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.

CVE-2018-12379 (debian_linux, enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_server_tus, enterprise_linux_workstation, firefox, firefox_esr, thunderbird) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12379

Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. *Note: this issue only affects Windows operating systems with Outlook installed. Other operating systems are not affected.*. This vulnerability affects Firefox ESR < 60.2 and Firefox < 62.

CVE-2018-12381 (firefox, firefox_esr) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12381

The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. *This vulnerability only affects Firefox for Android < 62.*

CVE-2018-12382 (firefox) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12382

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2.

CVE-2018-12385 (debian_linux, enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_server_tus, enterprise_linux_workstation, firefox, firefox_esr, thunderbird, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12385

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.

CVE-2018-12386 (debian_linux, enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_server_tus, enterprise_linux_workstation, firefox, firefox_esr, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12386

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.

CVE-2018-12387 (debian_linux, enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_server_tus, enterprise_linux_workstation, firefox, firefox_esr, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12387

The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.

CVE-2018-13399 (crucible, fisheye) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13399

Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.

CVE-2018-13982 (smarty) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13982

IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139029.

CVE-2018-1424 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1424

A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.

CVE-2018-14622 (debian_linux, enterprise_linux, enterprise_linux_desktop, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_workstation, libtirpc, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14622

Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due to the Open vSwitch integration bridge being connected to the instance during migration. When connected to the integration bridge, all traffic for instances using the same Open vSwitch instance would potentially be visible to the migrated guest, as the required Open vSwitch VLAN filters are only applied post-migration. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3, 11.0.5 are vulnerable.

CVE-2018-14636 (neutron) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14636

An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.

CVE-2018-14642 (undertow) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14642

The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory.

CVE-2018-14659 (debian_linux, enterprise_linux_server, enterprise_linux_virtualization, gluster_storage) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14659

IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 141340.

CVE-2018-1504 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1504

IBM i2 Enterprise Insight Analysis 2.1.7 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 141413.

CVE-2018-1505 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1505

IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142117.

CVE-2018-1525 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1525

The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition.

CVE-2018-15332 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15332

XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0

CVE-2018-15362 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15362

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.

CVE-2018-15409 (webex_business_suite_31, webex_business_suite_33, webex_meetings_online, webex_meetings_server) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15409

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server.

CVE-2018-15424 (identity_services_engine) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15424

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server.

CVE-2018-15425 (identity_services_engine) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15425

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.

CVE-2018-15431 (webex_business_suite_32, webex_meetings_online, webex_meetings_server) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15431

An issue was discovered in Ivanti Workspace Control before 10.3.0.0 and RES One Workspace, when file and folder security are configured. A local authenticated user can bypass file and folder security restriction by leveraging an unspecified attack vector.

CVE-2018-15590 (workspace_control) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15590

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can execute processes with elevated privileges via an unspecified attack vector.

CVE-2018-15592 (workspace_control) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15592

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or relay server password by leveraging an unspecified attack vector.

CVE-2018-15593 (workspace_control) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15593

** DISPUTED ** An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. If an attacker controls an application with accessibility permissions, then the attacker can read certain Ola Money data such as a credit card number, expiration date, bank account number, and transaction history. NOTE: the vendor does not agree that this is a security issue requiring a fix.

CVE-2018-15660 (olamoney) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15660

** DISPUTED ** An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. If an attacker controls an application with accessibility permissions and the ability to read SMS messages, then the Forgot Password screen can be used to bypass authentication. NOTE: the vendor does not agree that this is a security issue requiring a fix.

CVE-2018-15661 (olamoney) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15661

IBM QRadar SIEM 7.2 and 7.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 143118.

CVE-2018-1568 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1568

Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.

CVE-2018-15708 (nagios_xi) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15708

Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request.

CVE-2018-15709 (nagios_xi) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15709

Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.

CVE-2018-15710 (nagios_xi) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15710

Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges.

CVE-2018-15711 (nagios_xi) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15711

Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php.

CVE-2018-15712 (nagios_xi) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15712

Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php.

CVE-2018-15713 (nagios_xi) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15713

Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters.

CVE-2018-15714 (nagios_xi) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15714

Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.

CVE-2018-15745 (dvr) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15745

Dell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 and earlier contain an information disclosure vulnerability. A malicious user with physical access to the machine could potentially exploit this vulnerability to access the unencrypted RegBack folder that contains back-ups of sensitive system files.

CVE-2018-15773 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15773

Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote authenticated user with access to BOSH can obtain the admin credentials for the Cloud Foundry Platform through the logs of the NFS volume deploy errand.

CVE-2018-15797 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15797

The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera.

CVE-2018-16225 (qbee_multi-sensor_camera_firmware, qbeecam, swisscom_home_app) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16225

A command injection vulnerability in libnmapp package for versions <0.4.16 allows arbitrary commands to be executed via arguments to the range options.

CVE-2018-16461 (libnmap) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16461

IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144653.

CVE-2018-1648 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1648

IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could allow an attacker to bypass the authentication configured by the administrator. IBM X-Force ID: 144656.

CVE-2018-1650 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1650

An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0.

CVE-2018-16521 (html_form_entry, reference_application) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16521

Amazon Web Services (AWS) FreeRTOS through 1.3.1 has an uninitialized pointer free in SOCKETS_SetSockOpt.

CVE-2018-16522 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16522

Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow division by zero in prvCheckOptions.

CVE-2018-16523 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16523

Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of TCP options in prvCheckOptions.

CVE-2018-16524 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16524

Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to execute arbitrary code or leak information because of a Buffer Overflow during parsing of DNS\LLMNR packets in prvParseDNSReply.

CVE-2018-16525 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16525

Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to leak information or execute arbitrary code because of a Buffer Overflow during generation of a protocol checksum in usGenerateProtocolChecksum and prvProcessIPPacket.

CVE-2018-16526 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16526

Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of ICMP packets in prvProcessICMPPacket.

CVE-2018-16527 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16527

Amazon Web Services (AWS) FreeRTOS through 1.3.1 allows remote attackers to execute arbitrary code because of mbedTLS context object corruption in prvSetupConnection and GGD_SecureConnect_Connect in AWS TLS connectivity modules.

CVE-2018-16528 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16528

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. In xProcessReceivedUDPPacket and prvParseDNSReply, any received DNS response is accepted, without confirming it matches a sent DNS request.

CVE-2018-16598 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16598

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of NBNS packets in prvTreatNBNS can be used for information disclosure.

CVE-2018-16599 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16599

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of ARP packets in eARPProcessPacket can be used for information disclosure.

CVE-2018-16600 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16600

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly remote code execution.

CVE-2018-16601 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16601

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclosure.

CVE-2018-16602 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16602

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds access to TCP source and destination port fields in xProcessReceivedTCPPacket can leak data back to an attacker.

CVE-2018-16603 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16603

IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 144889.

CVE-2018-1663 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1663

An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository.

CVE-2018-16668 (circarlife_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16668

An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the ocpp and circarlife panels.

CVE-2018-16669 (open_charge_point_protocol) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16669

In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts. This also grants the attacker an ability to backdoor the server.

CVE-2018-16791 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16791

SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data.

CVE-2018-16792 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16792

Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.

CVE-2018-16839 (curl, debian_linux, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16839

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.

CVE-2018-16840 (curl, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16840

Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.

CVE-2018-16842 (curl, debian_linux, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16842

A cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users, possibly leading to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Foreman before 1.18.3, 1.19.1, and 1.20.0 are vulnerable.

CVE-2018-16861 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16861

The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design. The impact is sensitive actions in the portal (such as changing a portal user's password). NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support.

CVE-2018-16952 (webcenter_interaction) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16952

The AjaxControl component of Oracle WebCenter Interaction Portal 10.3.3 does not validate the names of pages when processing page rename requests. Pages can be renamed to include characters unsupported for URIs by the web server hosting the WCI Portal software (such as IIS). Renaming pages to include unsupported characters, such as 0x7f, prevents these pages from being accessed over the web server, causing a Denial of Service (DoS) to the page. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support.

CVE-2018-16956 (webcenter_interaction) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16956

The Oracle WebCenter Interaction 10.3.3 search service queryd.exe binary is compiled with the i1g2s3c4 hardcoded password. Authentication to the Oracle WCI search service uses this hardcoded password and cannot be customised by customers. An adversary able to access this service over a network could perform search queries to extract large quantities of sensitive information from the WCI installation. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support.

CVE-2018-16957 (webcenter_interaction) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16957

An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NET_SessionID primary session cookie, when Internet Information Services (IIS) with ASP.NET is used, is not protected with the HttpOnly attribute. The attribute cannot be enabled by customers. Consequently, this cookie is exposed to session hijacking attacks should an adversary be able to execute JavaScript in the origin of the portal installation. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support.

CVE-2018-16958 (webcenter_interaction) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16958

An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The portal component is delivered with an insecure default User Profile community configuration that allows anonymous users to retrieve the account names of all portal users via /portal/server.pt/user/user/ requests. When WCI is synchronised with Active Directory (AD), this vulnerability can expose the account names of all AD users. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support.

CVE-2018-16959 (webcenter_interaction) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16959

IBM Maximo Asset Management 7.6 could allow an authenticated user to enumerate usernames using a specially crafted HTTP request. IBM X-Force ID: 145966.

CVE-2018-1697 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1697

The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow attackers to perform Account Takeover attacks by intercepting a security-question response during the initial configuration of the application.

CVE-2018-17108 (sbi_buddy) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17108

In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields (if the schema is being filtered dynamically using the "only" option, and there is a user role that produces an empty value for "only").

CVE-2018-17175 (marshmallow) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17175

A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all.

CVE-2018-17176 (botvac_d4_connected_firmware, botvac_d6_connected_firmware, botvac_d7_connected_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17176

An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called "black box" logs (event logs and core dumps) to a USB stick. These logs are RC4-encrypted with a 9-character password of *^JEd4W!I that is obfuscated by hiding it within a custom /bin/rc4_crypt binary.

CVE-2018-17177 (botvac_85_firmware, botvac_d3_connected_firmware, botvac_d4_connected_firmware, botvac_d5_connected_firmware, botvac_d6_connected_firmware, botvac_d7_connected_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17177

An issue was discovered on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands (sent to /bin/webserver on port 8081) if they already have an active session. Commands like forward, back, arc-left, arc-right, pivot-left, and pivot-right are executed even though the web socket replies with { "message" : "invalid authorization header" }. Without an active session, commands are still interpreted, but (except for eco-on and eco-off) have no effect, since without active driving, a driving direction does not change anything.

CVE-2018-17178 (botvac_d3_connected_firmware, botvac_d4_connected_firmware, botvac_d5_connected_firmware, botvac_d6_connected_firmware, botvac_d7_connected_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17178

IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147707.

CVE-2018-1728 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1728

IBM QRadar SIEM 7.2 and 7.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147709.

CVE-2018-1730 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1730

IBM QRadar SIEM 1.14.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 147810.

CVE-2018-1732 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1732

Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol.

CVE-2018-17613 (telegram_desktop) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17613

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Mouse Exit events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6333.

CVE-2018-17615 (phantompdf, reader) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17615

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of onBlur events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6334.

CVE-2018-17616 (phantompdf, reader) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17616

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of onFocus events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6335.

CVE-2018-17617 (reader) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17617

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Selection Change events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6336.

CVE-2018-17618 (phantompdf, reader) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17618

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Validate events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6352.

CVE-2018-17619 (reader) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17619

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6353.

CVE-2018-17620 (phantompdf, reader) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17620

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Format events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6355.

CVE-2018-17621 (reader) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17621

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate events. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6354.

CVE-2018-17622 (phantompdf, reader) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17622

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Link objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6434.

CVE-2018-17623 (phantompdf, reader) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17623

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of OCG objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6435.

CVE-2018-17624 (phantompdf, reader) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17624

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF Phantom PDF 9.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within fxhtml2pdf. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6230.

CVE-2018-17706 (phantompdf) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17706

Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, leaks end-user public and private IP addresses during a call because of an unsafe default behavior in which P2P connections are accepted from clients outside of the My Contacts list.

CVE-2018-17780 (telegram_desktop, telegram_messenger) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17780

A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.

CVE-2018-17782 (mantisbt) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17782

A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.

CVE-2018-17783 (mantisbt) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17783

Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Incorrect Access Control.

CVE-2018-17871 (collaboration_compliance, quality_management_platform) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17871

Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Insecure Permissions.

CVE-2018-17872 (collaboration_compliance, quality_management_platform) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17872

A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. The developer used the extcodesize() function to prevent a malicious contract from being called, but the attacker can bypass it by writing the core code in the constructor of their exploit code. Therefore, it allows attackers to always win and get rewards.

CVE-2018-17877 (greedy_599) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17877

WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code.

CVE-2018-17908 (webaccess) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17908

WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow condition that allows for arbitrary remote code execution.

CVE-2018-17910 (webaccess) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17910

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code.

CVE-2018-17915 (xmeye_p2p_cloud_server) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17915

Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. When the affected device accepts this new IP configuration, a loss of communication occurs between the device and the rest of the system as the system traffic is still attempting to communicate with the device via the overwritten IP address.

CVE-2018-17924 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17924

A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. The developer wrote a random() function that uses a block timestamp and block hash from the Ethereum blockchain. This can be predicted by writing the same random function code in an exploit contract to determine the deadSeat value.

CVE-2018-17968 (ruletkaio) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17968

An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.

CVE-2018-17972 (linux_kernel, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17972

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.

CVE-2018-18284 (debian_linux, ghostscript, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18284

The MESILAT Zabbix plugin before 1.1.15 for Atlassian Confluence allows attackers to read arbitrary files.

CVE-2018-18289 (zabbix) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18289

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-18311 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18311

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-18312 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18312

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

CVE-2018-18313 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18313

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-18314 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18314

Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.

CVE-2018-18362 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18362

goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter.

CVE-2018-18375 (airbox_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18375

goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter.

CVE-2018-18376 (airbox_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18376

drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.

CVE-2018-18386 (linux_kernel) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18386

playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse.

CVE-2018-18387 (playsms) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18387

In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts.

CVE-2018-18445 (linux_kernel, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18445

IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. IBM X-Force ID: 150998.

CVE-2018-1850 (security_access_manager) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1850

IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit this vulnerability to execute arbitrary code. IBM X-Force ID: 150999.

CVE-2018-1851 (websphere_application_server) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1851

Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS.

CVE-2018-18517 (netscaler_gateway_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18517

ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager.

CVE-2018-18548 (ajenticp) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18548

ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, group_delete.html group parameter, report_save.html query parameter, sensors.html location parameter, or group_delete.html group parameter.

CVE-2018-18551 (monitoring_software) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18551

ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service (menu functionality loss) by creating an LNK file that points to a second LNK file, if this second LNK file is associated with a Start menu. Ultimately, this behavior comes from a Directory Traversal bug (via the sensor_details.html id parameter) that allows creating empty files in arbitrary directories.

CVE-2018-18552 (monitoring_software) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18552

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control.

CVE-2018-18559 (linux_kernel, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18559

The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business.

CVE-2018-18566 (uc_software, vvx_500_firmware, vvx_601_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18566

AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.

CVE-2018-18567 (440hd_firmware, 450hd_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18567

Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.

CVE-2018-18568 (uc_software, vvx_500_firmware, vvx_601_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18568

A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.

CVE-2018-18605 (binutils, debian_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18605

An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.

CVE-2018-18606 (binutils, debian_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18606

An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.

CVE-2018-18607 (binutils, debian_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18607

www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO.

CVE-2018-18635 (mailcleaner) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18635

An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory.

CVE-2018-18650 (xpdf) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18650

An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file.

CVE-2018-18651 (xpdf) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18651

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated Sensitive Information Disclosure via /gateway/services/EdgeServiceImpl issue.

CVE-2018-18657 (udp) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18657

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclosure via /UDPUpdates/Config/FullUpdateSettings.xml issue.

CVE-2018-18658 (udp) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18658

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in /management/UdpHttpService issue.

CVE-2018-18659 (udp) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18659

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue.

CVE-2018-18660 (udp) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18660

There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool.

CVE-2018-18662 (mupdf) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18662

admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote authenticated administrators to trigger stored XSS via JavaScript content in a file whose name lacks an extension. Such a file is interpreted as text/html in certain cases.

CVE-2018-18694 (monstra) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18694

An issue was discovered in GoPro gpmf-parser 1.2.1. There is an out-of-bounds write in OpenMP4Source in GPMF_mp4reader.c.

CVE-2018-18699 (gpmf-parser) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18699

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151329.

CVE-2018-1871 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1871

An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658.

CVE-2018-18710 (linux_kernel) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18710

An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_themes_from_dir method in dlg-contact-sheet.c because of two successive calls of g_free, each of which frees the same buffer.

CVE-2018-18718 (debian_linux, gthumb) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18718

An XSS issue was discovered in Catfish CMS 4.8.30, related to "write source code," a similar issue to CVE-2018-13999.

CVE-2018-18733 (catfish_cms) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18733

An XSS issue was discovered in catfish blog 2.0.33, related to "write source code."

CVE-2018-18736 (catfish_blog) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18736

An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.

CVE-2018-18751 (enterprise_linux, gettext, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18751

Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter.

CVE-2018-18752 (webiness_inventory) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18752

ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file.

CVE-2018-18754 (vmg3312-b10b_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18754

An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in a parse_mqtt getu16 call. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.

CVE-2018-18764 (mongoose) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18764

An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.

CVE-2018-18765 (mongoose) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18765

ACME mini_httpd before 1.30 lets remote users read arbitrary files.

CVE-2018-18778 (mini-httpd) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18778

XSS was discovered in SEMCMS V3.4 via the semcms_remail.php?type=ok umail parameter.

CVE-2018-18783 (semcms) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18783

There exists a heap-based buffer overflow in vc1_decode_p_mb_intfi in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.

CVE-2018-18826 (libav) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18826

There exists a heap-based buffer over-read in ff_vc1_pred_dc in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.

CVE-2018-18827 (libav) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18827

There exists a heap-based buffer overflow in vc1_decode_i_block_adv in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.

CVE-2018-18828 (libav) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18828

There exists a NULL pointer dereference in ff_vc1_parse_frame_header_adv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafted aac file.

CVE-2018-18829 (libav) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18829

A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Console REST API Could allow attackers to execute a denial of service attack preventing users from logging into the MQ Console REST API. IBM X-Force ID: 151969.

CVE-2018-1883 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1883

admin/check.asp in DKCMS 9.4 allows SQL Injection via an ASPSESSIONID cookie to admin/admin.asp.

CVE-2018-18832 (dkcms) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18832

An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c.

CVE-2018-18834 (libiec61850) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18834

upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file.

CVE-2018-18835 (doccms) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18835

XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexmetatit parameter.

CVE-2018-18840 (semcms) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18840

XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexkey parameter.

CVE-2018-18841 (semcms) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18841

An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495.

CVE-2018-18867 (responsive_filemanager) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18867

An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.

CVE-2018-18873 (debian_linux, jasper, linux_enterprise_desktop, linux_enterprise_server, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18873

S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field).

CVE-2018-18887 (s-cms) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18887

An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.

CVE-2018-18897 (poppler) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18897

An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in ClientDataSet_getValues in client/ied_connection.c.

CVE-2018-18937 (libiec61850) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18937

An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c.

CVE-2018-18957 (libiec61850) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18957

IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM X-Force ID: 152456.

CVE-2018-1896 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1896

Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required.

CVE-2018-19001 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19001

MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter.

CVE-2018-19050 (metinfo) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19050

MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter.

CVE-2018-19051 (metinfo) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19051

An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.

CVE-2018-19058 (poppler, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19058

An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.

CVE-2018-19059 (poppler, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19059

An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.

CVE-2018-19060 (poppler, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19060

An issue has been found in libIEC61850 v1.3. It is a SEGV in Ethernet_receivePacket in ethernet_bsd.c.

CVE-2018-19121 (libiec61850) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19121

An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in Ethernet_sendPacket in ethernet_bsd.c.

CVE-2018-19122 (libiec61850) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19122

IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152855.

CVE-2018-1920 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1920

IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error messages. IBM X-Force ID: 153315.

CVE-2018-1935 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1935

IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating access permissions. IBM X-Force ID: 153382.

CVE-2018-1941 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1941

An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.

CVE-2018-19539 (jasper, linux_enterprise_desktop, linux_enterprise_server) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19539

An issue was discovered in JasPer 2.0.14. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c.

CVE-2018-19540 (jasper, linux_enterprise_desktop, linux_enterprise_server) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19540

An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c.

CVE-2018-19541 (jasper, linux_enterprise_desktop, linux_enterprise_server, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19541

An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.

CVE-2018-19542 (jasper, linux_enterprise_desktop, linux_enterprise_server, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19542

An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.

CVE-2018-19543 (debian_linux, jasper, linux_enterprise_desktop, linux_enterprise_server, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19543

Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.

CVE-2018-19608 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19608

Local attackers can trigger a stack-based buffer overflow on vulnerable installations of Antiy-AVL ATool security management v1.0.0.22. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x80002000 by the IRPFile.sys Antiy-AVL ATool kernel driver. The bug is caused by failure to properly validate the length of the user-supplied data, which results in a kernel stack buffer overflow. An attacker can leverage this vulnerability to execute arbitrary code in the context of the kernel, which could lead to privilege escalation and a failed exploit could lead to denial of service.

CVE-2018-19650 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19650

HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.

CVE-2018-19653 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19653

An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/net_WebPingGetValue can result in running OS commands as the root user. This is similar to CVE-2017-12120.

CVE-2018-19659 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19659

An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/webSettingProfileSecurity can result in running OS commands as the root user.

CVE-2018-19660 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19660

The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.

CVE-2018-19665 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19665

Tarantella Enterprise before 3.11 allows Directory Traversal.

CVE-2018-19753 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19753

Tarantella Enterprise before 3.11 allows bypassing Access Control.

CVE-2018-19754 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19754

HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported.

CVE-2018-19786 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19786

Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter.

CVE-2018-19835 (metinfo) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19835

The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.

CVE-2018-19857 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19857

OpenRefine before 3.5 allows directory traversal via a relative pathname in a ZIP archive.

CVE-2018-19859 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19859

NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device.

CVE-2018-19864 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19864

A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.

CVE-2018-19865 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19865

cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error.

CVE-2018-19876 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19876

login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field.

CVE-2018-19877 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19877

In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl.

CVE-2018-19881 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19881

In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl.

CVE-2018-19882 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19882

An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 8 case.

CVE-2018-19886 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19886

An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 4 case.

CVE-2018-19887 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19887

An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the HCB_ESC case.

CVE-2018-19888 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19888

An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 6 case.

CVE-2018-19889 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19889

An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 2 case.

CVE-2018-19890 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19890

An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 10 case.

CVE-2018-19891 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19891

DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field.

CVE-2018-19892 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19892

SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string.

CVE-2018-19893 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19893

ThinkCMF X2.2.2 has SQL Injection via the functions check() and delete() in CommentadminController.class.php and is exploitable with the manager privilege via the ids[] parameter in a commentadmin action.

CVE-2018-19894 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19894

ThinkCMF X2.2.2 has SQL Injection via the function edit_post() in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action.

CVE-2018-19895 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19895

ThinkCMF X2.2.2 has SQL Injection via the function delete() in SlideController.class.php and is exploitable with the manager privilege via the ids[] parameter in a slide action.

CVE-2018-19896 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19896

ThinkCMF X2.2.2 has SQL Injection via the function _listorders() in AdminbaseController.class.php and is exploitable with the manager privilege via the listorders[key][1] parameter in a Link listorders action.

CVE-2018-19897 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19897

ThinkCMF X2.2.2 has SQL Injection via the method edit_post in ArticleController.class.php and is exploitable by normal authenticated users via the post[id][1] parameter in an article edit_post action.

CVE-2018-19898 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19898

A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. Attackers with developer privileges may execute OS commands by Creating/Editing a template file (.ftl filetype) that triggers a call to freemarker.template.utility.Execute in the FreeMarker library during rendering of a web page.

CVE-2018-19907 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19907

An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import.

CVE-2018-19908 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19908

FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?calc URI. This can also be exploited via CSRF. Alternatively, the default password of works for the freeswitch account can sometimes be used.

CVE-2018-19911 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19911

DomainMOD through 4.11.01 has XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field.

CVE-2018-19913 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19913

DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field.

CVE-2018-19914 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19914

DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field.

CVE-2018-19915 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19915

Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php data[title] parameter, as demonstrated by a crafted onload attribute of an SVG element.

CVE-2018-19919 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19919

Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller.

CVE-2018-19921 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19921

Persistent Cross-Site Scripting (XSS) in the advancedsetup_websiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd' URL parameter in a /urlfilter.cmd POST request.

CVE-2018-19922 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19922

An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is member/member_email.php?action=edit CSRF.

CVE-2018-19923 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19923

An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. An email address can be modified in between the request for a validation code and the entry of the validation code, leading to storage of an XSS payload contained in the modified address.

CVE-2018-19924 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19924

An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. It has SQL injection via the member/member_order.php type parameter, related to the O_state parameter.

CVE-2018-19925 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19925

Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO.

CVE-2018-19926 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19926

Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases.

CVE-2018-19927 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19927

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.

CVE-2018-19931 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19931

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.

CVE-2018-19932 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19932

ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.

CVE-2018-19935 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19935

The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in kfree after a kmalloc failure in gtp_read_Color in drivers/input/touchscreen/gt917d/gt9xx.c.

CVE-2018-19939 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19939

The debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname.

CVE-2018-19960 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19960

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.

CVE-2018-19961 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19961

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.

CVE-2018-19962 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19962

An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because x86 IOREQ server resource accounting (for external emulators) was mishandled.

CVE-2018-19963 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19963

An issue was discovered in Xen 4.11.x allowing x86 guest OS users to cause a denial of service (host OS hang) because the p2m lock remains unavailable indefinitely in certain error conditions.

CVE-2018-19964 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19964

An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.

CVE-2018-19965 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19965

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for CVE-2017-15595.

CVE-2018-19966 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19966

An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix.

CVE-2018-19967 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19967

Anker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow attackers to cause a denial of service (reboot of the underlying Android 7.1.2 operating system) via a crafted application that sends data to WifiService.

CVE-2018-19980 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19980

An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs because HPKP is not implemented. The communication architecture is APP > Server > Controller (HUB) > Node (products which are controlled by HUB). The prerequisite is that the attacker is on the same network as the target HUB, and can use IP Changer to change destination IP addresses (of all packets whose destination IP address is Server) to a proxy-server IP address. This allows sniffing of cleartext between Server and Controller. The cleartext command data is transmitted to Controller using the proxy server's fake certificate, and it is able to control each Node of the HUB. Also, by operating HUB in Z-Wave Pairing Mode, it is possible to obtain the Z-Wave network key.

CVE-2018-19982 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19982

An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. An attacker first prepares a Z-Wave frame-transmission program (e.g., Z-Wave PC Controller, OpenZWave, CC1110, etc.). Next, the attacker conducts a DoS attack against the Z-Wave S0 Security version product by continuously sending divided "Nonce Get (0x98 0x81)" frames. The reason for dividing the "Nonce Get" frame is that, in security version S0, when a node receives a "Nonce Get" frame, the node produces a random new nonce and sends it to the Src node of the received "Nonce Get" frame. After the nonce value is generated and transmitted, the node transitions to wait mode. At this time, when "Nonce Get" is received again, the node discards the previous nonce value and generates a random nonce again. Therefore, because the frame is encrypted with previous nonce value, the received normal frame cannot be decrypted.

CVE-2018-19983 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19983

VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args or get_post_args) to block the API misuse described in CVE-2018-9230.

CVE-2018-19991 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19991

Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java.

CVE-2018-20000 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20000

In Libav 12.3, there is a floating point exception in the range_decode_culshift function (called from range_decode_bits) in libavcodec/apedec.c that will lead to remote denial of service via crafted input.

CVE-2018-20001 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20001

The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.

CVE-2018-20002 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20002

An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<order type="real">' substring, as demonstrated by testmxml.

CVE-2018-20004 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20004

An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc.

CVE-2018-20005 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20005

An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title parameter to api.php?c=post&f=save (reachable via the index.php?id=book URI).

CVE-2018-20006 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20006

DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field.

CVE-2018-20009 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20009

DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field.

CVE-2018-20010 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20010

DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field.

CVE-2018-20011 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20011

PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI.

CVE-2018-20012 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20012

YzmCMS v5.2 has admin/role/add.html CSRF.

CVE-2018-20015 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20015

SEMCMS 3.5 has XSS via the first text box to the SEMCMS_Main.php URI.

CVE-2018-20017 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20017

S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI.

CVE-2018-20018 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20018

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused. An attacker needs to trick the user to open the malicious file to trigger.

CVE-2018-3940 (phantompdf, reader) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3940

A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

CVE-2018-5156 (debian_linux, enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_server_tus, enterprise_linux_workstation, firefox, firefox_esr, thunderbird, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5156

Memory safety bugs present in Firefox 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 61.

CVE-2018-5186 (firefox, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5186

Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.

CVE-2018-5187 (debian_linux, firefox, firefox_esr, thunderbird, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5187

Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

CVE-2018-5188 (debian_linux, enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_server_tus, enterprise_linux_workstation, firefox, firefox_esr, thunderbird, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5188

An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.

CVE-2018-5800 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5800

An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.

CVE-2018-5801 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5801

An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

CVE-2018-5802 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5802

A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero.

CVE-2018-5804 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5804

A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.

CVE-2018-5805 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5805

An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.

CVE-2018-5806 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5806

An error within the "samsung_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

CVE-2018-5807 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5807

An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.

CVE-2018-5808 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5808

An error within the "LibRaw::parse_exif()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.

CVE-2018-5809 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5809

An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.

CVE-2018-5810 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5810

An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

CVE-2018-5811 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5811

An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference.

CVE-2018-5812 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5812

An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.

CVE-2018-5813 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5813

An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file.

CVE-2018-5815 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5815

An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger a division by zero via specially crafted NOKIARAW file (Note: This vulnerability is caused due to an incomplete fix of CVE-2018-5804).

CVE-2018-5816 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5816

The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace.

CVE-2018-6559 (linux_kernel, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6559

Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.

CVE-2018-6755 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6755

Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware.

CVE-2018-6756 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6756

Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.

CVE-2018-6757 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6757

In Aruba ClearPass, disabled API admins can still perform read/write operations. In certain circumstances, API admins in ClearPass which have been disabled may still be able to perform read/write operations on parts of the XML API. This can lead to unauthorized access to the API and complete compromise of the ClearPass instance if an attacker knows of the existence of these accounts.

CVE-2018-7063 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7063

An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass are affected by multiple authenticated SQL injection vulnerabilities. In each case, an authenticated administrative user of any type could exploit this vulnerability to gain access to "appadmin" credentials, leading to complete cluster compromise. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix.

CVE-2018-7065 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7065

An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. The ClearPass OnConnect feature permits administrators to link other network devices into ClearPass for the purpose of collecting enhanced information about connected endpoints. A defect in the API could allow a remote attacker to execute arbitrary commands on one of the linked devices. This vulnerability is only applicable if credentials for devices have been supplied to ClearPass under Configuration -> Network -> Devices -> CLI Settings. Resolution: Fixed in 6.7.5 and 6.6.10-hotfix.

CVE-2018-7066 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7066

A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. An authentication flaw in all versions of ClearPass could allow an attacker to compromise the entire cluster through a specially crafted API call. Network access to the administrative web interface is required to exploit this vulnerability. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix.

CVE-2018-7067 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7067

Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules, which allows any authenticated administrative user to execute those operations regardless of privilege level. This could allow low-privilege users to view, modify, or delete guest users. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix.

CVE-2018-7079 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7079

A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP's BLE radio and could then gain access to the AP's console port. This vulnerability is applicable only if the BLE radio has been enabled in affected access points. The BLE radio is disabled by default. Note - Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986.

CVE-2018-7080 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7080

All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product Orange branch are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges.

CVE-2018-7364 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7364

Anne-AL00 Huawei phones with versions earlier than 8.0.0.151(C00) have an information leak vulnerability. Due to improper permission settings for specific commands, attackers who can connect to a mobile phone via the USB interface may exploit this vulnerability to obtain specific device information of the mobile phone.

CVE-2018-7924 (anne-al00_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7924

Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1.0.326(C00) have an improper authentication vulnerability. App Lock is a function to prevent unauthorized use of apps on smartphones, an attacker could directly change the lock password after a series of operations. Successful exploit could allow the attacker to use the application which is locked.

CVE-2018-7989 (mate_10_pro_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7989

An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0.

CVE-2018-8292 (asp.net_core, powershell_core) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8292

An Information Disclosure vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka "Microsoft Windows Codecs Library Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019.

CVE-2018-8506 (windows_10, windows_server_2016, windows_server_2019) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8506

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8473.

CVE-2018-8509 (edge) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8509

A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8530.

CVE-2018-8512 (edge) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8512

A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8512.

CVE-2018-8530 (edge) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8530

In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.

CVE-2018-9517 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9517

In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945.

CVE-2018-9518 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9518

In easelcomm_hw_build_scatterlist, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System privileges required. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-69808833.

CVE-2018-9519 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9519

In V4L2SliceVideoDecodeAccelerator::Dequeue of v4l2_slice_video_decode_accelerator.cc, there is a possible out of bounds read of a function pointer due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-112181526.

CVE-2018-9538 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9538

In unflatten of GraphicBuffer.cpp, there is a possible bad fd close due to improper input validation. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-114223584.

CVE-2018-9547 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9547

In multiple functions of ContentProvider.java, there is a possible permission bypass due to a missing URI validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112555574.

CVE-2018-9548 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9548

In lppTransposer of lpp_tran.cpp there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112160868.

CVE-2018-9549 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9549

In CAacDecoder_Init of aacdecoder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112660981.

CVE-2018-9550 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9550

In CAacDecoder_Init of aacdecoder.cpp, there is a possible out-of-bound write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112891548.

CVE-2018-9551 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9551

In ihevcd_sao_shift_ctb of ihevcd_sao.c there is a possible out of bounds write due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-113260892.

CVE-2018-9552 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9552

In MasteringMetadata::Parse of mkvparser.cc there is a possible double free due to an insecure default value. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116615297.

CVE-2018-9553 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9553

In dumpExtractors of IMediaExtractor.cp, there is a possible disclosure of recently accessed media files due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-114770654.

CVE-2018-9554 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9554

In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112321180.

CVE-2018-9555 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9555

In ParsePayloadHeader of payload_metadata.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113118184.

CVE-2018-9556 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9556

In really_install_package of install.cpp, there is a possible free of arbitrary memory due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2. Android ID: A-35385357.

CVE-2018-9557 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9557

In rw_t2t_handle_tlv_detect of rw_t2t_ndef.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC kernel with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112161557.

CVE-2018-9558 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9558

In persist_set_key and other functions of cryptfs.cpp, there is a possible out-of-bounds write due to an uncaught error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112731440.

CVE-2018-9559 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9559

In HID_DevAddRecord of hidd_api.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth service with User execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-79946737.

CVE-2018-9560 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9560

In bta_ag_do_disc of bta_ag_sdp.cc, there is a possible out-of-bound read due to an incorrect parameter size. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113164621.

CVE-2018-9562 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9562

In readBytes of xltdecwbxml.c, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-16680558.

CVE-2018-9565 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9565

In process_service_search_rsp of sdp_discovery.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure when connecting to a malicious Bluetooth device with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-74249842.

CVE-2018-9566 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9566

On Pixel devices there is a bug causing verified boot to show the same certificate fingerprint despite using different signing keys. This may lead to local escalation of privilege if people are relying on those fingerprints to determine what version of the OS the device is running, with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-65543936.

CVE-2018-9567 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9567

In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.

CVE-2018-9568 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9568

In impd_init_drc_decode_post_config of impd_drc_gain_decoder.c there is a possible out-of-bound write due to incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113885537.

CVE-2018-9569 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9569

In impd_parse_drc_ext_v1 of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-115375616.

CVE-2018-9570 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9570

In impd_parse_loud_eq_instructions of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116020594.

CVE-2018-9571 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9571

In impd_drc_parse_coeff of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116224432.

CVE-2018-9572 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9572

In impd_parse_filt_block of impd_drc_dynamic_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116467350.

CVE-2018-9573 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9573

In impd_parse_split_drc_characteristic of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116619337.

CVE-2018-9574 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9574

In impd_parse_dwnmix_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116619387.

CVE-2018-9575 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9575

In impd_parse_parametric_drc_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715245.

CVE-2018-9576 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9576

In impd_parametric_drc_parse_gain_set_params of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715937.

CVE-2018-9577 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9577

In ixheaacd_adts_crc_start_reg of ixheaacd_adts_crc_check.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113261928.

CVE-2018-9578 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9578

(© 2017 - 2017) by OSI ® ORDENADORES Y SOLUCIONES INFORMÁTICAS , OSIWARE ® - SON MARCAS REGISTRADAS DE ANGEL FRUCTUOSO LASHERAS
OSI Num.: 1.766.464 OEPM - OSIWARE ® US ® (tm)- s/n: 4.903.668 |  ES ® OEPM - Num.: 3.568.893