Waaxe.com - Security Site waaxe.com - In memory of Ponca Chief Standing Bear waaxe.com - Chief Standing Bear In memory of Ponca Chief Standing Bear  

RSS CVE - US National Vulnerability Database

Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and earlier can allow an untrusted Java class to call into a disallowed class, which could allow an attacker to escape the Java sandbox and conduct unauthorized activities.

CVE-2000-1099 (jdk) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-1099

dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.

CVE-2001-0497 (bind) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0497

Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows local users to cause a denial of service via a series of deeply nested symlinks, which causes the kernel to spend extra time when trying to access the link.

CVE-2001-0907 (linux_kernel) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0907

IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows remote attackers to bypass intended firewall restrictions by causing the target system to send a "DCC SEND" request to a malicious server which listens on port 6667, which may cause the module to believe that the traffic is a valid request and allow the connection to the port specified in the DCC SEND request.

CVE-2001-1056 (linux_kernel) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-1056

Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing.

CVE-2002-0848 (vpn_5000_concentrator_series_software) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0848

The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to gain access.

CVE-2004-2486 (dropbear_ssh) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2486

Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations.

CVE-2005-4178 (debian_linux, dropbear_ssh) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4178

Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."

CVE-2012-0920 (debian_linux, dropbear_ssh) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0920

The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size when it is decompressed.

CVE-2013-4421 (dropbear_ssh) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4421

Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames.

CVE-2013-4434 (dropbear_ssh) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4434

gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating (1) ~/.gitolite.rc, (2) ~/.gitolite, or (3) ~/repositories/gitolite-admin.git on fresh installs.

CVE-2013-4451 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4451

gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup.

CVE-2013-7203 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7203

XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data.

CVE-2014-2296 (cas_server) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2296

The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org.

CVE-2014-2302 (webedition_cms) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2302

The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to arbitrary files via a symlink attack on /tmp/s48lose.tmp.

CVE-2014-4150 (scheme48) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4150

camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly.

CVE-2016-10727 (evolution, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10727

An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The toclient inspection will then continue with the wrong rule group. This can lead to missed detection.

CVE-2016-10728 (suricata) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10728

An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.

CVE-2016-8647 (ansible_engine, virtualization) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8647

All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10 1800-2S products allow remote authenticated users to bypass the original password authentication protection to change other user's password.

CVE-2017-10935 (zxr10_1800-2s_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10935

SQL injection vulnerability in all versions prior to V4.01.01 of the ZTE ZXCDN-SNS product allows remote attackers to execute arbitrary SQL commands via the aoData parameter, resulting in the disclosure of database information.

CVE-2017-10936 (zxcdn-sns_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10936

SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information.

CVE-2017-10937 (zxiptv-ucm_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10937

IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121152.

CVE-2017-1114 (campaign) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1114

IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 121153.

CVE-2017-1115 (campaign) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1115

A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.

CVE-2017-12164 (gnome_display_manager) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12164

A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.

CVE-2017-12171 (enterprise_linux, enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_workstation, http_server) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12171

The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified padding in CBC mode allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.

CVE-2017-13091 (-) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13091

The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.

CVE-2017-13092 (-) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13092

The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of encrypted IP cyphertext to insert hardware trojans. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.

CVE-2017-13093 (-) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13093

The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of the encryption key and insertion of hardware trojans in any IP. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.

CVE-2017-13094 (-) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13094

The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of a license-deny response to a license grant. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.

CVE-2017-13095 (-) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13095

The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax access control. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.

CVE-2017-13096 (-) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13096

The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax license requirement. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.

CVE-2017-13097 (-) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13097

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while loading a user application in qseecom, an integer overflow could potentially occur if the application partition size is rounded up to page_size.

CVE-2017-15818 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15818

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a gpt update, an out of bounds memory access may potentially occur.

CVE-2017-15825 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15825

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing the keystore in LK, an integer overflow vulnerability exists which may potentially lead to a buffer overflow.

CVE-2017-15828 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15828

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the function for writing device values into flash, uninitialized memory can be written to flash.

CVE-2017-15844 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15844

IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039.

CVE-2017-1794 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1794

The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should not be sent because they are not contained within the results of a specified JQL query.

CVE-2017-18104 (jira) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18104

In Snapdragon (Automobile, Mobile, Wear) in version MDM9607, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDM429, SDM439, SDM632, Snapdragon_High_Med_2016, when a Trusted Application has opened the SPI/I2C interface to a particular device, it is possible for another Trusted Application to read the data on this open interface by calling the SPI/I2C read function.

CVE-2017-18280 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18280

In Small Cell SoC and Snapdragon (Automobile, Mobile, Wear) in version FSM9055, FSM9955, MDM9607, MDM9640, MDM9650, MSM8909W, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, providing the NULL argument of ICE regulator while processing create key IOCTL results in system restart.

CVE-2017-18301 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18301

In Snapdragon (Automobile ,Mobile) in version MSM8996AU, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, a crafted HLOS client can modify the structure in memory passed to a QSEE application between the time of check and the time of use, resulting in arbitrary writes to TZ kernel memory regions.

CVE-2017-18302 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18302

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, on TZ cold boot the CNOC_QDSS RG0 locked by xBL_SEC is cleared by TZ.

CVE-2017-18314 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18314

** DISPUTED ** The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar.

CVE-2017-18343 (symfony) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18343

An out-of-bounds read vulnerability was found in netpbm before 10.61. The expandCodeOntoStack() function has an insufficient code value check, so that a maliciously crafted file could cause the application to crash or possibly allows code execution.

CVE-2017-2579 (netpbm) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2579

An out-of-bounds write vulnerability was found in netpbm before 10.61. A maliciously crafted file could cause the application to crash or possibly allow code execution.

CVE-2017-2580 (netpbm) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2580

An out-of-bounds write vulnerability was found in netpbm before 10.61. A maliciously crafted file could cause the application to crash or possibly allow code execution.

CVE-2017-2581 (netpbm) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2581

A null pointer dereference vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash.

CVE-2017-2586 (netpbm) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2586

A memory allocation vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash.

CVE-2017-2587 (netpbm) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2587

A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.

CVE-2017-2616 (debian_linux, enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_workstation, util-linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2616

A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.

CVE-2017-2618 (debian_linux, enterprise_linux, enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_workstation, linux_kernel) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2618

It was found that jenkins-ssh-slaves-plugin before version 1.15 did not perform host key verification, thereby enabling Man-in-the-Middle attacks.

CVE-2017-2648 (ssh_slaves) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2648

It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.

CVE-2017-2649 (active_directory) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2649

It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all connected nodes.

CVE-2017-2652 (distributed_fork) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2652

CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges.

CVE-2017-2664 (cloudforms, cloudforms_management_engine) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2664

JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in them, which are not properly sanitized before showing to other users, including admins.

CVE-2017-2674 (jboss_bpm_suite) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2674

An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server.

CVE-2017-2855 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2855

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SoftAP configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.

CVE-2017-2873 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2873

An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a buffer overflow resulting in overwriting arbitrary data.

CVE-2017-2875 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2875

An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a buffer overflow resulting in overwriting arbitrary data.

CVE-2017-2876 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2876

A missing error check exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 could allow an attacker to reset the user accounts to factory defaults, without authentication.

CVE-2017-2877 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2877

An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability.

CVE-2017-2878 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2878

An exploitable buffer overflow vulnerability exists in the UPnP implementation used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted UPnP discovery response can cause a buffer overflow resulting in overwriting arbitrary data. An attacker needs to be in the same subnetwork and reply to a discovery message to trigger this vulnerability.

CVE-2017-2879 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2879

Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.

CVE-2017-3912 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3912

Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag.

CVE-2017-6913 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6913

JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code within the context of the affected user.

CVE-2017-7463 (jboss_bpm_suite) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7463

In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate (or no certificate). libcurl supports by default the use of TLS session id/ticket to resume previous TLS sessions to speed up subsequent TLS handshakes. They are used when for any reason an existing TLS connection couldn't be kept alive to make the next handshake faster. This flaw is a regression and identical to CVE-2016-5419 reported on August 3rd 2016, but affecting a different version range.

CVE-2017-7468 (libcurl) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7468

An input validation error was found in Red Hat Certificate System's handling of client provided certificates before 8.1.20-1. If the certreq field is not present in a certificate an assertion error is triggered causing a denial of service.

CVE-2017-7509 (certificate_system) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7509

foreman before version 1.16.0 is vulnerable to a stored XSS in organizations/locations assignment to hosts. Exploiting this requires a user to actively assign hosts to an organization that contains html in its name which is visible to the user prior to taking action.

CVE-2017-7535 (foreman) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7535

A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. A user able to change an organization's name could exploit this flaw to perform XSS attacks against other Satellite users.

CVE-2017-7538 (satellite) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7538

It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files. A remote attacker could use this flaw to read files accessible to the user running the application server and, potentially, perform other more advanced XML eXternal Entity (XXE) attacks.

CVE-2017-7545 (decision_manager, jboss_bpm_suite, jbpm) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7545

An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.

CVE-2017-7562 (enterprise_linux, enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_workstation, kerberos) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7562

A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including arbitrary shell commands in a specific user input field. Cisco Bug IDs: CSCvi51426.

CVE-2018-0341 (ip_phone_multiplatform_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0341

A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete bounds checks for data that is provided by the configuration and monitoring service of the affected solution. An attacker could exploit this vulnerability by sending malicious data to the vDaemon listening service on an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected device, which could allow the attacker to execute arbitrary code with root privileges on the device or cause the vDaemon listening service to reload and result in a DoS condition on the device. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi70003.

CVE-2018-0342 (vbond_orchestrator, vedge-100_firmware, vedge-1000_firmware, vedge-2000_firmware, vedge-5000_firmware, vedge-plus, vedge-pro, vedge_100b_firmware, vedge_100m_firmware, vedge_100wm_firmware, vmanage_network_management, vsmart_controller) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0342

A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient access restrictions to the HTTP management interface of the affected solution. An attacker could exploit this vulnerability by sending a malicious HTTP request to the affected management service through an authenticated device. A successful exploit could allow the attacker to execute arbitrary code with vmanage user privileges or stop HTTP services on an affected system. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69976.

CVE-2018-0343 (vbond_orchestrator, vedge-100_firmware, vedge-1000_firmware, vedge-2000_firmware, vedge-5000_firmware, vedge-plus, vedge-pro, vedge_100b_firmware, vedge_100m_firmware, vedge_100wm_firmware, vmanage_network_management, vsmart_controller) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0343

A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successful exploit could allow the attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69974.

CVE-2018-0344 (vbond_orchestrator, vedge-100_firmware, vedge-1000_firmware, vedge-2000_firmware, vedge-5000_firmware, vedge-plus, vedge-pro, vedge_100b_firmware, vedge_100m_firmware, vedge_100wm_firmware, vmanage_network_management, vsmart_controller) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0344

A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The vulnerability is due to insufficient validation of command arguments that are passed to the configuration and management database of the affected software. An attacker could exploit this vulnerability by creating custom functions that contain malicious code and are executed as the vmanage user of the configuration management system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69937.

CVE-2018-0345 (vbond_orchestrator, vedge-100_firmware, vedge-1000_firmware, vedge-2000_firmware, vedge-5000_firmware, vedge-plus, vedge-pro, vedge_100b_firmware, vedge_100m_firmware, vedge_100wm_firmware, vmanage_network_management, vsmart_controller) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0345

A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect bounds checks for certain values in packets that are sent to the Zero Touch Provisioning service of the affected software. An attacker could exploit this vulnerability by sending malicious packets to the affected software for processing. When the software processes the packets, a buffer overflow condition could occur and cause an affected device to reload. A successful exploit could allow the attacker to cause a temporary DoS condition while the device reloads. This vulnerability can be exploited only by traffic that is destined for an affected device. It cannot be exploited by traffic that is transiting a device. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69914.

CVE-2018-0346 (vbond_orchestrator, vedge-100_firmware, vedge-1000_firmware, vedge-2000_firmware, vedge-5000_firmware, vedge-plus, vedge-pro, vedge_100b_firmware, vedge_100m_firmware, vedge_100wm_firmware, vmanage_network_management, vsmart_controller) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0346

A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting malicious input to the affected parameter. The attacker must be authenticated to access the affected parameter. A successful exploit could allow an attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers. Cisco Bug IDs: CSCvi69906.

CVE-2018-0347 (vbond_orchestrator, vedge-100_firmware, vedge-1000_firmware, vedge-2000_firmware, vedge-5000_firmware, vedge-plus, vedge-pro, vedge_100b_firmware, vedge_100m_firmware, vedge_100wm_firmware, vmanage_network_management, vsmart_controller) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0347

A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting malicious input to the load command within the VPN subsystem. The attacker must be authenticated to access the affected CLI parameter. A successful exploit could allow an attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69866.

CVE-2018-0348 (vbond_orchestrator, vedge-100_firmware, vedge-1000_firmware, vedge-2000_firmware, vedge-5000_firmware, vedge-plus, vedge-pro, vedge_100b_firmware, vedge_100m_firmware, vedge_100wm_firmware, vmanage_network_management, vsmart_controller) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0348

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the request admin-tech command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the request admin-tech command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69852, CSCvi69856.

CVE-2018-0349 (vbond_orchestrator, vedge-100_firmware, vedge-1000_firmware, vedge-2000_firmware, vedge-5000_firmware, vedge-plus, vedge-pro, vedge_100b_firmware, vedge_100m_firmware, vedge_100wm_firmware, vmanage_network_management, vsmart_controller) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0349

A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected parameter in a web page. The attacker must be authenticated to access the affected parameter. A successful exploit could allow the attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69808, CSCvi69810, CSCvi69814, CSCvi69822, CSCvi69827, CSCvi69828, CSCvi69836.

CVE-2018-0350 (vbond_orchestrator, vedge-100_firmware, vedge-1000_firmware, vedge-2000_firmware, vedge-5000_firmware, vedge-plus, vedge-pro, vedge_100b_firmware, vedge_100m_firmware, vedge_100wm_firmware, vmanage_network_management, vsmart_controller) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0350

A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the tcpdump utility. The attacker must be authenticated to access the tcpdump utility. A successful exploit could allow the attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69751.

CVE-2018-0351 (vbond_orchestrator, vedge-100_firmware, vedge-1000_firmware, vedge-2000_firmware, vedge-5000_firmware, vedge-plus, vedge-pro, vedge_100b_firmware, vedge_100m_firmware, vedge_100wm_firmware, vmanage_network_management, vsmart_controller) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0351

A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf03514.

CVE-2018-0366 (web_security_appliance) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0366

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient security restrictions imposed by the affected software. An attacker could exploit this vulnerability by accessing unprotected log files. A successful exploit could allow the attacker to access sensitive log files, which may include system credentials, on the affected device. Cisco Bug IDs: CSCvi22400.

CVE-2018-0368 (application_policy_infrastructure_controller_enterprise_module) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0368

A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service (DoS) condition. There are four instances of the npusim process running per Service Function (SF) instance, each handling a subset of all traffic flowing across the device. It is possible to trigger a reload of all four instances of the npusim process around the same time. The vulnerability is due to improper handling of fragmented IPv4 packets containing options. An attacker could exploit this vulnerability by sending a malicious IPv4 packet across an affected device. An exploit could allow the attacker to trigger a restart of the npusim process, which will result in all traffic queued toward this instance of the npusim process to be dropped while the process is restarting. The npusim process typically restarts within less than a second. This vulnerability affects: Cisco Virtualized Packet Core-Single Instance (VPC-SI), Cisco Virtualized Packet Core-Distributed Instance (VPC-DI), Cisco Ultra Packet Core (UPC). Cisco Bug IDs: CSCvh29613.

CVE-2018-0369 (staros) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0369

A vulnerability in the DHCPv6 feature of the Cisco Nexus 9000 Series Fabric Switches in Application-Centric Infrastructure (ACI) Mode could allow an unauthenticated, remote attacker to cause the device to run low on system memory, which could result in a Denial of Service (DoS) condition on an affected system. The vulnerability is due to improper memory management when DHCPv6 packets are received on an interface of the targeted device. An attacker could exploit this vulnerability by sending a high number of malicious DHCPv6 packets to be processed by an affected device. A successful exploit could allow the attacker to cause the system to run low on memory, which could cause an eventual reboot of an affected device. The vulnerability only applies to IPv6 protocol packets and not for IPv4 protocol packets. This vulnerability affects Cisco Nexus 9000 Series Fabric Switches in ACI Mode running software version 13.0(1k). The vulnerability can only be exploited when unicast routing is enabled on the Bridge Domain (BD). DHCP and DHCP relay do not have to be configured for the vulnerability to be exploited. Cisco Bug IDs: CSCvg38918.

CVE-2018-0372 (nx-os) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0372

A vulnerability in the Policy Builder database of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by connecting directly to the Policy Builder database. A successful exploit could allow the attacker to access and change any data in the Policy Builder database. Cisco Bug IDs: CSCvh06134.

CVE-2018-0374 (mobility_services_engine) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0374

A vulnerability in the Cluster Manager of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, static user credentials for the root account. An attacker could exploit this vulnerability by using the account to log in to an affected system. An exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user. Cisco Bug IDs: CSCvh02680.

CVE-2018-0375 (mobility_services_engine, policy_suite) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0375

A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy Builder interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by accessing the Policy Builder interface. A successful exploit could allow the attacker to make changes to existing repositories and create new repositories. Cisco Bug IDs: CSCvi35109.

CVE-2018-0376 (mobility_services_engine, policy_suite) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0376

A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly connecting to the OSGi interface. An exploit could allow the attacker to access or change any files that are accessible by the OSGi process. Cisco Bug IDs: CSCvh18017.

CVE-2018-0377 (mobility_services_engine, policy_suite) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0377

Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to launch the file in the Webex recording players. Exploitation of these vulnerabilities could allow arbitrary code execution on the system of a targeted user. These vulnerabilities affect ARF and WRF recording players available from Cisco Webex Meetings Suite sites, Cisco Webex Meetings Online sites, and Cisco Webex Meetings Server. Cisco Bug IDs: CSCvi02621, CSCvi02965, CSCvi63329, CSCvi63333, CSCvi63335, CSCvi63374, CSCvi63376, CSCvi63377, CSCvi63391, CSCvi63392, CSCvi63396, CSCvi63495, CSCvi63497, CSCvi63498, CSCvi82684, CSCvi82700, CSCvi82705, CSCvi82725, CSCvi82737, CSCvi82742, CSCvi82760, CSCvi82771, CSCvj51284, CSCvj51294.

CVE-2018-0379 (webex_business_suite, webex_meeting_server, webex_meetings_online) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0379

Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to launch the file in the Webex recording players. Exploitation of these vulnerabilities could cause an affected player to crash, resulting in a denial of service (DoS) condition. The Cisco Webex players are applications that are used to play back Webex meetings that have been recorded by an online meeting attendee. The Webex Network Recording Player for .arf files can be automatically installed when the user accesses a recording that is hosted on a Webex server. The Webex Player for .wrf files can be downloaded manually. These vulnerabilities affect ARF and WRF recording players available from Cisco Webex Meetings Suite sites, Cisco Webex Meetings Online sites, and Cisco Webex Meetings Server. Cisco Bug IDs: CSCvh70253, CSCvh70268, CSCvh72272, CSCvh72281, CSCvh72285, CSCvi60477, CSCvi60485, CSCvi60490, CSCvi60520, CSCvi60529, CSCvi60533.

CVE-2018-0380 (webex_meetings_online) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0380

A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the transfer of files to an affected system via FTP. The vulnerability exists because the affected software incorrectly handles FTP control connections. An attacker could exploit this vulnerability by sending a maliciously crafted FTP connection to transfer a file to an affected device. A successful exploit could allow the attacker to bypass a file policy that is configured to apply the Block upload with reset action to FTP traffic. Cisco Bug IDs: CSCvh70130.

CVE-2018-0383 (firepower_management_center) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0383

A vulnerability in the detection engine parsing of Security Socket Layer (SSL) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper input handling of the SSL traffic. An attacker could exploit this vulnerability by sending a crafted SSL traffic to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. Cisco Bug IDs: CSCvi36434.

CVE-2018-0385 (firepower_management_center) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0385

A vulnerability in Cisco Webex Teams (for Windows and macOS) could allow an unauthenticated, remote attacker to execute arbitrary code on the user's device, possibly with elevated privileges. The vulnerability occurs because Cisco Webex Teams does not properly sanitize input. An attacker could exploit the vulnerability by sending a user a malicious link and persuading the user to follow the link. A successful exploit could allow the attacker to execute arbitrary code on the user's system. Cisco Bug IDs: CSCvh66250.

CVE-2018-0387 (webex_teams) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0387

A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based (DOM-based) cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software by using the HTTP POST method. An attacker who can submit malicious scripts to the affected user interface element could execute arbitrary script or HTML code in the user's browser in the context of the affected site. Cisco Bug IDs: CSCvj33287.

CVE-2018-0390 (webex_meetings) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0390

A vulnerability in the CLI of Cisco Policy Suite could allow an authenticated, local attacker to access files owned by another user. The vulnerability is due to insufficient access control permissions (i.e., World-Readable). An attacker could exploit this vulnerability by logging in to the CLI. An exploit could allow the attacker to access potentially sensitive files that are owned by a different user. Cisco Bug IDs: CSCvh18087.

CVE-2018-0392 (mobility_services_engine_3310_firmware, mobility_services_engine_3355_firmware, mobility_services_engine_3365_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0392

A Read-Only User Effect Change vulnerability in the Policy Builder interface of Cisco Policy Suite could allow an authenticated, remote attacker to make policy changes in the Policy Builder interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by accessing the Policy Builder interface and modifying an HTTP request. A successful exploit could allow the attacker to make changes to existing policies. Cisco Bug IDs: CSCvi35007.

CVE-2018-0393 (mobility_services_engine_3310_firmware, mobility_services_engine_3355_firmware, mobility_services_engine_3365_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0393

A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to obtain restricted shell access on an affected system. The vulnerability is due to insufficient input validation of parameters passed to a specific function within the user interface. An attacker could exploit this vulnerability by injecting code into a function parameter. Cisco Bug IDs: CSCvi12935.

CVE-2018-0394 (cloud_services_platform_2100) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0394

A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting certain malicious code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve25985.

CVE-2018-0396 (unified_communications_manager_im_and_presence_service) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0396

Directory traversal vulnerability in ChamaNet MemoCGI v2.1800 to v2.2200 allows remote attackers to read arbitrary files via unspecified vectors.

CVE-2018-0617 (memocgi) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0617

Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2018-0618 (debian_linux, mailman) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0618

Untrusted search path vulnerability in the installer of Glarysoft Glary Utilities (Glary Utilities 5.99 and earlier and Glary Utilities Pro 5.99 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

CVE-2018-0619 (glary_utilities) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0619

Untrusted search path vulnerability in LOGICOOL Game Software versions before 8.87.116 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

CVE-2018-0620 (game_software) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0620

Untrusted search path vulnerability in LOGICOOL CONNECTION UTILITY SOFTWARE versions before 2.30.9 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

CVE-2018-0621 (connection_utility_software) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0621

The DHC Online Shop App for Android version 3.2.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2018-0622 (dhc_online_shop) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0622

Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page.

CVE-2018-0652 (growi) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0652

Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via Wiki page view.

CVE-2018-0653 (growi) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0653

Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the modal for creating Wiki page.

CVE-2018-0654 (growi) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0654

Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the app settings section of admin page.

CVE-2018-0655 (growi) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0655

Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.

CVE-2018-1000802 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000802

plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

CVE-2018-1002200 (debian_linux, enterprise_linux, enterprise_linux_desktop, enterprise_linux_workstation, plexus-archiver) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1002200

zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

CVE-2018-1002201 (zt-zip) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1002201

zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

CVE-2018-1002202 (zip4j) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1002202

unzipper npm library before 0.8.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

CVE-2018-1002203 (unzipper) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1002203

adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

CVE-2018-1002204 (adm-zip) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1002204

SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

CVE-2018-1002206 (sharpcompress) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1002206

mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

CVE-2018-1002207 (archiver) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1002207

sharplibzip before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

CVE-2018-1002208 (sharplibzip) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1002208

An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files.

CVE-2018-1056 (advancecomp, debian_linux, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1056

SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in certain situations on specific platforms), and denial of service attacks.

CVE-2018-10600 (acselerator_architect) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10600

SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution.

CVE-2018-10604 (sel_compass) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10604

SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited when the AcSELerator Architect FTP client connects to a malicious FTP server, which may cause denial of service via 100% CPU utilization. Restart of the application is required.

CVE-2018-10608 (acselerator_architect) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10608

AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed.

CVE-2018-10620 (indusoft_web_studio, intouch_machine_2017) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10620

In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and prior, the amount of resources requested by a malicious actor are not restricted, allowing for a denial-of-service condition.

CVE-2018-10632 (nport_5210_firmware, nport_5230_firmware, nport_5232_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10632

redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution.

CVE-2018-10870 (certification) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10870

A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.

CVE-2018-10876 (debian_linux, linux_kernel, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10876

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.

CVE-2018-10878 (debian_linux, linux_kernel, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10878

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.

CVE-2018-10879 (debian_linux, linux_kernel, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10879

Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.

CVE-2018-10880 (debian_linux, linux_kernel) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10880

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.

CVE-2018-10881 (debian_linux, linux_kernel, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10881

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image.

CVE-2018-10882 (debian_linux, linux_kernel, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10882

CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user.

CVE-2018-10905 (cloudforms, cloudforms_management_engine) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10905

keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of Service on the server.

CVE-2018-10912 (keycloak) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10912

RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.

CVE-2018-11059 (archer) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11059

RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges.

CVE-2018-11060 (archer) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11060

Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the isi_drive_d process by sending specially crafted input data to the affected system. This process will then be restarted.

CVE-2018-11071 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11071

Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. A remote authenticated malicious user may create and delete apps with crafted file attributes to cause a denial of service for new app instances or scaling up of existing apps.

CVE-2018-11084 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11084

An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on the 'exec command' feature of the T-Router protocol. If the command syntax is correct, there is code execution both on the other modem and on the main servers. This is fixed in production builds as of Spring 2018.

CVE-2018-11240 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11240

An issue was discovered on SoftCase T-Router build 20112017 devices. A remote attacker can read and write to arbitrary files on the system as root, as demonstrated by code execution after writing to a crontab file. This is fixed in production builds as of Spring 2018.

CVE-2018-11241 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11241

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possible buffer overflow while incrementing the log_buf of type uint64_t in memcpy function, since the log_buf pointer can access the memory beyond the size to store the data after pointer increment.

CVE-2018-11265 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11265

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, when sending an malformed XML data to deviceprogrammer/firehose it may do an out of bounds buffer write allowing a region of memory to be filled with 0x20.

CVE-2018-11267 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11267

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, a potential buffer overflow exists when parsing TFTP options.

CVE-2018-11268 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11268

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, a potential buffer overflow exists when parsing TFTP options.

CVE-2018-11269 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11269

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated with devm_kzalloc is automatically released by the kernel if the probe function fails with an error code. This may result in data corruption.

CVE-2018-11270 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11270

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, 'voice_svc_dev' is allocated as a device-managed resource. If error 'cdev_alloc_err' occurs, 'device_destroy' will free all associated resources, including 'voice_svc_dev' leading to a double free.

CVE-2018-11273 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11273

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow may occur when payload size is extremely large.

CVE-2018-11274 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11274

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when flashing image using FastbootLib if size is not divisible by block size, information leak occurs.

CVE-2018-11275 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11275

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, double free of memory allocation is possible in Kernel when it explicitly tries to free that memory on driver probe failure, since memory allocated is automatically freed on probe.

CVE-2018-11276 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11276

In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, the com.qualcomm.embms is a vendor package deployed in the system image which has an inadequate permission level and allows any application installed from Play Store to request this permission at install-time. The system application interfaces with the Radio Interface Layer leading to potential access control issue.

CVE-2018-11277 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11277

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers. If start code is not found in entire buffer, there is over-fetch beyond allocation length. This leads to page fault.

CVE-2018-11278 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11278

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing user-space there is no size validation of the NAT entry input. If the user input size of the NAT entry is greater than the max allowed size, memory exhaustion will occur.

CVE-2018-11280 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11280

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while calling IPA_IOC_MDFY_RT_RULE IPA IOCTL, header entry is not checked before use. If IPA_IOC_MDFY_RT_RULE IOCTL called for header entries formerly deleted, a Use after free condition will occur.

CVE-2018-11281 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11281

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, while parsing FLAC file with corrupted picture block, a buffer over-read can occur.

CVE-2018-11285 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11285

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing global variable "debug_client" in multi-thread manner, Use after free issue occurs

CVE-2018-11286 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11286

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, incorrect control flow implementation in Video while checking buffer sufficiency.

CVE-2018-11287 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11287

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG in use.

CVE-2018-11290 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11290

In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, cryptographic issues due to the random number generator was not a strong one in NAN.

CVE-2018-11291 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11291

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, lack of input validation in WLANWMI command handlers can lead to integer & heap overflows.

CVE-2018-11292 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11292

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in wma_ndp_confirm_event_handler and wma_ndp_indication_event_handler, ndp_cfg len and num_ndp_app_info is from fw. If they are not checked, it may cause buffer over-read once the value is too large.

CVE-2018-11293 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11293

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WLAN handler indication from the firmware gets the information for 4 access categories. While processing this information only the first 3 AC information is copied due to the improper conditional logic used to compare with the max number of categories.

CVE-2018-11294 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11294

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WMA handler carries a fixed event data from the firmware to the host . If the length and anqp length from this event data exceeds the max length, an OOB write would happen.

CVE-2018-11295 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11295

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a message from firmware in WLAN handler, a buffer overwrite can occur.

CVE-2018-11296 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11296

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a buffer over-read can occur In the WMA NDP event handler functions due to lack of validation of input value event_info which is received from FW.

CVE-2018-11297 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11297

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing SET_PASSPOINT_LIST vendor command HDD does not make sure that the realm string that gets passed by upper-layer is NULL terminated. This may lead to buffer overflow as strlen is used to get realm string length to construct the PASSPOINT WMA command.

CVE-2018-11298 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11298

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when WLAN FW has not filled the vdev id correctly in stats events then WLAN host driver tries to access interface array without proper bound check which can lead to invalid memory access and as a side effect kernel panic or page fault.

CVE-2018-11299 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11299

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, callback executed from the other thread has freed memory which is also used in wlan function and may result in to a "Use after free" scenario.

CVE-2018-11300 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11300

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on buffer length while processing debug log event from firmware can lead to an integer overflow.

CVE-2018-11301 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11301

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check of input received from userspace before copying into buffer can lead to potential array overflow in WLAN.

CVE-2018-11302 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11302

The Wallabag application 2.2.3 to 2.3.2 is affected by one cross-site scripting (XSS) vulnerability that is stored within the configuration page. This vulnerability enables the execution of a JavaScript payload each time an administrator visits the configuration page. The vulnerability can be exploited with authentication and used to target administrators and steal their sessions.

CVE-2018-11352 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11352

cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests.

CVE-2018-1149 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1149

ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access, leading to remote command execution.

CVE-2018-11491 (hg100_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11491

NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists.

CVE-2018-1150 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1150

An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependent attacker can obtain (depending on the modules configured) the Base64 encoded Password/Username of AD accounts, the cleartext Password/Username and mail settings of the EAS account (an AD account used to send mail), the cleartext password of recovery_password of Android devices, the cleartext password of account "set", the location of devices enrolled in the platform (with UUID and information related to the name of the person at the location), critical information about all enrolled devices such as Serial Number, UUID, Model, Name, and auth_session_token (usable to spoof a terminal identity on the platform), etc.

CVE-2018-11717 (manageengine_desktop_central) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11717

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.

CVE-2018-11761 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11761

In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file.

CVE-2018-11762 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11762

In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access. This can be locked down a bit by using chroot to change the root directory to protect files outside of the Karaf install directory; it can be further locked down by defining a security manager policy that limits file system access to those directories beneath the Karaf home that are necessary for the system to run. However, this still allows anyone with ssh access to the Karaf process to read and write a large number of files as the Karaf process user.

CVE-2018-11786 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11786

In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part of the console is a Gogo shell/console that gives access to the command line console of Karaf via a Web browser, and when navigated to it is available at .../system/console/gogo. Trying to go directly to that URL does require authentication. And optional bundle that some applications use is the Pax Web Extender Whiteboard, it is part of the pax-war feature and perhaps others. When it is installed, the Gogo console becomes available at another URL .../gogo/, and that URL is not secured giving access to the Karaf console to unauthenticated users. A mitigation for the issue is to manually stop/uninstall Gogo plugin bundle that is installed with the webconsole feature, although of course this removes the console from the .../system/console application, not only from the unauthenticated endpoint. One could also stop/uninstall the Pax Web Extender Whiteboard, but other components/applications may require it and so their functionality would be reduced/compromised.

CVE-2018-11787 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11787

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, LUT configuration is passed down to driver from userspace via ioctl. Simultaneous update from userspace while kernel drivers are updating LUT registers can lead to race condition.

CVE-2018-11818 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11818

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on integer overflow while calculating memory can lead to Buffer overflow in WLAN ext scan handler.

CVE-2018-11826 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11826

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper validation of array index in WMA roam synchronization handler can lead to OOB write.

CVE-2018-11827 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11827

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of input size validation before copying to buffer in PMIC function can lead to heap overflow.

CVE-2018-11832 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11832

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check can lead to out-of-bounds access in WLAN function.

CVE-2018-11836 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11836

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the WLAN driver command ioctl a temporary buffer used to construct the reply message may be freed twice.

CVE-2018-11840 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11840

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, during wlan association, driver allocates memory. In case the mem allocation fails driver does a mem free though the memory was not allocated.

CVE-2018-11842 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11842

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack fo check on return value in WMA response handler can lead to potential use after free.

CVE-2018-11843 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11843

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on input received to calculate the buffer length can lead to out of bound write to kernel stack.

CVE-2018-11851 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11851

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper check In the WMA API for the inputs received from the firmware and then fills the same to the host structure will lead to OOB write.

CVE-2018-11852 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11852

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a potential buffer over flow could occur while processing the ndp event due to lack of check on the message length.

CVE-2018-11860 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11860

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check of input received from firmware to calculate the length of WMA roam synch buffer can lead to buffer overwrite during memcpy.

CVE-2018-11863 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11863

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in nan response event handler.

CVE-2018-11868 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11868

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in WMA handler.

CVE-2018-11869 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11869

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possibility of invalid memory access while processing driver command in WLAN function.

CVE-2018-11878 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11878

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in policy mgr unit test if mode parameter in wlan function is given an out of bound value it can cause an out of bound access while accessing the PCL table.

CVE-2018-11883 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11883

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check while calculating the MPDU data length will cause an integer overflow and then to buffer overflow in WLAN function.

CVE-2018-11886 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11886

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when requesting rssi timeout, access invalid memory may occur since local variable 'context' stack data of wlan function is free.

CVE-2018-11889 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11889

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on the length of array while accessing can lead to an out of bound read in WLAN HOST function.

CVE-2018-11891 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11891

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing vendor scan request, when input argument - length of request IEs is greater than maximum can lead to a buffer overflow.

CVE-2018-11893 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11893

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing preferred network offload scan results integer overflow may lead to buffer overflow when large frame length is received from FW.

CVE-2018-11894 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11894

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check Validation in WLAN function can lead to driver writes the default rsn capabilities to the memory not allocated to the frame.

CVE-2018-11895 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11895

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing diag event after associating to a network out of bounds read occurs if ssid of the network joined is greater than max limit.

CVE-2018-11897 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11897

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing start bss request from upper layer, out of bounds read occurs if ssid length is greater than maximum.

CVE-2018-11898 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11898

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to OOB access in WLAN HOST.

CVE-2018-11902 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11902

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from caller function used as an array index for WMA interfaces can lead to OOB write in WLAN HOST.

CVE-2018-11903 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11903

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, asynchronous callbacks received a pointer to a callers local variable. Should the caller return early (e.g., timeout), the callback will dereference an invalid pointer.

CVE-2018-11904 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11904

In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016, a double free of ASN1 heap memory used for EUTRA CAP container occurs during UTRAN to LTE Capability inquiry procedure.

CVE-2018-11982 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11982

Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication.

CVE-2018-12169 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12169

The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network.

CVE-2018-12242 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12242

The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible.

CVE-2018-12243 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12243

In the mintToken function of a smart contract implementation for Substratum (SUB), an Ethereum ERC20 token, the administrator can control mintedAmount, leverage an integer overflow, and modify a user account's balance arbitrarily.

CVE-2018-12511 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12511

WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c.

CVE-2018-12911 (ubuntu_linux, webkitgtk+) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12911

There exists a partial Denial of Service vulnerability in Wanscam HW0021 IP Cameras. An attacker could craft a malicious POST request to crash the ONVIF service on such a device.

CVE-2018-13111 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13111

There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for macOS from 1.0b2 before 2.7.6 are affected by this vulnerability.

CVE-2018-13385 (sourcetree) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13385

There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for Windows before version 2.6.9 are affected by this vulnerability.

CVE-2018-13386 (sourcetree) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13386

The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability.

CVE-2018-13398 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13398

Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.

CVE-2018-13982 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13982

Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.

CVE-2018-13988 (poppler, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13988

The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo.

CVE-2018-14066 (android) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14066

LICA miniCMTS E8K(u/i/...) devices allow remote attackers to obtain sensitive information via a direct POST request for the inc/user.ini file, leading to discovery of a password hash.

CVE-2018-14083 (minicmts_e8k_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14083

Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for /dashboard/addplan, /dashboard/paywithcard/charge, /dashboard/withdrawal, or /privacy&terms, as demonstrated by reading database username, database password, database_name, and IP address fields, related to CVE-2018-12908.

CVE-2018-14328 (online_trade) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14328

An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference in the Init call in the MoodbarPipeline::NewPadCallback function in moodbar/moodbarpipeline.cpp. The vulnerability is triggered when the user opens a malformed mp3 file.

CVE-2018-14332 (clementine) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14332

An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.

CVE-2018-14335 (h2) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14335

TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses.

CVE-2018-14336 (wr840n) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14336

MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certain case where MP4DataAtom is required, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted MP4 file, because access to the data structure has different expectations about layout as a result of this type confusion.

CVE-2018-14379 (mp4v2) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14379

An issue was discovered in WonderCMS before 2.5.2. An attacker can create a new session on a web application and record the associated session identifier. The attacker then causes the victim to authenticate against the server using the same session identifier. The attacker can access the user's account through the active session. The Session Fixation attack fixes a session on the victim's browser, so the attack starts before the user logs in.

CVE-2018-14387 (wondercms) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14387

MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to use of an inappropriate data type for associated atoms. The resulting type confusion can cause out-of-bounds memory access.

CVE-2018-14403 (mp4v2) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14403

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.

CVE-2018-14404 (debian_linux, libxml2, ubuntu_linux) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14404

Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).

CVE-2018-14423 (openjpeg) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14423

The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fw_data [id][1], fw_data [id][2], fw_data [id][3], fw_data [id][4], or email field of the contact form, exploitable with an fw_send_email action to wp-admin/admin-ajax.php.

CVE-2018-14430 (multi_step_form) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14430

Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.

CVE-2018-14492 (ac10_firmware, ac15_firmware, ac18_firmware, ac7_firmware, ac9_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14492

Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name.

CVE-2018-14493 (open-audit) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14493

mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to tools/web/app.py.

CVE-2018-14505 (mitmproxy) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14505

Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient (for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements).

CVE-2018-14527 (xiao5ucompany) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14527

There exists one NULL pointer dereference vulnerability in AP4_JsonInspector::AddField in Ap4Atom.cpp in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp4dump.

CVE-2018-14543 (bento4) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14543

There exists one invalid memory read bug in AP4_SampleDescription::GetFormat() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts.

CVE-2018-14544 (bento4) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14544

There exists one invalid memory read bug in AP4_SampleDescription::GetType() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts.

CVE-2018-14545 (bento4) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14545

An issue has been found in libwav through 2017-04-20. It is a SEGV in the function wav_write in libwav.c.

CVE-2018-14549 (libwav) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14549

The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption.

CVE-2018-14551 (imagemagick) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14551

An issue was discovered in libthulac.so in THULAC through 2018-02-25. A NULL pointer dereference can occur in the BasicModel class in include/cb_model.h.

CVE-2018-14562 (thulac) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14562

An issue was discovered in libthulac.so in THULAC through 2018-02-25. "operator delete" is used with "operator new[]" in the TaggingLearner class in include/cb_tagging_learner.h, possibly leading to memory corruption.

CVE-2018-14563 (thulac) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14563

An issue was discovered in libthulac.so in THULAC through 2018-02-25. A SEGV can occur in NGramFeature::find_bases in include/cb_ngram_feature.h.

CVE-2018-14564 (thulac) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14564

An issue was discovered in libthulac.so in THULAC through 2018-02-25. A heap-based buffer over-read can occur in NGramFeature::find_bases in include/cb_ngram_feature.h.

CVE-2018-14565 (thulac) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14565

Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortly after an RST (i.e., they act as if the RST had not yet been received).

CVE-2018-14568 (suricata) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14568

A file upload vulnerability in application/shop/controller/member.php in Niushop B2B2C Multi-business basic version V1.11 allows any remote member to upload a .php file to the web server via a profile avatar field, by using an image Content-Type (e.g., image/jpeg) with a modified filename and file content. This results in arbitrary code execution by requesting that .php file.

CVE-2018-14570 (b2b2c_multi-business) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14570

A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683.

CVE-2018-14573 (tightrope_media_carousel_digital_signage) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14573

GolemCMS through 2008-12-24, if the install/ directory remains active after an installation, allows remote attackers to execute arbitrary PHP code by inserting this code into the "Database Information" "Table prefix" form field, or obtain sensitive information via a direct request for install/install.sql.

CVE-2018-14579 (golemcms) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14579

index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account.

CVE-2018-14582 (bagecms) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14582

xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account.

CVE-2018-14583 (xyhcms) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14583

An issue has been discovered in Bento4 1.5.1-624. AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp has a heap-based buffer over-read.

CVE-2018-14584 (bento4) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14584

An issue has been discovered in Bento4 1.5.1-624. AP4_BytesToUInt16BE in Core/Ap4Utils.h has a heap-based buffer over-read after a call from the AP4_Stz2Atom class.

CVE-2018-14585 (bento4) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14585

An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in AP4_Mpeg2TsAudioSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp, a different vulnerability than CVE-2018-14532.

CVE-2018-14586 (bento4) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14586

An issue has been discovered in Bento4 1.5.1-624. AP4_MemoryByteStream::WritePartial in Core/Ap4ByteStream.cpp has a buffer over-read.

CVE-2018-14587 (bento4) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14587

An issue has been discovered in Bento4 1.5.1-624. AP4_Mp4AudioDsiParser::ReadBits in Codecs/Ap4Mp4AudioInfo.cpp has a heap-based buffer over-read.

CVE-2018-14589 (bento4) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14589

The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php.

CVE-2018-14592 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14592

wancms 1.0 through 5.0 allows remote attackers to cause a denial of service (resource consumption) via a checkcode (aka verification code) URI in which the values of font_size, width, and height are large numbers.

CVE-2018-14596 (wancms) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14596

An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of Service can occur because Markdown rendering times are slow.

CVE-2018-14601 (gitlab) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14601

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. Information Disclosure can occur because the Prometheus metrics feature discloses private project pathnames.

CVE-2018-14602 (gitlab) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14602

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component.

CVE-2018-14603 (gitlab) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14603

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline.

CVE-2018-14604 (gitlab) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14604

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit.

CVE-2018-14605 (gitlab) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14605

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion.

CVE-2018-14606 (gitlab) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14606

An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not been initialized.

CVE-2018-14609 (linux_kernel) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14609

An issue was discovered in the Linux kernel through 4.17.10. There is out-of-bounds access in write_extent_buffer() when mounting and operating a crafted btrfs image, because of a lack of verification that each block group has a corresponding chunk at mount time, within btrfs_read_block_groups in fs/btrfs/extent-tree.c.

CVE-2018-14610 (linux_kernel) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14610

An issue was discovered in the Linux kernel through 4.17.10. There is a use-after-free in try_merge_free_space() when mounting a crafted btrfs image, because of a lack of chunk type flag checks in btrfs_check_chunk_valid in fs/btrfs/volumes.c.

CVE-2018-14611 (linux_kernel) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14611

An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfs_read_block_groups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks in check_leaf in fs/btrfs/tree-checker.c.

CVE-2018-14612 (linux_kernel) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14612

An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btrfs/tree-checker.c.

CVE-2018-14613 (linux_kernel) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14613

An issue was discovered in the Linux kernel through 4.17.10. There is an out-of-bounds access in __remove_dirty_segment() in fs/f2fs/segment.c when mounting an f2fs image.

CVE-2018-14614 (linux_kernel) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14614

An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative.

CVE-2018-14615 (linux_kernel) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14615

An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference in fscrypt_do_page_crypto() in fs/crypto/crypto.c when operating on a file in a corrupted f2fs image.

CVE-2018-14616 (linux_kernel) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14616

An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory.

CVE-2018-14617 (linux_kernel) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14617

A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configuration of a victim host, an attacker can trigger this crash remotely, thus leading to a remote denial-of-service.

CVE-2018-14641 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14641

An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.

CVE-2018-14642 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14642

An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context.

CVE-2018-14643 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14643

A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.

CVE-2018-14645 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14645

An issue was discovered in Subsonic 6.1.1. The radio settings are affected by three stored cross-site scripting vulnerabilities in the name[x], streamUrl[x], homepageUrl[x] parameters (where x is an integer) to internetRadioSettings.view that could be used to steal session information of a victim.

CVE-2018-14688 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14688

An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the name[x], sourceformats[x], targetFormat[x], step1[x], and step2[x] parameters (where x is an integer) to transcodingSettings.view that could be used to steal session information of a victim.

CVE-2018-14689 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14689

An issue was discovered in Subsonic 6.1.1. The general settings are affected by two stored cross-site scripting vulnerabilities in the title and subtitle parameters to generalSettings.view that could be used to steal session information of a victim.

CVE-2018-14690 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14690

An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal session information of a victim.

CVE-2018-14691 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14691

An issue was discovered in Browserify-HMR. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1:3123/ connection from any origin.

CVE-2018-14730 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14730

An issue was discovered in HMRServer.js in Parcel parcel-bundler. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1 connection (with a random TCP port number) from any origin. The random port number can be found by connecting to http://127.0.0.1 and reading the "new WebSocket" line in the source code.

CVE-2018-14731 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14731

An issue was discovered in lib/Server.js in webpack-dev-server before 3.1.6. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1:8080/ connection from any origin.

CVE-2018-14732 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14732

WECON PLC Editor version 1.3.3U may allow an attacker to execute code under the current process when processing project files.

CVE-2018-14792 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14792

Tec4Data SmartCooler, all versions prior to firmware 180806, the device responds to a remote unauthenticated reboot command that may be used to perform a denial of service attack.

CVE-2018-14796 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14796

Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote, unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818, causing the RSLinx Classic application to terminate. The user will need to manually restart the software to regain functionality.

CVE-2018-14821 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14821

Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality.

CVE-2018-14827 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14827

Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code.

CVE-2018-14829 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14829

CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability.

CVE-2018-14889 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14889

Vectra Networks Cognito Brain and Sensor before 4.2 contains a cross-site scripting (XSS) vulnerability in the Web Management Console.

CVE-2018-14890 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14890

Management Console in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local privilege escalation vulnerability.

CVE-2018-14891 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14891

IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a remotely authenticated attacker to to send invalid or malformed headers that could cause messages to no longer be transmitted via the affected channel. IBM X-Force ID: 141339.

CVE-2018-1503 (websphere_mq) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1503

IBM Sterling B2B Integrator Standard Edition 5.2.0 through 5.2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141551.

CVE-2018-1513 (sterling_b2b_integrator) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1513

IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through 6.0.5 and IBM Rational Requirements Composer 5.0 through 5.0.2 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142291.

CVE-2018-1529 (rational_doors_next_generation, rational_requirements_composer) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1529

Accusoft PrizmDoc version 13.3 and earlier contains a Stored Cross-Site Scripting issue through a crafted PDF file.

CVE-2018-15546 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15546

A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1.

CVE-2018-15612 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15612

A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1.

CVE-2018-15613 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15613

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024.

CVE-2018-1567 (websphere_application_server) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1567

upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process.

CVE-2018-15832 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15832

The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera.

CVE-2018-16225 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16225

The DEISER "Profields - Project Custom Fields" app before 6.0.2 for Jira has Incorrect Access Control.

CVE-2018-16281 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16281

A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI.

CVE-2018-16282 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16282

Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.

CVE-2018-16515 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16515

An issue was discovered in the Linux kernel through 4.18.6. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.

CVE-2018-16597 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16597

Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field.

CVE-2018-16607 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16607

An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository.

CVE-2018-16668 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16668

An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the ocpp and circarlife panels.

CVE-2018-16669 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16669

An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html.

CVE-2018-16670 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16670

An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information disclosure due to lack of authentication for /html/device-id.

CVE-2018-16671 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16671

IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145109.

CVE-2018-1674 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1674

LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases.

CVE-2018-16752 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16752

DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring.

CVE-2018-16784 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16784

XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell

CVE-2018-16785 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16785

DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php.

CVE-2018-16786 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16786

Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.

CVE-2018-16793 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16793

Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.

CVE-2018-16794 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16794

admin/index.php in Monstra CMS 3.0.4 allows arbitrary file deletion via id=filesmanager&path=uploads/.......//./.......//./&delete_file= requests.

CVE-2018-16819 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16819

admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./.......//./ requests.

CVE-2018-16820 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16820

SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests.

CVE-2018-16821 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16821

SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter.

CVE-2018-16822 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16822

Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI.

CVE-2018-16833 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16833

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability in db2cacpy that could allow a local user to read any file on the system. IBM X-Force ID: 145502.

CVE-2018-1685 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1685

In Zoho ManageEngine SupportCenter Plus 8.1.0, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter.

CVE-2018-16965 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16965

On the RICOH SP 4510SF printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

CVE-2018-17001 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17001

On the RICOH MP 2001 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

CVE-2018-17002 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17002

In LimeSurvey 3.14.7, HTML Injection and Stored XSS have been discovered in the appendix via the surveyls_title parameter to /index.php?r=admin/survey/sa/insert.

CVE-2018-17003 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17003

The mintToken function of a smart contract implementation for PolyAi (AI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

CVE-2018-17050 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17050

The fallback function of a simple lottery smart contract implementation for Lucky9io, an Ethereum gambling game, generates a random value with the publicly readable variable entry_number. This variable is private, yet it is readable by eth.getStorageAt function. Also, attackers can purchase a ticket at a low price by directly calling the fallback function with small msg.value, because the developer set the currency unit incorrectly. Therefore, it allows attackers to always win and get rewards.

CVE-2018-17071 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17071

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 146364.

CVE-2018-1710 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1710

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modificaiton of columns of existing tasks. IBM X-Force ID: 146369.

CVE-2018-1711 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1711

The onlyOwner modifier of a smart contract implementation for Coinlancer (CL), an Ethereum ERC20 token, has a potential access control vulnerability. All contract users can access functions that use this onlyOwner modifier, because the comparison between msg.sender and owner is incorrect.

CVE-2018-17111 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17111

HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file.

CVE-2018-17141 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17141

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.

CVE-2018-17144 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17144

It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called "cgi_get_ipv6" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter "flag" with the value "1" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie.

CVE-2018-17153 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17153

LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.

CVE-2018-17173 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17173

A stack-based buffer overflow was discovered in the xtimor NMEA library (aka nmealib) 0.5.3. nmea_parse() in parser.c allows an attacker to trigger denial of service (even arbitrary code execution in a certain context) in a product using this library via malformed data.

CVE-2018-17174 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17174

In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields (if the schema is being filtered dynamically using the "only" option, and there is a user role that produces an empty value for "only").

CVE-2018-17175 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17175

A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all.

CVE-2018-17176 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17176

An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called "black box" logs (event logs and core dumps) to a USB stick. These logs are RC4-encrypted with a 9-character password of *^JEd4W!I that is obfuscated by hiding it within a custom /bin/rc4_crypt binary.

CVE-2018-17177 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17177

An issue was discovered on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands (sent to /bin/webserver on port 8081) if they already have an active session. Commands like forward, back, arc-left, arc-right, pivot-left, and pivot-right are executed even though the web socket replies with { "message" : "invalid authorization header" }. Without an active session, commands are still interpreted, but (except for eco-on and eco-off) have no effect, since without active driving, a driving direction does not change anything.

CVE-2018-17178 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17178

An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.

CVE-2018-17182 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17182

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code.

CVE-2018-17183 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17183

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default.

CVE-2018-17204 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17204

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash.

CVE-2018-17205 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17205

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.

CVE-2018-17206 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17206

An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution.

CVE-2018-17207 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17207

Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface). This occurs because shell metacharacters in the query string are mishandled by ShellExecute, as demonstrated by the zbtest.cgi?cmd=level&level= substring. This can also be exploited via CSRF.

CVE-2018-17208 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17208

nmap4j 1.1.0 allows attackers to execute arbitrary commands via shell metacharacters in an includeHosts call.

CVE-2018-17228 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17228

Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.

CVE-2018-17229 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17229

Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.

CVE-2018-17230 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17230

** DISPUTED ** Telegram Desktop (aka tdesktop) 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette" search that triggers an "index out of range" condition. NOTE: this issue is disputed by multiple third parties because the described attack scenario does not cross a privilege boundary.

CVE-2018-17231 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17231

SQL injection vulnerability in archivebot.py in docmarionum1 Slack ArchiveBot (aka slack-archive-bot) before 2018-09-19 allows remote attackers to execute arbitrary SQL commands via the text parameter to cursor.execute().

CVE-2018-17232 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17232

A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.

CVE-2018-17233 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17233

Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.

CVE-2018-17234 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17234

The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp in libmp4v2 2.1.0 mishandles compatibleBrand while processing a crafted mp4 file, which leads to a heap-based buffer over-read, causing denial of service.

CVE-2018-17235 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17235

The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0 internally calls free() on a invalid pointer, raising a SIGABRT signal.

CVE-2018-17236 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17236

A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207.

CVE-2018-17237 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17237

Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection.

CVE-2018-17243 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17243

The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.

CVE-2018-17254 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17254

Navigate CMS 2.8 has Reflected XSS via the navigate.php fid parameter.

CVE-2018-17255 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17255

An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference.

CVE-2018-17282 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17282

Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter.

CVE-2018-17283 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17283

An issue was discovered in WAVM before 2018-09-16. The loadModule function in Include/Inline/CLI.h lacks checking of the file length before a file magic comparison, allowing attackers to cause a Denial of Service (application crash caused by out-of-bounds read) by crafting a file that has fewer than 4 bytes.

CVE-2018-17292 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17292

An issue was discovered in WAVM before 2018-09-16. The run function in Programs/wavm/wavm.cpp does not check whether there is Emscripten memory to store the command-line arguments passed by the input WebAssembly file's main function, which allows attackers to cause a denial of service (application crash by NULL pointer dereference) or possibly have unspecified other impact by crafting certain WebAssembly files.

CVE-2018-17293 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17293

The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.

CVE-2018-17294 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17294

The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive.

CVE-2018-17297 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17297

An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated after a user changes its password.

CVE-2018-17298 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17298

Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name.

CVE-2018-17300 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17300

Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /#Account in the search panel.

CVE-2018-17301 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17301

Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /#Email/view saved draft message.

CVE-2018-17302 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17302

FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the io_mode, ap_mode, io_action, io_in_iface, io_in_set, io_in_ip, io_in_mask, io_in_gw, io_out_iface, io_out_set, io_out_mask, io_out_gw, iface, or domain parameter to /www/script/config_iface.php, or the newSSID, hostapd_secure, hostapd_wpa_passphrase, or supplicant_ssid parameter to /www/page_config.php.

CVE-2018-17317 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17317

An issue was discovered in UCMS 1.4.6. aaddpost.php has stored XSS via the sadmin/aindex.php minfo parameter in a sadmin_aaddpost action.

CVE-2018-17320 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17320

An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action.

CVE-2018-17321 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17321

Cross-site scripting (XSS) vulnerability in index.php/index/category/index in YUNUCMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the area parameter.

CVE-2018-17322 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17322

An issue was discovered in libsvg2 through 2012-10-19. The svgGetNextPathField function in svg_string.c returns its input pointer in certain circumstances, which might result in a memory leak caused by wasteful malloc calls.

CVE-2018-17332 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17332

An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in svgStringToLength in svg_types.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because sscanf is misused.

CVE-2018-17333 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17333

An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in the svgGetNextPathField function in svg_string.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because a strncpy copy limit is miscalculated.

CVE-2018-17334 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17334

UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings.

CVE-2018-17336 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17336

IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM X-Force ID: 148599.

CVE-2018-1756 (security_identity_governance_and_intelligence) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1756

IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to obtain sensitive information due to missing authentication in IGI for the survey application. IBM X-Force ID: 148601.

CVE-2018-1757 (security_identity_governance_and_intelligence) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1757

IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system. IBM X-Force ID: 148805.

CVE-2018-1782 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1782

IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939.

CVE-2018-1789 (api_connect) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1789

IBM Sterling B2B Integrator Standard Edition 5.2.6.0 and 6.2.6.1 could allow a local user to obtain highly sensitive information during a short time period when installation is occuring. IBM X-Force ID: 149607.

CVE-2018-1800 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1800

A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory. If Jenkins is started without this file present, it will revert to the legacy defaults of granting administrator access to anonymous users.

CVE-2018-1999001 (jenkins) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1999001

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.

CVE-2018-1999002 (jenkins) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1999002

A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Queue.java that allows attackers with Overall/Read permission to cancel queued builds.

CVE-2018-1999003 (jenkins) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1999003

A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and abort in-progress agent launches.

CVE-2018-1999004 (jenkins) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1999004

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.

CVE-2018-1999005 (jenkins) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1999005

A exposure of sensitive information vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Plugin.java that allows attackers to determine the date and time when a plugin HPI/JPI file was last extracted, which typically is the date of the most recent installation/upgrade.

CVE-2018-1999006 (jenkins) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1999006

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in another user's browser when that other user views HTTP 404 error pages while Stapler debug mode is enabled.

CVE-2018-1999007 (jenkins) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1999007

October CMS version prior to build 437 contains a Cross Site Scripting (XSS) vulnerability in the Media module and create folder functionality that can result in an Authenticated user with media module permission creating arbitrary folder name with XSS content. This attack appear to be exploitable via an Authenticated user with media module permission who can create arbitrary folder name (XSS). This vulnerability appears to have been fixed in build 437.

CVE-2018-1999008 (october_cms) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1999008

October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php#244 (makeFileContents function) that can result in Sensitive information disclosure and remote code execution. This attack appear to be exploitable remotely if the /backend path is accessible. This vulnerability appears to have been fixed in Build 437.

CVE-2018-1999009 (octobercms) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1999009

FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in cced03dd667a5df6df8fd40d8de0bff477ee02e8 and later.

CVE-2018-1999010 (ffmpeg) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1999010

FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be provided as input to FFmpeg. This vulnerability appears to have been fixed in 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 and later.

CVE-2018-1999011 (ffmpeg) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1999011

FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains a CWE-835: Infinite loop vulnerability in pva format demuxer that can result in a Vulnerability that allows attackers to consume excessive amount of resources like CPU and RAM. This attack appear to be exploitable via specially crafted PVA file has to be provided as input. This vulnerability appears to have been fixed in 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 and later.

CVE-2018-1999012 (ffmpeg) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1999012

FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. This attack appear to be exploitable via specially crafted RM file has to be provided as input. This vulnerability appears to have been fixed in a7e032a277452366771951e29fd0bf2bd5c029f0 and later.

CVE-2018-1999013 (ffmpeg) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1999013

FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later.

CVE-2018-1999014 (ffmpeg) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1999014

FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later.

CVE-2018-1999015 (ffmpeg) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1999015

Pydio version 8.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in ./core/vendor/meenie/javascript-packer/example-inline.php line 48; ./core/vendor/dapphp/securimage/examples/test.mysql.static.php lines: 114,118 that can result in an unauthenticated remote attacker manipulating the web client via XSS code injection. This attack appear to be exploitable via the victim openning a specially crafted URL. This vulnerability appears to have been fixed in version 8.2.1.

CVE-2018-1999016 (pydio) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1999016

Pydio version 8.2.0 and earlier contains a Server-Side Request Forgery (SSRF) vulnerability in plugins/action.updater/UpgradeManager.php Line: 154, getUpgradePath($url) that can result in an authenticated admin users requesting arbitrary URL's, pivoting requests through the server. This attack appears to be exploitable via the attacker gaining access to an administrative account, enters a URL into Upgrade Engine, and reloads the page or presses "Check Now". This vulnerability appears to have been fixed in 8.2.1.

CVE-2018-1999017 (pydio) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1999017

Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution (RCE) vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow($nodeObject) that can result in An attacker gaining admin access and can then execute arbitrary commands on the underlying OS. This attack appear to be exploitable via The attacker edits the Antivirus Command in the antivirus plugin, and executes the payload by uploading any file within Pydio.

CVE-2018-1999018 (pydio) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1999018

Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request to the api endpoint. This vulnerability appears to have been fixed in After commit 0de84700648f098c1fbf6b807dee28ec640efe62.

CVE-2018-1999019 (chamilo_lms) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1999019

Open Networking Foundation (ONF) ONOS version 1.13.2 and earlier version contains a Directory Traversal vulnerability in core/common/src/main/java/org/onosproject/common/app/ApplicationArchive.java line 35 that can result in arbitrary file deletion (overwrite). This attack appear to be exploitable via a specially crafted zip file should be uploaded.

CVE-2018-1999020 (onos) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1999020

Gleezcms Gleez Cms version 1.3.0 contains a Cross Site Scripting (XSS) vulnerability in Profile page that can result in Inject arbitrary web script or HTML via the profile page editor. This attack appear to be exploitable via The victim must navigate to the attacker's profile page.

CVE-2018-1999021 (gleezcms) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1999021

The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and player content.

CVE-2018-1999023 (the_battle_for_wesnoth) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1999023

MathJax version prior to version 2.7.4 contains a Cross Site Scripting (XSS) vulnerability in the \unicode{} macro that can result in Potentially untrusted Javascript running within a web browser. This attack appear to be exploitable via The victim must view a page where untrusted content is processed using Mathjax. This vulnerability appears to have been fixed in 2.7.4 and later.

CVE-2018-1999024 (mathjax) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1999024

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while relocating kernel images with a specially crafted boot image, an out of bounds access can occur.

CVE-2018-3573 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3573

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, userspace can request ION cache maintenance on a secure ION buffer for which the ION_FLAG_SECURE ion flag is not set and cause the kernel to attempt to perform cache maintenance on memory which does not belong to HLOS.

CVE-2018-3574 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3574

A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access.

CVE-2018-3655 (converged_security_management_engine_firmware, server_platform_services_firmware, trusted_execution_engine_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3655

X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. Users with manage_ml permissions could create jobs containing malicious data as part of their configuration that could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of other ML users viewing the results of the jobs.

CVE-2018-3823 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3823

X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of that other ML user.

CVE-2018-3824 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3824

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known.

CVE-2018-3825 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3825

In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. When the access_key and security_key parameters are set using the _snapshot API they can be exposed as plain text by users able to query the _snapshot API.

CVE-2018-3826 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3826

A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin. When the repository-azure plugin is set to log at TRACE level Azure credentials can be inadvertently logged.

CVE-2018-3827 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3827

Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An attacker with access to the logging cluster may obtain leaked credentials and perform authenticated actions using these credentials.

CVE-2018-3828 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3828

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data.

CVE-2018-3829 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3829

Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

CVE-2018-3830 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3830

Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames. This could allow an authenticated Elasticsearch user to improperly view these details.

CVE-2018-3831 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3831

An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "password" value in order to exploit this vulnerability.

CVE-2018-3864 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3864

An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "cameraIp" value in order to exploit this vulnerability.

CVE-2018-3865 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3865

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long "secretKey" value in order to exploit this vulnerability.

CVE-2018-3873 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3873

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long "accessKey" value in order to exploit this vulnerability.

CVE-2018-3874 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3874

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket" value in order to exploit this vulnerability.

CVE-2018-3876 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3876

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 160 bytes. An attacker can send an arbitrarily long "directory" value in order to exploit this vulnerability.

CVE-2018-3877 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3877

An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "startTime" value in order to exploit this vulnerability.

CVE-2018-3894 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3894

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2018-3906 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3906

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long "accessKey" value in order to exploit this vulnerability.

CVE-2018-3913 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3913

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 2000 bytes. An attacker can send an arbitrarily long "sessionToken" value in order to exploit this vulnerability.

CVE-2018-3914 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3914

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket" value in order to exploit this vulnerability.

CVE-2018-3915 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3915

An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges.

CVE-2018-3952 (nordvpn) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3952

An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the system's privileges.

CVE-2018-4010 (protonvpn) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4010

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-5061 (acrobat, acrobat_dc, acrobat_reader, acrobat_reader_dc) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5061

Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total compromise of the product. The said script is available with no authentication.

CVE-2018-5384 (infinity) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5384

Navarino Infinity is prone to session fixation attacks. The server accepts the session ID as a GET parameter which can lead to bypassing the two factor authentication in some installations. This could lead to phishing attacks that can bypass the two factor authentication that is present in some installations.

CVE-2018-5385 (infinity) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5385

Some Navarino Infinity functions, up to version 2.2, placed in the URL can bypass any authentication mechanism leading to an information leak.

CVE-2018-5386 (infinity) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5386

F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual servers with HTTP/2 profiles enabled are vulnerable to "HPACK Bomb".

CVE-2018-5530 (big-ip_access_policy_manager, big-ip_advanced_firewall_manager, big-ip_analytics, big-ip_application_acceleration_manager, big-ip_application_security_manager, big-ip_edge_gateway, big-ip_local_traffic_manager, big-ip_policy_enforcement_manager, big-ip_websafe) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5530

Through undisclosed methods, on F5 BIG-IP 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6, adjacent network attackers can cause a denial of service for VCMP guest and host systems. Attack must be sourced from adjacent network (layer 2).

CVE-2018-5531 (big-ip_access_policy_manager, big-ip_advanced_firewall_manager, big-ip_analytics, big-ip_application_acceleration_manager, big-ip_application_security_manager, big-ip_domain_name_system, big-ip_edge_gateway, big-ip_fraud_protection_service, big-ip_global_traffic_manager, big-ip_link_controller, big-ip_local_traffic_manager, big-ip_policy_enforcement_manager, big-ip_webaccelerator) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5531

Under certain conditions on F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic.

CVE-2018-5533 (big-ip_access_policy_manager, big-ip_advanced_firewall_manager, big-ip_analytics, big-ip_application_acceleration_manager, big-ip_application_security_manager, big-ip_domain_name_system, big-ip_edge_gateway, big-ip_fraud_protection_service, big-ip_global_traffic_manager, big-ip_link_controller, big-ip_local_traffic_manager, big-ip_policy_enforcement_manager, big-ip_webaccelerator) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5533

Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 12.1.0-12.1.3.1, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic.

CVE-2018-5534 (big-ip_access_policy_manager, big-ip_advanced_firewall_manager, big-ip_analytics, big-ip_application_acceleration_manager, big-ip_application_security_manager, big-ip_domain_name_system, big-ip_edge_gateway, big-ip_fraud_protection_service, big-ip_global_traffic_manager, big-ip_link_controller, big-ip_local_traffic_manager, big-ip_policy_enforcement_manager, big-ip_webaccelerator) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5534

On F5 BIG-IP 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.2.1-11.6.3 specifically crafted HTTP responses, when processed by a Virtual Server with an associated QoE profile that has Video enabled, may cause TMM to incorrectly buffer response data causing the TMM to restart resulting in a Denial of Service.

CVE-2018-5535 (big-ip_access_policy_manager, big-ip_advanced_firewall_manager, big-ip_analytics, big-ip_application_acceleration_manager, big-ip_application_security_manager, big-ip_domain_name_system, big-ip_edge_gateway, big-ip_fraud_protection_service, big-ip_global_traffic_manager, big-ip_link_controller, big-ip_local_traffic_manager, big-ip_policy_enforcement_manager, big-ip_webaccelerator) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5535

A remote attacker via undisclosed measures, may be able to exploit an F5 BIG-IP APM 13.0.0-13.1.0.7 or 12.1.0-12.1.3.5 virtual server configured with an APM per-request policy object and cause a memory leak in the APM module.

CVE-2018-5536 (big-ip_access_policy_manager) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5536

A remote attacker may be able to disrupt services on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 if the TMM virtual server is configured with a HTML or a Rewrite profile. TMM may restart while processing some specially prepared HTML content from the back end.

CVE-2018-5537 (big-ip_access_policy_manager, big-ip_advanced_firewall_manager, big-ip_application_acceleration_manager, big-ip_application_security_manager, big-ip_edge_gateway, big-ip_global_traffic_manager, big-ip_local_traffic_manager, big-ip_policy_enforcement_manager, big-ip_webaccelerator, big-ip_websafe) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5537

On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up.

CVE-2018-5540 (big-ip_domain_name_system, big-ip_global_traffic_manager, big-iq_centralized_management, big-iq_cloud_and_orchestration, enterprise_manager, f5_iworkflow) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5540

In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG which produced repeating output much earlier than expected.

CVE-2018-5837 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5837

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests (for privacy reasons) is not done properly due to a flawed RNG which produces repeating output much earlier than expected.

CVE-2018-5871 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5871

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a race condition while accessing num of clients in DIAG services can lead to out of boundary access.

CVE-2018-5905 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5905

A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be remotely exploited to allow Directory Traversal.

CVE-2018-6500 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6500

Potential security vulnerability of Insufficient Access Controls has been identified in ArcSight Management Center (ArcMC) for versions prior to 2.81. This vulnerability could be exploited to allow for insufficient access controls.

CVE-2018-6501 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6501

A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Reflected Cross-site Scripting (XSS).

CVE-2018-6502 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6502

A potential Access Control vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for vulnerable Access Controls.

CVE-2018-6503 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6503

A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Cross-Site Request Forgery (CSRF).

CVE-2018-6504 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6504

A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File Downloads.

CVE-2018-6505 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6505

Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors.

CVE-2018-6677 (mcafee_web_gateway) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6677

Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors.

CVE-2018-6678 (mcafee_web_gateway) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6678

Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.

CVE-2018-6690 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6690

An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbitrary files.

CVE-2018-6693 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6693

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.

CVE-2018-7602 (debian_linux, drupal) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7602

Huawei Mate RS smartphones with the versions before NEO-AL00D 8.1.0.167(C786) have a lock-screen bypass vulnerability. An attacker could unlock and use the phone through certain operations.

CVE-2018-7929 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7929

Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset Protection (FRP) bypass vulnerability. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then perform some specific operations. Successful exploit could allow the attacker bypass the FRP protection to access the system setting page.

CVE-2018-7991 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7991

In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser.

CVE-2018-8017 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8017

Apache Ignite 2.5 and earlier serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to GridClientJdkMarshaller deserialization endpoint.

CVE-2018-8018 (ignite) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8018

Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT). In Apache Mesos versions pre-1.4.2, 1.5.0, 1.5.1, 1.6.0 the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timing attack because instead of a constant-time string comparison routine a standard `==` operator has been used. A malicious actor can therefore abuse the timing difference of when the JWT validation function returns to reveal the correct HMAC value.

CVE-2018-8023 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8023

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface.

CVE-2018-8851 (i.lon_100_firmware, i.lon_600_firmware, smartserver_1_firmware, smartserver_2_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8851

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP.

CVE-2018-8855 (i.lon_100_firmware, i.lon_600_firmware, smartserver_1_firmware, smartserver_2_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8855

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specified in the security configuration file by including extra characters in the directory name when specifying the directory to be accessed. This vulnerability does not affect the i.LON 600 product.

CVE-2018-8859 (i.lon_100_firmware, i.lon_600_firmware, smartserver_1_firmware, smartserver_2_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8859

A directory traversal vulnerability in the Connect Service of the BlackBerry Enterprise Mobility Server (BEMS) 2.8.17.29 and earlier could allow an attacker to retrieve arbitrary files in the context of a BEMS administrator account.

CVE-2018-8889 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8889

An XSS issue was discovered in Subsonic Media Server 6.1.1. The podcast subscription form is affected by a stored XSS vulnerability in the add parameter to podcastReceiverAdmin.view; no administrator access is required. By injecting a JavaScript payload, this flaw could be used to manipulate a user's session, or elevate privileges by targeting an administrative user.

CVE-2018-9282 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9282

(© 2017 - 2017) by OSI ® ORDENADORES Y SOLUCIONES INFORMÁTICAS , OSIWARE ® - SON MARCAS REGISTRADAS DE ANGEL FRUCTUOSO LASHERAS
OSI Num.: 1.766.464 OEPM - OSIWARE ® US ® (tm)- s/n: 4.903.668 |  ES ® OEPM - Num.: 3.568.893